Edit tour

Windows Analysis Report
https://m.exactag.com/ai.aspx?tc=d9bc40b07205bbd26a23a8d2e6b6b4f9&url=//secureyouerinfos.com/fhffdgg/sdssasas/mygsi/Y2FybGEuZ2luZXJAYXhhY3Rvci5jb20=

Overview

General Information

Sample URL:	https://m.exactag.com/ai.aspx?tc=d9bc40b07205bbd26a23a8d2e6b6b4f9&url=//secureyouerinfos.com/fhffdgg/sdssasas/mygsi/Y2FybGEuZ2luZXJAYXhhY3Rvci5jb20=
Analysis ID:	1397514

Detection

Fake Captcha, HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected Fake Captcha

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

Creates files inside the system directory

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid 'forgot password' link found

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://m.exactag.com/ai.aspx?tc=d9bc40b07205bbd26a23a8d2e6b6b4f9&url=//secureyouerinfos.com/fhffdgg/sdssasas/mygsi/Y2FybGEuZ2luZXJAYXhhY3Rvci5jb20= MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1968,i,1013926990032877147,12872672087572459653,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.1.pages.csv	JoeSecurity_FakeCaptcha	Yara detected Fake Captcha	Joe Security
2.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.1.pages.csv	JoeSecurity_FakeCaptcha	Yara detected Fake Captcha	Joe Security
2.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.1.pages.csv	JoeSecurity_FakeCaptcha	Yara detected Fake Captcha	Joe Security
2.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.1.pages.csv	JoeSecurity_FakeCaptcha	Yara detected Fake Captcha	Joe Security
2.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
Click to see the 12 entries

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site detected (based on favicon image match)

Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm

Matcher: Template: microsoft matched with high similarity

Yara detected Fake Captcha

Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML

Yara detected HtmlPhish10

Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML
Source: Yara match	File source: 2.7.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm

HTTP Parser: Number of links: 0

Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm

HTTP Parser: Title: SJJJES7D515R4SLWEMVA does not match URL

Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm

HTTP Parser: Invalid link: Forgotten my password

Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Terms of use
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Privacy & cookies
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Terms of use
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Privacy & cookies
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Terms of use
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Privacy & cookies
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Terms of use
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Privacy & cookies
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Terms of use
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Privacy & cookies
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Terms of use
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: Invalid link: Privacy & cookies

Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm

HTTP Parser: <input type="password" .../> found

Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="author".. found
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="author".. found
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="author".. found
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="author".. found
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="author".. found
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="author".. found

Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="copyright".. found
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="copyright".. found
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="copyright".. found
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="copyright".. found
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="copyright".. found
Source: https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.192.108.161:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.192.108.161:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49747 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161

Source: unknown

DNS traffic detected: queries for: m.exactag.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.192.108.161:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.192.108.161:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49747 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_3996_879582154

Source: classification engine

Classification label: mal68.phis.win@18/20@24/192

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://m.exactag.com/ai.aspx?tc=d9bc40b07205bbd26a23a8d2e6b6b4f9&url=//secureyouerinfos.com/fhffdgg/sdssasas/mygsi/Y2FybGEuZ2luZXJAYXhhY3Rvci5jb20=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1968,i,1013926990032877147,12872672087572459653,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1968,i,1013926990032877147,12872672087572459653,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://m.exactag.com/ai.aspx?tc=d9bc40b07205bbd26a23a8d2e6b6b4f9&url=//secureyouerinfos.com/fhffdgg/sdssasas/mygsi/Y2FybGEuZ2luZXJAYXhhY3Rvci5jb20=	0%	Avira URL Cloud	safe
https://m.exactag.com/ai.aspx?tc=d9bc40b07205bbd26a23a8d2e6b6b4f9&url=//secureyouerinfos.com/fhffdgg/sdssasas/mygsi/Y2FybGEuZ2luZXJAYXhhY3Rvci5jb20=	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
yhssu1uqtp.iodaleverm.tech	0%	Virustotal	Browse
secureyouerinfos.com	0%	Virustotal	Browse
part-0008.t-0009.t-msedge.net	0%	Virustotal	Browse
part-0012.t-0009.t-msedge.net	0%	Virustotal	Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
accounts.google.com	172.253.122.84	true	false		high
part-0008.t-0009.t-msedge.net	13.107.213.36	true	false	0%, Virustotal, Browse	unknown
secureyouerinfos.com	192.185.108.1	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.251.40.228	true	false		high
api.ipify.org	104.26.13.205	true	false		high
part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	0%, Virustotal, Browse	unknown
clients.l.google.com	142.250.65.206	true	false		high
yhssu1uqtp.iodaleverm.tech	89.116.38.238	true	false	0%, Virustotal, Browse	unknown
tp-emea.exactag.com	213.202.235.8	true	false		high
clients1.google.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high
m.exactag.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
https://secureyouerinfos.com/fhffdgg/sdssasas/mygsi/Y2FybGEuZ2luZXJAYXhhY3Rvci5jb20=	false	unknown
https://yhssu1uqtp.iodaleverm.tech/?email=carla.giner@axactor.com	false	unknown
https://yhssu1uqtp.iodaleverm.tech/m/c9ed4f17f70681a064b42fe48610dd38.htm	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
13.107.246.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.40.228	www.google.com	United States	15169	GOOGLEUS	false
172.253.122.84	accounts.google.com	United States	15169	GOOGLEUS	false
13.107.213.36	part-0008.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.65.206	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.65.227	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.185.108.1	secureyouerinfos.com	United States	46606	UNIFIEDLAYER-AS-1US	false
89.116.38.238	yhssu1uqtp.iodaleverm.tech	Lithuania	15419	LRTC-ASLT	false
213.202.235.8	tp-emea.exactag.com	Germany	24961	MYLOC-ASIPBackboneofmyLocmanagedITAGDE	false
142.251.41.10	unknown	United States	15169	GOOGLEUS	false
172.217.165.131	unknown	United States	15169	GOOGLEUS	false
104.26.13.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
142.251.41.4	unknown	United States	15169	GOOGLEUS	false
172.67.74.152	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16
192.168.2.23

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1397514
Start date and time:	2024-02-23 09:39:37 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://m.exactag.com/ai.aspx?tc=d9bc40b07205bbd26a23a8d2e6b6b4f9&url=//secureyouerinfos.com/fhffdgg/sdssasas/mygsi/Y2FybGEuZ2luZXJAYXhhY3Rvci5jb20=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@18/20@24/192

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.165.131, 34.104.35.123
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Feb 23 07:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9803671415023287
Encrypted:	false
SSDEEP:
MD5:	EE5526E8AFFB7F916C297FFB470EF33D
SHA1:	3A6F4D6A21E0F805B3D193F9C521EB3BE55279F5
SHA-256:	5D6122C5733E62513C842A4558F432957F3D8414746AF799F6CDD2155F887F9D
SHA-512:	2AB6F7C88BA162A456030BDA96FF6C66FF86345706FD28AA3085FD9E7C868C8D66CBF93D577527836C27DCFE78235663B8C8573E0545DB73E3BBA28F2FC7530F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....J..3f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWX.D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWX.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWX.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWX.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWX.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.#%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Feb 23 07:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9987084809369255
Encrypted:	false
SSDEEP:
MD5:	1D22D816156F9FCDAB5703DCD5B7103B
SHA1:	2A0F23A9B80955792406A1D56626CC451C96F782
SHA-256:	86A53661E210FE98397B525B543BE1175B837F684ABDE9A60A37C072FC7189DE
SHA-512:	6ADFBACFC8AA895135AC92FF71A048BE38D8C7EDB6CB541AE89B26FCFD016022394C419BF51815E1DDAC6C65433B1EB95890C772B9A5A9C487EAFE95BF937725
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....ZV..3f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWX.D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWX.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWX.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWX.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWX.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.#%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006961609020537
Encrypted:	false
SSDEEP:
MD5:	471803F1721C981F72BBBFE59A9E73B6
SHA1:	4A0E379E6FE8FF33B960ADF0859EC32B951E0947
SHA-256:	90B537B2E26D556FE7604AE5EA4CBCEF75ECD551E3E56FC6A22826BD88234DCE
SHA-512:	D5A60337D71D711D106435CD045171EC8CC5CCA2B9632E2F3E38F8F4C9C027ACABD73F7A6638EECF62E8FA78FC8048D076CDE6A7F554BDECC2DF0712E678A9D7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWX.D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWX.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWX.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWX.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.#%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Feb 23 07:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9964686645787832
Encrypted:	false
SSDEEP:
MD5:	E93A60752CFEDEE4120B032FD4092451
SHA1:	90D1349D6F077644600215F067614DA9DF29B7F8
SHA-256:	A70CD49A9A83E8867DD8F77B58277E5699D2598D4F5FBEE0BDE909BF5EC4CAE0
SHA-512:	A2F16D1EDA1BA01F00E241240FAFBCB313B9FC6F9FA259B1B7C2AE8D804039551723426F0B4722334664F54B76892E844569F10098BDE90D35FB8E2344CE4E77
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....<x..3f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWX.D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWX.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWX.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWX.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWX.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.#%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Feb 23 07:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985200113199057
Encrypted:	false
SSDEEP:
MD5:	B3BE4BC604C267CBA5BA408D60213E65
SHA1:	2CAEFF70F994180589F2B405396A0F98A777762F
SHA-256:	B1784C53B9CAEFCE8BC559E86AAC8BDD2364A1B919867E0B0A5C15387569F9AF
SHA-512:	E35A5308B80930DD8A6F623F1CB119932EF5A86D3065D74A9D81F98E578A6E07D8A62AB8F3A774F18954C2171108DB9791BCAE50F34D3769F32EE7D811CA0B83
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........3f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWX.D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWX.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWX.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWX.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWX.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.#%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Feb 23 07:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9958478997811953
Encrypted:	false
SSDEEP:
MD5:	92CEB2D0DCB2DB3503D5FB8E1EAF7442
SHA1:	206AB8037EDD8FFC4429E32D006A10899617CB94
SHA-256:	9DBA83CBC074619D82519AD1FEFBBB97A0085BA75ACEE077DF8D972BE05C2151
SHA-512:	0408A0072C76A6CD67545E4807E6E2063C0F15CF2C0E97400F02077D9F54F73EF8E39420523A74990B03178DEC3F6032952118B97E4F028EA90A1590FEDDCA56
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......3f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWX.D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWX.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWX.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWX.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWX.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.#%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	344EB8D19F5C0A3435EF32FD9601F1FB
SHA1:	E082EB1D89D91CC1A25A1D510268E576109DA07E
SHA-256:	B44289B54959639FCA6A742F7CC2E2A5AF9C6E7B73C1B3E25227CA9790F3A587
SHA-512:	EB9F1CD4A566192160371F4B182EE00180F6912333FFB79C537BD80635A6AFE6379FBE7BB74043D635BA65C9F4F956D9E97E516E24E516F2591192A36F866EAE
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmsb_tQrNhymxIFDc5BTHo=?alt=proto
Preview:	CgkKBw3OQUx6GgA=

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (567), with CRLF line terminators
Category:	downloaded
Size (bytes):	6341
Entropy (8bit):	5.114798851154897
Encrypted:	false
SSDEEP:
MD5:	FF6058356639256BF8831A9163C23D1E
SHA1:	77470FA9FDCC214A296B75A0519E50F789C08EE0
SHA-256:	2D0A6DCBDA10E51E78FA4BA5DA72473C28F9073B0DF7C59F7549AB55E48A94CB
SHA-512:	1DD14258725EC9F72B6F47589599D57CF72D482B7F473C12ABDBEC2C5632BF3EA24CE62AE5B55A4BEC148824B9C5AA979F7A6CE383C6EC42C36F53789587EC97
Malicious:	false
Reputation:	unknown
URL:	https://yhssu1uqtp.iodaleverm.tech/m/cxx/Y5ES8H72H6FPIA1G63MB23UYW
Preview:	{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;}..:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;}...form-group{margin-bottom:12px;}...c_loadingDots{line-height:0;white-space:nowrap;position:relative;visibility:hidden;}..div.c_loadingDots.c_dotsPlaying{visibility:visible;}..div.c_loadingDots div.c_loadingDot{position:absolute;left:0;bottom:0;}..div.c_loadingDots div.c_loadingFallback{position:absolute;left:0;top:0;width:100%;height:100%;background:transparent url('https://acctcdn.msauth.net/images/clear1x1.png') no-repeat center center;opacity:1;filter:alpha(opacity=100);-moz-animation:hidedotsfallback .3s linear .1s 1 normal;-ms-animation:hidedotsfallback .3s linear 0s 1 normal;-webkit-animation:hidedotsfallback .3s linear 0s 1 normal;animation:hidedotsfallback .3s linear 0s 1 normal;-moz-animation-fill-mode:both;-ms-animation-fill-mode:both;-webkit-animation-fill-mode:both;animation-fill-mode:both;}..d

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1601x717, components 3
Category:	dropped
Size (bytes):	126388
Entropy (8bit):	7.978278517681196
Encrypted:	false
SSDEEP:
MD5:	1D6509EA3FCA1A06A1CCA8EF4BB6A953
SHA1:	A6E8A9D5013E2E571D4587503AF52853F1C147C5
SHA-256:	785EECD93EC567D96D845CAA262611105463684B209A25D576E62F2EFE7FBA65
SHA-512:	A57396EEB9499A1087F072B562715AB522E7E81F02642A3B58E71069D6248E918F09FB203A1E49BD057E93CE05BC283111B52802F3FFED8F0A2A7887A25DF230
Malicious:	false
Reputation:	unknown
Preview:	......Exif..II*.................Ducky.......2.....thttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.154911, 2013/10/29-11:47:16 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:63DE687AAE0011E39EA08A864F8B7AA7" xmpMM:DocumentID="xmp.did:5E6AEC7BBA0411E3A35BBB4226CC67C9" xmpMM:InstanceID="xmp.iid:5E6AEC7ABA0411E3A35BBB4226CC67C9" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:f098ba7f-dc95-4a95-bdd5-d9b3b3aea82c" stRef:documentID="xmp.did:63DE687AAE0011E39EA08A864F8B7AA7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d........................................................

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	425187
Entropy (8bit):	4.917773230000703
Encrypted:	false
SSDEEP:
MD5:	E52C1E281C211AAE9689622F74F0B022
SHA1:	3009C8D25BDEE6F99368B2E54DF675621A0B6640
SHA-256:	23D7A58D80BE43BE37AB404B89F175D59A30E8E8B7CCB8799BF44F8D171D7B3D
SHA-512:	DE5B58B79C8BD985D835C2245F66D5A147F59230A2DC15F6F77DEC3584785F23FFA8FA263B8D6C5A35D774A6D9A2CD60348CAAAB102A2BF8104B0FE1AFA86FEF
Malicious:	false
Reputation:	unknown
URL:	https://yhssu1uqtp.iodaleverm.tech/m/aty/80XJ9EK34YT95G9F54UROW0WK
Preview:	(function(_0x1c89c6,_0x42db72){function _0x29c586(_0x35a837,_0x414900,_0x59d8fc,_0x4d27f9,_0x3ccb19){return _0x5bf0(_0x414900-0x2a3,_0x4d27f9);}function _0x4965f2(_0x172a8b,_0x2b768d,_0x3e27f3,_0x33f558,_0x100272){return _0x5bf0(_0x2b768d- -0x302,_0x100272);}function _0x4a253f(_0x35caf3,_0xe4df59,_0x41bbd1,_0x21f4a9,_0x461023){return _0x5bf0(_0xe4df59- -0x1ec,_0x21f4a9);}function _0xf26322(_0x58bfb6,_0x31c49d,_0x1e4023,_0x456591,_0x26611b){return _0x5bf0(_0x58bfb6- -0xd0,_0x456591);}var _0x131c20=_0x1c89c6();function _0x1ce36a(_0x580b86,_0x515b70,_0x31af1b,_0x452a8b,_0x37bb8b){return _0x5bf0(_0x37bb8b-0x131,_0x452a8b);}while(!![]){try{var _0x3cb205=parseInt(_0xf26322(0x78,0x3ed,-0x17b,-0x2dc,-0x15a))/(-0x6b6+0x1abb-0x1+0x60x593)+-parseInt(_0xf26322(0x321,0x2b5,0x23b,0x62e,-0x1e7))/(-0xe35+-0x1924+0x275b)+parseInt(_0x29c586(0x5da,0x73b,0x3a6,0x8f5,0x341))/(-0x1dc5+0x15fa+0x7ce)(parseInt(_0x4a253f(0x544,0x19f,0x24f,0x26a,0x51))/(-0x11f2+0x7d+0x1f10x9))+-parseInt(_0x4965f2(0x4ab,0x4c9

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2604)
Category:	downloaded
Size (bytes):	2609
Entropy (8bit):	5.835909502953864
Encrypted:	false
SSDEEP:
MD5:	9B03CEF64439135A43B21470FC401796
SHA1:	18B7B7A883135C4C9C8EF37CA9992D4EF165B1FC
SHA-256:	04021DC4B94AD3DCCECE4D006CD8272C671C6A2E32B8CA49FDC39E04CE00FA56
SHA-512:	6C028626794BCC6D05A30D65B264D851FEC8550554AFB6FD866DD1857902BAEC4C5A26191B84602F54057B1DD553589AF2EEEAC0900B2655789E5E92699EC13E
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["collection challenge pokemon go","nba mock draft","happy valentines day wishes quotes","incarnate forme enamorus raid counters","snow storm weather forecast nyc","ihop free pancakes national pancake day","one day cast","julius randle injury update"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXN5X21rcGt0EgpUViBwcm9ncmFtMrsJZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFLd01CSWdBQ0VRRURFUUgveEFBYkFBQUJCUUVCQUFBQUFBQUFBQUFBQUFBQUFRTUVCUVlDQi8vRUFERVFBQUVEQXdNQkJRVUpBQUFBQUFBQUFBRUNBd1FBQlJFU0lURlJCaE1pWVpFVUZUSkJnU01rUWxKVGs2R3h3Zi9FQUJjQkFRRUJBUUFB

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	unknown
URL:	https://yhssu1uqtp.iodaleverm.tech/m/ic/OKFXDUZ2STVQ11146Q03A7CFY
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (358)
Category:	downloaded
Size (bytes):	11816
Entropy (8bit):	5.037139572888145
Encrypted:	false
SSDEEP:
MD5:	A8063BD37D3C8FB3176A6BF140558A4D
SHA1:	E32CF4B407DB3D3773DED13FF64B70FDBAD7735F
SHA-256:	BCCB23D41C2CC69CF0C7D22C4314CA8181A513C6999B73E45307792830F4E482
SHA-512:	82D749F6B17B21587FB345CA196A2AA83ECA80AD66ED9C1AB88B36709BED14175D53AFEFE9ACC0DAFC4FAD78FFB8DF155193A6829BC857AD6D68B1C84AF7B854
Malicious:	false
Reputation:	unknown
URL:	https://secureyouerinfos.com/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head profile="http://gmpg.org/xfn/11">. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <title>404 - PAGE NOT FOUND</title>...... Add Slide Outs -->.....<script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> .....<script src="/cgi-sys/js/simple-expand.min.js"></script>. . <style type="text/css">. body{padding:0;margin:0;font-family:helvetica;}. #container{margin:20px auto;width:868px;}. #container #top404{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;}. #container #mid404{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;}. #container #mid404 #gatorbottom{position:relative;left:39px;float:left;}. #

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text, with very long lines (1680), with CRLF line terminators
Category:	downloaded
Size (bytes):	108159
Entropy (8bit):	5.196780313715235
Encrypted:	false
SSDEEP:
MD5:	E3D75AA9A72BC3FC164CF84DF12CA2D4
SHA1:	16C3E732C1C4F72F28128C115CDE77D85C7DB5B0
SHA-256:	6B95363E75460560EC869EBF93B3B4333988C32A81F6280F61791581F1DD08ED
SHA-512:	636A03D04A20FE86EE16E849E5EE86AB799BCAC30C4989B7E664F8306A1A59CAC5A44BB486408190BC9F9CC15655414643D1EA29F6CA80F84930ECB6F869E031
Malicious:	false
Reputation:	unknown
URL:	https://yhssu1uqtp.iodaleverm.tech/m/sm/PXMQ17C79O9G6WKKEYWPT2ECQ
Preview:	html { font-family: sans-serif; text-size-adjust: 100%; }..body { margin: 0px; }..article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary { display: block; }..audio, canvas, progress, video { display: inline-block; vertical-align: baseline; }..audio:not([controls]) { display: none; height: 0px; }..[hidden], template { display: none; }..a { background-color: transparent; }..a:active, a:hover { outline: 0px; }..abbr[title] { border-bottom: 1px dotted; }..b, strong { font-weight: bold; }..dfn { font-style: italic; }..h1 { font-size: 2em; margin: 0.67em 0px; }..mark { background: rgb(255, 255, 0); color: rgb(0, 0, 0); }..small { font-size: 80%; }..sub, sup { font-size: 75%; line-height: 0; position: relative; vertical-align: baseline; }..sup { top: -0.5em; }..sub { bottom: -0.25em; }..img { border: 0px; }..svg:not(:root) { overflow: hidden; }..figure { margin: 1em 40px; }..hr { box-sizing: content-box; height: 0px; }..pre { overflow: auto; }..

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
Category:	dropped
Size (bytes):	276
Entropy (8bit):	7.316609873335077
Encrypted:	false
SSDEEP:
MD5:	4E3510919D29D18EEB6E3E8B2687D2F5
SHA1:	31522A9EC576A462C3F1FFA65C010D4EB77E9A85
SHA-256:	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
SHA-512:	DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
Malicious:	false
Reputation:	unknown
Preview:	...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....e.......J).8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	87462
Entropy (8bit):	5.262148110388299
Encrypted:	false
SSDEEP:
MD5:	E6C2415C0ACE414E5153670314CE99A9
SHA1:	5A9EEAC34D86E92E5660E0F4F87204F1ED0C8FF6
SHA-256:	D8F9AFBF492E4C139E9D2BCB9BA6EF7C14921EB509FB703BC7A3F911B774EFF8
SHA-512:	DE027062931EDD07B01842EFF24FC15FDBDCAA1AF245DCD133155FABA9E0C965F0A34DC6144CE3B149BC43B4597073C792CB6DABBFC6168C63095523923BCF77
Malicious:	false
Reputation:	unknown
URL:	https://yhssu1uqtp.iodaleverm.tech/m/jx/RLRLAVA15132I9YHUBOZM35DW
Preview:	/! jQuery v3.7.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	23
Entropy (8bit):	3.2903216092483056
Encrypted:	false
SSDEEP:
MD5:	5B3ABE3D8C360A47DFE674A83EB238BA
SHA1:	4D53A05BC8579B77782C3F3045029A61ABD172F0
SHA-256:	EE8323D76A542EB72116572F1333D8E0A16B7B8887B061BC07A8DEF86B991014
SHA-512:	59421AF6CFE7047997541AD08FA441F3B0D7D3F38F84CD7F75B5C8BE7DB026AB1529059A481A1EC862D73BC8CC3B292B51A7DA5072B9FCA6D33C6BEDF7A5B899
Malicious:	false
Reputation:	unknown
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"191.96.227.222"}

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1592
Entropy (8bit):	4.205005284721148
Encrypted:	false
SSDEEP:
MD5:	4E48046CE74F4B89D45037C90576BFAC
SHA1:	4A41B3B51ED787F7B33294202DA72220C7CD2C32
SHA-256:	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
SHA-512:	B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
Malicious:	false
Reputation:	unknown
URL:	https://yhssu1uqtp.iodaleverm.tech/m/mxl/sig_op.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	199333
Entropy (8bit):	5.013103448858446
Encrypted:	false
SSDEEP:
MD5:	25930B37116B2474777D799979918568
SHA1:	4D0AE3F123CA421EC90EF3348C3B39AC655E9236
SHA-256:	B294D339F709A0620968800517ED512F5EA76A8D06959FF59F6F2EC6F3FDCDB7
SHA-512:	D3DF8EE8C3CEFAB0F214E250A11552A9C94D9374AABB7E745A9271D69C82C04ED7FD525FB0244E1BD9FC24BFCEA7A6F4384BBB86051E84A817BB2413F1017A6E
Malicious:	false
Reputation:	unknown
URL:	https://yhssu1uqtp.iodaleverm.tech/m/ecpt/996Q798QCSYOCMXXJJEBIUFSF
Preview:	(function(_0x5b1989,_0x4dd8dd){function _0x98c760(_0x5bc066,_0x2bfe8b,_0x3ae5a4,_0xbb2dcc,_0x1155ea){return _0x4e53(_0x5bc066- -0x2df,_0xbb2dcc);}function _0x1ee071(_0x2ccdbb,_0x588cd5,_0x21f614,_0x3e8e2f,_0x4d219a){return _0x4e53(_0x4d219a- -0x223,_0x588cd5);}function _0x397734(_0x341432,_0x204bb2,_0x5f2ec7,_0x4a4c86,_0x361db0){return _0x4e53(_0x204bb2-0x9c,_0x5f2ec7);}function _0x5ee178(_0x31a9bc,_0x5b0a99,_0x45ebe4,_0x2fd736,_0x471b52){return _0x4e53(_0x471b52- -0x106,_0x45ebe4);}function _0x1aee45(_0x3e1555,_0x40a413,_0x1c1268,_0x3e7959,_0x13fc10){return _0x4e53(_0x13fc10- -0x61,_0x40a413);}var _0x250efa=_0x5b1989();while(!![]){try{var _0x5d818c=-parseInt(_0x1ee071(0xa3,-0x21e,-0x25e,-0xd2,-0x100))/(-0x5-0x543+-0x28-0x60+0x11-0x26e)(-parseInt(_0x98c760(0x78,0x123,-0x10f,0x1ed,0x97))/(-0x10x1193+-0x1eb7+0x18260x2))+-parseInt(_0x5ee178(0x6f,0x263,0x1a7,0x8b,0x161))/(-0x1b0d+-0x1fdf+-0x3aef-0x1)(parseInt(_0x1aee45(0x17,0x27c,0x1f6,0x2e2,0x177))/(-0x10x2047+0x2592+0x1-0x547))

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://m.exactag.com/ai.aspx?tc=d9bc40b07205bbd26a23a8d2e6b6b4f9&url=//secureyouerinfos.com/fhffdgg/sdssasas/mygsi/Y2FybGEuZ2luZXJAYXhhY3Rvci5jb20=

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 102

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Static File Info

Windows Analysis Report
https://m.exactag.com/ai.aspx?tc=d9bc40b07205bbd26a23a8d2e6b6b4f9&url=//secureyouerinfos.com/fhffdgg/sdssasas/mygsi/Y2FybGEuZ2luZXJAYXhhY3Rvci5jb20=