IOC Report
http://lloydschatonline.com/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\Downloads\65f3a430-8ad4-48c0-b8c5-5be51dbb20fb.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\Downloads\Unconfirmed 882903.crdownload
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
Chrome Cache Entry: 64
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x400, components 3
dropped
Chrome Cache Entry: 65
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x882, components 3
downloaded
Chrome Cache Entry: 66
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1369x1500, components 3
dropped
Chrome Cache Entry: 67
gzip compressed data, from Unix, original size modulo 2^32 691
dropped
Chrome Cache Entry: 68
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=9, height=748, xresolution=230, yresolution=238, resolutionunit=2, datetime=2024:02:07 15:00:58, software=PaintShop Pro 25.00, width=1500], baseline, precision 8, 1500x748, components 3
downloaded
Chrome Cache Entry: 69
Web Open Font Format (Version 2), TrueType, length 52120, version 0.0
downloaded
Chrome Cache Entry: 70
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 71
GIF image data, version 89a, 228 x 211
downloaded
Chrome Cache Entry: 72
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 767x567, components 3
downloaded
Chrome Cache Entry: 73
gzip compressed data, from Unix, original size modulo 2^32 1150
downloaded
Chrome Cache Entry: 74
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x850, components 3
downloaded
Chrome Cache Entry: 75
gzip compressed data, from Unix, original size modulo 2^32 413064
downloaded
Chrome Cache Entry: 76
GIF image data, version 89a, 228 x 211
dropped
Chrome Cache Entry: 77
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x400, components 3
downloaded
Chrome Cache Entry: 78
gzip compressed data, from Unix, original size modulo 2^32 292950
downloaded
Chrome Cache Entry: 79
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x882, components 3
dropped
Chrome Cache Entry: 80
Web Open Font Format (Version 2), TrueType, length 51676, version 0.0
downloaded
Chrome Cache Entry: 81
PNG image data, 1000 x 902, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 82
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x750, components 3
dropped
Chrome Cache Entry: 83
PNG image data, 1000 x 902, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 84
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x750, components 3
downloaded
Chrome Cache Entry: 85
gzip compressed data, from Unix, original size modulo 2^32 87462
dropped
Chrome Cache Entry: 86
Web Open Font Format (Version 2), TrueType, length 51676, version 0.0
downloaded
Chrome Cache Entry: 87
gzip compressed data, from Unix, original size modulo 2^32 691
downloaded
Chrome Cache Entry: 88
Web Open Font Format (Version 2), TrueType, length 53060, version 0.0
downloaded
Chrome Cache Entry: 89
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 767x567, components 3
dropped
Chrome Cache Entry: 90
gzip compressed data, from Unix, original size modulo 2^32 460712
downloaded
Chrome Cache Entry: 91
gzip compressed data, from Unix, original size modulo 2^32 87462
downloaded
Chrome Cache Entry: 92
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1369x1500, components 3
downloaded
Chrome Cache Entry: 93
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=9, height=748, xresolution=230, yresolution=238, resolutionunit=2, datetime=2024:02:07 15:00:58, software=PaintShop Pro 25.00, width=1500], baseline, precision 8, 1500x748, components 3
dropped
Chrome Cache Entry: 94
gzip compressed data, from Unix, original size modulo 2^32 105354
downloaded
Chrome Cache Entry: 95
gzip compressed data, from Unix, original size modulo 2^32 1150
dropped
Chrome Cache Entry: 96
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x850, components 3
dropped
Chrome Cache Entry: 97
PE32 executable (GUI) Intel 80386, for MS Windows
downloaded
There are 27 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1684,i,11816955474725796620,6603347414342202885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://lloydschatonline.com/"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6360 --field-trial-handle=1684,i,11816955474725796620,6603347414342202885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
http://lloydschatonline.com/
malicious
http://lloydschatonline.com/fonts/lloyds_bank_jack-mediumWEB.woff2
193.143.1.14
 malicious
http://lloydschatonline.com/img/lb_bb_servicequal_700x400_feb_2024_1.jpg
193.143.1.14
 malicious
http://lloydschatonline.com/css/answers.css
193.143.1.14
 malicious
http://lloydschatonline.com/scripts/script.js
193.143.1.14
 malicious
http://lloydschatonline.com/Lloyds-LiveChat.exe
193.143.1.14
 malicious
http://lloydschatonline.com/css/clientlibs/icons/sprite-icons/chevron-right-hover.svg
193.143.1.14
 malicious
http://lloydschatonline.com/img/lb_business_banking_qr_mobile_app.png
193.143.1.14
 malicious
http://lloydschatonline.com/img/lb_bus_homepage_fraud-promo.jpg
193.143.1.14
 malicious
http://lloydschatonline.com/fonts/lloyds_bank_jack-lightWEB.woff2
193.143.1.14
 malicious
http://lloydschatonline.com/
malicious
http://lloydschatonline.com/img/lb_business_homepage_alexcave_1500x750.jpg
193.143.1.14
 malicious
http://lloydschatonline.com/img/lb_business_bank_accounts_to_help_you_thrive_hp_hero_v4.jpg
193.143.1.14
 malicious
http://lloydschatonline.com/img/start-a-business-hero_photo_mobile.jpg
193.143.1.14
 malicious
http://lloydschatonline.com/fonts/lloyds_bank_jack-regularWEB.woff2
193.143.1.14
 malicious
http://lloydschatonline.com/css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.css
193.143.1.14
 malicious
http://lloydschatonline.com/scripts/jquery-3.7.0.min.js
193.143.1.14
 malicious
http://lloydschatonline.com/img/lb_bus_homepage_help-banner.jpg
193.143.1.14
 malicious
http://lloydschatonline.com/fonts/lloyds_bank_jack-boldWEB.woff2
193.143.1.14
 malicious
http://lloydschatonline.com/css/clientlibs/icons/list-styles/tick-white.svg
193.143.1.14
 malicious
http://lloydschatonline.com/css/clientlibs/icons/sprite-icons/chevron-right.svg
193.143.1.14
 malicious
http://lloydschatonline.com/img/lb_bus_homepage_colwith-promo.jpg
193.143.1.14
 malicious
http://lloydschatonline.com/img/fscs.gif
193.143.1.14
 malicious
http://lloydschatonline.com/img/favicon.ico
193.143.1.14
 malicious
http://lloydschatonline.com/css/clientlibs-css.min.dadd5b8770a1fdc12ff43d774137aab0.css
193.143.1.14
 malicious
https://www.lloydsbank.com/private-banking.html
https://www.lloydsbank.com/business/home.html#flyout
https://www.lloydsbank.com/business/home.html
https://www.lloydsbank.com/international.html
https://www.lloydsbank.com/business/take-payments-with-cardnet.html
https://www.lloydsbank.com/ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js
23.37.52.3
https://www.lloydsbank.com/business/banking-online/online-for-business/register-for-online-for-business.html
There are 21 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
lloydschatonline.com
193.143.1.14
bg.microsoft.map.fastly.net
199.232.214.172
s5933.cdn.lloydsbanking.com
23.37.52.3
www.google.com
172.217.16.132
fp2e7a.wpc.phicdn.net
192.229.221.95
www.lloydsbank.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.4
unknown
unknown
192.168.2.6
unknown
unknown
239.255.255.250
unknown
Reserved
23.37.52.3
s5933.cdn.lloydsbanking.com
United States
23.36.238.55
unknown
United States
193.143.1.14
lloydschatonline.com
unknown
172.217.16.132
www.google.com
United States

DOM / HTML

URL
Malicious
http://lloydschatonline.com/
https://www.lloydsbank.com/business/banking-online/online-for-business/register-for-online-for-business.html
https://www.lloydsbank.com/business/take-payments-with-cardnet.html
https://www.lloydsbank.com/international.html
https://www.lloydsbank.com/private-banking.html
https://www.lloydsbank.com/business/home.html#flyout
https://www.lloydsbank.com/business/home.html