Edit tour

Windows Analysis Report
http://flycass.com

Overview

General Information

Sample URL:	http://flycass.com
Analysis ID:	1388329
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Creates files inside the system directory

Stores files to the Windows start menu directory

Classification

Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

Process Tree

System is w10x64_ra

chrome.exe (PID: 6092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://flycass.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1804,i,10713240651816254837,11547030846082311965,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://flycass.com/	HTTP Parser: No favicon
Source: http://flycass.com/flycass.css.infected	HTTP Parser: No favicon
Source: http://flycass.com/flycass.css.old.infected	HTTP Parser: No favicon
Source: http://flycass.com/how_to_back_files.html	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49730 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: flycass.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: flycass.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://flycass.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fixairports.php.infected HTTP/1.1Host: flycass.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://flycass.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /flycass.css.infected HTTP/1.1Host: flycass.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://flycass.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /flycass.css.old.infected HTTP/1.1Host: flycass.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://flycass.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /how_to_back_files.html HTTP/1.1Host: flycass.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://flycass.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /how_to_back_files.html HTTP/1.1Host: flycass.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://flycass.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: flycass.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 07 Feb 2024 13:30:45 GMTServer: Apache/2.4.27 (Win64) OpenSSL/1.0.2l PHP/5.5.32Content-Length: 209Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /favicon.ico was not found on this server.</p></body></html>

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49730 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6092_1405402696

Source: classification engine

Classification label: clean1.win@14/12@12/87

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://flycass.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1804,i,10713240651816254837,11547030846082311965,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1804,i,10713240651816254837,11547030846082311965,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
http://flycass.com	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
http://flycass.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	173.194.219.84	true	false	high
flycass.com	69.39.83.152	true	false	unknown
www.google.com	64.233.177.104	true	false	high
protonmail.com	185.70.42.12	true	false	high
clients.l.google.com	64.233.185.102	true	false	high
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://flycass.com/	false		unknown
http://flycass.com/flycass.css.old.infected	false		unknown
http://flycass.com/how_to_back_files.html	false		unknown
http://flycass.com/favicon.ico	false	Avira URL Cloud: safe	unknown
http://flycass.com/fixairports.php.infected	false		unknown
http://flycass.com/flycass.css.infected	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
64.233.185.102	clients.l.google.com	United States	15169	GOOGLEUS	false
64.233.185.101	unknown	United States	15169	GOOGLEUS	false
64.233.177.104	www.google.com	United States	15169	GOOGLEUS	false
74.125.136.94	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
69.39.83.152	flycass.com	United States	12129	123NETUS	false
64.233.185.94	unknown	United States	15169	GOOGLEUS	false
173.194.219.84	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1388329
Start date and time:	2024-02-07 14:30:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://flycass.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@14/12@12/87

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 74.125.136.94, 34.104.35.123
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://flycass.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 7 12:30:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9876906628628923
Encrypted:	false
SSDEEP:
MD5:	AB7AA05B1BC3187ED3B4FC0305492676
SHA1:	F928622487034FF03F13E420A8FB40572185A646
SHA-256:	F7F82293FA76E0AA231AE760DAE885A5D41CE1EFB0A898864FFC8A7D7235BCBE
SHA-512:	19C4B5C6BC5E5369BF285B2D88F54BBCC52A705E5CAC409DADFF00D421213CA4EBAAD06F704B84DB72C80CE668F7E1E6715ADEA2C2CBEA9167840C9F9AC3CD10
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......y..Y..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IGX.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGX.k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGX.k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGX.k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGX.k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(..B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 7 12:30:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.0007707716184
Encrypted:	false
SSDEEP:
MD5:	E3385DF5923570B217B8EE1B85C0A461
SHA1:	B85F5D70057AF08315CE25A79A58975931CAC142
SHA-256:	3CB141A9E59B5097660D135C2AE6547F63F631D57F9B045A359284D454460003
SHA-512:	4710AE77842C8E3DE03916A639D0564F6769CE25C88B49F7C14A926CC7314CD95F399F57D0605F6E189A27B30B9227E207F6DAFB78AE809D2CAAE4B7D16606CF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....=.n..Y..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IGX.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGX.k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGX.k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGX.k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGX.k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(..B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.009154532724949
Encrypted:	false
SSDEEP:
MD5:	8A805541FD386196FAC5B833EE5E6C7C
SHA1:	01EB8A285DA524FC1F3C090F4AE5DA22D5136CE9
SHA-256:	3CBF943979B85C548280BABC92687B044B77B05F8DB35D046434BF3078119F8B
SHA-512:	56DBD93FDDAEE9758F69263E7E66974B3506639A6FD820FCE7E681B8A4E92D7CEDA8C3C3894745BC620434CA122984D1C2C94563AC0F783320F896C7B49A062B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IGX.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGX.k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGX.k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGX.k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(..B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 7 12:30:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.996371321676227
Encrypted:	false
SSDEEP:
MD5:	64DE5BE04F4ABEA70DB1D09A80CBDF87
SHA1:	88C850046EBC9EFADF73602477BA5A292E678D05
SHA-256:	FD6347FE0D8EF7C0A519D9E434A9AA92A84805D71A3268F2652078C0C2E7352E
SHA-512:	9372277F6D6BEBD4AD962F9F1A414F48163A123C105B352F8756110B1EEDAC0114E373C65ACF922133B48F19D997C43B76351C8ED273EC36518C24E0E23F0AD3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....lf..Y..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IGX.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGX.k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGX.k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGX.k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGX.k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(..B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 7 12:30:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9897235300702922
Encrypted:	false
SSDEEP:
MD5:	E8B4F1AC0AB593395CA2672D367FC526
SHA1:	5CA93D4BE89F6310730A76F58A37A983F0B0CEB6
SHA-256:	A49ED3415F26F5EB2713BF06608858303002A77EF872216352D88AC31A2DB36E
SHA-512:	75468CBC95A1825DD76148C858B99537B0C0C3D209A45BD0348BCB099012C207CC07739418D7398B645D8805D195784466683BECF9A3C589C605DF6D26674E0A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......t..Y..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IGX.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGX.k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGX.k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGX.k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGX.k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(..B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 7 12:30:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9980596653115956
Encrypted:	false
SSDEEP:
MD5:	D190F53E5D4FEA7F082A9CA4D90E0534
SHA1:	96D139EE034C9B2250239A02FFDE0C9CE27EE7D0
SHA-256:	017E969179A8803FB2E4D6ECA6F36D5BE4090556553080211F8F7BD59049209C
SHA-512:	58FE4999EBB70E5040CE76E487829B003B5137CC8A3E071D1ED56116310075E1C9DCCF2ACA27194E00032E3D704BD7803068C2C3D93A3F6151181084F820E3D0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Z\..Y..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IGX.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGX.k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGX.k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGX.k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGX.k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(..B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	753
Entropy (8bit):	4.873410984975494
Encrypted:	false
SSDEEP:
MD5:	864497DB824DFC0B2E51010A90B95064
SHA1:	1141B44FFA7196BE0CD119531A582D9499357A6D
SHA-256:	50B2B20EF2D82E903D1DC313790AB6FBB332A5072245F1FC17EA15155EFFC5C1
SHA-512:	191B9EB62E2F219036E5D749DA3313A8CDB5776377CD2B843F3F7C2B0E12ABB294E58E72968FF9A8632C3A2BD4AD9615AC38B5115FD8657628DD9F8C2B92E7C5
Malicious:	false
Reputation:	unknown
URL:	http://flycass.com/
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">.<html>. <head>. <title>Index of /</title>. </head>. <body>.<h1>Index of /</h1>.<ul><li><a href=".well-known/"> .well-known/</a></li>.<li><a href="fixairports.php.infected"> fixairports.php.infected</a></li>.<li><a href="flycass.css.infected"> flycass.css.infected</a></li>.<li><a href="flycass.css.old.infected"> flycass.css.old.infected</a></li>.<li><a href="how_to_back_files.html"> how_to_back_files.html</a></li>.<li><a href="images/"> images/</a></li>.<li><a href="index.html.infected"> index.html.infected</a></li>.<li><a href="index.html.old.infected"> index.html.old.infected</a></li>.<li><a href="master/"> master/</a></li>.<li><a href="reports/"> reports/</a></li>.</ul>.</body></html>.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	4464
Entropy (8bit):	5.1776303192470055
Encrypted:	false
SSDEEP:
MD5:	B82BBC16B90B301F782FF4B4D30B641A
SHA1:	5B36B68FB25BC1054DF1457290903115AA308D74
SHA-256:	BE1CE3A0727FADDA920A5BDB9FECE69B136973F037D76DE81FA93D3B6E370A18
SHA-512:	BF15A5288E41E128937B8EDF13EE5EC6F1E7C5CB0BE02EADA9205295AACACFD6A89F43C6A8C92D046F845ADE65AE8008269FB584E6AAFD0660A9784F93FE649C
Malicious:	false
Reputation:	unknown
URL:	http://flycass.com/how_to_back_files.html
Preview:	<html>.. <style type="text/css">.... body {.. background-color: #f5f5f5;.. }....h1, h3{.. text-align: center;.. text-transform: uppercase;.. font-weight: normal;..}....../---/...tabs1{.. display: block;.. margin: auto;..}...tabs1 .head{.. text-align: center;.. float: top;.. padding: 0px;.. text-transform: uppercase;.. font-weight: normal;.. display: block;.. background: #81bef7;.. color: #DF0101;.. font-size: 30px;..}.....tabs1 .identi {.. font-size: 10px;.. text-align: center;.. float: top;.. padding: 15px;.. display: block;.. background: #81bef7;.. color: #DFDFDF;.. word-break: break-all;..}.......tabs .content {.. background: #f5f5f5;.. /text-align: center;/.. color: #000000;.. padding: 25px 15px;.. font-size: 15px;.. font-weight: 400;.. line-height: 20px; }.. .tabs .content a {.. color: #df0130;.. font-size: 23px;.. font-style: italic;.. text-decoration: none;.. line-height: 35

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	209
Entropy (8bit):	5.143049113812332
Encrypted:	false
SSDEEP:
MD5:	18FFB59B61525F781CF9251045BE575D
SHA1:	BD7318B00B15B7A1C8A48524419FA2E5C27A5B6D
SHA-256:	B6682CAB65D3243B5B75EFB7279DBF49491957484780F2BA0A87632CC0E25642
SHA-512:	A032F853ABD9492232E1183D1CB1D14110B623F2E9DEC56B7B64DD576A0317DDA8D51125763E11D6642433C5364B2BD10A994EE4F1514629A4950BBAB3ABA499
Malicious:	false
Reputation:	unknown
URL:	http://flycass.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /favicon.ico was not found on this server.</p>.</body></html>.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1520
Entropy (8bit):	6.535761466029431
Encrypted:	false
SSDEEP:
MD5:	43E5260E808131C093039B07EB3F5604
SHA1:	90621D327C6C22F3D3EF1FF289941A6CD4C44006
SHA-256:	ADE47BEB194AD3F379EB4E4F8530E1B2407F93E4A2ABEEC590B6AF47D37DE6EA
SHA-512:	D9D39AC82E88EDE43699F689741038F5435DAF412D2EE80598A08BB2EE87980C16783D62FC736AC1C021FCC4BE9260F107BD50DC4322EDFC11E189B1AC8C1AA1
Malicious:	false
Reputation:	unknown
URL:	http://flycass.com/flycass.css.infected
Preview:	....S\8...[.dv..@.....\|..!.O..E....lkhh%T.].S<.o..)Dh.../{.7....H....-..`7hQ...@.?.^H%Z.....cu9.<I.(.%....+..[..v...o..KO.^.~.:,...$.yL~.b[...V!..v..WgQD....._..4[Nz...r.~..7{.qu.t>.%..c.E......,S.2o.....P/qT......9.....X../....l..{..0...O.J.9..u..Q......6iL....5..Uj..<..]....eW..5..;!.'.....X.4..ET.J..Rfj>..a..&L?'.o.....W.._@....l....K.e....a..N....px...d;.&..Y...{A...Q...{.0M....._\|.v..W.a... 9.Kg..j.>5!D...!.r(_.b.FI.o.Qj........%=1g.B.Bd.#`.ju.}..2{.....'.....E...n.......#:..$.. ~B....oed......v.r..(....#.u...L..6.q.e.6b..)`&.X......;e....-{`.L.#.}...W'Z...c...K\|....v4.r.@.&C.<h....z........AQ..T.,+........?[t...@_."..O.=...!.M!...Q$..S<.I2....,L..!F......./1A 21 FA EA 19 01 0C 00 F1 47 51 B6 06 9E 63 8D.E5 94 92 7B 5B 0A 4E CD 62 D3 9E F5 4F D2 D3 63.BC BB A7 3E 71 5F 55 E9 E4 54 0E CF C6 F1 38 AC.3B A2 9A 15 8D 82 B6 04 4B 45 62 17 50 D5 88 8D.40 FD BB AA 27 C6 25 7F 05 3A 5D F6 09 76 B7 1B.31 25 0A 3B 3F 21 3C 3C 7C BA B4 B2 B5 D7 27 9E.70 C0 A2

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	zlib compressed data
Category:	downloaded
Size (bytes):	1408
Entropy (8bit):	6.330925145410468
Encrypted:	false
SSDEEP:
MD5:	A3DE2DDD4DB2228C6DC3D64284C42F6C
SHA1:	7CBF732394BB61CF53006D8D9FBCF38DA501F139
SHA-256:	B2CA1D3F610F97B12F0E5FB03B7F6BEC65B32AEFA20FB92F19CE30139CBE03D6
SHA-512:	052D1721A22647F6FBF240576572F0A22F5BB057D62BE368A5F04EC6410CA5569583FE14DEDA52CFEE16231F695CFEB3D654A15F84C9BA9F3E08FD341D80EBD8
Malicious:	false
Reputation:	unknown
URL:	http://flycass.com/flycass.css.old.infected
Preview:	....>....{.iU..f....O..2..b........?,.7`..o.o...,.o.(...i.K-[...\k..b......H.....wz\Ov....2.<....h".}...r.x../.......8..#...tf....X...V)..+...k..^J5bi.?]9"..j..#.<..vq0...b{......R.....G.........d .....}.....oba<?.....G.m..b....q.H0>...a...IY.5i.te.........C...6.{.J....D:!..S-..`..U..T.z[.p.X..'Ev?.. 5....6..0..({9..M..o.7..LD.v..?z.$'......X..x.R.....aRO...p..&.'......../..h]'&3.P7..C.+......S..<....y.......$4.Z/.-.....Q>....l.....v....w%.\|#fg.Qa.O.C.o.St...B..~..)...K..i....+\........D.&3...\|..Y.......'uH.%..,i.......T...1e$.....4!."..;r.%`,.&S..3_G`...9{...`S.&1A 21 FA EA 19 01 0C 00 F1 47 51 B6 06 9E 63 8D.E5 94 92 7B 5B 0A 4E CD 62 D3 9E F5 4F D2 D3 63.BC BB A7 3E 71 5F 55 E9 E4 54 0E CF C6 F1 38 AC.3B A2 9A 15 8D 82 B6 04 4B 45 62 17 50 D5 88 8D.40 FD BB AA 27 C6 25 7F 05 3A 5D F6 09 76 B7 1B.31 25 0A 3B 3F 21 3C 3C 7C BA B4 B2 B5 D7 27 9E.70 C0 A2 6A 56 DA 27 28 79 6C 24 1E 14 46 14 4D.24 46 86 FF AC 30 77 CD 8F F2 32 7C 1D 56 9A 23.A0 BE CA BE 20 7D D2 30

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1424
Entropy (8bit):	6.343935115327474
Encrypted:	false
SSDEEP:
MD5:	C1D1BF6B90328B45D18B1D83F6642DFE
SHA1:	CC0D19E6A5A1C70A1A7721AC34D215123A7FAA12
SHA-256:	AF8464974E1FA329FFBDBCAE02F03D5DBB0B6F2EF6D704AEC458B653DDF4D7D9
SHA-512:	B1B1887B2F6365000ABAA806C1A86F83AAC15B9E6B6BA3355CFACCCB5655D70128D9324D92F5C888C4247AD851A7A0B353B40722F7AD312A414746CBAA586F75
Malicious:	false
Reputation:	unknown
URL:	http://flycass.com/fixairports.php.infected
Preview:	..+,.Y..sY..xzn.......]E...Bq.... .'?..._.M9S(.e...h-...R...#r#.....S..V...>....!....l..mP..#...]z.BP.Y....R..)".....n.R"0.:.r.a..e..0J..t.6t.....L. ..b..."..h.w\|L.\|.T/...<...p..l.K\.%.k..z........k<....A..5.4.?r@.g,.\|..[......V..l.ia......+xMr..1C..t.}7..W..jD@B.Mg....rS..s.`.o..y.{..&o......A..c`..........E.....y@..;N.]l.....S..y?...Y.E.sw..''.G.5..XB...%..>R..CT>.{W..B.._[A..8......\|.&P.)>.t......Q.L.X....}.....S.-,......\|.2P..#......$lq.?..i..]..:i.T..\y........9..... ... 81.1s.8+\|...Sf.[.B$.h....Y.o........o.. 8<..Y.....j..=.s.c%24..a.0...F.!....2t,t.t..Y....#-.L.N.9..,[P.1A 21 FA EA 19 01 0C 00 F1 47 51 B6 06 9E 63 8D.E5 94 92 7B 5B 0A 4E CD 62 D3 9E F5 4F D2 D3 63.BC BB A7 3E 71 5F 55 E9 E4 54 0E CF C6 F1 38 AC.3B A2 9A 15 8D 82 B6 04 4B 45 62 17 50 D5 88 8D.40 FD BB AA 27 C6 25 7F 05 3A 5D F6 09 76 B7 1B.31 25 0A 3B 3F 21 3C 3C 7C BA B4 B2 B5 D7 27 9E.70 C0 A2 6A 56 DA 27 28 79 6C 24 1E 14 46 14 4D.24 46 86 FF AC 30 77 CD 8F F2 32 7C 1D 56 9A 23.A0 BE CA

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://flycass.com

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Static File Info

Windows Analysis Report
http://flycass.com