Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://inps-conferma-dati.it/home.html

Overview

General Information

Sample URL:	https://inps-conferma-dati.it/home.html
Analysis ID:	1542134

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

Stores files to the Windows start menu directory

Suspicious form URL found

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 1828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1944,i,16722014910760433830,7169771284184727034,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://inps-conferma-dati.it/home.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://inps-conferma-dati.it/home.html

LLM: Score: 9 Reasons: The brand 'INPS' is a known Italian social security institution., The legitimate domain for INPS is 'inps.it'., The provided URL 'inps-conferma-dati.it' contains additional words separated by hyphens, which is a common tactic used in phishing., The URL structure suggests an attempt to mimic the legitimate INPS domain by adding 'conferma-dati', which translates to 'confirm data' in Italian, potentially to deceive users., The presence of input fields requesting personal information such as 'Nome', 'Cognome', 'Data di Nascita', 'Codice Fiscale', 'Telefono', and 'Email' is typical of phishing sites attempting to harvest sensitive data. DOM: 1.0.pages.csv

Source: https://inps-conferma-dati.it/home.html

HTTP Parser: Number of links: 0

Source: https://inps-conferma-dati.it/home.html

HTTP Parser: Form action: redirect.php

Source: https://inps-conferma-dati.it/home.html

HTTP Parser: No <meta name="author".. found

Source: https://inps-conferma-dati.it/home.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49722 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49703 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: inps-conferma-dati.it
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49722 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@17/6@6/129

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1944,i,16722014910760433830,7169771284184727034,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://inps-conferma-dati.it/home.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1944,i,16722014910760433830,7169771284184727034,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
inps-conferma-dati.it	178.32.138.212	true	true		unknown
www.google.com	142.250.185.100	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://inps-conferma-dati.it/home.html	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
142.250.186.174	unknown	United States		15169	GOOGLEUS	false
172.217.18.3	unknown	United States		15169	GOOGLEUS	false
142.250.113.95	unknown	United States		15169	GOOGLEUS	false
142.250.185.100	www.google.com	United States		15169	GOOGLEUS	false
178.32.138.212	inps-conferma-dati.it	France		16276	OVHFR	true
64.233.166.84	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.184.206	unknown	United States		15169	GOOGLEUS	false
142.250.185.74	unknown	United States		15169	GOOGLEUS	false
172.217.16.195	unknown	United States		15169	GOOGLEUS	false
142.250.186.138	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542134
Start date and time:	2024-10-25 15:32:48 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://inps-conferma-dati.it/home.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@17/6@6/129

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 142.250.186.174, 64.233.166.84, 34.104.35.123, 142.250.113.95, 93.184.221.240, 142.250.186.138, 142.250.185.74, 172.217.16.202, 216.58.206.74, 142.250.185.138, 142.250.184.234, 142.250.186.106, 142.250.186.42, 142.250.186.74, 142.250.186.170, 142.250.185.170, 142.250.185.106, 142.250.184.202, 216.58.212.138, 172.217.18.10, 172.217.16.138
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://inps-conferma-dati.it/home.html

LLM Input / Output

Input	Output
URL: https://inps-conferma-dati.it/home.html Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "CONFERMARE LA TUA IDENTIT", "prominent_button_name": "unknown", "text_input_field_labels": [ "Nome", "Cognome", "Data di Nascita", "Codice Fiscale", "Telefono", "Email" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://inps-conferma-dati.it/home.html Model: claude-3-haiku-20240307	```json { "brands": [ "INPS" ] }
	```json { "brands": [ "INPS" ] }
URL: https://inps-conferma-dati.it/home.html Model: gpt-4o	```json{ "legit_domain": "inps.it", "classification": "known", "reasons": [ "The brand 'INPS' is a known Italian social security institution.", "The legitimate domain for INPS is 'inps.it'.", "The provided URL 'inps-conferma-dati.it' contains additional words separated by hyphens, which is a common tactic used in phishing.", "The URL structure suggests an attempt to mimic the legitimate INPS domain by adding 'conferma-dati', which translates to 'confirm data' in Italian, potentially to deceive users.", "The presence of input fields requesting personal information such as 'Nome', 'Cognome', 'Data di Nascita', 'Codice Fiscale', 'Telefono', and 'Email' is typical of phishing sites attempting to harvest sensitive data." ], "riskscore": 9} Google indexed: False
URL: inps-conferma-dati.it Brands: INPS Input Fields: Nome, Cognome, Data di Nascita, Codice Fiscale, Telefono, Email

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 12:33:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.981505979158183
Encrypted:	false
SSDEEP:
MD5:	2F418AC337F6AF06E39D40315C0BBA7D
SHA1:	82D75BCF96D165F007A18F9BF560F9B9C82DA506
SHA-256:	82CA555F7AE8FD468E3B91446C24D5F4F0FB3F3BDCCDF054E1139BE7720342BB
SHA-512:	C37933D1FC6603F632694694848DB47B9DBA85901404AF8CF22C0D5CA5C6D0B04FB5A398E453BDF13160A679BD3E46F85239DD1BE4B811D92F1AAA35EEAAB504
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IYY5l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYY<l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VYY<l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VYY<l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VYY=l...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 12:33:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9954206730534763
Encrypted:	false
SSDEEP:
MD5:	49254C63E032C064118FD8AE90DD3CDF
SHA1:	7B750307979CF9AD0212E2EB180F11FD19317163
SHA-256:	052EDB626C10EEB1ABB7C6A614E5D046217DF95D245EA4F08D6F3AC87F8A4505
SHA-512:	030DC944F016545AD9AB6C5BDA6498DA28912CE44643E6CED8DBAACEB5694CD6BFF72BE0C909B73E63D64A37C2D8D8E8D2BBC9B4788124B511B65CA62B2BA968
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....Qe...&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IYY5l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYY<l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VYY<l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VYY<l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VYY=l...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.005264126870074
Encrypted:	false
SSDEEP:
MD5:	443930EE047BA9A051562D1580929312
SHA1:	35B02A169DF2CCCD372415A09D619ECAAA7D3AF5
SHA-256:	CDE912D0F54FCB4F1005544926CCB345B6C328535DCBD16EC57D444663E53067
SHA-512:	86B731C9596AEC3BE9D4D3A9F0C2BDB621095F84D544EDDB00075CF6C68F65B6B9CEF32B21D15E609B031EA504D71DC2DB587283A5976F416A3A1ECE15E4743D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IYY5l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYY<l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VYY<l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VYY<l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 12:33:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.993196471140649
Encrypted:	false
SSDEEP:
MD5:	879BEC19A24FA90645CBD364E1DED986
SHA1:	AE985915707067C1CD7E44489DB0117043BBB49C
SHA-256:	5E9650B99AEC59FA57C0753E2852A725F950A3A577CD77F8A138431F3ABAA326
SHA-512:	BF9DA8B024A157DA2EA72288B44715B97DEC005274E47993B0594E9F7B4F2C105B12CD741A63AD2AE410F09CA273C792F5810872B19200308F5064CD57AFA9B1
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....\|9...&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IYY5l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYY<l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VYY<l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VYY<l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VYY=l...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 12:33:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9842931649352673
Encrypted:	false
SSDEEP:
MD5:	2BE79A586D53DBB2BA24D760DCB8FB89
SHA1:	C15E969199DE5B4A4AFBE39E2BC46DD09AC86EDF
SHA-256:	346FFEEB69CC0E9617232F79B52F5392687E7CB2DE8E3C48CE69F67C6AC37198
SHA-512:	838522B91170923FE4117E39BB915D2AB9BDF9E7F75D28450B85D4DFEF79C3CFCA2F3EF9365C7427CA8FCBF0BA3C486BB91B5851B63B2260C4D535F307500EFC
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IYY5l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYY<l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VYY<l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VYY<l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VYY=l...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 12:33:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.992665687698903
Encrypted:	false
SSDEEP:
MD5:	A657EEABF0F9DE6B8BB7B4C071B412EB
SHA1:	3AC3DC14BE45404CBFE85242538E44C9ACBDC33A
SHA-256:	B985FBE4804551EB37BAB54DCF2D42CAC3A81B2FD4F89F0B2913BECBC668D6E3
SHA-512:	7865DF2D98F5FD70B29B1BA1C5341488A9A538A19FCCFCD3EAB398DB89A26E76411AE21C6DB336AE2DFBBA3F9297CA8D505295CADBE69DC5CD160828C1B5EC9E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IYY5l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYY<l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VYY<l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VYY<l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VYY=l...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info