Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://bit.ly/3W6tVJJ?BRK=80HiTWCpll

Overview

General Information

Sample URL:https://bit.ly/3W6tVJJ?BRK=80HiTWCpll
Analysis ID:1583395

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious Javascript
Performs DNS queries to domains with low reputation
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6372 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6980 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,13763518191660389339,6234963612648227138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6676 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bit.ly/3W6tVJJ?BRK=80HiTWCpll" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://t.co/E5hLOJIaJA... This script demonstrates high-risk behavior. It sets the `window.opener` property to `null`, which can be used to prevent the original page from accessing the new page, and then redirects the user to an untrusted domain (`xyxac.xyz`) using `location.replace()`. This is a common technique used in phishing and other malicious attacks to lure users to a malicious site.
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49723 version: TLS 1.2

Networking

barindex
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: xyxac.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: xyxac.xyz
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: bit.ly
Source: global trafficDNS traffic detected: DNS query: t.co
Source: global trafficDNS traffic detected: DNS query: xyxac.xyz
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: classification engineClassification label: mal48.troj.win@22/7@10/139
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,13763518191660389339,6234963612648227138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bit.ly/3W6tVJJ?BRK=80HiTWCpll"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,13763518191660389339,6234963612648227138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://bit.ly/3W6tVJJ?BRK=80HiTWCpll0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    high
    t.co
    172.66.0.227
    truefalse
      high
      bit.ly
      67.199.248.11
      truefalse
        high
        xyxac.xyz
        104.21.26.15
        truetrue
          unknown
          www.google.com
          142.250.186.164
          truefalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            142.250.185.67
            unknownUnited States
            15169GOOGLEUSfalse
            1.1.1.1
            unknownAustralia
            13335CLOUDFLARENETUSfalse
            104.21.26.15
            xyxac.xyzUnited States
            13335CLOUDFLARENETUStrue
            142.250.74.206
            unknownUnited States
            15169GOOGLEUSfalse
            64.233.166.84
            unknownUnited States
            15169GOOGLEUSfalse
            142.250.181.238
            unknownUnited States
            15169GOOGLEUSfalse
            239.255.255.250
            unknownReserved
            unknownunknownfalse
            142.250.185.163
            unknownUnited States
            15169GOOGLEUSfalse
            142.250.186.164
            www.google.comUnited States
            15169GOOGLEUSfalse
            35.190.80.1
            a.nel.cloudflare.comUnited States
            15169GOOGLEUSfalse
            172.66.0.227
            t.coUnited States
            13335CLOUDFLARENETUSfalse
            67.199.248.11
            bit.lyUnited States
            396982GOOGLE-PRIVATE-CLOUDUSfalse
            IP
            192.168.2.16
            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1583395
            Start date and time:2025-01-02 16:20:02 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Sample URL:https://bit.ly/3W6tVJJ?BRK=80HiTWCpll
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:13
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            Analysis Mode:stream
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal48.troj.win@22/7@10/139
            • Exclude process from analysis (whitelisted): svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.181.238, 64.233.166.84, 142.250.185.206
            • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: https://bit.ly/3W6tVJJ?BRK=80HiTWCpll
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 14:20:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2673
            Entropy (8bit):3.9947830204808943
            Encrypted:false
            SSDEEP:
            MD5:DE017BDE67D8EFD677D4E54DBCED22A7
            SHA1:9F4E3B980A98F14688BD694A74CC7235B0905751
            SHA-256:6B5270DF1305186BF23C9F0AD09B26D9CADF32BAB5EBB9ED089CBF4F36A5C373
            SHA-512:33B41CEDD6B344CF14516F2D26D00BC7FE331551FF37E3EEF01745AD5827A8D9D5FFF492C6F1C0B5077B74548B7FE38A02BB1242EA892A216C6DC982F4D6078F
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,....n7..)]..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 14:20:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2675
            Entropy (8bit):4.012948645457123
            Encrypted:false
            SSDEEP:
            MD5:46C50DF6831C98C06C22E0802771912E
            SHA1:4052DD64AE01BFD10EE786F36AF5FB1A868B8257
            SHA-256:E5204E6AF22579CD7B8EF4EFC080E3F073D6DD329C1E477C78ACE0C3CECBF236
            SHA-512:EDBD8E38EB53375B8398C9A547F1C35361C15CDC176B8E9762F0B883051A1B29F0C287896032FA8B96654F6903F315CB57BA7329F8458E92C05AD1C90951ED36
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,........)]..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2689
            Entropy (8bit):4.017955420214548
            Encrypted:false
            SSDEEP:
            MD5:A7B5E7D3DEF4299E7AEC6C8E674F482A
            SHA1:00F53D2822778F552294E41D213AFBA5A99C729F
            SHA-256:882A11BE71EBC461977F1A39B498657D11B38E7F919F78C2681725AEFCE309A8
            SHA-512:C2E963241BABD6D4A78E5D87AC302BE4D0DB08DCE01C38A408205558DDFB8C448DEBEA1E8D37F95AC015F79F6C52A82488F9F06AC8B82F8C4471E738AD617BB4
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 14:20:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):4.0121690087491615
            Encrypted:false
            SSDEEP:
            MD5:6CB0B2BF76FCCA56B77944F925E8CA6D
            SHA1:D9B579AAF8139CBFFB66E7499B2F52D4EC659FDC
            SHA-256:A787F5A94568352B132412CB6137B3066796027B86473888A393230FD8C2D965
            SHA-512:82AFBFE47C0DC58C71889AB459BEBBC97C3D785659F58582A77EAF0ABC59613BFB5FB730F267DD0A65F36D148D10FAC29D24A38D11B1E55C9B660879498318B2
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,........)]..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 14:20:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.996370612459851
            Encrypted:false
            SSDEEP:
            MD5:0DA0F98219612B35E52B560398DB3749
            SHA1:C0C3F94B60D8BE768C510C757AD49F2A02BBD7A0
            SHA-256:E63E3F469D0B552568D421572C7EF5018EE15409ECE2EDABB866666FE7DFE3A6
            SHA-512:5ACB0F8B1141D11EC81A62A699A8171EBF2CAF2B333C29B0B2AA8500628E70185DAF901D4FF5F4D3AC03F21E6F01EEE4203D6D7448D042BA3114E774DC38F179
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,........)]..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 14:20:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):4.011422939382793
            Encrypted:false
            SSDEEP:
            MD5:56803EADF6677C78F5A30B0A706BB37F
            SHA1:82C3E3CC1DCA1CD91E53FCCF19A60AC87112AE4C
            SHA-256:6CAEC04145616425EDE7030BDCE04C48619192E427D56316737493931BEF79E4
            SHA-512:D8B2A3A7DEF99BC528F5360B071844726DDFC7204E1B9FDF42A3D6AB4C37C3BD1A902E4CF78F7A533CC157CFFD72270855ED6BAE3D5ACA9EF587E79762380904
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,....9...)]..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with no line terminators
            Category:downloaded
            Size (bytes):242
            Entropy (8bit):5.1525136736853705
            Encrypted:false
            SSDEEP:
            MD5:B59D7A3176EE9051BA35D8504544DF41
            SHA1:A67F6CFF8F286A75E44A32B3127EAE2BF3326776
            SHA-256:1303958582382CC46F6053718991768BF2B50C4B86F158D54173C60FC29D0A7A
            SHA-512:28C9A4880F3C807960A03540B4583D70F395D4B9E5564712C3AC5985F47159BB092789B7132FE1BDA65A46CB7D1AD2BE5508BC0CC09B90C4D3DB33BAEBFA26A0
            Malicious:false
            Reputation:unknown
            URL:https://t.co/E5hLOJIaJA
            Preview:<head><noscript><META http-equiv="refresh" content="0;URL=https://xyxac.xyz/oi9PHBBjvAV"></noscript><title>https://xyxac.xyz/oi9PHBBjvAV</title></head><script>window.opener = null; location.replace("https:\/\/xyxac.xyz\/oi9PHBBjvAV")</script>
            No static file info