Edit tour

Windows Analysis Report
https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%

Overview

General Information

Sample URL:	https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRN
Analysis ID:	1592150
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Form action URLs do not match main URL

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3168 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2236,i,14419739948207854976,17419969883120276566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWViZTZiMWQtYzA5Yi00ZDk3LTk3NDMtYWNiODk2NDhkMmIwMzg1NDA4NDMtNTcxYS00MjE3LWIwYmItNWE0ZjY3MDIwNWIz&state=CfDJ8KgkDTOKMMpOuP36p3DozxsFursk5PSsorWoh4tyne5_El5GnOJMHRff52ZWRNh7ApdIOwqJ1v7hCfPbbsNdVy5N0U12cFwLOTqqPeN_JvcUuIgRyZ_6k76ImUXlkyh_ii-r8bzpKxl9CyUE9RLIvmPtySOjY9jIx7F8NhmyClqaWPTyZN5bHJdK9AvO1NzqODYj4m4HYY2ApOyf3Z8tiauKcZdcLpDAY7D_LHvdenTu95LofVh-yaU1Qp6O-WPNy0isWN_yakoqSJfSBbvRndBVOPRiNweDU9tzlpbPB8barcLK_4ld4fDrciRP1pmoz9lBw4jd9LanCNkFhHi0BW6slnSCSyUmj22Z7wKRCU0NcKy9oDz5XmDFoLiASRBLcpK5fHFlXurU5OiipIhzHTXrHVmtyaQNI88grRWHNvi95RC_HL-8fBtd4Iql1FYVez7o-3qstxutuT5Ug6J4tEk63JVn-2mwnn3dZa8tonUxG2OSSkcjFmIvN2O54b__Iw	HTTP Parser: Form action: https://identity.eu.my-clay.com/federation/apple/signin apple my-clay
Source: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWViZTZiMWQtYzA5Yi00ZDk3LTk3NDMtYWNiODk2NDhkMmIwMzg1NDA4NDMtNTcxYS00MjE3LWIwYmItNWE0ZjY3MDIwNWIz&state=CfDJ8KgkDTOKMMpOuP36p3DozxsFursk5PSsorWoh4tyne5_El5GnOJMHRff52ZWRNh7ApdIOwqJ1v7hCfPbbsNdVy5N0U12cFwLOTqqPeN_JvcUuIgRyZ_6k76ImUXlkyh_ii-r8bzpKxl9CyUE9RLIvmPtySOjY9jIx7F8NhmyClqaWPTyZN5bHJdK9AvO1NzqODYj4m4HYY2ApOyf3Z8tiauKcZdcLpDAY7D_LHvdenTu95LofVh-yaU1Qp6O-WPNy0isWN_yakoqSJfSBbvRndBVOPRiNweDU9tzlpbPB8barcLK_4ld4fDrciRP1pmoz9lBw4jd9LanCNkFhHi0BW6slnSCSyUmj22Z7wKRCU0NcKy9oDz5XmDFoLiASRBLcpK5fHFlXurU5OiipIhzHTXrHVmtyaQNI88grRWHNvi95RC_HL-8fBtd4Iql1FYVez7o-3qstxutuT5Ug6J4tEk63JVn-2mwnn3dZa8tonUxG2OSSkcjFmIvN2O54b__Iw	HTTP Parser: Form action: https://identity.eu.my-clay.com/federation/apple/signin apple my-clay

Source: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWViZTZiMWQtYzA5Yi00ZDk3LTk3NDMtYWNiODk2NDhkMmIwMzg1NDA4NDMtNTcxYS00MjE3LWIwYmItNWE0ZjY3MDIwNWIz&state=CfDJ8KgkDTOKMMpOuP36p3DozxsFursk5PSsorWoh4tyne5_El5GnOJMHRff52ZWRNh7ApdIOwqJ1v7hCfPbbsNdVy5N0U12cFwLOTqqPeN_JvcUuIgRyZ_6k76ImUXlkyh_ii-r8bzpKxl9CyUE9RLIvmPtySOjY9jIx7F8NhmyClqaWPTyZN5bHJdK9AvO1NzqODYj4m4HYY2ApOyf3Z8tiauKcZdcLpDAY7D_LHvdenTu95LofVh-yaU1Qp6O-WPNy0isWN_yakoqSJfSBbvRndBVOPRiNweDU9tzlpbPB8barcLK_4ld4fDrciRP1pmoz9lBw4jd9LanCNkFhHi0BW6slnSCSyUmj22Z7wKRCU0NcKy9oDz5XmDFoLiASRBLcpK5fHFlXurU5OiipIhzHTXrHVmtyaQNI88grRWHNvi95RC_HL-8fBtd4Iql1FYVez7o-3qstxutuT5Ug6J4tEk63JVn-2mwnn3dZa8tonUxG2OSSkcjFmIvN2O54b__Iw

HTTP Parser: Number of links: 0

HTTP Parser: Base64 decoded: 5ebe6b1d-c09b-4d97-9743-acb89648d2b038540843-571a-4217-b0bb-5a4f670205b3

Source: https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb	HTTP Parser: Title: Complete your profile does not match URL
Source: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWViZTZiMWQtYzA5Yi00ZDk3LTk3NDMtYWNiODk2NDhkMmIwMzg1NDA4NDMtNTcxYS00MjE3LWIwYmItNWE0ZjY3MDIwNWIz&state=CfDJ8KgkDTOKMMpOuP36p3DozxsFursk5PSsorWoh4tyne5_El5GnOJMHRff52ZWRNh7ApdIOwqJ1v7hCfPbbsNdVy5N0U12cFwLOTqqPeN_JvcUuIgRyZ_6k76ImUXlkyh_ii-r8bzpKxl9CyUE9RLIvmPtySOjY9jIx7F8NhmyClqaWPTyZN5bHJdK9AvO1NzqODYj4m4HYY2ApOyf3Z8tiauKcZdcLpDAY7D_LHvdenTu95LofVh-yaU1Qp6O-WPNy0isWN_yakoqSJfSBbvRndBVOPRiNweDU9tzlpbPB8barcLK_4ld4fDrciRP1pmoz9lBw4jd9LanCNkFhHi0BW6slnSCSyUmj22Z7wKRCU0NcKy9oDz5XmDFoLiASRBLcpK5fHFlXurU5OiipIhzHTXrHVmtyaQNI88grRWHNvi95RC_HL-8fBtd4Iql1FYVez7o-3qstxutuT5Ug6J4tEk63JVn-2mwnn3dZa8tonUxG2OSSkcjFmIvN2O54b__Iw	HTTP Parser: Title: Sign in to AppleAccount does not match URL

Source: https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb	HTTP Parser: <input type="password" .../> found
Source: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWViZTZiMWQtYzA5Yi00ZDk3LTk3NDMtYWNiODk2NDhkMmIwMzg1NDA4NDMtNTcxYS00MjE3LWIwYmItNWE0ZjY3MDIwNWIz&state=CfDJ8KgkDTOKMMpOuP36p3DozxsFursk5PSsorWoh4tyne5_El5GnOJMHRff52ZWRNh7ApdIOwqJ1v7hCfPbbsNdVy5N0U12cFwLOTqqPeN_JvcUuIgRyZ_6k76ImUXlkyh_ii-r8bzpKxl9CyUE9RLIvmPtySOjY9jIx7F8NhmyClqaWPTyZN5bHJdK9AvO1NzqODYj4m4HYY2ApOyf3Z8tiauKcZdcLpDAY7D_LHvdenTu95LofVh-yaU1Qp6O-WPNy0isWN_yakoqSJfSBbvRndBVOPRiNweDU9tzlpbPB8barcLK_4ld4fDrciRP1pmoz9lBw4jd9LanCNkFhHi0BW6slnSCSyUmj22Z7wKRCU0NcKy9oDz5XmDFoLiASRBLcpK5fHFlXurU5OiipIhzHTXrHVmtyaQNI88grRWHNvi95RC_HL-8fBtd4Iql1FYVez7o-3qstxutuT5Ug6J4tEk63JVn-2mwnn3dZa8tonUxG2OSSkcjFmIvN2O54b__Iw	HTTP Parser: <input type="password" .../> found

Source: https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb	HTTP Parser: No <meta name="author".. found
Source: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWViZTZiMWQtYzA5Yi00ZDk3LTk3NDMtYWNiODk2NDhkMmIwMzg1NDA4NDMtNTcxYS00MjE3LWIwYmItNWE0ZjY3MDIwNWIz&state=CfDJ8KgkDTOKMMpOuP36p3DozxsFursk5PSsorWoh4tyne5_El5GnOJMHRff52ZWRNh7ApdIOwqJ1v7hCfPbbsNdVy5N0U12cFwLOTqqPeN_JvcUuIgRyZ_6k76ImUXlkyh_ii-r8bzpKxl9CyUE9RLIvmPtySOjY9jIx7F8NhmyClqaWPTyZN5bHJdK9AvO1NzqODYj4m4HYY2ApOyf3Z8tiauKcZdcLpDAY7D_LHvdenTu95LofVh-yaU1Qp6O-WPNy0isWN_yakoqSJfSBbvRndBVOPRiNweDU9tzlpbPB8barcLK_4ld4fDrciRP1pmoz9lBw4jd9LanCNkFhHi0BW6slnSCSyUmj22Z7wKRCU0NcKy9oDz5XmDFoLiASRBLcpK5fHFlXurU5OiipIhzHTXrHVmtyaQNI88grRWHNvi95RC_HL-8fBtd4Iql1FYVez7o-3qstxutuT5Ug6J4tEk63JVn-2mwnn3dZa8tonUxG2OSSkcjFmIvN2O54b__Iw	HTTP Parser: No <meta name="author".. found
Source: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWViZTZiMWQtYzA5Yi00ZDk3LTk3NDMtYWNiODk2NDhkMmIwMzg1NDA4NDMtNTcxYS00MjE3LWIwYmItNWE0ZjY3MDIwNWIz&state=CfDJ8KgkDTOKMMpOuP36p3DozxsFursk5PSsorWoh4tyne5_El5GnOJMHRff52ZWRNh7ApdIOwqJ1v7hCfPbbsNdVy5N0U12cFwLOTqqPeN_JvcUuIgRyZ_6k76ImUXlkyh_ii-r8bzpKxl9CyUE9RLIvmPtySOjY9jIx7F8NhmyClqaWPTyZN5bHJdK9AvO1NzqODYj4m4HYY2ApOyf3Z8tiauKcZdcLpDAY7D_LHvdenTu95LofVh-yaU1Qp6O-WPNy0isWN_yakoqSJfSBbvRndBVOPRiNweDU9tzlpbPB8barcLK_4ld4fDrciRP1pmoz9lBw4jd9LanCNkFhHi0BW6slnSCSyUmj22Z7wKRCU0NcKy9oDz5XmDFoLiASRBLcpK5fHFlXurU5OiipIhzHTXrHVmtyaQNI88grRWHNvi95RC_HL-8fBtd4Iql1FYVez7o-3qstxutuT5Ug6J4tEk63JVn-2mwnn3dZa8tonUxG2OSSkcjFmIvN2O54b__Iw	HTTP Parser: No <meta name="author".. found

Source: https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb	HTTP Parser: No <meta name="copyright".. found
Source: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWViZTZiMWQtYzA5Yi00ZDk3LTk3NDMtYWNiODk2NDhkMmIwMzg1NDA4NDMtNTcxYS00MjE3LWIwYmItNWE0ZjY3MDIwNWIz&state=CfDJ8KgkDTOKMMpOuP36p3DozxsFursk5PSsorWoh4tyne5_El5GnOJMHRff52ZWRNh7ApdIOwqJ1v7hCfPbbsNdVy5N0U12cFwLOTqqPeN_JvcUuIgRyZ_6k76ImUXlkyh_ii-r8bzpKxl9CyUE9RLIvmPtySOjY9jIx7F8NhmyClqaWPTyZN5bHJdK9AvO1NzqODYj4m4HYY2ApOyf3Z8tiauKcZdcLpDAY7D_LHvdenTu95LofVh-yaU1Qp6O-WPNy0isWN_yakoqSJfSBbvRndBVOPRiNweDU9tzlpbPB8barcLK_4ld4fDrciRP1pmoz9lBw4jd9LanCNkFhHi0BW6slnSCSyUmj22Z7wKRCU0NcKy9oDz5XmDFoLiASRBLcpK5fHFlXurU5OiipIhzHTXrHVmtyaQNI88grRWHNvi95RC_HL-8fBtd4Iql1FYVez7o-3qstxutuT5Ug6J4tEk63JVn-2mwnn3dZa8tonUxG2OSSkcjFmIvN2O54b__Iw	HTTP Parser: No <meta name="copyright".. found
Source: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWViZTZiMWQtYzA5Yi00ZDk3LTk3NDMtYWNiODk2NDhkMmIwMzg1NDA4NDMtNTcxYS00MjE3LWIwYmItNWE0ZjY3MDIwNWIz&state=CfDJ8KgkDTOKMMpOuP36p3DozxsFursk5PSsorWoh4tyne5_El5GnOJMHRff52ZWRNh7ApdIOwqJ1v7hCfPbbsNdVy5N0U12cFwLOTqqPeN_JvcUuIgRyZ_6k76ImUXlkyh_ii-r8bzpKxl9CyUE9RLIvmPtySOjY9jIx7F8NhmyClqaWPTyZN5bHJdK9AvO1NzqODYj4m4HYY2ApOyf3Z8tiauKcZdcLpDAY7D_LHvdenTu95LofVh-yaU1Qp6O-WPNy0isWN_yakoqSJfSBbvRndBVOPRiNweDU9tzlpbPB8barcLK_4ld4fDrciRP1pmoz9lBw4jd9LanCNkFhHi0BW6slnSCSyUmj22Z7wKRCU0NcKy9oDz5XmDFoLiASRBLcpK5fHFlXurU5OiipIhzHTXrHVmtyaQNI88grRWHNvi95RC_HL-8fBtd4Iql1FYVez7o-3qstxutuT5Ug6J4tEk63JVn-2mwnn3dZa8tonUxG2OSSkcjFmIvN2O54b__Iw	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /?callback=jQuery37105484807738369033_1736970097837&_=1736970097838 HTTP/1.1Host: ipinfo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?callback=jQuery37105484807738369033_1736970097837&_=1736970097838 HTTP/1.1Host: ipinfo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_141.2.dr	String found in binary or memory: "https://www.facebook.com/Apple", equals www.facebook.com (Facebook)
Source: chromecache_141.2.dr	String found in binary or memory: "https://www.linkedin.com/company/apple", equals www.linkedin.com (Linkedin)
Source: chromecache_141.2.dr	String found in binary or memory: "https://www.twitter.com/Apple" equals www.twitter.com (Twitter)
Source: chromecache_141.2.dr	String found in binary or memory: "https://www.youtube.com/user/Apple", equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: identity.eu.my-clay.com
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: is1-ssl.mzstatic.com

Source: chromecache_188.2.dr, chromecache_196.2.dr, chromecache_130.2.dr, chromecache_158.2.dr	String found in binary or memory: http://baris.aydinoglu.info)
Source: chromecache_188.2.dr, chromecache_196.2.dr, chromecache_130.2.dr, chromecache_158.2.dr	String found in binary or memory: http://barisaydinoglu.github.com/Detectizr/
Source: chromecache_181.2.dr, chromecache_199.2.dr, chromecache_175.2.dr, chromecache_173.2.dr	String found in binary or memory: http://canjs.com/
Source: chromecache_144.2.dr, chromecache_143.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_137.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_137.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_158.2.dr	String found in binary or memory: http://github.com/Modernizr/Modernizr/issues/1182
Source: chromecache_199.2.dr, chromecache_175.2.dr	String found in binary or memory: http://github.com/RobinHerbots/jquery.inputmask
Source: chromecache_166.2.dr, chromecache_126.2.dr, chromecache_199.2.dr, chromecache_175.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_181.2.dr, chromecache_173.2.dr	String found in binary or memory: http://purl.eligrey.com/github/classList.js/blob/master/classList.js
Source: chromecache_141.2.dr	String found in binary or memory: http://schema.org
Source: chromecache_141.2.dr	String found in binary or memory: http://schema.org/
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: http://srufaculty.sru.edu/david.dailey/svg/newstuff/clipPath4.svg
Source: chromecache_181.2.dr, chromecache_173.2.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_202.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_184.2.dr, chromecache_202.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Copyright
Source: chromecache_199.2.dr, chromecache_175.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_141.2.dr	String found in binary or memory: http://www.wikidata.org/entity/Q312
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: http://yepnopejs.com.
Source: chromecache_141.2.dr	String found in binary or memory: https://account.apple.com/
Source: chromecache_171.2.dr, chromecache_127.2.dr, chromecache_172.2.dr, chromecache_167.2.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/jsapi/acknowledgements.txt
Source: chromecache_141.2.dr	String found in binary or memory: https://apps.apple.com/us/app/apple-store/id375380948
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=129004
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://codepen.io/eltonmesquita/full/GgXbvo/
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://css-tricks.com/almanac/properties/a/appearance/
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://dev.w3.org/csswg/css3-conditional/#at-supports
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://dev.w3.org/csswg/css3-conditional/#the-csssupportsrule-interface
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Clipboard
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement.toDataURL
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Window/scrollTo
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/-moz-appearance
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/filter
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://developer.mozilla.org/en/docs/HTML/Using_the_application_cache
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://developers.whatwg.org/links.html#downloading-resources
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://drafts.fxtf.org/compositing-1/
Source: chromecache_144.2.dr, chromecache_143.2.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_137.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_137.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_137.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://github.com/Modernizr/Modernizr/issues/648
Source: chromecache_137.2.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://github.com/slightlyoff/ServiceWorker/blob/master/explainer.md
Source: chromecache_137.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_185.2.dr, chromecache_147.2.dr, chromecache_140.2.dr, chromecache_133.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_185.2.dr, chromecache_147.2.dr, chromecache_140.2.dr, chromecache_133.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.39.0/LICENSE
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/interaction.html#contenteditable
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/semantics.html#attr-style-scoped
Source: chromecache_141.2.dr	String found in binary or memory: https://investor.apple.com/
Source: chromecache_189.2.dr	String found in binary or memory: https://ipinfo.io/missingauth
Source: chromecache_181.2.dr, chromecache_199.2.dr, chromecache_175.2.dr, chromecache_173.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_181.2.dr, chromecache_199.2.dr, chromecache_175.2.dr, chromecache_173.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_141.2.dr	String found in binary or memory: https://locate.apple.com/
Source: chromecache_181.2.dr, chromecache_173.2.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_181.2.dr, chromecache_173.2.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_181.2.dr, chromecache_173.2.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://paulirish.com/demo/inline-svg
Source: chromecache_166.2.dr, chromecache_126.2.dr	String found in binary or memory: https://preactjs.com
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://stackoverflow.com/questions/3952009/defer-attribute-chrome#answer-3982619
Source: chromecache_141.2.dr	String found in binary or memory: https://support.apple.com
Source: chromecache_141.2.dr	String found in binary or memory: https://support.apple.com/#organization
Source: chromecache_141.2.dr	String found in binary or memory: https://support.apple.com/?cid=gn-ols-home-hp-tab
Source: chromecache_134.2.dr, chromecache_163.2.dr	String found in binary or memory: https://support.apple.com/ipad?cid=gn-ols-ipad-psp-prodfly
Source: chromecache_134.2.dr, chromecache_163.2.dr	String found in binary or memory: https://support.apple.com/iphone?cid=gn-ols-iphone-psp-prodfly
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://w3c.github.io/FileAPI/#constructorBlob
Source: chromecache_188.2.dr, chromecache_158.2.dr	String found in binary or memory: https://web.archive.org/web/20180602074607/https://daneden.me/2011/12/14/putting-up-with-androids-bu
Source: chromecache_141.2.dr	String found in binary or memory: https://www.apple.com/
Source: chromecache_141.2.dr	String found in binary or memory: https://www.apple.com/#organization
Source: chromecache_141.2.dr	String found in binary or memory: https://www.apple.com/ac/structured-data/images/knowledge_graph_logo.png?201803231038
Source: chromecache_192.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.apple.com/airpods/
Source: chromecache_192.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.apple.com/apple-intelligence/
Source: chromecache_192.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.apple.com/apple-vision-pro/
Source: chromecache_141.2.dr	String found in binary or memory: https://www.apple.com/errors/us_error.html
Source: chromecache_192.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.apple.com/retail/
Source: chromecache_192.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.apple.com/us/shop/goto/trade_in
Source: chromecache_141.2.dr	String found in binary or memory: https://www.icloud.com
Source: chromecache_141.2.dr	String found in binary or memory: https://www.linkedin.com/company/apple
Source: chromecache_141.2.dr	String found in binary or memory: https://www.twitter.com/Apple
Source: chromecache_141.2.dr	String found in binary or memory: https://www.youtube.com/user/Apple

Source: classification engine

Classification label: clean2.win@18/144@14/3

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2236,i,14419739948207854976,17419969883120276566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2236,i,14419739948207854976,17419969883120276566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
http://srufaculty.sru.edu/david.dailey/svg/newstuff/clipPath4.svg	0%	Avira URL Cloud	safe
http://baris.aydinoglu.info)	0%	Avira URL Cloud	safe
http://canjs.com/	0%	Avira URL Cloud	safe
http://yepnopejs.com.	0%	Avira URL Cloud	safe
http://barisaydinoglu.github.com/Detectizr/	0%	Avira URL Cloud	safe
https://bugs.chromium.org/p/chromium/issues/detail?id=129004	0%	Avira URL Cloud	safe
https://paulirish.com/demo/inline-svg	0%	Avira URL Cloud	safe
https://html.spec.whatwg.org/multipage/interaction.html#contenteditable	0%	Avira URL Cloud	safe
https://dev.w3.org/csswg/css3-conditional/#the-csssupportsrule-interface	0%	Avira URL Cloud	safe
https://developers.whatwg.org/links.html#downloading-resources	0%	Avira URL Cloud	safe
https://html.spec.whatwg.org/multipage/semantics.html#attr-style-scoped	0%	Avira URL Cloud	safe
https://w3c.github.io/FileAPI/#constructorBlob	0%	Avira URL Cloud	safe
https://drafts.fxtf.org/compositing-1/	0%	Avira URL Cloud	safe
https://dev.w3.org/csswg/css3-conditional/#at-supports	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ipinfo.io	34.117.59.81	true	false	high
www.google.com	142.250.184.228	true	false	high
is1-ssl.mzstatic.com	unknown	unknown	false	high
identity.eu.my-clay.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ipinfo.io/?callback=jQuery37105484807738369033_1736970097837&_=1736970097838	false		high
https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ipinfo.io/missingauth	chromecache_189.2.dr	false		high
http://fontawesome.io	chromecache_137.2.dr	false		high
http://baris.aydinoglu.info)	chromecache_188.2.dr, chromecache_196.2.dr, chromecache_130.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
https://web.archive.org/web/20180602074607/https://daneden.me/2011/12/14/putting-up-with-androids-bu	chromecache_188.2.dr, chromecache_158.2.dr	false		high
https://github.com/zloirock/core-js	chromecache_185.2.dr, chromecache_147.2.dr, chromecache_140.2.dr, chromecache_133.2.dr	false		high
https://paulirish.com/demo/inline-svg	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/CSS/filter	chromecache_188.2.dr, chromecache_158.2.dr	false		high
https://stackoverflow.com/questions/3952009/defer-attribute-chrome#answer-3982619	chromecache_188.2.dr, chromecache_158.2.dr	false		high
http://www.wikidata.org/entity/Q312	chromecache_141.2.dr	false		high
https://developer.mozilla.org/en/docs/HTML/Using_the_application_cache	chromecache_188.2.dr, chromecache_158.2.dr	false		high
https://www.youtube.com/user/Apple	chromecache_141.2.dr	false		high
http://github.com/Modernizr/Modernizr/issues/1182	chromecache_158.2.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0Copyright	chromecache_184.2.dr, chromecache_202.2.dr	false		high
https://fontawesome.com/license/free	chromecache_137.2.dr	false		high
https://fontawesome.com	chromecache_137.2.dr	false		high
http://canjs.com/	chromecache_181.2.dr, chromecache_199.2.dr, chromecache_175.2.dr, chromecache_173.2.dr	false	Avira URL Cloud: safe	unknown
http://schema.org	chromecache_141.2.dr	false		high
http://srufaculty.sru.edu/david.dailey/svg/newstuff/clipPath4.svg	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=129004	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
https://www.linkedin.com/company/apple	chromecache_141.2.dr	false		high
https://css-tricks.com/almanac/properties/a/appearance/	chromecache_188.2.dr, chromecache_158.2.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/CSS/-moz-appearance	chromecache_188.2.dr, chromecache_158.2.dr	false		high
https://github.com/Modernizr/Modernizr/issues/648	chromecache_188.2.dr, chromecache_158.2.dr	false		high
http://purl.eligrey.com/github/classList.js/blob/master/classList.js	chromecache_181.2.dr, chromecache_173.2.dr	false		high
https://html.spec.whatwg.org/multipage/interaction.html#contenteditable	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
https://openjsf.org/	chromecache_181.2.dr, chromecache_173.2.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API	chromecache_188.2.dr, chromecache_158.2.dr	false		high
https://www.twitter.com/Apple	chromecache_141.2.dr	false		high
http://yepnopejs.com.	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/API/Clipboard	chromecache_188.2.dr, chromecache_158.2.dr	false		high
http://jedwatson.github.io/classnames	chromecache_166.2.dr, chromecache_126.2.dr, chromecache_199.2.dr, chromecache_175.2.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0	chromecache_202.2.dr	false		high
https://github.com/zloirock/core-js/blob/v3.39.0/LICENSE	chromecache_185.2.dr, chromecache_147.2.dr, chromecache_140.2.dr, chromecache_133.2.dr	false		high
https://lodash.com/	chromecache_181.2.dr, chromecache_173.2.dr	false		high
http://barisaydinoglu.github.com/Detectizr/	chromecache_188.2.dr, chromecache_196.2.dr, chromecache_130.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/API/Window/scrollTo	chromecache_188.2.dr, chromecache_158.2.dr	false		high
https://codepen.io/eltonmesquita/full/GgXbvo/	chromecache_188.2.dr, chromecache_158.2.dr	false		high
https://getbootstrap.com/)	chromecache_137.2.dr	false		high
http://fontawesome.io/license	chromecache_137.2.dr	false		high
https://dev.w3.org/csswg/css3-conditional/#the-csssupportsrule-interface	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
http://underscorejs.org/LICENSE	chromecache_181.2.dr, chromecache_173.2.dr	false		high
https://jquery.org/license	chromecache_181.2.dr, chromecache_199.2.dr, chromecache_175.2.dr, chromecache_173.2.dr	false		high
https://developers.whatwg.org/links.html#downloading-resources	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
http://www.opensource.org/licenses/mit-license.php)	chromecache_199.2.dr, chromecache_175.2.dr	false		high
https://feross.org/opensource	chromecache_144.2.dr, chromecache_143.2.dr	false		high
https://html.spec.whatwg.org/multipage/semantics.html#attr-style-scoped	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
https://jquery.com/	chromecache_181.2.dr, chromecache_199.2.dr, chromecache_175.2.dr, chromecache_173.2.dr	false		high
http://schema.org/	chromecache_141.2.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement.toDataURL	chromecache_188.2.dr, chromecache_158.2.dr	false		high
https://w3c.github.io/FileAPI/#constructorBlob	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
http://github.com/RobinHerbots/jquery.inputmask	chromecache_199.2.dr, chromecache_175.2.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_137.2.dr	false		high
https://lodash.com/license	chromecache_181.2.dr, chromecache_173.2.dr	false		high
https://drafts.fxtf.org/compositing-1/	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css	chromecache_137.2.dr	false		high
https://preactjs.com	chromecache_166.2.dr, chromecache_126.2.dr	false		high
http://feross.org	chromecache_144.2.dr, chromecache_143.2.dr	false		high
https://dev.w3.org/csswg/css3-conditional/#at-supports	chromecache_188.2.dr, chromecache_158.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1592150
Start date and time:	2025-01-15 20:40:29 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@18/144@14/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.99, 142.250.186.174, 64.233.184.84, 142.250.185.238, 142.250.185.110, 142.250.184.238, 20.82.73.88, 142.250.185.170, 142.250.185.106, 172.217.16.202, 142.250.186.170, 142.250.185.234, 172.217.18.10, 142.250.185.138, 142.250.186.42, 142.250.186.74, 142.250.74.202, 216.58.212.138, 216.58.206.74, 142.250.185.202, 142.250.184.234, 142.250.186.106, 142.250.185.74, 142.250.186.78, 2.17.190.73, 199.232.214.172, 142.250.184.206, 17.32.194.37, 17.32.194.6, 184.30.229.61, 23.206.19.66, 216.58.206.78, 2.19.224.19, 142.250.181.234, 172.217.18.106, 216.58.206.42, 2.19.224.197, 17.157.64.72, 17.32.194.36, 17.32.194.5, 172.217.18.99, 142.250.181.238, 142.250.185.78, 2.23.194.22, 13.107.246.45, 52.149.20.212, 192.168.2.5, 172.202.163.200
Excluded domains from analysis (whitelisted): appleid.idms-apple.com.akadns.net, www-apple-com.v.aaplimg.com, appleid.apple.com, slscr.update.microsoft.com, iforgot.idms-apple.com.akadns.net, clientservices.googleapis.com, www.apple.com, appleid.cdn-apple.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, iforgot.apple.com, e2885.e9.akamaiedge.net, update.googleapis.com, appleid.cdn-apple.com.edgekey.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, e6858.dsce9.akamaiedge.net, otelrules.azureedge.net, e673.dsce9.akamaiedge.net, ctldl.windowsupdate.com, identityapi-38d07.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, appleid.cdn-apple.com.akadns.net, is-ssl.mzstatic.com.itunes-apple.com.akadns.net, www.apple.com.edgekey.net, mzstatic.com.edgekey.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb

Input	Output
URL: https://identity.eu.my-clay.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false, "reasoning": "This appears to be a legitimate corporate subdomain structure (identity.eu) for my-clay.com. The domain follows standard naming conventions and uses common TLD (.com). No suspicious patterns or characteristics are detected." }
URL: https://identity.eu.my-clay.com
URL: https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpT Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": [ "First", "Last", "Phone Number", "English (United States)" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpT Model: Joe Sandbox AI	{ "brands": [ "Salto KS" ] }
	{ "brands": [ "Salto KS" ] }
URL: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWVi Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Use your Apple Account to sign in to Salto KS.", "prominent_button_name": "unknown", "text_input_field_labels": [ "Email or Phone Number" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWVi Model: Joe Sandbox AI	{ "brands": [ "Apple", "Salto KS" ] }
	{ "brands": [ "Apple", "Salto KS" ] }
URL: https://iforgot.apple.com/password/verify/appleid Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Reset your password", "prominent_button_name": "Continue", "text_input_field_labels": [ "Email or phone number", "Type the characters in the image" ], "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://appleid.apple.com/auth/authorize?client_id=com.saltoks&redirect_uri=https%3A%2F%2Fidentity.eu.my-clay.com%2Ffederation%2Fapple%2Fsignin&response_type=code%20id_token&scope=openid%20name%20email&response_mode=form_post&nonce=638725669239955805.NWVi Model: Joe Sandbox AI	```json{ "legit_domain": "apple.com", "classification": "wellknown", "reasons": [ "The URL 'appleid.apple.com' is a subdomain of 'apple.com', which is the legitimate domain for Apple.", "Apple is a well-known brand with a strong online presence.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The input fields 'Email or Phone Number' are consistent with what would be expected on an Apple ID login page." ], "riskscore": 1}
URL: appleid.apple.com Brands: Apple Input Fields: Email or Phone Number
URL: https://iforgot.apple.com/password/verify/appleid Model: Joe Sandbox AI	{ "brands": [ "Apple" ] }
	{ "brands": [ "Apple" ] }
URL: https://iforgot.apple.com/password/verify/appleid Model: Joe Sandbox AI	```json{ "legit_domain": "apple.com", "classification": "wellknown", "reasons": [ "The URL 'iforgot.apple.com' is a subdomain of 'apple.com', which is the legitimate domain for the brand Apple.", "Apple is a well-known brand with a strong online presence.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The input fields are typical for a password recovery or account verification page, which aligns with the subdomain 'iforgot'." ], "riskscore": 1}
URL: iforgot.apple.com Brands: Apple Input Fields: Email or phone number, Type the characters in the image

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:41:32 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9787333810775265
Encrypted:	false
SSDEEP:	48:8ddrTzDMHPidAKZdA19ehwiZUklqehiy+3:8770py
MD5:	0CCE45B1CCD04E9FE9AE0D1F36631BE2
SHA1:	1C8E5B6288EBAAF21EA3B59EAF52C723DD7E6875
SHA-256:	5DF898240396F5EDB0C59816F119082AE2B6F1F31A7781053B04EF23C4A9DCFC
SHA-512:	1C0B5D4EDC45DD86EE6AB2C37E95FB42BD5A4A86AD8789AF50FE2E3B361A4A125469B4C88FE407553D14CF30683762892E5D3429CA30269850D9E169D260AEA6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....<..z.g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I/Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/Z1............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............`J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 15, 2025 20:41:34.514990091 CET	192.168.2.5	1.1.1.1	0x9436	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 15, 2025 20:41:34.514990091 CET	192.168.2.5	1.1.1.1	0x2ee2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:41:36.090037107 CET	192.168.2.5	1.1.1.1	0x65ce	Standard query (0)	identity.eu.my-clay.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:41:36.090212107 CET	192.168.2.5	1.1.1.1	0x3630	Standard query (0)	identity.eu.my-clay.com	65	IN (0x0001)	false
Jan 15, 2025 20:41:38.108043909 CET	192.168.2.5	1.1.1.1	0x1813	Standard query (0)	identity.eu.my-clay.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:41:38.108474016 CET	192.168.2.5	1.1.1.1	0x9731	Standard query (0)	identity.eu.my-clay.com	65	IN (0x0001)	false
Jan 15, 2025 20:41:38.534511089 CET	192.168.2.5	1.1.1.1	0xbda	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:41:38.534799099 CET	192.168.2.5	1.1.1.1	0xb3e5	Standard query (0)	ipinfo.io	65	IN (0x0001)	false
Jan 15, 2025 20:41:39.182928085 CET	192.168.2.5	1.1.1.1	0xbc4e	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:41:39.183149099 CET	192.168.2.5	1.1.1.1	0xe303	Standard query (0)	ipinfo.io	65	IN (0x0001)	false
Jan 15, 2025 20:42:09.548410892 CET	192.168.2.5	1.1.1.1	0x9064	Standard query (0)	is1-ssl.mzstatic.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:42:09.548525095 CET	192.168.2.5	1.1.1.1	0x958d	Standard query (0)	is1-ssl.mzstatic.com	65	IN (0x0001)	false
Jan 15, 2025 20:42:10.630943060 CET	192.168.2.5	1.1.1.1	0x2524	Standard query (0)	is1-ssl.mzstatic.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:42:10.631189108 CET	192.168.2.5	1.1.1.1	0xa5cd	Standard query (0)	is1-ssl.mzstatic.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 20:41:34.521821022 CET	1.1.1.1	192.168.2.5	0x9436	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 15, 2025 20:41:34.522134066 CET	1.1.1.1	192.168.2.5	0x2ee2	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:41:36.100805998 CET	1.1.1.1	192.168.2.5	0x3630	No error (0)	identity.eu.my-clay.com	identityapi-38d07.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 20:41:36.105545998 CET	1.1.1.1	192.168.2.5	0x65ce	No error (0)	identity.eu.my-clay.com	identityapi-38d07.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 20:41:38.128968000 CET	1.1.1.1	192.168.2.5	0x1813	No error (0)	identity.eu.my-clay.com	identityapi-38d07.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 20:41:38.132242918 CET	1.1.1.1	192.168.2.5	0x9731	No error (0)	identity.eu.my-clay.com	identityapi-38d07.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 20:41:38.542596102 CET	1.1.1.1	192.168.2.5	0xbda	No error (0)	ipinfo.io		34.117.59.81	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:41:39.189497948 CET	1.1.1.1	192.168.2.5	0xbc4e	No error (0)	ipinfo.io		34.117.59.81	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:42:09.555288076 CET	1.1.1.1	192.168.2.5	0x9064	No error (0)	is1-ssl.mzstatic.com	is-ssl.mzstatic.com.itunes-apple.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 20:42:09.555752993 CET	1.1.1.1	192.168.2.5	0x958d	No error (0)	is1-ssl.mzstatic.com	is-ssl.mzstatic.com.itunes-apple.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 20:42:10.638319016 CET	1.1.1.1	192.168.2.5	0xa5cd	No error (0)	is1-ssl.mzstatic.com	is-ssl.mzstatic.com.itunes-apple.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 20:42:10.639331102 CET	1.1.1.1	192.168.2.5	0x2524	No error (0)	is1-ssl.mzstatic.com	is-ssl.mzstatic.com.itunes-apple.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:41:39 UTC	539	OUT	GET /?callback=jQuery37105484807738369033_1736970097837&_=1736970097838 HTTP/1.1 Host: ipinfo.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:41:39 UTC	456	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 754 content-type: text/javascript; charset=utf-8 date: Wed, 15 Jan 2025 19:41:39 GMT referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-15 19:41:39 UTC	754	IN	Data Raw: 2f 2a 2a 2f 20 63 6f 6e 73 6f 6c 65 20 26 26 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 20 26 26 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 22 68 6f 73 74 6e 61 6d 65 22 3a 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 6c 6f 63 22 3a 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 22 6f 72 67 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 70 6f 73 74 61 6c 22 3a 22 31 30 30 30 31 22 2c 22 74 69 6d 65 Data Ascii: /**/ console &&console.log &&console.log({"ip":"8.46.123.189","hostname":"static-cpe-8-46-123-189.centurylink.com","city":"New York City","region":"New York","country":"US","loc":"40.7143,-74.0060","org":"AS3356 Level 3 Parent, LLC","postal":"10001","time

Target ID:	0
Start time:	14:41:24
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	14:41:28
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2236,i,14419739948207854976,17419969883120276566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	14:41:35
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://identity.eu.my-clay.com/Account/CompleteRegistration?code=CfDJ8KgkDTOKMMpOuP36p3Dozxt8PELhFtKv7XhGiLvUJb65B4gsgrZAJNeoWOl3%2bJqjFC0z2PgNNrBPIYyDQpCLYYktywk8FL8riSS1Gw9JoQjzsJeXeEGLQPLN93pvJbRNrEaprcXkfbiWItEC6wUTL8%2bUI3JeJ18XbphkqGM9o3eFYb5fspQpTOcpN9%2fgGTMKuaFzVmBdnIyLH8B%2fLvMz8bqGONRUa%2b4n5ZxQZjpAMETBM05PT8wJDX5x%2fItYEfQcxQ%3d%3d&clientId=cbe74aaf-5932-4749-b07e-9d26c8bb0d6b&productId=a5fda6d4-6817-40f1-8635-4131db3054cb"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142