Edit tour

Windows Analysis Report
https://l.ead.me/bfibh8/?1778990567JHGFBVDFS56678

Overview

General Information

Sample URL:https://l.ead.me/bfibh8/?1778990567JHGFBVDFS56678
Analysis ID:1602797
Infos:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish9
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,10026105103123167761,17873190080681369111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://l.ead.me/bfibh8/?1778990567JHGFBVDFS56678" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
SourceRuleDescriptionAuthorStrings
dropped/chromecache_56JoeSecurity_HtmlPhish_9Yara detected HtmlPhish_9Joe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Source: Yara matchFile source: dropped/chromecache_56, type: DROPPED
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 2.19.106.160:443 -> 192.168.2.16:49705 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49717 version: TLS 1.2
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 2.19.106.160
    Source: unknownTCP traffic detected without corresponding DNS query: 2.19.106.160
    Source: unknownTCP traffic detected without corresponding DNS query: 2.19.106.160
    Source: unknownTCP traffic detected without corresponding DNS query: 2.19.106.160
    Source: unknownTCP traffic detected without corresponding DNS query: 2.19.106.160
    Source: unknownTCP traffic detected without corresponding DNS query: 2.19.106.160
    Source: unknownTCP traffic detected without corresponding DNS query: 2.19.106.160
    Source: unknownTCP traffic detected without corresponding DNS query: 2.19.106.160
    Source: unknownTCP traffic detected without corresponding DNS query: 2.19.106.160
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: global trafficDNS traffic detected: DNS query: l.ead.me
    Source: global trafficDNS traffic detected: DNS query: vmi2428886.contaboserver.net
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 2.19.106.160:443 -> 192.168.2.16:49705 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49717 version: TLS 1.2
    Source: classification engineClassification label: mal48.phis.win@18/7@8/112
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,10026105103123167761,17873190080681369111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://l.ead.me/bfibh8/?1778990567JHGFBVDFS56678"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,10026105103123167761,17873190080681369111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    Registry Run Keys / Startup Folder
    1
    Process Injection
    1
    Masquerading
    OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    Registry Run Keys / Startup Folder
    1
    Process Injection
    LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    https://l.ead.me/bfibh8/?1778990567JHGFBVDFS566780%Avira URL Cloudsafe
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    www.google.com
    142.250.186.68
    truefalse
      high
      vmi2428886.contaboserver.net
      149.102.149.56
      truefalse
        unknown
        l.ead.me
        3.161.119.33
        truefalse
          unknown
          NameMaliciousAntivirus DetectionReputation
          about:blankfalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            142.250.186.68
            www.google.comUnited States
            15169GOOGLEUSfalse
            142.250.185.78
            unknownUnited States
            15169GOOGLEUSfalse
            142.250.185.206
            unknownUnited States
            15169GOOGLEUSfalse
            1.1.1.1
            unknownAustralia
            13335CLOUDFLARENETUSfalse
            239.255.255.250
            unknownReserved
            unknownunknownfalse
            149.102.149.56
            vmi2428886.contaboserver.netUnited States
            174COGENT-174USfalse
            216.58.212.131
            unknownUnited States
            15169GOOGLEUSfalse
            216.58.212.132
            unknownUnited States
            15169GOOGLEUSfalse
            142.250.185.195
            unknownUnited States
            15169GOOGLEUSfalse
            64.233.184.84
            unknownUnited States
            15169GOOGLEUSfalse
            3.161.119.33
            l.ead.meUnited States
            16509AMAZON-02USfalse
            IP
            192.168.2.16
            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1602797
            Start date and time:2025-01-30 08:52:08 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Sample URL:https://l.ead.me/bfibh8/?1778990567JHGFBVDFS56678
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:13
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            Analysis Mode:stream
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal48.phis.win@18/7@8/112
            • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 199.232.214.172, 216.58.212.131, 142.250.185.78, 64.233.184.84, 142.250.185.206, 216.58.206.78, 142.250.186.142
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: https://l.ead.me/bfibh8/?1778990567JHGFBVDFS56678
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 30 06:52:40 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2673
            Entropy (8bit):3.989737332513235
            Encrypted:false
            SSDEEP:
            MD5:61904085BB65D6B6AA3110F3547C19D8
            SHA1:253CA2B5C2F98E1D257BA403E2A64B7FDA1B18FC
            SHA-256:4DF148DDB630C859B5EB4E3680FD0A8CD4CF5BA37A6BC56CABFAA93531FEAEBA
            SHA-512:54BF1A214A439672F1D6C815DF7676EFCFB0BA0837C0977B6996BC2AEAC44C730455BD94A14448497970C24F1BD4FB5096B033597A7E1FAD1FDF4620333FFE3A
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,....{....r..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Z.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Z.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Z.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V>Z.>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 30 06:52:40 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2675
            Entropy (8bit):4.004186162605104
            Encrypted:false
            SSDEEP:
            MD5:ECCF733E8B435FE95EF086347D0F4FBC
            SHA1:86B57D730C007C1452E2501FBCB30A851B28DABF
            SHA-256:6C3282AE5E447AD4428815D9772B282BB9B81362D50840449FE884055C9225D1
            SHA-512:BCF106119156A8DC6F5468283ACC7D5FAEA00018D1B2CF8B1637B411E8728002328A5DFD6ABBB7F65CE0A87D115A6EE1F668DB5A6A6DB4846C02DD9B290DC673
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,....H....r..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Z.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Z.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Z.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V>Z.>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2689
            Entropy (8bit):4.014372522180708
            Encrypted:false
            SSDEEP:
            MD5:6A9EB49CB6647DBE0C07933D83CB4F3D
            SHA1:467AAE95E8752146CBCFCEE997522D0B583F46DE
            SHA-256:5809E14EB012936B56540037229F1B8ABDFA61528666B4D1E06339C5DA47BCE1
            SHA-512:2877236E94B5AE6250E87C05F89595B6C24D2CDF79E2D6F7D776AE336E08BFF988F2B0C9755CB139923AD84ECF8BC1D06967B540A89160718939A143C0300295
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Z.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Z.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Z.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 30 06:52:40 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):4.00350345436272
            Encrypted:false
            SSDEEP:
            MD5:07200CDA3677E4385F94D1B572F445BA
            SHA1:F895BCE526AF822970DB946BCB9C2CE139E9C062
            SHA-256:B7D199AF90AC439B566FD8BC1006A4B3626AF9D4D21F2FCD2D5722773483E8AA
            SHA-512:7AF613B75C32918105F225E93F89C73E2E304EC3D0C040B6100111147B62CD33108B1C20BD98100421BBA6203A87721302ABE84D24E8858BD9FFA51AB6CFC30E
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.........r..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Z.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Z.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Z.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V>Z.>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 30 06:52:40 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.9931479616718066
            Encrypted:false
            SSDEEP:
            MD5:A63EA936D245234839079A427D9E8378
            SHA1:F540FC3B7832537AE55C4C79889ABBA8F4FA06D9
            SHA-256:D1A69E3E33597097D80FFF05619C8FE9551ECFE949FD10CAB34DB3D3075EF084
            SHA-512:8C20DA78C2272FA477C9D8DE02F087BAA2127E1D33D6DF53EA169EEF27E25E89FCCE74FC98A6246A62FE6722408F9EFB6CB478E87DA1E079217C38F2AD32B96B
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.....q...r..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Z.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Z.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Z.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V>Z.>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 30 06:52:40 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):4.0026936854681
            Encrypted:false
            SSDEEP:
            MD5:81E393D6B18676A1BB78E4F93C2C3933
            SHA1:D98C1D413D7835F23B96FB9F57A58D3C03F19210
            SHA-256:CBF8E325B9750F91FDCEEEAB67B04F113CF0BFFE49FF6F0C4FC9412CBA1B21DE
            SHA-512:06DCE6489024C25F337C40D0FFEFA8555FD162FA12C93B93522204D8686920A4ABB3708089819466CDA6B0AB8809759BD93C76BDB3CD437D9EB083CFE770A5B4
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,........r..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Z.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Z.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Z.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V>Z.>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with CRLF line terminators
            Category:downloaded
            Size (bytes):89
            Entropy (8bit):4.714082730245383
            Encrypted:false
            SSDEEP:
            MD5:196CFACAFFB725C92C6D5D4F16289E92
            SHA1:B6306FE94C164053882259F3D3105E6C4519BF81
            SHA-256:3CD343B356E21807BA2D17E5DE1FE01756EC53BCC76699572E78B0BEFBE5AC6F
            SHA-512:9319817E1964ECB66FA16FC2CE02C8D140A5936A10174D7723906FC0EC99F07F88FC1B87319C345B21C36EF0243C80757ECCD4DED89767FD1466B0687722AAAB
            Malicious:false
            Reputation:unknown
            URL:https://vmi2428886.contaboserver.net/close.html
            Preview:<script type="text/javascript">....window.location.href="about:blank";....</script>......
            No static file info