Edit tour

Windows Analysis Report
https://hidrive.ionos.com/lnk/cuMBgdsxt

Overview

General Information

Sample URL:	https://hidrive.ionos.com/lnk/cuMBgdsxt
Analysis ID:	1525123

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML body contains low number of good links

HTML body contains password input but no form action

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 4536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1976,i,13078960306479749762,16380000397126465962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6468 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hidrive.ionos.com/lnk/cuMBgdsxt" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://hidrive.ionos.com/lnk/cuMBgdsxt#file

HTTP Parser: Number of links: 0

Source: https://hidrive.ionos.com/lnk/cuMBgdsxt#file

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://hidrive.ionos.com/lnk/cuMBgdsxt#file

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/Downloads/Benchmark%20Business%20Sales%20&%20Valuations%20Shared%20a%20Statement%20Due-230021.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/Benchmark%20Business%20Sales%20&%20Valuations%20Shared%20a%20Statement%20Due-230021.pdf	HTTP Parser: No favicon

Source: https://hidrive.ionos.com/lnk/cuMBgdsxt#file	HTTP Parser: No <meta name="author".. found
Source: https://hidrive.ionos.com/lnk/cuMBgdsxt#file	HTTP Parser: No <meta name="author".. found

Source: https://hidrive.ionos.com/lnk/cuMBgdsxt#file	HTTP Parser: No <meta name="copyright".. found
Source: https://hidrive.ionos.com/lnk/cuMBgdsxt#file	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49749 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 18MB later: 31MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: hidrive.ionos.com
Source: global traffic	DNS traffic detected: DNS query: ce1.uicdn.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: gvlrco.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49749 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@26/23@12/151

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1976,i,13078960306479749762,16380000397126465962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hidrive.ionos.com/lnk/cuMBgdsxt"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1976,i,13078960306479749762,16380000397126465962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ce1.uicdn.net	213.165.66.58	true	false	unknown
hidrive.ionos.com	85.214.3.95	true	false	unknown
www.google.com	142.250.74.196	true	false	unknown
gvlrco.com	147.124.209.117	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
file:///C:/Users/user/Downloads/Benchmark%20Business%20Sales%20&%20Valuations%20Shared%20a%20Statement%20Due-230021.pdf	false	unknown
https://gvlrco.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPU9YTnNZWGs9JnVpZD1VU0VSMzAwOTIwMjRVMDIwOTMwMjk	false	unknown
https://hidrive.ionos.com/lnk/cuMBgdsxt#file	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.170	unknown	United States	15169	GOOGLEUS	false
142.250.186.174	unknown	United States	15169	GOOGLEUS	false
142.250.185.110	unknown	United States	15169	GOOGLEUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
85.214.3.95	hidrive.ionos.com	Germany	6724	STRATOSTRATOAGDE	false
64.233.166.84	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
213.165.66.58	ce1.uicdn.net	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
147.124.209.117	gvlrco.com	United States	1432	AC-AS-1US	false
142.250.184.234	unknown	United States	15169	GOOGLEUS	false
142.250.74.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525123
Start date and time:	2024-10-03 18:01:49 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://hidrive.ionos.com/lnk/cuMBgdsxt
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@26/23@12/151

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 64.233.166.84, 142.250.186.174, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://hidrive.ionos.com/lnk/cuMBgdsxt

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 15:02:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.982309717076308
Encrypted:	false
SSDEEP:
MD5:	255297B381F671E8C9D37AEE75E67588
SHA1:	BEB8C46D91942576AAF90AB72AD8A68514DA8012
SHA-256:	0B958D0CD52553D989D0CC9172F364D71F1A18CC345C6341A478AC2E808F7EC7
SHA-512:	A750A7224565C38481A3089EAD39BCE50551C448FB24FE1F8CF2E2A437ACCA8E93509EF65D9B5134D7DD56205100238FD2B0C9E71C760BEAA65A3DDB4A046E73
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....:b.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCYK............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 15:02:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.00020911528577
Encrypted:	false
SSDEEP:
MD5:	4F4A32A46775D9FF0A89612C0AF4C4B9
SHA1:	BF54F196223BA4DBD0028FF5EB970A1F782EFE8A
SHA-256:	524291DCB21069FC9D3145DAB51DC064A3CD98E43C056FF0FB670C101490B6B9
SHA-512:	705ED48E3A6DD23D645D668DF439AACBFF2EB171A359276E1B0061B658A9632A70CA80F21698B76592B89F7058943137B2E99FABEC63414A6A87964A8F4ADF8C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......V.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCYK............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006890638022626
Encrypted:	false
SSDEEP:
MD5:	05BCF0164A1E087F65ADDEC97848FCCA
SHA1:	CCB5C0D87C1DD877F569E146C1BAA6AF0D5BF3F7
SHA-256:	7319962AF9745611E28FC2533EBEBFB8B245E42653AD89BA78E83AB9BD8BEF09
SHA-512:	9CAE8F5190E605885E8A54F411842D7254A59929A8FAB88A3E18DAB3735FDDFF82D1F645BD1CAE094A90593ADD3F36BE8158346ECAE30CA7007A777A72B27378
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 15:02:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9991165372254103
Encrypted:	false
SSDEEP:
MD5:	1D63E46E53099DC02D30479F03A1A2A6
SHA1:	036AEA8A1EF7F64892C2C822B9279CAADFA68978
SHA-256:	638A17C0FE7B3BEF1441D5C11CAAD5666BCD10590418799BDB3D6D2ACA511E7D
SHA-512:	AC9E522CC23827EFF5943F543387BAD73803177B152C1C64A84CCF19A8134BD2E624312F37886FF5AB3173012DC15873117EFE658B77F6B037E56C9E023715F8
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......O.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCYK............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 15:02:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.986701474164051
Encrypted:	false
SSDEEP:
MD5:	9D1C897608E94A157F1A37AAA8F498CE
SHA1:	1B270FCE143182064C63E27F02F361542EE665D9
SHA-256:	9518306BA7B8485123704B8BC53A836EE8AC3A34CD5D895870D9BF77A958BB00
SHA-512:	3B495550F305F2E47E653384CCCD6F445A0B09D316CD764F37F8CA29D9F4BB7C3EFA0191D7BFB6D7C2E9DD9F589159B368C817F693E2EB1AADFAF107B7BA6A21
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....{.\.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCYK............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 15:02:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9962250239601724
Encrypted:	false
SSDEEP:
MD5:	EED9F77B66C7E225CCCD94EA1E824BAB
SHA1:	1AEEE31433CF67AA5BBEA9252948FFB2DE0FE379
SHA-256:	DC3E7865F40B1FC8294C63949EB71FB545E12CE6E0188FA4E3233BCE8E19EE66
SHA-512:	EFB391B86026A0804E9D9167192A1C58F9543AC703A3F7FF1A0A3064A97ADCE840CE05CB8BA09175A9BF6295B1660080D33AB10F4DF34939AB57BDFD6ACB395A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......D.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCYK............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\83841383-e388-420d-b9ed-0c92f29398dc.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7
Category:	dropped
Size (bytes):	17004
Entropy (8bit):	7.445021485543692
Encrypted:	false
SSDEEP:
MD5:	31901941FFC333D4AA510340F680B5ED
SHA1:	6CACF1F2DFD99E862E5607D5EA1ADE58CD5EEA99
SHA-256:	1A984D1EBB633B2E5E65EE767C1AFF3F603D4CC26AFBAF156229E7EA301A4780
SHA-512:	8044522D12E4569562E8019A9A0BD89F21855EE78662ECFB2A40777D8C3A51318847F15913C817D60B67898BEC7971774F1A133B7CDDF92E46988483A3CFDD6F
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7.%.....3 0 obj.<</Author () /Comments () /Company () /CreationDate (D:20241003003947+00'00') /Creator (WPS Writer) /Keywords () /ModDate (D:20241003003947+00'00') /Producer () /SourceModified (D:20241003003947+00'00') /Subject () /Title () /Trapped /False>>.endobj.8 0 obj.<</BitsPerComponent 8 /ColorSpace /DeviceRGB /Filter /DCTDecode /Height 665 /Length 78105 /Subtype /Image /Type /XObject /Width 1590>>..stream........JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.....................................

C:\Users\user\Downloads\Benchmark Business Sales & Valuations Shared a Statement Due-230021.pdf (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	287AB22BC44F342043395CA6D5E355F5
SHA1:	066853225C11AF46DDE2C3C8F58164C7BCE6FF5F
SHA-256:	CF3F7CC5959017AFC9FFA902517E8BCA948B28D9D6E6840ADDD3392BD9C5BB44
SHA-512:	A7A6AA532063B3F96F2D7499646699F1566EE16DF43CA0999600B6F6D4E9D2D0348271F509A6B82DDEF612510E492F74EFFA441486EB6E4FBE6E4DD7614F09BC
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7.%.....3 0 obj.<</Author () /Comments () /Company () /CreationDate (D:20241003003947+00'00') /Creator (WPS Writer) /Keywords () /ModDate (D:20241003003947+00'00') /Producer () /SourceModified (D:20241003003947+00'00') /Subject () /Title () /Trapped /False>>.endobj.8 0 obj.<</BitsPerComponent 8 /ColorSpace /DeviceRGB /Filter /DCTDecode /Height 665 /Length 78105 /Subtype /Image /Type /XObject /Width 1590>>..stream........JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.....................................

C:\Users\user\Downloads\Benchmark Business Sales & Valuations Shared a Statement Due-230021.pdf.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	177367
Entropy (8bit):	7.86325808581328
Encrypted:	false
SSDEEP:
MD5:	287AB22BC44F342043395CA6D5E355F5
SHA1:	066853225C11AF46DDE2C3C8F58164C7BCE6FF5F
SHA-256:	CF3F7CC5959017AFC9FFA902517E8BCA948B28D9D6E6840ADDD3392BD9C5BB44
SHA-512:	A7A6AA532063B3F96F2D7499646699F1566EE16DF43CA0999600B6F6D4E9D2D0348271F509A6B82DDEF612510E492F74EFFA441486EB6E4FBE6E4DD7614F09BC
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7.%.....3 0 obj.<</Author () /Comments () /Company () /CreationDate (D:20241003003947+00'00') /Creator (WPS Writer) /Keywords () /ModDate (D:20241003003947+00'00') /Producer () /SourceModified (D:20241003003947+00'00') /Subject () /Title () /Trapped /False>>.endobj.8 0 obj.<</BitsPerComponent 8 /ColorSpace /DeviceRGB /Filter /DCTDecode /Height 665 /Length 78105 /Subtype /Image /Type /XObject /Width 1590>>..stream........JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.....................................

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (11384)
Category:	downloaded
Size (bytes):	14284
Entropy (8bit):	5.136462209471862
Encrypted:	false
SSDEEP:
MD5:	B209C82B99DF9397EEBC029F0B8FE1A3
SHA1:	E4CF491574630A694771E53320232C9BE854AE0D
SHA-256:	54E6A7E819DAA7ED27BA5F88043892C22BDB60327E648FD897C267696747789D
SHA-512:	76317FD1C499C81F305FE48893FE14EBCC38547A8DB7A01B30644C1E79DA5E16CC406004BDA0E3303BECE93228A88003FE61A8E606F3B714DD33C899675BB108
Malicious:	false
Reputation:	unknown
URL:	https://hidrive.ionos.com/lnk/cuMBgdsxt
Preview:	<!doctype html><html lang="de"><head><meta charset="utf-8"><title>HiDrive</title><meta name="description" content=""><meta name="viewport" content="width=device-width,minimum-scale=1,maximum-scale=2,initial-scale=1"><meta name="format-detection" content="telephone=no"/><meta name="robots" content="noindex"><link href="../v145/images/static/favicon.ico" rel="SHORTCUT ICON" type="image/x-icon"/><link rel="apple-touch-icon" sizes="180x180" href="../images/static/apple-touch-icon-180x180.png"><style>/* more viewport-specific properties can be found in stylesheet */</style><script>window.Config = {"beaconUrl":"https://www.strato.de/apps/get_image","beaconApp":"IONOS_HIDRIVE","consentKey":"privacy_consent_ion","consentVersion":1,"has2FA":true,"hasAddons":true,"hasBackup":true,"hasDarkmode":false,"tenantId":"IONOS","hasEuCookie":false,"hasExternalAccountManagement":false,"hasFeedback":true,"hasHotkeySupport":true,"hasMailupload":true,"hasNews":true,"hasOffice":true,"hasOnboarding":true,"hasPo

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 14192, version 1.1
Category:	downloaded
Size (bytes):	14192
Entropy (8bit):	7.950922812285735
Encrypted:	false
SSDEEP:
MD5:	452638A13F622FC7E06C0768EF41E9F9
SHA1:	77F1DE1DD89C27121ECEC91D529D42177CF7F31B
SHA-256:	C4663AA44B0667D4D847A38EE25B1369F97655C3355BAEA54A366943B65BA3A8
SHA-512:	ADC0B54E8BA92C66249C1E1D0C6B475C778951247E81965D19A9E4592323A2E05F978DCB2B5CC1573D7D7A14611ADBA59CE2E167A91A89FB60D375AC75CC510B
Malicious:	false
Reputation:	unknown
URL:	https://hidrive.ionos.com/OpenSans-Bold-webfont.b57886ecb84a5d8aa715.woff
Preview:	wOFF......7p......_@........................GDEF...X............GPOS...p............GSUB...\|...Y...t...OS/2.......`...`.u..cmap...8...........gasp................glyf......$...4.7...head..&....6...6.K.mhhea..'(.......$....hmtx..'H.......l.M.kern..)L...........loca..3d........M.Y=maxp..5.... ... .V..name..50.......\..3Xpost..5........(..j.....................................x...5.A...../0.E....-..E.m....2..mz.....)@.]-R...X...@..DN^Q].Md`....]h.,4s...../....................3.......3.....f..................@. [...(....1ASC. . ...........X ........^..... ..x.c```d`.b.......@Z.A.....`.d.c8.p..?.!c0.1.[Lw.D...........\.J..(......T......... .ja.....jK.......?........=.s..........}.......Ly.. ...@w...@G7.............x..z.\Li..=.s'...f.....$5M...6..$I.6E.$.M.6..........o...eC,...[o... .Z.j....;M...{?.6w.}.9....#\9..m..9.Sr...Yk......d.i].._oN.ns82...\.Fv.8..Z..7...U...'l}f..Z..5fBlDd,...._.....=a<{;./..........{V.$..b...qb...B......u.J.....e..r5..v.........^...R1...

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65406)
Category:	downloaded
Size (bytes):	237319
Entropy (8bit):	5.343988534272572
Encrypted:	false
SSDEEP:
MD5:	21B86381AFE823F2D48453A809EDD38A
SHA1:	47F2426C067FBE8762C576B49CA9AE4C1886F242
SHA-256:	4A24AAACAA67C7BDD56268B475EC0861FD96441C3B2712C22ED3DDD335A9E6A5
SHA-512:	BCF78CBCC360A1568CBF37509243F6ECCD32E0DB28E004EADD9D1538BB02032C46CFD65A0E339236D923CA54320AF1851C57AD087988FD6545A38BA920E4C80B
Malicious:	false
Reputation:	unknown
URL:	https://hidrive.ionos.com/lnk/js/hdshare-vendor.e87c7ef075c6fc68a726.js
Preview:	/! For license information please see hdshare-vendor.e87c7ef075c6fc68a726.js.LICENSE.txt /.(self.webpackChunkhidrivetools=self.webpackChunkhidrivetools\|\|[]).push([[906],{3476:function(t,e,n){"use strict";if(n.d(e,{D:function(){return i}}),18==n.j)var r=n(5877);var i=function(t){if((0,r.xj)(t))return 1/0;for(var e=0,n=t.parentNode;n;)e+=1,n=n.parentNode;return e}},1428:function(t,e,n){"use strict";n.d(e,{L:function(){return i}});var r="ResizeObserver loop completed with undelivered notifications.",i=function(){var t;"function"==typeof ErrorEvent?t=new ErrorEvent("error",{message:r}):((t=document.createEvent("Event")).initEvent("error",!1,!1),t.message=r),window.dispatchEvent(t)}},6633:function(t,e,n){"use strict";if(n.d(e,{T:function(){return o}}),18==n.j)var r=n(3748);if(18==n.j)var i=n(3476);var o=function(t){r.C.forEach((function(e){e.activeTargets.splice(0,e.activeTargets.length),e.skippedTargets.splice(0,e.skippedTargets.length),e.observationTargets.forEach((function(n){n.isActiv

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (44061), with no line terminators
Category:	dropped
Size (bytes):	44061
Entropy (8bit):	4.389041798360264
Encrypted:	false
SSDEEP:
MD5:	987E7DAAB0A17C6B908ADCB9D2BAA55F
SHA1:	7452873DBE5B30201AFDD0BCA330B9E314CAF363
SHA-256:	31DE6BB26AEBFB82FDC42207F4AA27A66872EFE80E03E8257648FAE67D7EB9F8
SHA-512:	E2097F3C4609574B8375431E010BF7171AA2876635A365599E20B1108E5E6105FD80D8F95C15F9D7A63BA492F58B0BD7DA15298CE635320CF46FE0FD468D8E77
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(self.webpackChunkhidrivetools=self.webpackChunkhidrivetools\|\|[]).push([[5],{964:function(l){l.exports='<svg viewBox="0 0 480 480" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M240 480c132.548 0 240-107.452 240-240S372.548 0 240 0 0 107.452 0 240s107.452 240 240 240Z" fill="#DDD"/><path d="M120 215.17v105c0 11.05 8.96 25.83 20 25.83h200c11.04 0 20-14.79 20-25.83V202H120v13.17ZM340 156h-80c-5.43 0-10.79-1.19-16.47-6.87C236.67 142.26 229.57 136 220 136h-80c-11.04 0-20 4.79-20 15.83V190h240v-16.5c0-11.04-8.96-17.5-20-17.5Z" fill="#fff"/></svg>\n'},9838:function(l){l.exports='<svg viewBox="0 0 473 473" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#a)"><path d="M236.26 472.52c130.483 0 236.26-105.777 236.26-236.26S366.743 0 236.26 0 0 105.777 0 236.26s105.777 236.26 236.26 236.26Z" fill="#DDD"/><path d="M235.35 102.22c27.95.16 50.55 22.97 50.4 50.86-.12 21.14-.25 45.08-.32 49.12l34.83-4.6s-.77-35.57-.72-44.34c.26-46.55-37.34-84.5-84-84.77-46.65-.2

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 14344, version 1.1
Category:	downloaded
Size (bytes):	14344
Entropy (8bit):	7.957145836515912
Encrypted:	false
SSDEEP:
MD5:	19453553409B80307B0255BEE10EC189
SHA1:	2482CA1307C1099B935E8B12B2703ECBC0692632
SHA-256:	5A5C13D56F3D40CBCC0DD9F8954737C2E1446CC3E0ACBFA3B1671427331A4DC5
SHA-512:	310EDA49A6468496B61ED08D231D0E008042D3FB018D9E3950F60960B7A2FC9BF0F2E0108009A7BBD3A3F15E68EFC959379F8529E39AB019A8131289FC70E1D5
Malicious:	false
Reputation:	unknown
URL:	https://hidrive.ionos.com/OpenSans-SemiBold-webfont.773343aa665d7ab6ceb5.woff
Preview:	wOFF......8......._.........................GDEF...X............GPOS...p............GSUB...\|...Y...t...OS/2.......^...`....cmap...8...........gasp................glyf......$...4rE.R4head..'t...6...6...Ghhea..'........$....hmtx..'........l..S3kern..)............loca..3.........K.W.maxp..5.... ... .Y..name..5........h..52post..6........(..j.....................................x...5.A...../0.E....-..E.m....2..mz.....)@.]-R...X...@..DN^Q].Md`....]h.,4s...../.......x.c`fy.......:....Q.B3_dHc.................B4.......:.;.).......0.p.2E(00.....n..10........x.c```d`.b.......@Z.A.....`.d.c8.p..?.!c0.1.[Lw.D...........\.J..(......T......... .ja.....jK.......?........=.s..........}.......Ly.. ...@w...@G7.............x..Z.@L....73..M..Z...o-.if6.@5..h.6.....I.6IB....6.mccI,..k.c......[3....^....}...M..{........2..IR...a.Tr..\..h.8.l.T...qw..2..6..-.2..Y.x...J.T.....<A...1.......UlK......C..l1z.>...;. ....(.\|I-O...H[7"S.. ....mUJ..AM/..AE.-......\|..]...W.e.-.._.K

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (38299)
Category:	downloaded
Size (bytes):	284902
Entropy (8bit):	5.213834374055376
Encrypted:	false
SSDEEP:
MD5:	E8B5247C84254D0A849923C32FBB9D17
SHA1:	9E54222EF5AD61419EA2B1D9659F075FD5185FF0
SHA-256:	0B0A5A8E593A8B1E7C4C96BE326B965F03CF6069A01FBBF04F90A43C8EA5CBDF
SHA-512:	0560C2F85F82657B7A3891548197FD20EC08703F527D34050ED55158944155C6F9C987C6F3BF0CF3A726DDD23344230678801D3BD19267F279F0187CC806F317
Malicious:	false
Reputation:	unknown
URL:	https://hidrive.ionos.com/css/hdshare.98ea110adcfb01d9ea58.css
Preview:	:root{--gap-xs:8px;--gap-s:12px;--gap-m:16px;--gap-l:24px;--gap-xl:32px;--gap-xxl:48px}@keyframes hdf-spin{0%{transform:rotate(0deg)}to{transform:rotate(359deg)}}body{tap-highlight-color:transparent;-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-text-size-adjust:none;-ms-overflow-style:scrollbar;cursor:default;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}@-ms-viewport{width:device-width}@-o-viewport{width:device-width}@viewport{width:device-width}.sj-selectable,h1,h2,h3,h4,h5{cursor:auto;-webkit-user-select:text;-moz-user-select:text;-ms-user-select:text;user-select:text}input[type=search]{-webkit-appearance:none}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration,input[type=search]::-webkit-search-results-button,input[type=search]::-webkit-search-results-decoration{-webkit-appearance:none}fieldset{-webkit-appearance:none;-moz-appearance:none;appearance:none;border:none;margin:0;outline:none;padding:0

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280
Category:	downloaded
Size (bytes):	150020
Entropy (8bit):	7.99708187417653
Encrypted:	true
SSDEEP:
MD5:	D5E647388E2415268B700D3DF2E30A0D
SHA1:	97F0942C6627DDD89FB62170E5CAC9A2CBD6C98C
SHA-256:	886C86112A804EF1DDD1CB206AF4C8C40E34B73C26652CA231404AA35A6B30D9
SHA-512:	50B2FFD7537D0424286936CB7BA566004A664F447E4AAAC8FA40CEB2850EAD6CDB39C957515AE05A07AAEB8F6E3E428C4B95E4EFA3EDCADC9473E9E200BB47D6
Malicious:	false
Reputation:	unknown
URL:	https://hidrive.ionos.com/fa-solid-900.b6879d41b0852f01ed5b.woff2
Preview:	wOF2......J........0..I..........................8.$. .`..<......D.@..p. .....Dp....z.aD.f.O.=i.x.TUUU....l........g...o~..?..o...........O......l...x}~........!.@/..U.....>.........{;m.B..w.@^Q^.Z...f ........t....7....`..Lr.......P.B.Jx....J.0).K.T;S........ODg..>@If3..{.7..#.?..t.n'.M...@F....D..S..Gz}.0$.X..D....p5.vw......y.......O8.....F..,i..q.X...$.+..&.4^....P.x...=....G..b. .1....d....V.u+...;WwMw.L.LwOMuM....Zi.w.[y..!.I.5Y..!.l.....6^..".q.`.:c^.8<..6..^...yK.sK}..f..y;.f....].V;r.d[..M.la/.X6M.q...N.]...fH%.X .t'.?..%....H..?<.:.}(...#.....Jp...2\@....0.)d....d.j.CM.B.!K...p.a....".@.(.6 ......\|............1.S..;...'2..2VjC{RFX.;8aG.ZG....._....'......:....<_6.....\..d.h.....7.....Z.2MAT4I.$.....o...~..".sV.......h..^...&4)........!...!).<..n.Na%R.....h.p...KM.h..[.z_.CX zoF..H`.2(U.S.v...;m.UvjA...T........^........._... ....G......2..9L=...s...{........A0w...=.s.......=3w...@w. ...Y......rE.l.Ze...G.....X......A..

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2863)
Category:	downloaded
Size (bytes):	2922
Entropy (8bit):	5.315081867234228
Encrypted:	false
SSDEEP:
MD5:	9120558DC3A6220F7AFE479C95E360CB
SHA1:	5C0FC9E7CBB704E321A83DB4F988B560FCFE32F9
SHA-256:	4BA6228A99115E94EE1442F73B54BC76DAF4E1672E5FEF1F00B379CB2DE7CF86
SHA-512:	6DF2560FDCA6C4A4C060D1FDF391F30FD96ED91CDAA493EB4F5E7B403ED17EC0AC57F25568C2B5426F92CD87700C6A4A69457E1EFA0C4C11919F1DAB45C19CD8
Malicious:	false
Reputation:	unknown
URL:	https://hidrive.ionos.com/lnk/js/bootstrap.556f531165a982e55ac1.js
Preview:	!function(){"use strict";var t,e={8892:function(t,e,o){o(7601),o(4916);window.Bootstrap=function(t){t="string"==typeof t?t.toLowerCase():"";const e=()=>-1!==t.indexOf("windows"),o=()=>-1!==t.indexOf("chrom");this.navigator={isSafari:-1!==t.indexOf("safari/")&&!o(),isChrome:o(),isFirefoxDesktop:/rv:[0-9].+Gecko[/]20[0-9]+/i.test(t)},this.os={isWindows:e(),isAndroid:-1!==t.indexOf("android")&&!e(),isIOS:/iphone\|ipad\|ipod/.test(t)&&!e()},this.darkmode={toggle(t){if(!this.supports())return;const e=document.querySelector("html");t?e.classList.add("is-darkmode"):e.classList.remove("is-darkmode");try{window.localStorage.setItem("sfm.darkmode",t?"1":"0")}catch(t){}this.updateThemeColor()},isActive(){if(!this.supports())return!1;try{return"1"===window.localStorage.getItem("sfm.darkmode")}catch(t){}return!1},supports(){const t=window.CSS&&window.CSS.supports.bind(window.CSS);return!!window.Config.hasDarkmode&&!!t&&(t("--f:0")\|\|t("--f",0))},init(){"complete"===document.readyState?(this.isActive()

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	60
Entropy (8bit):	4.850489295854282
Encrypted:	false
SSDEEP:
MD5:	EFFC96C386C46E6F15F196BFD1DF415C
SHA1:	89683F9281D77F723709C20BAE4577A00F9A93A1
SHA-256:	47F7CF467BE7D842473EB5701F483CD387015F14D0F3C9DAC498916BC76C8EA9
SHA-512:	654DCD2DD7E9CC39714CCC595089F1B9091596EB97FA5DAFA5D768F2A3A7C47F0962D8B24DE1538F23274F49954F84E511BCA1C4765CBC9F88F86EEB23585803
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlN6QO5rAUDJxIFDQo_7tU=?alt=proto
Preview:	CikKJw0KP+7VGgQISxgCKhoIClIWCgwuIS0jQF8kJj8qLyUQARj/////Dw==

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 24488, version 772.1280
Category:	downloaded
Size (bytes):	24488
Entropy (8bit):	7.987907109929418
Encrypted:	false
SSDEEP:
MD5:	747442FA76F1D9A31F9A54A2E8A4B448
SHA1:	07FC0AE14BB3187839082AED3BCA11DFB1E04524
SHA-256:	9169D8BE7A8177E5A92A4D04B6DE7F6504B938573BF4DA5889871C4F376D3849
SHA-512:	274DBE5BC31C560D2CC2D15AFE5485687B2F7DD0EE24FFED99627310EA36A6A3CC1C91E22368F909D056F4FAAB051838D469E0BFE8A30169B735ACA5EB0F402F
Malicious:	false
Reputation:	unknown
URL:	https://hidrive.ionos.com/fa-regular-400.b041b1fa4fe241b23445.woff2
Preview:	wOF2......_..........._].........................8.$. .`..P.....h.,.... .svU!=o.=DT.z8#9i...j..w..~...?..3p\.u.<<..~.N.... e..........!.i..G.........wFA.?...S.C...H48Y..`:.=........{ ....@.. .J.D...J.Y..=.).Is..;.>c.Tg.(...j..x..:.uo..;..7e...'\.^%.JE.Vi1:.i...N...G?..\|..7.g..Yg.....8..7+'.g.sb..C.Y.f..I.I ..-...PE......l..d..E....KM.).w..O{7,'....`c........%0.....fw){F[G..M-.t...H..i.w...M).......H...!...M5{...@..1.)t!..{.o...-v.....T.<]. ..I.?..]..@R.@..)^J.C...L.yTq18'....C......S...to..\.mc0...,P.[E.T...0B...8.._.r.0H..i...te..B.D..M.....oi7.......I.._..5.r...h..6eCR..2...a.w.'.s..V...('n.~.n..(....h...R..4.t......+.+...~...b.j MH...TB."Lj.J..RZS.T,.aS\|][~...M...K...]...r].Uy.2......,........r<.^._.G].I.2v...W_.H..~....H.S.n..v^..2.i....=.....\|..'...kR(.....U.k........4..k.r[Y..j./X.S{K.,....57..._Un...C..b.V2.....u..5Zy.:..L._.6n...D3.Q.. ....v;..n{..~..t.aG.u.q'.t.ig..l.x...k.........T.q&...&d....lS.9.....>.7.[.....\|V>'_

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 8 icons, 16x16, 8 bits/pixel, 24x24, 8 bits/pixel
Category:	downloaded
Size (bytes):	120614
Entropy (8bit):	1.981356591269442
Encrypted:	false
SSDEEP:
MD5:	685CDFC4CCEE148B32D8E8A71D856FD7
SHA1:	A09C73B78BE31C4380CB6ECDD29B11D402B66BDF
SHA-256:	863EBAE139403B1F99E1D1576AA46DC0CC4CFEF0DB69D745804A28B779F50255
SHA-512:	2E1FF4013AAD15BA2378E4756BED89D082F5A3C59D5486ABA45A6FD20C9578A6E777324118A4FB1D2E95246CE7AD6CE0E7B24B30375726BDAA85B22741496CC1
Malicious:	false
Reputation:	unknown
URL:	https://hidrive.ionos.com/v145/images/static/favicon.ico
Preview:	..............h....................... ..............00..........^...@@......(....$..``.......,...:..........(L...f..........($......(....... ...........@............................................w..{g.xC%.m4..c%................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65322), with no line terminators
Category:	dropped
Size (bytes):	441824
Entropy (8bit):	5.316568380174594
Encrypted:	false
SSDEEP:
MD5:	382B18A5103288EB9E5F4233C3ECA543
SHA1:	A0AB0E994721C1CEB1373EE88DCA66DCAAC35164
SHA-256:	3A31E4D8961B71A5566191ABB65279A230B123D2B6A83E54265EC24714EE0229
SHA-512:	5C4B226E0B3BC09C7C86A3F22C31D7576EC818694A774053AA6992BCEE7115364E29FA9E49AB81304446B45B55A2CEF53C69C8CE9B3B0B4BBC8DC9C5D876E8D9
Malicious:	false
Reputation:	unknown
Preview:	!function(){var e,t={3825:function(e,t,i){"use strict";i(6337);var r=i(4459);window.ResizeObserver\|\|(window.ResizeObserver=r.do),void 0===Node.prototype.replaceChildren&&(Node.prototype.replaceChildren=function(e){for(;this.lastChild;)this.removeChild(this.lastChild);void 0!==e&&this.append(e)});var n=i(5113),s=i.n(n),o=(i(1703),i(7658),i(615)),a=i.n(o),l=i(972),c=i.n(l);function d(e){try{if(3===e.relatedTarget.nodeType&&e.relatedTarget.parentNode===e.target)return!1}catch(e){}return e.target!==e.relatedTarget}function h(e){return".droppable-"+e.cid}var u={bind(e,t){var i,r,n,o;function l(e){n&&(o&&"none"!==o&&(e.originalEvent.dataTransfer.dropEffect=o),e.preventDefault(),e.stopPropagation())}function u(){r=[],n=null}function p(i,r){if(c().has(t,"eventData")){var s=t.eventData.call(e,n,r);e.trigger(i,n,r,s)}else e.trigger(i,n,r)}if(!(e&&e instanceof s().View))throw new Error("first argument needs to be a Backbone view.");if(!c().isUndefined(t)&&!c().isObject(t))throw new Error("options

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 43452, version 1.0
Category:	downloaded
Size (bytes):	43452
Entropy (8bit):	7.992046504087876
Encrypted:	true
SSDEEP:
MD5:	A9826C5816E24764B2F3F674255E87BB
SHA1:	35EFC109C923F1FC19A408AFECD98EC6035B8791
SHA-256:	73F8CB41EA4FB41E7DD6A99F2F84A564DCE83010F7BBFF2F3EB0884092CC91C5
SHA-512:	9820515C8F0F698A0741CB530A3F858EAF08449422223F17B431A285E2C5A1D2B2B900B07741AE815003AC1B89A4A85063DA57F02F53948B959E3E366A421DA0
Malicious:	false
Reputation:	unknown
URL:	https://ce1.uicdn.net/exos/icons/exos-icon-font.woff?v=15
Preview:	wOFF.............. <........................GSUB.......;...T .%zOS/2...D...B...V<3P>cmap.......l....=.Q\glyf............$\..head.......3...63...hhea...D... ...$...dhmtx...d...T........loca.......B...B....maxp........... .=./name.......4...^.6.Opost...P...i....f-..x.c`d``.b0`.c`rq..a..I,.c.b`a...<2.1'3=.......i. f....&;.H.x.c`d.`.............B3>`0ddb``b`ef....\S....\....b~.....Ar..3....x...........;..R.b......QD..Ei....)...+..V.`.'...{O..c.cz..3.g...zX...e......h!}..>\|...hzS.-.oA...lzC...........F.F.h.^1?....g...O.TG7h...e...".....{....O9..(....VS......I..^ik..vz=..H':.E...{.....{....k.....A..W=.C9..9.#9..9.c9N./.s.....N.$Nf .p*.q:g0....L.r..8[....s.#8.......BF3...c<...$&3.....Lc:3..%\.e..rf3.+..<.s%Wq5.p-....Y.M,b1KX....,c9....Y....].b5kX.......<.:..!...<.&6........O...lc;;x....i..Y..y^.E^.e./^.U^.uv.....x?...\|......\|....>..4..\|.......2_.\|.......6..\|....~..1?......~..5... x...;~.[....#.......7..?.'.......?..J)M.EiYZ..M..]i_:...S.\....[.t/=J..

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	downloaded
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	68B329DA9893E34099C7D8AD5CB9C940
SHA1:	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
SHA-256:	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
SHA-512:	BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
Malicious:	false
Reputation:	unknown
URL:	https://gvlrco.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPU9YTnNZWGs9JnVpZD1VU0VSMzAwOTIwMjRVMDIwOTMwMjk
Preview:	.

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 14260, version 1.1
Category:	downloaded
Size (bytes):	14260
Entropy (8bit):	7.955023552448444
Encrypted:	false
SSDEEP:
MD5:	D0BAD741AEFB909E4BE56D188B6F02B9
SHA1:	1547224E0A0BE06E5178815718797BD6607169A4
SHA-256:	4194A431CCA6678145F2C4D7D2E597087E2A76A4878C26B66315B2BA4F4EA393
SHA-512:	33FB0A386FD3ED97ADA0A6612D818530FED61E8688A0C38BCE29031076430C7FC2AA075C5AA8003E2E091D80C64602FE7A8D7F3B7380601EFB3CEC20285B50D5
Malicious:	false
Reputation:	unknown
URL:	https://hidrive.ionos.com/OpenSans-Regular-webfont.8e4fce4052b0df5529c7.woff
Preview:	wOFF......7.......^L........................GDEF...X............GPOS...p............GSUB...\|...Y...t...OS/2......._...`.>..cmap...8...........gasp...............#glyf......$Y..3..~.head..'<...6...6...=hhea..'t.......$....hmtx..'........l..Y.kern..)............loca..3.........C.O.maxp..5`... ... .d..name..5........2../Jpost..6,.......(..j.....................................x...5.A...../0.E....-..E.m....2..mz.....)@.]-R...X...@..DN^Q].Md`....]h.,4s...../.......x.c`f..8.....u..1...<.f....................{...h..... 0t.vf.....&.O.....)B..q>H..u..R``.....9.x.c```d`.b.......@Z.A.....`.d.c8.p..?.!c0.1.[Lw.D...........\.J..(......T......... .ja.....jK.......?........=.s..........}.......Ly.. ...@w...@G7.................x..z.\S...=so.j.......R.!......V..RDDZ...J.E....H.R.j...R.^k...Z[...W.$.w......~.~...9..9.r...8.....9..9...F\|..#M.f....Y....}.g...\qf.......^..J...;.'..~.h..P?.@..4..........2r.....^./..'....!.1?!..s.H.8.3..U..\g.eP./=/.\@.....^...W...W.-...

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://hidrive.ionos.com/lnk/cuMBgdsxt

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\83841383-e388-420d-b9ed-0c92f29398dc.tmp

C:\Users\user\Downloads\Benchmark Business Sales & Valuations Shared a Statement Due-230021.pdf (copy)

C:\Users\user\Downloads\Benchmark Business Sales & Valuations Shared a Statement Due-230021.pdf.crdownload

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Static File Info

Windows Analysis Report
https://hidrive.ionos.com/lnk/cuMBgdsxt