Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/en

Overview

General Information

Sample URL:https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/en
Analysis ID:1543675

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory
URL contains potential PII (phishing indication)

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6240 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1816,i,18160453113757978522,14806343787247285058,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 876 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/en" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/enSample URL: PII: %3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url
Source: https://click.sleadtrack.com/%20https://ogre.ai/enHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:58978 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:58975 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: global trafficDNS traffic detected: DNS query: click.sleadtrack.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58978
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58976
Source: unknownNetwork traffic detected: HTTP traffic on port 58981 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58980
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 58977 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:58978 version: TLS 1.2
Source: classification engineClassification label: clean1.win@17/8@4/102
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1816,i,18160453113757978522,14806343787247285058,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/en"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1816,i,18160453113757978522,14806343787247285058,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
smartlead-be-alb-1825251389.ap-southeast-2.elb.amazonaws.com
54.253.83.81
truefalse
    		unknown
    www.google.com
    		142.250.186.68
    		truefalse
      		unknown
      click.sleadtrack.com
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://click.sleadtrack.com/%20https://ogre.ai/enfalse
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          142.250.186.68
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          142.250.186.67
          		unknownUnited States
          		15169GOOGLEUSfalse
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          142.250.185.142
          		unknownUnited States
          		15169GOOGLEUSfalse
          142.250.186.131
          		unknownUnited States
          		15169GOOGLEUSfalse
          216.58.206.78
          		unknownUnited States
          		15169GOOGLEUSfalse
          54.253.83.81
          		smartlead-be-alb-1825251389.ap-southeast-2.elb.amazonaws.comUnited States
          		16509AMAZON-02USfalse
          66.102.1.84
          		unknownUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.16

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1543675
          Start date and time:2024-10-28 08:44:06 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Sample URL:https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/en
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:13
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean1.win@17/8@4/102

          Warnings

          • Exclude process from analysis (whitelisted): svchost.exe
          • Excluded IPs from analysis (whitelisted): 88.221.110.91, 142.250.186.131, 216.58.206.78, 66.102.1.84, 34.104.35.123
          • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: https://click.sleadtrack.com/link?messageId=%3C8227ea57-e0dc-sl97-4826-98af-00679a8c68a7@ogreai.net%3E&url=%20https://ogre.ai/en

          LLM Input / Output

          InputOutput
          URL: https://click.sleadtrack.com/%20https://ogre.ai/en Model: claude-3-haiku-20240307
          ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Cannot GET /%20https://ogre.ai/en",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
          URL: https://click.sleadtrack.com/%20https://ogre.ai/en Model: claude-3-haiku-20240307
          ```json
{
  "brands": []
}

          Created / dropped Files

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 06:44:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2673
          Entropy (8bit):3.980881590633402
          Encrypted:false
          SSDEEP:
          MD5:0F5EA75012F9943974176891F9BCD201
          SHA1:27E275BDBB73ED62CF793BA07BB335AC6FE71F58
          SHA-256:EB12B0E7A90A7066064CA68748A99DBCB4BBF4AC8E74B025F90A2A7F6B59B320
          SHA-512:78328469CC17ED09B568F5DC09C9EC7A7FBA0683AA7BDB2644082598DEF8CB0017622ADE3F6D372BA693D8F7E9A6890D3766F5FCA0949EC29E7116B84A864120
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....`.(>.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.=....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.=..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.=...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 06:44:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2675
          Entropy (8bit):3.994565385127153
          Encrypted:false
          SSDEEP:
          MD5:6D6957C2A67953FD7BDDC93650FCB52A
          SHA1:01B16330A0844B50DB60327E55F20EED68B17BC8
          SHA-256:6602528FB5C34994DCA66F4186EC698B169F24FE0555EB61ABD25470F9EA4299
          SHA-512:65A9C5F307098A99A0580F6F2E12E4D1E6364B3AF1484DD713B41889F31815C1248A3DF4D67047DFFD9C8BDD6CB4DE958C3AB0BCA3BF7B5AC0B34B61312B4BC1
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....>F.>.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.=....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.=..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.=...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2689
          Entropy (8bit):4.003433775532027
          Encrypted:false
          SSDEEP:
          MD5:A4F3730FF01B0C6C3DD555E4BB40D8F4
          SHA1:3298DEC5058B67E2B4464CA0C1C89B2B6AB99B13
          SHA-256:D14BE18861AA1E18E710C99BC929E324FA257E7FE4AD12158D27640DC4E81EB6
          SHA-512:3AD8EB5EBB1CDBF5A3B6CEEDBA5DF5103177327781919554C4FF1C09ABB2087A07D8F5F53C3913EA84378E023C7DB1BE74B3B3DFF281D824B85753C2C0B53EEA
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.=....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.=..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 06:44:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.99392323267234
          Encrypted:false
          SSDEEP:
          MD5:86646FE145F7DEF4E67F5F7BB8A83A8A
          SHA1:CBBDEC4D134B8403D6D81E7AF19C570F62C0C5C2
          SHA-256:E6E747E1FDB40424F255E5609701721D98D96C0D1C248DB78FFA1AC6D570CD5F
          SHA-512:38EF159C4B71894CFAE35E72A815942E5789AA7B125EF26A13201D514A45B14170C10C953FEBD370B1C0F396106ACC59094233368465A9E86913A1A89E92D6D4
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,...../.>.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.=....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.=..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.=...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 06:44:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.983195234028171
          Encrypted:false
          SSDEEP:
          MD5:E3C6D2321F126E71448337F82D02ED0B
          SHA1:4DFB8501AFCCC569E006996C8BEE81A9A6BB03F5
          SHA-256:F885D91FFEA0F6403DF707DB3B0DBB04F46864A6F617FC6F3E3B0A267B44F46D
          SHA-512:7662E0AE32E69EEFBA850E1CE31EE6488C10D4A579DFDF54184DB2A1A087FA5D4DB7FBF7AA760267052A06CB261275143E3C492634FF853E0B3AB86811759E50
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,......">.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.=....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.=..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.=...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 06:44:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.9936711715291726
          Encrypted:false
          SSDEEP:
          MD5:FF8DC86861239CAE6608DA9DCACBE0C0
          SHA1:1AFECFA35429BCB1C3197B19DE89004F85133778
          SHA-256:DAB4A27182966EFB5F5FDE5D4D5C410F7296A2FAE92840B7DFA2F5B54B83D40A
          SHA-512:987C51CD7BB014B2521D132B737C3A5A6B6D47FEA2806B524DBBD1634AAFC050B424B0235DCABE7B2DCAB3A7CCD379ED1B7D6FF42CDCDF8EE449F64F5EB1A003
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....'..>.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.=....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.=..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.=...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          Chrome Cache Entry: 58

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, ASCII text
          Category:downloaded
          Size (bytes):150
          Entropy (8bit):4.817012895739808
          Encrypted:false
          SSDEEP:
          MD5:84241342D84AC29592A5D9516F8EDF7F
          SHA1:03C53980E18E17625F439C20E7D438F066202428
          SHA-256:6E21162BC64073FE9E3D3D6375CA24D04FED1912A5B7716AAC0CB0F2D16FAE7C
          SHA-512:7509483335C7A30365F7F403098491AC0B44FFFCC68A5CDACB86EC191F02DBDA5B16A20A09E924B6A29AC938578D43BACB9A50115DB5C5668EA27FE1811BD530
          Malicious:false
          Reputation:unknown
          URL:https://click.sleadtrack.com/favicon.ico
          Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /favicon.ico</pre>.</body>.</html>.

          Chrome Cache Entry: 59

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, ASCII text
          Category:downloaded
          Size (bytes):160
          Entropy (8bit):4.8500219547789625
          Encrypted:false
          SSDEEP:
          MD5:CB585A6F8D478654F2724C3E7623E11F
          SHA1:96294CA9627FF81130653050AE4CCE76E766AB80
          SHA-256:EDDB410C01C56A0B0FE4B1DBEC19CF9862A75BEE4333A9FB558251D48B620421
          SHA-512:36D0D6187B5A26DAB31765CBEED764170E8F4E15425CC1677450B2EDB991F5E4330E2C22422A18C9DDB983A7D6744EB12B15E7C9B60B7CA830F0D525A652857B
          Malicious:false
          Reputation:unknown
          URL:https://click.sleadtrack.com/%20https://ogre.ai/en
          Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /%20https://ogre.ai/en</pre>.</body>.</html>.

          Static File Info

          No static file info