Windows Analysis Report
http://www.holidaybunch.com

Overview

General Information

Sample URL: http://www.holidaybunch.com
Analysis ID: 1540514
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Detect drive by download via clipboard copy & paste
HTML page contains obfuscated javascript
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

Phishing

barindex
Source: http://www.holidaybunch.com/ LLM: Score: 9 Reasons: The brand 'CloudFlare' is well-known and typically associated with the domain 'cloudflare.com'., The URL 'www.holidaybunch.com' does not match the legitimate domain for CloudFlare., The URL does not contain any direct reference to CloudFlare, which is suspicious., The presence of input fields labeled as 'unknown' suggests a potential phishing attempt to gather user information., The domain 'holidaybunch.com' does not have any known association with CloudFlare. DOM: 1.0.pages.csv
Source: http://www.holidaybunch.com/ HTTP Parser: document.write(unescape('%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%3E%0A%0A%3C%68%74%6D%6C%20%6C%61
Source: http://www.holidaybunch.com/ HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....
Source: http://www.holidaybunch.com/ HTTP Parser: No favicon
Source: http://www.holidaybunch.com/ HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Wed, 23 Oct 2024 19:13:00 GMTContent-Type: text/html; charset=UTF-8Content-Length: 8172Connection: keep-aliveLast-Modified: Tue, 22 Oct 2024 14:02:47 GMTETag: "12be8-625113957efc0-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3d db 8e eb b8 91 5f 63 24 79 d9 95 48 4a b4 81 20 40 b7 65 ff c7 62 76 1e f2 b0 d9 60 66 82 fd fd 15 eb c2 3b 65 92 92 dd 7d 4e 0c 18 86 5b cd 4b b1 aa 58 77 52 7f fd fd 97 df fe fe cf 3f fe f6 df ff fb cb bf fe e7 d7 7f fc f1 1f ff f7 db df ff f8 f5 cf ff fa c7 af bf ff f2 5f ff fc f5 cf 7f 3a c9 eb 49 8c 27 a5 4e ea 7e 52 f2 34 a9 d3 74 39 4d c3 49 4d 27 31 9c e6 f3 49 ab d3 bc 9c e6 eb 49 de 4e c3 87 f9 ac 5d fc e7 a6 d9 fa 64 3c cd b7 d3 ac 4f 72 39 09 71 9a 27 f3 e7 fa 03 7b ad 6d ec 07 bb 9b 06 6b 17 95 69 10 37 5e 4c 63 33 dd 08 73 49 e8 3e 9e b4 38 69 49 ff c2 49 35 36 9b 4f 62 39 c9 73 7e f6 68 70 d3 fe 02 df 57 33 d4 da 5e 7d c0 38 d2 3c 34 d3 e1 a4 2b 0c 77 82 64 5d 97 f9 d7 8d 3e 06 81 f7 cc 38 88 ab ad 75 5d 4d 17 83 b4 4f f3 44 23 d2 ae bc 16 00 40 5f 68 40 2d 19 69 b0 c6 b5 01 51 07 7b cd 8c 76 a0 8b f9 0c a6 8b fc 30 b0 19 f0 26 c2 d5 0a f0 da d8 ac e5 46 28 d5 9a c7 e7 05 9a 36 fc a7 e9 cb 80 21 c9 08 e7 12 fe b5 ce 0b ed e5 c0 df 77 d3 57 4b 6a 60 48 0c 2b c5 31 e9 39 d0 05 f1 80 ec 64 c6 94 30 d1 05 20 b7 5c 71 36 d0 6a c0 f9 2c 09 c9 08 fc fa 2f 71 01 bc 7d 26 78 86 25 af 3f 54 a9 2f 4c 31 df 1d da d7 85 98 6f 41 44 37 ff 05 6c 47 bc ad 91 69 35 ff 8b 59 11 ff bb 3e 8c 20 29 02 9f 9b 57 15 26 52 c9 2c 5b 6b f7 67 bf c0 5e 18 00 8d b0 5e 03 c6 14 b3 71 e9 5f ca 12 3d 6a ef c1 69 06 1f 0d ef 19 f6 1b cc 38 48 44 03 27 f2 36 30 80 bf b4 1a c8 83 55 3c 0d f2 7a 98 e5 26 b4 7a 89 ff 8b 4f 4a 6c 39 49 62 3f e4 81 98 df 0a f0 6c b0 62 cc 75 92 37 b8 15 62 35 74 b1 08 79 0e c2 11 87 c5 ad ba 10 cc 24 45 01 60 dc 41 ee 77 b2 11 8c 30 f1 f7 72 61 db a2 18 27 c1 88 78 b0 ca a2 0e 7b b3 d5 35 c2 ed 59 87 b1 1b 3c d1 b4 10 cd da ca df f2 aa 34 c8 79 9f 28 b8 64 98 b3 08 f0 2d ff af 23 e5 c3 95 76 f7 36 ce 49 37 0d f4 5f 0d 7a 0d fb 6e f4 5a e5 f9 0c 0a 91 06 11 34 c8 b4 4e a7 43 8a eb d3 b4 d0 4e b4 28 2a f2 1e ea 6e 09 dd 05 2d 8a 44 34 6e 19 d0 aa ab 51 61 78 03 b5 b6 24 ad ed b8 05 41 3a 33 cf 58 9c a4 0c b6 81 6a b0 88 66 c0 2d 92 86 50 7d 25 08 71 16 e2 37 60 1e b3 f0 1c 0c 3e 00 6b 1b c2 6d 59 99 ce e1 8c 55 fa 25 ea 72 03 dd 2d e2 e7 4a 91 89 62 28 3b 11 f9 50 85 a5 ac 6b e8 c5 a0 a2 8c 22 bb a5 9b 88 d2 40 65 00 90 a4 10 91 7c 66 8a 4f 00 15 78 6c be 93 49 39 2b ea 65 36 da 9d f6 23 12 cb f0 a4 64 7d 8a 66 92 06 23 10 00 56 92 99 76 fd f3 d3 08 79 33 02 cc 68 d6 fb 69 88 18 09 34 dc ce 5a 78 a6 17 0e 35 32 96 2a c7 81 45 59 53 d0 3c 07 f4 3e 9d f1 2c 02 51 62 6b e0 a5 27 31 9b 67 cc 64 46 e0 59 10 ff 8a 01 33 c3 5e cd 27 cb ae be 67 e1 ba 40 2f 31 c3 27 cb e4 21 45 fc b9 36 7a 59 5c 89 1b 29 2c 83 db 3b 9b df 02 98 81 ad 6b 6b e0 a1 65 85 5a 06 45 9c e8 b0 a0 9e b0 4f a3 3d 5b 6b 85
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: www.holidaybunch.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Just%20a%20moment..._files/v1(1) HTTP/1.1Host: www.holidaybunch.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://www.holidaybunch.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.holidaybunch.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.holidaybunch.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: www.holidaybunch.com
Source: global traffic DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic DNS traffic detected: DNS query: i.ibb.co
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Wed, 23 Oct 2024 19:13:00 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 65 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f c1 6a c3 30 10 44 ef fe 8a 6d 4e ed a1 5a 27 b8 90 83 10 b4 b1 43 03 6e 6a 5a f9 d0 a3 62 6d 90 c1 b1 5c 49 ae c9 df 57 76 28 f4 b2 30 bb 33 8f 59 7e 97 bf ef e4 57 55 c0 ab 7c 2b a1 aa 5f ca c3 0e 56 8f 88 87 42 ee 11 73 99 df 2e 1b 96 22 16 c7 95 48 b8 09 97 4e 70 43 4a 47 11 da d0 91 c8 d2 0c 8e 36 c0 de 8e bd e6 78 5b 26 1c 17 13 3f 59 7d 9d 73 6b f1 cf 13 55 c2 07 21 0d 81 a3 ef 91 7c 20 0d f5 47 09 93 f2 d0 47 d6 79 66 81 ed 21 98 d6 83 27 f7 43 8e 71 1c 66 92 8b 43 69 ed c8 7b f1 3c a8 c6 10 6e 58 c6 9e b6 70 5f 9f c6 3e 8c 0f f0 b9 04 40 05 98 a6 89 19 db b5 5a 5d e3 ad 31 ac b1 17 a8 ac 0b b0 4d 39 fe 61 62 db a5 67 2c 3d ff 97 fc 02 62 ca c6 a0 1a 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: edMj0DmNZ'CnjZbm\IWv(03Y~WU|+_VBs."HNpCJG6x[&?Y}skU!| GGyf!'CqfCi{<nXp_>@Z]1M9abg,=b0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Wed, 23 Oct 2024 19:13:03 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 65 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f c1 6a c3 30 10 44 ef fe 8a 6d 4e ed a1 5a 27 b8 90 83 10 b4 b1 43 03 6e 6a 5a f9 d0 a3 62 6d 90 c1 b1 5c 49 ae c9 df 57 76 28 f4 b2 30 bb 33 8f 59 7e 97 bf ef e4 57 55 c0 ab 7c 2b a1 aa 5f ca c3 0e 56 8f 88 87 42 ee 11 73 99 df 2e 1b 96 22 16 c7 95 48 b8 09 97 4e 70 43 4a 47 11 da d0 91 c8 d2 0c 8e 36 c0 de 8e bd e6 78 5b 26 1c 17 13 3f 59 7d 9d 73 6b f1 cf 13 55 c2 07 21 0d 81 a3 ef 91 7c 20 0d f5 47 09 93 f2 d0 47 d6 79 66 81 ed 21 98 d6 83 27 f7 43 8e 71 1c 66 92 8b 43 69 ed c8 7b f1 3c a8 c6 10 6e 58 c6 9e b6 70 5f 9f c6 3e 8c 0f f0 b9 04 40 05 98 a6 89 19 db b5 5a 5d e3 ad 31 ac b1 17 a8 ac 0b b0 4d 39 fe 61 62 db a5 67 2c 3d ff 97 fc 02 62 ca c6 a0 1a 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: edMj0DmNZ'CnjZbm\IWv(03Y~WU|+_VBs."HNpCJG6x[&?Y}skU!| GGyf!'CqfCi{<nXp_>@Z]1M9abg,=b0
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: classification engine Classification label: mal60.phis.win@16/10@12/105
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,12324901844636759883,3773517799946509148,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.holidaybunch.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,12324901844636759883,3773517799946509148,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: Window Recorder Window detected: More than 3 window changes detected

Persistence and Installation Behavior

barindex
Source: screenshot OCR Text: x e about:blank X Just a moment.. C A Not secure I halidaybunch.cam CloudFlare Veri lg the action below. Complete these Ver'ification Steps To better prove you are not a robot. please: 1. Press & hold the Windows KeyC + R 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. Clou curity of your You will observe and agree: E "Verify you human Rey Verification 10: 484" conn Perform the steps above to VERIFY finish verification. Ray 10: Performance & security by Cloudflare 15:13 ENG p Type here to search SG 23/10/2024
Source: screenshot OCR Text: x e about:blank X Just a moment.. C A Not secure I halidaybunch.cam CloudFlare Veri lg the action below. Complete these Ver'ification Steps To better prove you are not a robot. please: 1. Press & hold the Windows KeyC + R 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. Clou curity of your You will observe an gree: E "Verify you human Rey verification 10: USA" conn Perform the steps above to VERIFY finish verification. Ray 10: Performance & security by Cloudflare 15:13 ENG p Type here to search SG 23/10/2024
Source: Chrome DOM: 1.1 OCR Text: CloudFlare Verify lg the action below. Complete these Verification Steps To better prove you are not a robot, please: 1. Press & hold the Windows Key + R 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. Clou You will observe and agree: curity of your E "Verify you huttari Rey Verification 10: S4S4" conn Perform the steps above to VERIFY finish verification. Ray 10: Performance & security by Cloudflare
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs