Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://poncelet-signalisation-1.jimdosite.com/

Overview

General Information

Sample URL:https://poncelet-signalisation-1.jimdosite.com/
Analysis ID:1416949

Detection

HtmlDropper, HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Yara detected Html Dropper
Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
Phishing site or detected (based on various text indicators)
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML title does not match URL
Invalid 'sign-in options' or 'sign-up' link found
Phishing site detected (based on OCR NLP Model)
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 4512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://poncelet-signalisation-1.jimdosite.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1888,i,18364900198953420554,13652614100399955378,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
4.7.pages.csvJoeSecurity_HtmlDropper_3Yara detected Html DropperJoe Security
    4.7.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for domain / URL
      Source: mouexii.comVirustotal: Detection: 8%Perma Link

      Phishing

      barindex
      Yara detected HtmlPhish10
      Source: Yara matchFile source: 4.7.pages.csv, type: HTML
      Phishing site detected (based on image similarity)
      Source: https://mouexii.com/77624fc8e83077b92433578af825365d660538100d9cdLOG77624fc8e83077b92433578af825365d660538100d9ceMatcher: Found strong image similarity, brand: MICROSOFT
      Phishing site or detected (based on various text indicators)
      Source: Chrome DOM: 1.1OCR Text: Hlne Grenson has shared Document for your review Access now Cookie Policy . Received March 2024 . Reference po 4551138531, Receipt I BIV 13164 Imprint Privacy Policy .2 Pages. O Strictly necessary ACCESS HERE TO REVIEW FULL DOCUMENT N Acxept all Reject all Accept only selected JIMDO BUILT WITH
      Source: https://mouexii.com/77624fc8e83077b92433578af825365d660538100d9cdLOG77624fc8e83077b92433578af825365d660538100d9ceHTTP Parser: Number of links: 0
      Source: https://mouexii.com/HTTP Parser: Base64 decoded: https://mouexii.com/
      Source: https://mouexii.com/77624fc8e83077b92433578af825365d660538100d9cdLOG77624fc8e83077b92433578af825365d660538100d9ceHTTP Parser: Title: 3be2a30be8b50bf83df833e3b3e17639660538100d9a9 does not match URL
      Source: https://mouexii.com/77624fc8e83077b92433578af825365d660538100d9cdLOG77624fc8e83077b92433578af825365d660538100d9ceHTTP Parser: Invalid link: get a new Microsoft account
      Source: Chrome DOM: 2.4ML Model on OCR Text: Matched 80.0% probability on "mouexii.com Verifying you are human. This may take a few seconds. : Verifying... CLOuOFLARE mouexii.com needs to review the security of your connection before proceeding. Ray ID: E6bOScb7ZabOSf3 Performance & security by Cloudflare "
      Source: Chrome DOM: 1.1ML Model on OCR Text: Matched 92.1% probability on "Hlne Grenson has shared Document for your review Access now Cookie Policy . Received March 2024 . Reference po 4551138531, Receipt I BIV 13164 Imprint Privacy Policy .2 Pages. O Strictly necessary ACCESS HERE TO REVIEW FULL DOCUMENT N Acxept all Reject all Accept only selected JIMDO BUILT WITH "
      Source: https://mouexii.com/HTTP Parser: No favicon
      Source: https://mouexii.com/HTTP Parser: No favicon
      Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1a1mi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalHTTP Parser: No favicon
      Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1a1mi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalHTTP Parser: No favicon
      Source: https://mouexii.com/77624fc8e83077b92433578af825365d660538100d9cdLOG77624fc8e83077b92433578af825365d660538100d9ceHTTP Parser: No favicon
      Source: https://mouexii.com/77624fc8e83077b92433578af825365d660538100d9cdLOG77624fc8e83077b92433578af825365d660538100d9ceHTTP Parser: No <meta name="author".. found
      Source: https://mouexii.com/77624fc8e83077b92433578af825365d660538100d9cdLOG77624fc8e83077b92433578af825365d660538100d9ceHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.16:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.16:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49738 version: TLS 1.2
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
      Source: unknownDNS traffic detected: queries for: poncelet-signalisation-1.jimdosite.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.16:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.16:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49738 version: TLS 1.2
      Source: classification engineClassification label: mal72.phis.troj.win@19/6@30/179
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://poncelet-signalisation-1.jimdosite.com/
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1888,i,18364900198953420554,13652614100399955378,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1888,i,18364900198953420554,13652614100399955378,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected

      Data Obfuscation

      barindex
      Yara detected Html Dropper
      Source: Yara matchFile source: 4.7.pages.csv, type: HTML
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		1
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://poncelet-signalisation-1.jimdosite.com/0%VirustotalBrowse
      https://poncelet-signalisation-1.jimdosite.com/0%Avira URL Cloudsafe

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      jimdo-dolphin-static-assets-prod.freetls.fastly.net0%VirustotalBrowse
      jimdo-storage.freetls.fastly.net0%VirustotalBrowse
      fonts.jimstatic.com0%VirustotalBrowse
      at.prod.jimdo.systems0%VirustotalBrowse
      mouexii.com9%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      about:blank0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      jimdo-dolphin-static-assets-prod.freetls.fastly.net
      		151.101.2.79
      		truefalseunknown
      a.nel.cloudflare.com
      		35.190.80.1
      		truefalse
        		high
        at.prod.jimdo.systems
        		54.72.164.245
        		truefalseunknown
        mouexii.com
        		172.67.208.123
        		truetrueunknown
        jimdo-storage.freetls.fastly.net
        		151.101.2.79
        		truefalseunknown
        challenges.cloudflare.com
        		104.17.3.184
        		truefalse
          		high
          www.google.com
          		172.253.122.147
          		truefalse
            		high
            poncelet-signalisation-1.jimdosite.com
            		unknown
            		unknownfalse
              		high
              fonts.jimstatic.com
              		unknown
              		unknownfalseunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1a1mi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalfalse
                		high
                https://poncelet-signalisation-1.jimdosite.com/false
                  		high
                  about:blankfalse
                  • Avira URL Cloud: safe
                  		low
                  https://mouexii.com/false
                    		unknown
                    https://mouexii.com/77624fc8e83077b92433578af825365d660538100d9cdLOG77624fc8e83077b92433578af825365d660538100d9cetrue
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      54.72.164.245
                      		at.prod.jimdo.systemsUnited States
                      		16509AMAZON-02USfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      172.67.208.123
                      		mouexii.comUnited States
                      		13335CLOUDFLARENETUStrue
                      142.251.16.100
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      104.18.41.38
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      104.21.93.90
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      142.251.111.94
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      151.101.2.79
                      		jimdo-dolphin-static-assets-prod.freetls.fastly.netUnited States
                      		54113FASTLYUSfalse
                      172.253.122.147
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      172.253.122.94
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      104.17.3.184
                      		challenges.cloudflare.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      172.253.115.139
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      35.190.80.1
                      		a.nel.cloudflare.comUnited States
                      		15169GOOGLEUSfalse
                      104.17.2.184
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      162.159.128.70
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      142.251.163.94
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      172.253.115.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.251.163.95
                      		unknownUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.16

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1416949
                      Start date and time:2024-03-28 10:26:02 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Sample URL:https://poncelet-signalisation-1.jimdosite.com/
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:14
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal72.phis.troj.win@19/6@30/179

                      Warnings

                      • Exclude process from analysis (whitelisted): svchost.exe
                      • Excluded IPs from analysis (whitelisted): 172.253.122.94, 162.159.128.70, 162.159.129.70, 172.253.115.139, 172.253.115.101, 172.253.115.100, 172.253.115.102, 172.253.115.138, 172.253.115.113, 172.253.115.84, 104.18.41.38, 172.64.146.218, 34.104.35.123, 142.251.163.94
                      • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.jimstatic.com.cdn.cloudflare.net, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com, web.jimdosite.com.cdn.cloudflare.net
                      • Not all processes where analyzed, report is missing behavior information

                      Created / dropped Files

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 08:26:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2673
                      Entropy (8bit):3.9820155168603537
                      Encrypted:false
                      SSDEEP:
                      MD5:6F32FB0B6CACADB39A1A7912FB1D19F9
                      SHA1:D65B3F92FDC702AC3192F28BC408B83FE3C4AF1E
                      SHA-256:0F6734BCF164773271F6A6ABF75445C4D67A6E17B3CA585DFCA16E64C0286995
                      SHA-512:48F6ABF6A3905721B4D8D7B52438CE3B7383DF49986549B8DA9A517C2AA502DDBB3FA0D7320734BEA502071C4446665B7136465B224F35758BF11B8EC8B31FF1
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....2&....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|XIK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|XPK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|XPK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|XPK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|XRK...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4r*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 08:26:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2675
                      Entropy (8bit):3.9987832110246053
                      Encrypted:false
                      SSDEEP:
                      MD5:0E91F677EE38155C68A60360536D7C20
                      SHA1:2359963E9BBDD5B010B86ACE25459281F1387185
                      SHA-256:3F1E0DB1B3A2B3C63535823DC46C600888946C3589257C319332124F56FD7716
                      SHA-512:D74B9D1A5345E7F8729A8895F9C3FA343377B3B280F7967C7054869D6868A18C0DE36DED53155FF019ECC212F4C880D1FBD6E5B1CB1E4681FC38EFB3D208E553
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|XIK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|XPK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|XPK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|XPK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|XRK...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4r*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2689
                      Entropy (8bit):4.005372291349095
                      Encrypted:false
                      SSDEEP:
                      MD5:A8FEC5CF032F18501F56CB97D95A0F62
                      SHA1:E61AF65634298835AF7251E596869C1AB1AF685A
                      SHA-256:9190BADE7AB27C05FF599C56B0C92EEFF3C6FCEC2FAA67085784219ABA5D9609
                      SHA-512:348B6D15665058BDC2BBAF4F84CB9381A54685281AD1432215CCF787EE8DCBC4926398B180998EED93BD83B2A8CC5C170CD421890AC3D328550160EE33CA1F9D
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|XIK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|XPK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|XPK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|XPK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4r*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 08:26:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.995912517702485
                      Encrypted:false
                      SSDEEP:
                      MD5:37531683D8F06F29903F22F58A5958FF
                      SHA1:69937117346343965BBBB5211108E7CBA73BD779
                      SHA-256:D688E1BC0E444305662DF9B58709EE95D60A709E35C8A8F809A5E01B27F6A9FD
                      SHA-512:752132A9F3CA7023C21F06A70AEE86DC73750703021C99C9ADD2EFBD6BBB68844983608B5AF31B8D0477D494CC8F4F90551790EAE397C5D3897998EC069D5FC1
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....i.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|XIK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|XPK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|XPK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|XPK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|XRK...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4r*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 08:26:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.9845592837883195
                      Encrypted:false
                      SSDEEP:
                      MD5:1575FC5C88BC45F0CA765B983D56D9DE
                      SHA1:3C07D502A0F9C66874EBD3DC36E3CAB715772E08
                      SHA-256:B6DC9E548B2A3BCAC30D928338B3F60ED35FCC385351D8DD10310C7F1B3D129F
                      SHA-512:D7D709E481EA4C62FA6BE60F7C0AB2F055FBD7A912422BC91C15781087BE1F860530A903E305DB5ECB34B3DA8CF66535757F48E8C0ACAF9C8617A3934CFE43DD
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....2. ....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|XIK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|XPK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|XPK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|XPK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|XRK...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4r*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 08:26:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):3.9960472777889766
                      Encrypted:false
                      SSDEEP:
                      MD5:F795F8F4E238D33CFFF051496A0CA715
                      SHA1:29916EA71E27DA271FEB6303CB8E2EC439BE8173
                      SHA-256:759AE397EDC9B172A793EA1D6118698089F06DECB3A3B9B320CD6927CC3F5BFA
                      SHA-512:5D669AB96D0D76B6A3C6939F03825A39F0BF64E29F4039C63E9E381D82F3B1A4C38D929400CD586F167B0F71360F7A0B550537D84D39190008B6A1B69F6C1F0E
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....S......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|XIK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|XPK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|XPK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|XPK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|XRK...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4r*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      Static File Info

                      No static file info