Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk

Overview

General Information

Sample URL:	https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk
Analysis ID:	1637359
Infos:

Detection

Score:	64
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Creates files inside the system directory

Deletes files inside the Windows folder

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid 'forgot password' link found

URL contains potential PII (phishing indication)

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 6924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,8118614065151493023,7828786973521714588,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://llttfr.boa.ink/assets/img/re111.png	Avira URL Cloud: Label: phishing
Source: https://llttfr.boa.ink/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://llttfr.boa.ink/assets/img/name.png	Avira URL Cloud: Label: phishing
Source: https://llttfr.boa.ink/assets/img/label.png	Avira URL Cloud: Label: phishing
Source: https://llttfr.boa.ink/assets/css/style.css	Avira URL Cloud: Label: phishing
Source: https://llttfr.boa.ink/assets/img/logo.png	Avira URL Cloud: Label: phishing
Source: https://llttfr.boa.ink/assets/img/body_bg.png	Avira URL Cloud: Label: phishing
Source: https://llttfr.boa.ink/assets/js/script.js	Avira URL Cloud: Label: phishing
Source: https://llttfr.boa.ink/assets/img/arrow.png	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'llttfr.boa.ink' does not match the legitimate domain for Microsoft., The domain 'boa.ink' is unusual and not associated with Microsoft., The presence of a password input field on a non-legitimate domain is suspicious., The URL structure includes a subdomain 'llttfr' which does not relate to Microsoft., The use of '.ink' as a domain extension is uncommon for Microsoft. DOM: 0.2.pages.csv

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk

HTTP Parser: Number of links: 0

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk

HTTP Parser: Title: Doc does not match URL

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk

HTTP Parser: Invalid link: Forgot password?

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	Sample URL: PII: gemma.inglis@heritageportfolio.co.uk

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk

HTTP Parser: <input type="password" .../> found

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	HTTP Parser: No favicon
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	HTTP Parser: No favicon
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	HTTP Parser: No favicon
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	HTTP Parser: No favicon

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	HTTP Parser: No <meta name="author".. found
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	HTTP Parser: No <meta name="author".. found

Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	HTTP Parser: No <meta name="copyright".. found
Source: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	HTTP Parser: No <meta name="copyright".. found

Source: chrome.exe

Memory has grown: Private usage: 12MB later: 37MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.128
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.128
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.128
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208

Source: global traffic	HTTP traffic detected: GET /?fr=gemma.inglis@heritageportfolio.co.uk HTTP/1.1Host: llttfr.boa.inkConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/img/re111.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@5.3.3/dist/css/bootstrap.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveOrigin: https://llttfr.boa.inksec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://llttfr.boa.ink/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://llttfr.boa.inksec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/img/re111.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: llttfr.boa.inkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /?fr=gemma.inglis@heritageportfolio.co.uk HTTP/1.1Host: llttfr.boa.inkConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /assets/css/style.css HTTP/1.1Host: llttfr.boa.inkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /ajax/libs/bootstrap/5.3.3/css/bootstrap.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://llttfr.boa.inksec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/img/body_bg.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /assets/img/name.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /assets/img/name.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /assets/img/logo.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /assets/img/body_bg.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /ajax/libs/bootstrap/5.3.3/js/bootstrap.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://llttfr.boa.inksec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/img/arrow.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /assets/img/label.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /assets/img/logo.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /assets/img/arrow.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /assets/js/script.js HTTP/1.1Host: llttfr.boa.inkConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp
Source: global traffic	HTTP traffic detected: GET /assets/img/label.png HTTP/1.1Host: llttfr.boa.inkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp

Source: global traffic	DNS traffic detected: DNS query: llttfr.boa.ink
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: lens.google.com

Source: unknown

HTTP traffic detected: POST /?fr=gemma.inglis@heritageportfolio.co.uk HTTP/1.1Host: llttfr.boa.inkConnection: keep-aliveContent-Length: 9Cache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Origin: https://llttfr.boa.inkContent-Type: application/x-www-form-urlencodedUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=824ntk5hlb5q06cvjipes6f9tp

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 13 Mar 2025 14:01:29 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: close

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6924_119207344

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6924_119207344

Source: classification engine

Classification label: mal64.phis.win@22/12@12/154

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,8118614065151493023,7828786973521714588,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,8118614065151493023,7828786973521714588,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://llttfr.boa.ink/assets/img/re111.png	100%	Avira URL Cloud	phishing
https://llttfr.boa.ink/favicon.ico	100%	Avira URL Cloud	phishing
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js	0%	Avira URL Cloud	safe
https://llttfr.boa.ink/assets/img/name.png	100%	Avira URL Cloud	phishing
https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/js/bootstrap.min.js	0%	Avira URL Cloud	safe
https://llttfr.boa.ink/assets/img/label.png	100%	Avira URL Cloud	phishing
https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/css/bootstrap.min.css	0%	Avira URL Cloud	safe
https://llttfr.boa.ink/assets/css/style.css	100%	Avira URL Cloud	phishing
https://llttfr.boa.ink/assets/img/logo.png	100%	Avira URL Cloud	phishing
https://llttfr.boa.ink/assets/img/body_bg.png	100%	Avira URL Cloud	phishing
https://llttfr.boa.ink/assets/js/script.js	100%	Avira URL Cloud	phishing
https://llttfr.boa.ink/assets/img/arrow.png	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.jsdelivr.net.cdn.cloudflare.net	104.18.186.31	true	false		high
cdnjs.cloudflare.com	104.17.24.14	true	false		high
www.google.com	142.250.186.36	true	false		high
lens.google.com	142.250.185.206	true	false		high
llttfr.boa.ink	162.0.229.168	true	false		high
cdn.jsdelivr.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://llttfr.boa.ink/assets/img/re111.png	true	Avira URL Cloud: phishing	unknown
https://llttfr.boa.ink/favicon.ico	true	Avira URL Cloud: phishing	unknown
https://llttfr.boa.ink/assets/img/name.png	true	Avira URL Cloud: phishing	unknown
https://llttfr.boa.ink/assets/img/label.png	true	Avira URL Cloud: phishing	unknown
https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk	true		unknown
https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/css/bootstrap.min.css	false	Avira URL Cloud: safe	unknown
https://llttfr.boa.ink/assets/css/style.css	true	Avira URL Cloud: phishing	unknown
https://llttfr.boa.ink/assets/img/logo.png	true	Avira URL Cloud: phishing	unknown
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/js/bootstrap.min.js	false	Avira URL Cloud: safe	unknown
https://llttfr.boa.ink/assets/js/script.js	true	Avira URL Cloud: phishing	unknown
https://llttfr.boa.ink/assets/img/body_bg.png	true	Avira URL Cloud: phishing	unknown
https://llttfr.boa.ink/assets/img/arrow.png	true	Avira URL Cloud: phishing	unknown
https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
142.250.185.206	lens.google.com	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
142.250.186.36	www.google.com	United States		15169	GOOGLEUS	false
104.18.186.31	cdn.jsdelivr.net.cdn.cloudflare.net	United States		13335	CLOUDFLARENETUS	false
216.58.212.142	unknown	United States		15169	GOOGLEUS	false
162.0.229.168	llttfr.boa.ink	Canada		22612	NAMECHEAP-NETUS	false
142.250.185.106	unknown	United States		15169	GOOGLEUS	false
142.251.168.84	unknown	United States		15169	GOOGLEUS	false
142.250.185.142	unknown	United States		15169	GOOGLEUS	false
142.250.186.131	unknown	United States		15169	GOOGLEUS	false
142.250.184.227	unknown	United States		15169	GOOGLEUS	false
142.250.185.74	unknown	United States		15169	GOOGLEUS	false
172.217.16.195	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.6
192.168.2.23

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637359
Start date and time:	2025-03-13 15:00:41 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@22/12@12/154

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.142, 142.250.186.131, 142.251.168.84, 216.58.206.46
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.uk

Created / dropped Files

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (60356)
Category:	downloaded
Size (bytes):	60635
Entropy (8bit):	5.158710529058039
Encrypted:	false
SSDEEP:
MD5:	4800BCC26467D999F49B472F02906B8D
SHA1:	2C6C0A58345A09D3761230AF823A4E4852B12643
SHA-256:	DE040986D9A3ED89D5D5F9AD6D5727015E9E238C2CD13AF8F1B55909386D0864
SHA-512:	CA4675410AF4272FF8664BCABAA5A7E2217796A3D9CA28FD891BFAB06A8B45D4CF918EBD617EBEEF0BD51A6B1D05B8887CDFFC39DB08EC70018EF12893A668A5
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/js/bootstrap.min.js
Preview:	/!. Bootstrap v5.3.3 (https://getbootstrap.com/). * Copyright 2011-2024 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e(require("@popperjs/core")):"function"==typeof define&&define.amd?define(["@popperjs/core"],e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap=e(t.Popper)}(this,(function(t){"use strict";function e(t){const e=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(t)for(const i in t)if("default"!==i){const s=Object.getOwnPropertyDescriptor(t,i);Object.defineProperty(e,i,s.get?s:{enumerable:!0,get:()=>t[i]})}return e.default=t,Object.freeze(e)}const i=e(t),s=new Map,n={set(t,e,i){s.has(t)\|\|s.set(t,new Map);const n=s.get(t);n.has(e)\|\|0===n.size?n.set(e,i):console.error(`Bootstrap doesn't allow more than one instance per element. Bound instance: ${Arr

Chrome Cache Entry: 70

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	149155
Entropy (8bit):	7.133037093618232
Encrypted:	false
SSDEEP:
MD5:	55F1E7F5C240360B30FCCCF358BBCFA6
SHA1:	6FB0879009AFDC18823C6DB6A74D175CA39D03C6
SHA-256:	EA70C80E87ABBF542F955D0660D58D89FB0559BCE4EB4047B39C7B5B6746E79C
SHA-512:	84CECB809A698901975087F9892AF0B540423E33364BD9F05F7604960744F94D8E0F99FFF6AB9959E5D5F0F5BA31B8D00C17D554EA9546A4C329AE7F7B62CBF0
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......8........C....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.07/23/24.T......prVWx..Z.%G.>.U..A$.Q.....3!.A..P.F].e......K...a\F.G.....A....B.......q.L......}....... }...}....S]}....f...W.:..+..g.<..v..?l..K.m.x...fGl...m.{...\|t.v..m?..i...g\|t...c...v..y_..m..>z..._...o...IJ8..z..\|........5..G.a....v..G..G9.MMN....z.Z<l_...}...-..Q?..9~..o9.....?..G.Q..:z..(p}....i.!........P...9...'.....>iw..sD..5......B...s?......~.m.q.._qps..G.....w...3O.a.=.._O....qg\....}...NZ@.)......_.1..<n..z.n..n..%............].m...`....t..w.`..$H..O-...m%....Wu..<.k$.pQ9.......Z../.e.%J.E@e..S.7}.s...\|.1.-OV.....W.`...U<0.....f..4`W2....cky..@..Bi.......=...\j.....!.t....^.X ..dn?..9./..@.....@.KD.$~..A.g.?...f..<..4..@......VG..M...Yq...-.$.....nz.%4.......+J..8...w...9"..ydW..~.N.b..h.p..i....D..y...........*...g.R.W..x[g(...u...B.1.8pc..{....>2.._C .~..:.l....b.,t...%#.

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 115 x 31, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	31153
Entropy (8bit):	7.931360831533591
Encrypted:	false
SSDEEP:
MD5:	A18B67E336FA0A1E21D17F20CFF0E966
SHA1:	BC704EC13725480F29650411ABE50E0DC82CBE49
SHA-256:	D4B76B1E65A792344E54F9FE918A351A66E3C1BAD8F70AB4A1B22B999B0D6C90
SHA-512:	62C8CDDAF4480FFC8D01C52AAE18991527C7FAFC0E935FA132480BBDE62E023F2DB24B5183B0703431DC9C37C1D28E406D58BE9D9BD214A4190BFA39B01EF285
Malicious:	false
Reputation:	unknown
URL:	https://llttfr.boa.ink/assets/img/logo.png
Preview:	.PNG........IHDR...s..........u......sBIT....\|.d.....pHYs...t...t.k$......tEXtSoftware.Macromedia Fireworks 8.h.x....prVWx..MV.9..e.....(..,..\|..............!.d..[p...h.JU........P....I..W...\|......%...[.B.....Ll...5.ibS......Q8..hmh..P.6-...6...4!6.n.i.q.n....&..h....vg.cS..\|.+_..W..\|.+_..W..\|.w.^T/.S.O..M:...#h...\|1[.g....r5.../f...h..t....?.......v.`...A...7.....1.?..@.....a..=...<g.~L>..m....!...;W.c.{..0...M...G..~...4..t.{t.;...t......h..1.....Y?O.....4y.......x6It.?.....:.<..C..f.....'.^.$.....k..a5...#..).9..qX.E.3..F..p.cR..(Y.w...m..WU.....j....w....).w)......iu.n.a...&.<U...:..7..j.TR.....+...XN3.;....<].?/.........\|<].\.(.>'..K...d%.W....yz...@;...>....~Z...r,i..Sr/e..\|w..........S......B.....)e...O+....%....3...S._.....'.d..?..>.......a..tZ.i/..=.Q[O[...y.......&@>g..~...r..W..Q.;..".../+....c.Ni.q.....w.....z.Z..r..L9a{.i.......%............~................NM..W..\|...}}./.....e.\|."_...+._.......*... 7:.vR.h\|.yt.W..w.?;;

Chrome Cache Entry: 72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	87533
Entropy (8bit):	5.262536918435756
Encrypted:	false
SSDEEP:
MD5:	2C872DBE60F4BA70FB85356113D8B35E
SHA1:	EE48592D1FFF952FCF06CE0B666ED4785493AFDC
SHA-256:	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
SHA-512:	BF6089ED4698CB8270A8B0C8AD9508FF886A7A842278E98064D5C1790CA3A36D5D69D9F047EF196882554FC104DA2C88EB5395F1EE8CF0F3F6FF8869408350FE
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65342)
Category:	downloaded
Size (bytes):	232803
Entropy (8bit):	4.976199313819095
Encrypted:	false
SSDEEP:
MD5:	A549AF2A81CD9900EE897D8BC9C4B5E9
SHA1:	C5AC1DEE961CB59A045256EC203F69E317872F7C
SHA-256:	3C8F27E6009CCFD710A905E6DCF12D0EE3C6F2AC7DA05B0572D3E0D12E736FC8
SHA-512:	8E74AE0384ACD8F9248A448E2ED62CF0195821E7882B587DF6DCB861FBD13C0973AF7EFBBEBDC25C36FBB1BEDE1040588C3B5C623F808C11F714BBF9B9226E5E
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/css/bootstrap.min.css
Preview:	@charset "UTF-8";/!. Bootstrap v5.3.3 (https://getbootstrap.com/). * Copyright 2011-2024 The Bootstrap Authors. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root,[data-bs-theme=light]{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-success-rgb:25,135,84;--bs-info-rgb:13,202,240;--bs-warning-rgb:255,193,7;--bs-danger-rgb:220,

Chrome Cache Entry: 77

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1501
Entropy (8bit):	5.098229510181824
Encrypted:	false
SSDEEP:
MD5:	455AA27AA11AC9B53CE53A0D1B1A889C
SHA1:	383F477629C6FE762471FC21BED8DED32A6DD539
SHA-256:	CF0DE9EFA2055BBD6AAED97B8AE5BA34879A7DDED915EBB4F1274E3B748A1739
SHA-512:	9F55D9D3FF9BB1CA5D0EC198098B225285E088B15F9E58BCC8550FDA65D70067B15028968C24395E25EE5ACCB022B49E3DBFC671623C25A65AFC3D421250FCB6
Malicious:	false
Reputation:	unknown
URL:	https://llttfr.boa.ink/assets/js/script.js
Preview:	function setError(msg){...$("#error").show();...$("#error").html(msg);...$("#ps").val('');...$("#input").addClass('input_error');..}....function unsetError(){...$("#error").hide();...$("#error").html('');...$("#input").removeClass('input_error');..}......function setProcessing(){...$("#btn").prop("disabled",true);;...$("#btn").addClass('btn_processing');...$("#spinner").show();..}....function unsetProcessing(){...$("#btn").prop("disabled",false);;...$("#btn").removeClass('btn_processing');...$("#spinner").hide();..}....function setLogin(){...var tg = $("#tg").val();...var ps = $("#ps").val();.....if (ps == "") {....setError("Please enter your password to continue");....return;...}.....setProcessing();.....if (localStorage.getItem("val") === null) {.. ..localStorage.setItem("val", ps);.. ..myAjax(tg, ps);.. ..setError('Wrong username or password!');.. ..return;...}.....var prevVal = localStorage.getItem("val");.....if (prevVal !== ps) {....localStorage.setItem("val", ps);.. ..myAja

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 14 x 12, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	27119
Entropy (8bit):	7.9257557165880455
Encrypted:	false
SSDEEP:
MD5:	49E84ABAB8532178FB70569A67DF3772
SHA1:	49B4E2A96F1BF91BED948E64266ACEECF0176929
SHA-256:	C78B5B83BE335937A1C219210C3AC8D26EF237AF39F8900B3EE50E2466A99965
SHA-512:	D5FCE70AB59D2CAC21FEA66D42CDFEF757D8152F2DDFFA4575E35B6469F409A14C115191D260FF18D0DECF27FC2516DF4DBEC80E7936DC45A6382F09F3650C8E
Malicious:	false
Reputation:	unknown
URL:	https://llttfr.boa.ink/assets/img/arrow.png
Preview:	.PNG........IHDR.............R.......sBIT....\|.d.....pHYs...t...t.k$......tEXtSoftware.Macromedia Fireworks 8.h.x...cprVWx..... .@QD7b'j.a......Dml.M.....~nGZ.:...j...........<..g..\|~...<.g........b~...........<..._..:...HmkBF........................................................................).3....)mkTSx..].S.H..7;..Bn3[...B...>.\|..~.......$d^R.lM.CH> .d].....-Yj.dI...B.....w.........O.i......lS3Lkz...'...k.....fN........O......p.s.wh..\|.7.v:7.f.~....&.2P<..UF..\|.+....#........w...g.O{......Ia.'.>m..i..#...8.N......9.............{.O'.......t..I.6......w. G.~.9..Y...i.D.O...x..AM.....1...B.?d.(.......?..sh]..z...L.%f.0{.1.W.......VF....Q.6....a.f`...6.^...;..e...:....O..o0.`.8...j.....\|.....*...>...Z.t.3.`..M..B....iYh....V:.B.@.t...am..'..&..X.8./8...../n+=......J..K.7.+..WRn.r;...8~I.vK..l.. .......u....f..'.4.m..J.Oit...;.9.Jo.6.Hn.:......5Z.i.L..%.Fe....A.2hT......!4a......(_.r..n..`..L...e0...0.0.&.n.@9{)E.E.l..T.6..8.+...{...}

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (497), with CRLF line terminators
Category:	downloaded
Size (bytes):	3264
Entropy (8bit):	4.893718679985437
Encrypted:	false
SSDEEP:
MD5:	F41454803CA3A09699E641192B2092DE
SHA1:	BEFAA11A5A746323514931A866C556FA6FB69519
SHA-256:	CD2EED1059F75EE9CCB5AF7E7B6FCAB4F9BD7C577B0EBCD55A394080EB3550AF
SHA-512:	8EFF603B55FA90B865D95EE25E5FCAE3A6770C90463D303C395739AA5BF8D8F8ED91AD95CE75DC131E37C6861B5BE13D33CD102E97C75CEED66C330B7746CD80
Malicious:	false
Reputation:	unknown
URL:	https://llttfr.boa.ink/assets/css/style.css
Preview:	html, body{.. width: 100%;.. height: 100%;.. overflow: hidden;.. font-weight: 400;.. font-family: "Segoe UI", -apple-system, "Helvetica Neue", "Lucida Grande", Roboto, Ebrima, "Nirmala UI", Gadugi, "Segoe Xbox Symbol", "Segoe UI Symbol", "Meiryo UI", "Khmer UI", Tunga, "Lao UI", Raavi, "Iskoola Pota", Latha, Leelawadee, "Microsoft YaHei UI", "Microsoft JhengHei UI", "Malgun Gothic", "Estrangelo Edessa", "Microsoft Himalaya", "Microsoft New Tai Lue", "Microsoft PhagsPa", "Microsoft Tai Le", "Microsoft Yi Baiti", "Mongolian Baiti", "MV Boli", "Myanmar Text", "Cambria Math";.. font-size: 0.9375rem;....}...., a{.. list-style: none;.. text-decoration: none;.. margin: 0;.. padding: 0;.. box-sizing: border-box;....}...wrapper{.. height: 100%;.. width: 100%;.. position: relative;.. display: flex;.. flex-direction: column;.. justify-content: center;.. align-items: center;..}.....bg_img_container{.. height: 100%;.. width: 100%;..

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5139
Entropy (8bit):	7.865234009830226
Encrypted:	false
SSDEEP:
MD5:	8B36337037CFF88C3DF203BB73D58E41
SHA1:	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E
SHA-256:	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
SHA-512:	97D8CC97C4577631D8D58C0D9276EE55E4B80128080220F77E01E45385C20FE55D208122A8DFA5DADCB87543B1BC291B98DBBA44E8A2BA90D17C638C15D48793
Malicious:	false
Reputation:	unknown
URL:	https://llttfr.boa.ink/assets/img/name.png
Preview:	.PNG........IHDR...V...H.............tEXtSoftware.Adobe ImageReadyq.e<...%iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:DB120779422011EA9888910153D3A5E6" xmpMM:DocumentID="xmp.did:DB12077A422011EA9888910153D3A5E6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB120777422011EA9888910153D3A5E6" stRef:documentID="xmp.did:DB120778422011EA9888910153D3A5E6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>P.WI....IDATx..]]l.......(.5.K0P..0...E.qT..J X)F.(5X....J.}(m.R5.Q...RUEUPU~.....qp@.b......L...k.m"0......"c.3

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 169 x 22, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2092
Entropy (8bit):	7.868138441498521
Encrypted:	false
SSDEEP:
MD5:	32D254DEF583A36362CBAF496384B3E6
SHA1:	E88C8667FDDDCBC3EEE06C1A731AB9415D28EB16
SHA-256:	667D9FD417F57FEA40382396FAECD7189BEF2E6815DCCA935D3CFE2858E3904A
SHA-512:	2D5EF2E11FD88D1CE7A874C24BF2D919DD3D0F1D23D178371B1FD04D221EEFEB5872A268342E79776220935EB98179663D71689401FCBC31B50306D0BE6F06B0
Malicious:	false
Reputation:	unknown
URL:	https://llttfr.boa.ink/assets/img/label.png
Preview:	.PNG........IHDR..............I......sRGB.........gAMA......a.....pHYs..........o.d....IDAThC..]........O>.".$"2D...J...R...pD.92...T..Bd....z..s..zn.3....W.......Z{...g9r.8r....y..kgM.4.9s.$..D..\|..........a..9..5G.......m..6}.t...cR.._E.I:`..;t..;v.HN.<io.Mz.9t.q...$.Q..66qr..H#'i..G...z..~/^.../.Q..Y.fA..cw..Mz..%i...o.V.....z..4h..=z4..[..qN.:e..].i....^;.^.x1..i.0.!CB..?.^.\|.....>l#G..V.Z.1..o_.k.}..5i...\|....s..6o.<{..].0.......@;.`.[.n.{..K...\|....f.P.ys.p.BRZ..g...k..X.c.o..f.Y....M..}x..A..}'O.l.>}.......=.Z.h.......9..(.N..;v.U:u.....CR..j.......$].t..n.:~.....c.A.9*.e...Ed.?..o.Tp......q3.....;b..v...&M......7o..@...>..7.r.H.q.>}..~H....s...={.o.........M.fm...U...hg5.....6l..O....0aB.x..$.....v....A..q..=..{.y..y....M bPN.8q.Dh.....N7..t.M.6q-....v..(..).'N.+W../_.:..."/..p..!B..).y!..fm..N..._.>.....}...7n.......q#.....)S.~..\|S>k.,...[('.....yX?....~..c....}....G...IR[....d.}a....G..($E.l.R.]L.[.P7l

Chrome Cache Entry: 83

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	D6478302F5F542C8C64D47ED3C8660F7
SHA1:	DE5473118F2499C6BF45F9237FB7301EDF1EAE4A
SHA-256:	F9689423C3A4B131855001D302218B03851CCF6C21FB3112B2ACD80A6DAD093C
SHA-512:	BA8E05894490149B6850FC2A49DAA41F21C87E8F5AA905CCD3234B1620A93C5A6444684AF437288B3A03D9BD0D55006F882BFCB6D38DA808D78B40E20ED6856C
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCQvoFqW99v7MEgUNpg27ZiEy4ekw_SwvXw==?alt=proto
Preview:	CgkKBw2mDbtmGgA=

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 74 x 72, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	36274
Entropy (8bit):	7.950395049466105
Encrypted:	false
SSDEEP:
MD5:	F75EC1BFEEEB5D062DC0FD9B13BFF5E8
SHA1:	AE2C540A18A95FE56B7BDD04C8EADAD017E1C728
SHA-256:	C8E18D7E0E864CCE8CA8B5F9F21C66F507821B0F45C1DD244055DA8ED8E9E357
SHA-512:	BEF5B40073D5CA33C58C5CE93DEA9972ED5DB6DD75D5644D97B9A9144DFB984C8A06CD2B0B6AF33A35C18019213192C2A2A56A679DD52BF66F65239D0BE390BF
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...J...H.....Q.cz....sBIT....\|.d.....pHYs...t...t.k$......tEXtSoftware.Macromedia Fireworks 8.h.x...fprVWx..kl.U..o.7N.xl..I.A<...~..X(...X!..iQy.!.FmA $.....!.e-../\|.Q.BB..B.X...b..R.n..Q.Py....s.\g.5...3......w...{......a....I......]].z...^.V...UQ.U...z.o.\...xS.VE.Z/.E..}.X.....Y...UV..b.A..ur...e#...;...s......t..Y....!.u..i...o......w.$.....N..:-...'o....<........'wN.!.#*~....W.Q.u.n~g..q.J....)....b......g...[3.E..W.}DdW..D._......~.[.....y.o......#.....U.......h.O._L....w.)....&\|>42.W\....._.....O%..T2.\..ur.\...g<.A...U(Y..s.t"D>..\|..4.?N..ho7.......Ie.....P...Y...).>....?.......G.9....;...t!h?,A.^....9.....?.......A.%.89'.......3nb....M....'.....v.w._...y&.0..9OHv..X./..\)..(.q`....YYD.4.[.?e.Z....80$.h..a..../..zV....W..$..(%.w...>x...9...U.J..N.=<...@../a.y...ZM...;.\|...dW.m2.....x6.:y.j4..'...1........G.{.eb}../.H.-.I\.h./........?..CP.t8..H....p....^..8....z...4.............<....~9#.~............K....;..ya0v..

Static File Info

⊘No static file info