Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2

Overview

General Information

Sample URL:https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
Analysis ID:1546010

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
AI detected landing page (webpage, office document or email)
AI detected suspicious URL
Detected non-DNS traffic on DNS port
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1940,i,1843242222289890235,4708077021742970738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1740 --field-trial-handle=1940,i,1843242222289890235,4708077021742970738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.6.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    AI detected phishing page
    Source: https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/LLM: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'flaviarc.com' does not match the legitimate domain 'microsoft.com'., There is no direct association between 'flaviarc.com' and the brand 'Microsoft'., The URL does not contain any recognizable elements related to Microsoft., The domain 'flaviarc.com' appears unrelated to Microsoft and could be suspicious. DOM: 1.0.pages.csv
    Yara detected HtmlPhish54
    Source: Yara matchFile source: 0.6.id.script.csv, type: HTML
    Source: https://0niine.thehealthconsumer.org/?3r4=6Uw1UHTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 120px; height: 40px; overflow: hidden; position: relative;"]
    Source: https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/HTTP Parser: No favicon
    Source: https://0niine.thehealthconsumer.org/?3r4=6Uw1UHTTP Parser: No favicon
    Source: https://0niine.thehealthconsumer.org/?3r4=6Uw1UHTTP Parser: No favicon
    Source: https://0niine.thehealthconsumer.org/?3r4=6Uw1UHTTP Parser: No favicon
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49722 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49723 version: TLS 1.2
    Source: global trafficTCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: flaviarc.com
    Source: global trafficDNS traffic detected: DNS query: png.pngtree.com
    Source: global trafficDNS traffic detected: DNS query: www.w3schools.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: 0niine.thehealthconsumer.org
    Source: global trafficDNS traffic detected: DNS query: b1b3b870-98c17c0a.thehealthconsumer.org
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49722 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49723 version: TLS 1.2
    Source: classification engineClassification label: mal64.phis.win@21/15@24/169
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1940,i,1843242222289890235,4708077021742970738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1940,i,1843242222289890235,4708077021742970738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1740 --field-trial-handle=1940,i,1843242222289890235,4708077021742970738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1740 --field-trial-handle=1940,i,1843242222289890235,4708077021742970738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: Window RecorderWindow detected: More than 3 window changes detected

    Persistence and Installation Behavior

    barindex
    AI detected landing page (webpage, office document or email)
    Source: https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/LLM: Page contains button: 'Submit' Source: '1.0.pages.csv'
    AI detected suspicious URL
    Source: EmailJoeBoxAI: AI detected Brand spoofing attempt in URL: URL: https://0niine.thehealthconsumer.org
    Source: EmailJoeBoxAI: AI detected Typosquatting in URL: URL: https://0niine.thehealthconsumer.org
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
    Browser Extensions    		1
    Process Injection    		1
    Masquerading    		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    Registry Run Keys / Startup Folder    		1
    Registry Run Keys / Startup Folder    		1
    Process Injection    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    png.pngtree.com
    		104.18.3.157
    		truefalse
      		unknown
      cs837.wac.edgecastcdn.net
      		192.229.133.221
      		truefalse
        		unknown
        b1b3b870-98c17c0a.thehealthconsumer.org
        		50.116.54.61
        		truefalse
          		unknown
          www.google.com
          		142.250.184.228
          		truefalse
            		unknown
            flaviarc.com
            		195.35.38.103
            		truetrue
              		unknown
              0niine.thehealthconsumer.org
              		50.116.54.61
              		truetrue
                		unknown
                www.w3schools.com
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/true
                    		unknown
                    https://0niine.thehealthconsumer.org/?3r4=6Uw1Ufalse
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      142.250.186.68
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.185.67
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.186.67
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      142.250.186.170
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      172.217.16.206
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      172.217.18.14
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      195.35.38.103
                      		flaviarc.comGermany
                      		8359MTSRUtrue
                      173.194.76.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      192.229.133.221
                      		cs837.wac.edgecastcdn.netUnited States
                      		15133EDGECASTUSfalse
                      104.18.2.157
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      216.58.206.36
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      216.58.206.35
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.185.170
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      142.250.185.196
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.185.163
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      104.18.3.157
                      		png.pngtree.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      142.250.186.164
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.184.228
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      172.217.16.195
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      50.116.54.61
                      		b1b3b870-98c17c0a.thehealthconsumer.orgUnited States
                      		63949LINODE-APLinodeLLCUStrue

                      Private

                      IP
                      192.168.2.16

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1546010
                      Start date and time:2024-10-31 11:27:32 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Sample URL:https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:16
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal64.phis.win@21/15@24/169

                      Warnings

                      • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 172.217.18.14, 142.250.185.67, 173.194.76.84, 34.104.35.123, 142.250.186.170, 172.217.18.10, 142.250.185.170, 142.250.186.74, 142.250.184.202, 142.250.185.106, 142.250.186.106, 142.250.185.74, 142.250.186.42, 142.250.186.138, 142.250.185.138, 172.217.16.202, 142.250.74.202, 142.250.184.234, 172.217.18.106, 216.58.206.74
                      • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com
                      • Not all processes where analyzed, report is missing behavior information
                      • VT rate limit hit for: https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/

                      LLM Input / Output

                      InputOutput
                      URL: Model: claude-3-5-sonnet-latest
                      {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                      URL: URL: https://flaviarc.com
                      URL: https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2 Model: claude-3-haiku-20240307
                      ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Complete Captcha: 10 + 6?",
  "prominent_button_name": "Submit",
  "text_input_field_labels": [
    "Answer"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                      URL: https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2 Model: claude-3-haiku-20240307
                      ```json
{
  "brands": [
    "Microsoft"
  ]
}
                      URL: https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2 Model: gpt-4o
                      ```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is classified as 'wellknown'.",    "The URL 'flaviarc.com' does not match the legitimate domain 'microsoft.com'.",    "There is no direct association between 'flaviarc.com' and the brand 'Microsoft'.",    "The URL does not contain any recognizable elements related to Microsoft.",    "The domain 'flaviarc.com' appears unrelated to Microsoft and could be suspicious."  ],  "riskscore": 9}
Google indexed: False
                      URL: flaviarc.com
            Brands: Microsoft
            Input Fields: Answer
                      URL: Model: claude-3-5-sonnet-latest
                      {
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": true,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}
                      URL: URL: https://0niine.thehealthconsumer.org

                      Created / dropped Files

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:28:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2673
                      Entropy (8bit):3.9852046195736843
                      Encrypted:false
                      SSDEEP:
                      MD5:3F9BDFE4450963449AC17D297DE48415
                      SHA1:DA0A19088E50B631AE70086DFBCD8D0087299EAC
                      SHA-256:5683E7943C600A5C26F0B9D4E4E54E34DB2A17604B7566D6419B1CC67DD4D468
                      SHA-512:A6C5AEC4D55D5A02782F96E2B25A0C39CF04EAFD13E3D219C2F08B8D8E7A3565437DD3C18C4CDEB448CF795DBCC075BBFC6FF1BD5409C3003F3B3D6119CC4406
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....;...+..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_YyS....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_Y.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........AN/......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2689
                      Entropy (8bit):4.006761210428973
                      Encrypted:false
                      SSDEEP:
                      MD5:2E4F51681AA8AC71B334F662847BD5B5
                      SHA1:FF26BC11A3C902F1B8F893B19503A533EA35026E
                      SHA-256:C9D1950DED607CDA18F15FE3CFC22D3A29D5F28EF3FF7267E5B694062E7FF7BE
                      SHA-512:F70E0DFDAA8182DE7E5C02FFCF4C29F98E4149C8F67CEE62725D72005ABC8C0D57B1F0934CAC0B9A0296627AF517A040C45B46235DC344A6E29E8027734AD882
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_YyS....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........AN/......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:28:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.986865904754511
                      Encrypted:false
                      SSDEEP:
                      MD5:02A1194E780C1EF9C159B791D027164B
                      SHA1:3C37B2EF910D78E0A919934F14879E9826EA91A9
                      SHA-256:D996C07C3539F11A5D46697F4B15252AEB8C38E7C7DC9CE3113CBBE789CF82EA
                      SHA-512:8F5B41447453AD2C43871254D6BADD14A3D6C582A3BDFA51EF71ADBB15FE5BB66CF8FB72ACFFDBFF1F3D5C8FA2A70A852B4372502CB5E693A1A24482BFCDA14D
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....c!...+..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_YyS....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_Y.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........AN/......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:28:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):3.9964914239955305
                      Encrypted:false
                      SSDEEP:
                      MD5:16830E8A9BA25156C3DF21DAD0C67E3C
                      SHA1:8AA4AEC29AFD209662F978DEC371ED21D553319D
                      SHA-256:CDC2FBBAC47551C4E5EF8505942D1BE069F6449E4EC840D18CAB5B5B35D182D8
                      SHA-512:6D7F329C38499FB859C1406508F09D91F91148CF2236E11F86D435892218A9EF9C3B012BD703DCCB36C38FD0D327A0DB114F8F94A95A44F896FB1A48B28B7A69
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,........+..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_YyS....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_Y.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........AN/......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      Chrome Cache Entry: 66

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (355)
                      Category:downloaded
                      Size (bytes):2457
                      Entropy (8bit):5.02115483997928
                      Encrypted:false
                      SSDEEP:
                      MD5:E53FDF76753EDCD8773AB17AE968BFD6
                      SHA1:4BEA38CD83442080BDF51CD1DB206715F9198955
                      SHA-256:3D70CE95EB1EB78620CC57FE1A6A479E6F2D70508BF813238E573863DF000D6E
                      SHA-512:F168878F0D1047CE3775A511EE5CFFED3AFC7A47081304B4C884B6099DACE99A17E473B727F5AFCC87B0E0C1DF461439F821B2DBCF341F94B9C206E8487C7888
                      Malicious:false
                      Reputation:unknown
                      URL:https://flaviarc.com/favicon.ico
                      Preview:<!DOCTYPE html>.<html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#">..<head>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">. <style type="text/css">. @charset "UTF-8";. [ng\:cloak],. [ng-cloak],. [data-ng-cloak],. [x-ng-cloak],. .ng-cloak,. .x-ng-cloak,. .ng-hide:not(.ng-hide-animate) {. display: none !important;. }.. ng\:form {. display: block;. }.. .ng-animate-shim {. visibility: hidden;. }.. .ng-anchor {. position: absolute;. }. </style>. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name

                      Chrome Cache Entry: 68

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):16
                      Entropy (8bit):3.75
                      Encrypted:false
                      SSDEEP:
                      MD5:AFB69DF47958EB78B4E941270772BD6A
                      SHA1:D9FE9A625E906FF25C1F165E7872B1D9C731E78E
                      SHA-256:874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
                      SHA-512:FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
                      Malicious:false
                      Reputation:unknown
                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAm1sjj2IHPwchIFDVNaR8U=?alt=proto
                      Preview:CgkKBw1TWkfFGgA=

                      Chrome Cache Entry: 71

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 360 x 360, 8-bit/color RGBA, non-interlaced
                      Category:downloaded
                      Size (bytes):24653
                      Entropy (8bit):7.929500874724472
                      Encrypted:false
                      SSDEEP:
                      MD5:4F2F14A5205CC2CA97976AD77F9A0E49
                      SHA1:96609FA33D3ADB2CC27E010CF8C2BEFACB95157C
                      SHA-256:59B1EAC3CECDE78BD929CA198B48E4009C9AA32764E04B27982B3AB1F755AC0E
                      SHA-512:F968C679CA6D1721AFF3A5D6FB2A9FB0914BB21D21D329E2CDBA3BADC035257CB6482A531D0A8C3D073AE026654351268A0388ABA4627C2F5A0147E1CEF8BD37
                      Malicious:false
                      Reputation:unknown
                      URL:https://png.pngtree.com/png-vector/20220628/ourmid/pngtree-voice-message-symbol-voicemail-call-png-image_5289705.png
                      Preview:.PNG........IHDR...h...h.....z.a.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME...... I.?..._QIDATx.....gu....;.1.b.0.L..u...O.gV...6$tB.`.-...{.ro....pIn...!.P...m.*.......wgg........Hk{F.l.K{.....V....3.=.<...!.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. '...W..%.q?~v........'............e-...M.s.YE+~.bx....G.......Q.+.B.rX.H.y..%n...[z.}w.f..P..~.?..Gz......a.d.wh...->...x.#....%4..K..FN=..Uo#+.M..\..K..5..5m...z..g......).wC)..A-.....v..lg..wv._........8$...*..~->....P.F.h'...$<.N8x

                      Chrome Cache Entry: 72

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (1434), with no line terminators
                      Category:downloaded
                      Size (bytes):1434
                      Entropy (8bit):5.772615582885105
                      Encrypted:false
                      SSDEEP:
                      MD5:D65A07148C3BC2CAA55AA19EEB08BF83
                      SHA1:FEE4A6CB2887B32B69F2539AB85073051CFEA226
                      SHA-256:B7920C3EE4D6BB39BEE9AEAD6CBF6E02254F8B2EC119B695FE252837CB2E69A0
                      SHA-512:03E29194DE6CDA7EA9B9EABE6F8D52C5C4BA8B1369F26E75355C84B5E77759A9C9108E4C8EC4E508CB2A32D6931F333DC4365BBA85573360708EB72BB9C76F2A
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.google.com/recaptcha/api.js
                      Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A/kargTFyk8MR5ueravczef/wIlTkbVk1qXQesp39nV+xNECPdLBVeYffxrM8TmZT6RArWGQVCJ0LRivD7glcAUAAACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='treatment_1.2'&&l!=='control_1.1'){d.head.prepend(m)

                      Chrome Cache Entry: 73

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                      Category:downloaded
                      Size (bytes):2228
                      Entropy (8bit):7.82817506159911
                      Encrypted:false
                      SSDEEP:
                      MD5:EF9941290C50CD3866E2BA6B793F010D
                      SHA1:4736508C795667DCEA21F8D864233031223B7832
                      SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                      SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                      Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                      Chrome Cache Entry: 74

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                      Category:downloaded
                      Size (bytes):15344
                      Entropy (8bit):7.984625225844861
                      Encrypted:false
                      SSDEEP:
                      MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                      SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                      SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                      SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                      Malicious:false
                      Reputation:unknown
                      URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                      Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                      Chrome Cache Entry: 75

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (701)
                      Category:downloaded
                      Size (bytes):558800
                      Entropy (8bit):5.6661858145390775
                      Encrypted:false
                      SSDEEP:
                      MD5:88A5FED5C87B1D3704AB225CFBE7A130
                      SHA1:D64243C18FBAA356E4ABAE8414CCC4772D64060B
                      SHA-256:F8E5F5CE9FF44073CFF24BCD3D2B8AA4E67B67891B14FF929FE4743880FDF82E
                      SHA-512:8B8D1C9F4C36FD2383C96D0D484A6692F70422934BCCD3DB1F0787E1B753F7D5A8F0C91934805C4D865AED3D4673FF478F0AE23746D0C0E005E60848543B3D33
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__en.js
                      Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var k=function(){return[function(n,S,D,d,Z,l,h,R,O){return(((n^53)&19)==((n&((((R=[34,2,46],n|72)==n&&(O=St(function(G,A,L){return L=(A=(G=function(f,H){return(f[(H=["replace","indexOf","trim"],H)[1]](d)!=-1&&(f=f.slice(f[H[1]](d))),f)[H[0]](/\s+/g,S)[H[0]](/\n/g,Z)[H[2]]()},G(Z+l)),G(Z+h)),A==L},D)),n)|56)==n&&(h=["https","",0],D=="*"?O="*":(d=g[R[2]](24,!0,h[1],new OI(D)),l=N[30](58,d,h[1]),Z=N[36](25,h[1],g[40](40,l,h[1]),v[21](R[1],1,S,D)),Z.D!=S||(Z.A==h[0]?E[30](90,h[R[1]],443,Z):Z.A=="http"&&.E[30](96,h[R[1]],80,Z)),O=Z.toString())),11))==n&&b.call(this,S),1)&&(O=x[42](16,C[42](44,v[R[0]](23,12),S),[u[20](3

                      Chrome Cache Entry: 76

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:downloaded
                      Size (bytes):78685
                      Entropy (8bit):6.020288496082252
                      Encrypted:false
                      SSDEEP:
                      MD5:47BEA70318B724B1A99A1D571FF58807
                      SHA1:B66FFE704AD2FE84DA8211D6351727568FD68B78
                      SHA-256:11A188A204934185AB5649A1F838FE771C3D84C928BC8286EF999FB5B8DEDA69
                      SHA-512:7995460AB00A68E3433EA72F19FCB1BCD8485BF4CAF978FF5C47193F110899AA824AC4A697285E908A5F66C693604A0227E60B3D3D948115C4C3490022B82E3D
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/styles__ltr.css
                      Preview:.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAAGYktHRAD/AP8A/6C9p5MAAHq9SURBVHja7Z15fFTl9f/fd9ZM9n1PgCyEXSSRNYKCgAuiIipuVSuudavV1tq6W/WrtnWrrZbWDZUqUqUoCoIEQhBI2JesELKvM9mTWe7c3x83d5xAlkky8fv92ft5vfKC19znOWfuZ571POc5B1SoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKHifwGCRqsTNFrdj6VPq9XqtNofT9+wvutQyEyad8t9IaPPntFUd

                      Chrome Cache Entry: 78

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):16
                      Entropy (8bit):3.875
                      Encrypted:false
                      SSDEEP:
                      MD5:48E017A424F0CA6F54AF910B08A626C5
                      SHA1:F66762CC5695A4F6B7FA163D16D9B25193197AED
                      SHA-256:BC4564CB4C2FEBEEBBF0897CF924BE8A59E7CF587616E69F8606B5C3547B0EC9
                      SHA-512:5F786D4BCDCBEC59E85E867F84C567CDC11C8193C90E7EF05FD0B309D69F361CB800A4DF6A638A61DBDEDAD15D949AD50B5C22A67596B86013F7D767DA1C3E64
                      Malicious:false
                      Reputation:unknown
                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlTd3sjAi6HORIFDShHWPM=?alt=proto
                      Preview:CgkKBw0oR1jzGgA=

                      Chrome Cache Entry: 79

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Ogg data, Skeleton v3.0
                      Category:downloaded
                      Size (bytes):614492
                      Entropy (8bit):7.95639416523849
                      Encrypted:false
                      SSDEEP:
                      MD5:02B379B4FFA5291C35D87DC4C189E6B7
                      SHA1:B8282AED7163108CE6A7416A49B1C96E2209985C
                      SHA-256:E5288E9895AC771D6D2DF2CF7C6AF6D6511AEF8D13BB85488B6912E0B672ADB1
                      SHA-512:8BBE3558B4FF685DD9522E35F2C0A6458974B1E707D70BF0EC43D993B3D27C04521F2B459714CB595265004EA6939AC2643B42F8975EB4776BBABCEFC83451CE
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.w3schools.com/html/mov_bbb.ogg:2f84598f18a4b3:0
                      Preview:OggS..........(........T...@fishead.........................................................OggS..........*S......L....*.theora.........@.........................OggS...........z.......p[....vorbis..............q........OggS...........%.......j.-.@.kate.......... ........._......................SUB.............OggS..........(........FY..PPVfisbone.,...*S......................................Content-Type: video/theora..fisbone.,....z......................................Content-Type: audio/vorbis..fisbone.,....%......._.......................... ...Content-Type: application/x-kate..OggS..........*S......b...................theora+...Xiph.Org libtheora 1.1 20090822 (Thusnelda)....#...ENCODER=ffmpeg2theora-0.26+svn16924....SOURCE_OSHASH=2030cb0e17774410.theora..(...k...IJ.s..1.R..!.1.b..!.@..........m.Sg...V..x9[l.*.h.T(.)$Z..y9..fS.x.U)..$...|<....A..V*...b!.|<.....@.8....6y,..a/....b.V..B.2.E.....e0..%R.8.H!......j4...b.@.F"......`,....@...............................................

                      Chrome Cache Entry: 80

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):5410
                      Entropy (8bit):4.51431267149502
                      Encrypted:false
                      SSDEEP:
                      MD5:A05174C582BB5B3FB5C757884CD651B5
                      SHA1:3061A406BAEDE13A31F1EBE09E68482D83AEC4EB
                      SHA-256:CB37B11AF3B9D41BE2473746421C678F51CEA12821DC5F2C77E0DA469B307BAE
                      SHA-512:E43F34718008BF1D3F1F3D8BA989FD7CD2C95359C0505E22B1BB1CB5DFB3992EE917E09A8C002E650D3F495A1A0DFFC03085CC69E5C2CBE675768F051E293254
                      Malicious:false
                      Reputation:unknown
                      URL:https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/
                      Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Secure Access - Voice Mail</title>.. <meta name="robots" content="noindex, nofollow">.. <style>.. body {.. display: flex;.. flex-direction: column;.. align-items: center;.. justify-content: center;.. height: 100vh;.. font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;.. background-color: #f7f7f7;.. margin: 0;.. color: #333;.. }.. .container {.. text-align: center;.. margin-bottom: 20px;.. }.. .logo {.. width: 120px;.. margin-bottom: 10px;.. }.. #mathQuestionModal {.. display: none;.. position: fixed;.. left: 50%;.. top: 50%;.. transform: translate(-50%, -50%);..

                      Static File Info

                      No static file info