Windows Analysis Report
Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm

Overview

General Information

Sample name:	Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm
Analysis ID:	1543749
MD5:	c64859070dfca063f13c6a4b2827fb49
SHA1:	36e74fcb10b2ae1160e104c881dcc84d7800db31
SHA256:	2592d7fb9b95fb43b671a1a9f1473ef21274518570f243f96a761b7778ded3bd

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

HTML document with suspicious name

HTML document with suspicious title

HTML file submission containing password form

HTML page contains hidden javascript code

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=

LLM: Score: 10 Reasons: HTML file with login form DOM: 1.1.pages.csv

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=

Tab title: Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm

HTML page contains hidden javascript code

Source: Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm

HTTP Parser: Base64 decoded: heidi.swart@onthedot.co.za

HTML title does not match URL

Source: file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=	HTTP Parser: Title: Antique Car Preservationists - copchurchchatt.ru does not match URL
Source: https://copchurchchatt.ru//#inventory	HTTP Parser: Title: Antique Car Preservationists - copchurchchatt.ru does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=

HTTP Parser: Has password / email / username input fields

Source: Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=	HTTP Parser: No favicon
Source: https://copchurchchatt.ru//#inventory	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=	HTTP Parser: No <meta name="author".. found
Source: https://copchurchchatt.ru//#inventory	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=	HTTP Parser: No <meta name="copyright".. found
Source: https://copchurchchatt.ru//#inventory	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49733 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 29MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: copchurchchatt.ru
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49733 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm

Initial sample: payslip

Source: classification engine

Classification label: mal60.phis.winHTM@15/6@22/193

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1948,i,14793591982814583089,2984127993257611774,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1948,i,14793591982814583089,2984127993257611774,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=

HTTP Parser: file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.99	unknown	United States	15169	GOOGLEUS	false
151.101.1.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.18.187.31	unknown	United States	13335	CLOUDFLARENETUS	false
142.251.5.84	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	copchurchchatt.ru	European Union	13335	CLOUDFLARENETUS	false
2.23.209.181	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
142.250.186.142	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
2.23.209.173	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
2.23.209.183	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false
2.23.209.167	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.184.202	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.1.229	true
a.nel.cloudflare.com	35.190.80.1	true
copchurchchatt.ru	188.114.97.3	true
cdnjs.cloudflare.com	104.17.25.14	true
www.google.com	142.250.186.164	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/Payslip%2028%20October,%202024%20HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm#uaGVpZGkuc3dhcnRAb250aGVkb3QuY28uemE=	true		unknown
https://copchurchchatt.ru//#inventory	false		unknown

ID:	1543749
Product:	CloudBasic
Start time:	11:24:15
Start date:	28.10.2024
Sample:	Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c64859070dfca063f13c6a4b2827fb49
SHA1:	36e74fcb10b2ae1160e104c881dcc84d7800db31
SHA256:	2592d7fb9b95fb43b671a1a9f1473ef21274518570f243f96a761b7778ded3bd
Filetype:	HyperText Markup Language (12001/1) 29.26%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 09:24:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6A00839BC01B26760FBD8E783D598D74	90328CCDBCA0F318A4EE8F8E19AB410246CDDC55	E1EC138A74D610F37CD07747BD8A4F38D27AC6380F44F0D8595BC33BE5B5D76F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 09:24:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	23B296729C9E588EECB64BE8D9F22DE6	B95D8CCBD38261FE1A056319465FDE42522D5110	28E3D1A0F89FE22786B54CF77EB670C884649C8A52FC945935DEDE5B22BD6761
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	ABB121BE056D2E55E446432DE020CFC4	B56E90D85F182A6A5582A506962EE4AF9DF53107	AD07543F44377DEF91E89D32D2523E4FA1F2AF544AA90FD415C831845476E676
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 09:24:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BE49DC45D7E934187A915F9343DAC2FA	5B13B52CA66CC28C335571FE4E68EC2ED6036AEB	342AD0A8C3E97953FDA9BB4C02A2BE06C5CB7EAF7290BCE8C696967120F60349
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 09:24:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	50A5A5DF6F81D479B828C295CBE1AE8C	34C1CE9FA0A278E08539AFA34356F6F054D711D8	8CBE754025235D5CA0A0E59D85C06C3EF76B9B98020C88B7ED269B596519B6FB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 09:24:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F328F9C5A37F7D918B67F9A4E0D3ACBA	42256A5ACFBE900CCB69A95DA46430417501047E	13BDCF4118FB2AD052681D2DFE35937324CA3C50D5C6C2732F431569BD1F72F0

Windows Analysis Report
Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Stealing of Sensitive Information

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Stealing of Sensitive Information

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Payslip 28 October, 2024 HQavKTMy0xMV4aunqOHK9GIZbzhLEahv93xcO.htm