Windows Analysis Report
http://93.190.138.158/play/vod/eyJpdiI6InpGK2N4eDlwNWpueTBKSXVTanJSd2c9%20PSIsInZhbHVlIjoiY0RwWG1TMjVlRmIwRmw2YTA5K0VJdXczVEYzVGVOUDdSSkZaWT%20hHUzB0T2pzVldtWDY4L0hNYWlTMWM5b1FPcHZ5WGxTYnM2czhjU0xJTFFHRDV1Z%20Xc9PSIsIm1hYyI6IjE4ZjE5OGNjMmNmMmM5ZjdjNzYzMWI5NDU4NmRkYzIzNDFlM%20GMyMjA3YmRhMDhiY2NkOGViN

Overview

General Information

Sample URL:	http://93.190.138.158/play/vod/eyJpdiI6InpGK2N4eDlwNWpueTBKSXVTanJSd2c9%20PSIsInZhbHVlIjoiY0RwWG1TMjVlRmIwRmw2YTA5K0VJdXczVEYzVGVOUDdSSkZaWT%20hHUzB0T2pzVldtWDY4L0hNYWlTMWM5b1FPcHZ5WGxTYnM2czhjU0xJTFF
Analysis ID:	1545481
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected suspicious URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

Source: http://93.190.138.158/play/vod/eyJpdiI6InpGK2N4eDlwNWpueTBKSXVTanJSd2c9%20PSIsInZhbHVlIjoiY0RwWG1TMjVlRmIwRmw2YTA5K0VJdXczVEYzVGVOUDdSSkZaWT%20hHUzB0T2pzVldtWDY4L0hNYWlTMWM5b1FPcHZ5WGxTYnM2czhjU0xJTFFHRDV1Z%20Xc9PSIsIm1hYyI6IjE4ZjE5OGNjMmNmMmM5ZjdjNzYzMWI5NDU4NmRkYzIzNDFlM%20GMyMjA3YmRhMDhiY2NkOGViNDRkZDI5NTMyZmEiLCJ0YWciOiIifQ==/cc91aeef-2422-4088-8dea-2e5fc5d7ce3f.mp4

HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49726 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49726 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /play/vod/eyJpdiI6InpGK2N4eDlwNWpueTBKSXVTanJSd2c9%20PSIsInZhbHVlIjoiY0RwWG1TMjVlRmIwRmw2YTA5K0VJdXczVEYzVGVOUDdSSkZaWT%20hHUzB0T2pzVldtWDY4L0hNYWlTMWM5b1FPcHZ5WGxTYnM2czhjU0xJTFFHRDV1Z%20Xc9PSIsIm1hYyI6IjE4ZjE5OGNjMmNmMmM5ZjdjNzYzMWI5NDU4NmRkYzIzNDFlM%20GMyMjA3YmRhMDhiY2NkOGViNDRkZDI5NTMyZmEiLCJ0YWciOiIifQ==/cc91aeef-2422-4088-8dea-2e5fc5d7ce3f.mp4 HTTP/1.1Host: 93.190.138.158Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 93.190.138.158Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://93.190.138.158/play/vod/eyJpdiI6InpGK2N4eDlwNWpueTBKSXVTanJSd2c9%20PSIsInZhbHVlIjoiY0RwWG1TMjVlRmIwRmw2YTA5K0VJdXczVEYzVGVOUDdSSkZaWT%20hHUzB0T2pzVldtWDY4L0hNYWlTMWM5b1FPcHZ5WGxTYnM2czhjU0xJTFFHRDV1Z%20Xc9PSIsIm1hYyI6IjE4ZjE5OGNjMmNmMmM5ZjdjNzYzMWI5NDU4NmRkYzIzNDFlM%20GMyMjA3YmRhMDhiY2NkOGViNDRkZDI5NTMyZmEiLCJ0YWciOiIifQ==/cc91aeef-2422-4088-8dea-2e5fc5d7ce3f.mp4Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 93.190.138.158Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.21.2Content-Type: text/html; charset=UTF-8Connection: closeCache-Control: no-cache, privatedate: Wed, 30 Oct 2024 14:56:22 GMTContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 04 03 ed 19 6b 93 9c b8 f1 bb 7f 85 bc 2e e7 76 5d 88 01 76 5e 66 76 9d bb 38 e7 ca 55 9d 9d 54 7c f9 70 95 e4 83 06 04 c3 2d 20 0a 34 2f 4f f8 ef 69 b5 10 88 99 5d 3f 2a f7 31 e3 1a 0f ea 6e 75 b7 5a 4d bf f6 ee f9 9f ff fa f6 97 5f ff f6 23 d9 c8 22 7f f3 ec 4e fd 90 9c 95 e9 fd 15 2f af de 3c 23 f0 b9 db 70 16 eb 47 5c 16 5c 32 12 6d 58 dd 70 79 7f b5 95 09 5d 76 94 03 ba 64 05 bf bf da 65 7c 5f 89 5a 5e 91 48 94 92 97 40 be cf 62 b9 b9 8f f9 2e 8b 38 c5 85 43 b2 32 93 19 cb 69 13 b1 9c df fb c0 0c e5 22 37 99 c9 9c bf 79 27 ea 75 16 c7 bc bc 9b 68 80 45 f1 9c 52 f2 0e d8 37 84 52 4b cb 3c 2b 1f 48 cd f3 fb ab aa e6 20 be e4 11 e8 b1 a9 79 72 7f b5 91 b2 6a c2 c9 24 51 db dc b4 91 4c 66 91 1b 89 c2 3e 07 32 78 94 5e 88 34 e7 ac ca 1a b5 65 12 35 4d f0 c7 84 15 59 7e bc ff b0 85 a3 88 3f c4 59 53 e5 ec 78 df ec 59 75 a5 95 68 e4 31 e7 cd 86 73 39 3a 1e 82 07 ad d5 91 27 af 9e 93 52 d4 05 cb b3 4f dc 05 ee 64 b7 74 3d d7 27 ff 21 ef 7f fa 85 fc 0c 86 2b 1b 0e ab 34 93 9b ed 1a 75 80 c3 89 9c 35 93 f1 be 57 13 75 9d 27 38 08 a7 1b 9e a5 1b 19 fa ae 3f 5b d1 3d 5f 3f 64 92 4a 7e 90 b4 01 29 94 c5 bf 6d 1b c0 7a de cb 76 2d e2 e3 a9 60 75 9a 95 a1 d7 b2 d3 9a 45 0f 69 2d b6 65 4c 41 88 a8 43 59 b3 b2 a9 58 0d f7 d9 46 22 e6 27 65 46 aa 2d 10 16 a2 14 80 8c b8 d3 3f ad 10 af e4 84 3e 2f da 7f 6e f0 26 ff 7d ea ac 14 96 a2 e4 2d 6a 6a 33 6a 8e 8d e4 05 dd 66 0e 65 55 95 73 aa 01 ce 9f d4 bd bc 67 d1 47 c4 bf 03 d1 ce 47 9e 0a 4e fe f1 93 f3 77 b1 16 52 38 7f e1 f9 8e c3 8d 32 f2 81 6f b9 f3 43 0d ce e5 7c 00 0c f9 08 9a 3b 0d fc 47 1b 5e 67 89 f3 83 e2 4c de aa 63 91 1f 0b f1 5b d6 f3 3a 5f 7e 3c 16 6b d1 71 b1 e8 57 63 e3 ce da 57 4e c8 12 c9 6b 27 5c f3 44 d4 fc b4 16 07 65 e3 ac 4c c3 b5 a8 63 5e 53 80 ac f4 63 e8 91 46 e4 59 4c 5e f0 80 2f 13 65 6d 6d e2 ac dc 80 7e 72 85 37 14 c3 e5 d6 e0 a1 a2 0c 3b f8 a5 d9 df f3 32 17 ce 7b 51 b2 48 38 6f 45 09 6c 59 e3 fc 9c ad b9 de 49 00 a5 10 db 3a e3 35 98 65 3f 5c 4f db ec 52 67 97 c5 5c f4 37 b2 ce 45 f4 b0 da f1 5a 19 31 a7 e0 89 69 19 16 70 6d 39 6f 35 65 c1 0e fa ed 45 9f 59 75 de c5 b6 52 b4 ee 3a a5 fb 4d 26 f9 89 52 78 14 e0 0c 99 3c 86 fe ea c2 91 5e 24 49 72 09 ad d3 35 bb 0e 66 33 c7 7c 77 ac be b6 59 dd dc a0 8c b4 66 47 0a 1e fb 15 62 16 09 4b a2 a7 24 4d 17 20 c9 83 6f e0 3c 2a 49 5f 1a 4a 0b b4 34 0d b1 0e a6 01 fa ea 5e f0 38 09 92 45 77 c3 dd 2b a3 cf 74 0b 92 a6 01 7c 17 46 d2 88 13 9e cb 92 36 fd 1a 69 d1 3a 9e 71 ef 31 69 de ad 13 f8 f0 0d a6 5f 92 26 c1 49 d1 33 a5 a8 cc ad 56 07 30 b2 86 d6 06 5d ab 10 62 13 24 39 3f f4 4e a3 16 ad 9b d6 59 dc 83 d4 a2 75 f5 fb de 03 f1 75 77 c1 3f 8a 86 42 28 83 77 e5 84 0e 46 11 14 6a 50 eb aa 80 94 25 47 43 d2 2f e1 85 87 4d 3d 99 8e 2d bc c8 e0 ed 8c 75 24 da eb 50 37 f7 3c 90 4d 67 a7 3e f4 05 b3 1a e2 0f c0 96 06

Source: chromecache_59.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTA3j77e.woff2)
Source: chromecache_59.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2)
Source: chromecache_59.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTk3j77e.woff2)
Source: chromecache_59.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTo3j77e.woff2)
Source: chromecache_59.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTs3j77e.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2

Source: classification engine

Classification label: sus21.win@16/12@2/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1892,i,2478955387160764762,14780556682439643415,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://93.190.138.158/play/vod/eyJpdiI6InpGK2N4eDlwNWpueTBKSXVTanJSd2c9%20PSIsInZhbHVlIjoiY0RwWG1TMjVlRmIwRmw2YTA5K0VJdXczVEYzVGVOUDdSSkZaWT%20hHUzB0T2pzVldtWDY4L0hNYWlTMWM5b1FPcHZ5WGxTYnM2czhjU0xJTFFHRDV1Z%20Xc9PSIsIm1hYyI6IjE4ZjE5OGNjMmNmMmM5ZjdjNzYzMWI5NDU4NmRkYzIzNDFlM%20GMyMjA3YmRhMDhiY2NkOGViNDRkZDI5NTMyZmEiLCJ0YWciOiIifQ==/cc91aeef-2422-4088-8dea-2e5fc5d7ce3f.mp4"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1892,i,2478955387160764762,14780556682439643415,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected suspicious URL

Source: Email

JoeBoxAI: AI detected IP in URL: URL: http://93.190.138.158

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
93.190.138.158	unknown	Netherlands	49981	WORLDSTREAMNL	true
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8

Contacted Domains

Name	IP	Active
www.google.com	216.58.206.68	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://93.190.138.158/play/vod/eyJpdiI6InpGK2N4eDlwNWpueTBKSXVTanJSd2c9%20PSIsInZhbHVlIjoiY0RwWG1TMjVlRmIwRmw2YTA5K0VJdXczVEYzVGVOUDdSSkZaWT%20hHUzB0T2pzVldtWDY4L0hNYWlTMWM5b1FPcHZ5WGxTYnM2czhjU0xJTFFHRDV1Z%20Xc9PSIsIm1hYyI6IjE4ZjE5OGNjMmNmMmM5ZjdjNzYzMWI5NDU4NmRkYzIzNDFlM%20GMyMjA3YmRhMDhiY2NkOGViNDRkZDI5NTMyZmEiLCJ0YWciOiIifQ==/cc91aeef-2422-4088-8dea-2e5fc5d7ce3f.mp4	false		unknown
http://93.190.138.158/favicon.ico	true		unknown

ID:	1545481
Product:	CloudBasic
Start time:	15:55:19
Start date:	30.10.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 13:56:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F3E428B94C611B6D18052B6D5D3C3485	4908BC70B9F84ADA295D767184D653DB53F77B5A	74608B4DAA43B244B9D65FD0B7B49FFCC1243368C614F53468B7CD68B30183C5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 13:56:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	14885704F8D90D1EAE1E1FF7999B73FC	CDCC4D327992B8FCC561F03E48C39FD4AD92B249	219C9977A20DE205139F9DAC6FEE17EA6AF9BC427439040C2D9F9448C134120D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3A0F301948959024D47BA5DA272E26F6	BF054FDDFBDFC1C3D26575E83887C1F8CE3013FF	24AE0184776A32A01944D138EAFA7D0B357F5DDC01B021665BA215D25DEA9AC6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 13:56:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A9146D75C2D934EA6AA76DE88290627D	94D87F9FE9DFDD8D9AA119A74F79D05A2EBDA535	CDDC5E15E2C1BCF8CE390E9C897D16891F271999B4FD485712055B4453EC64E0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 13:56:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D75B666AC2B89848D9647F6EC65B3D1F	FCEBAB97802E50B633DD31320ADB56FDA10EC8D5	2501755C9EEB58A65B962E4CE38B4AE17FE9908B4C3E2A1B5B8DAF115DCE3252
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 13:56:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B17FC77400A05C5FD3C5E39CBFDC768D	B9C30B100185070DF6E91EBB15348569C905C051	E42E4897BE18D0011190F6063BFFA6EA7EE8FA2DD4E9C0695196A75BC23234FD
Chrome Cache Entry: 57	gzip compressed data, max speed, from Unix, original size modulo 2^32 6608	4401016EE719F779C941196C45133987	F0D5C0280F8C6C5F1FAD174AF4A23156BFD1AA56	60F1AF148979FCB182B1858C7E49F74BC1BCE2A1D45EE1A434C2A1EFB64A0351
Chrome Cache Entry: 58	Web Open Font Format (Version 2), TrueType, length 16292, version 1.0	CE485A2BDEE361BB271BD6D3CE1EE5CD	4F9A446275D160CCCD6666ADDEE65F849C9C5A50	923963E0A56B84C4438F2359121E855E147A01A78A2591C471179CFC9BF0E784
Chrome Cache Entry: 59	ASCII text	1E01FC7803EAAB4E6D5F1ECF0893FD5E	5B26CD6E08D58DCCED46F2B128C25B011CA8360D	E258547AD8EE5FC7E97CE146543210041C5AD1250FB45F1979B01D14D2CBA04A

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs