Windows Analysis Report
https://topteamoscarlubricants.online/nba#ZGluYUBqdmRtLmNvLnph

Overview

General Information

Sample URL:	https://topteamoscarlubricants.online/nba#ZGluYUBqdmRtLmNvLnph
Analysis ID:	1416964
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://topteamoscarlubricants.online/nba#ZGluYUBqdmRtLmNvLnph

Avira URL Cloud: detection malicious, Label: phishing

Multi AV Scanner detection for domain / URL

Source: topteamoscarlubricants.online

Virustotal: Detection: 5%

Perma Link

Multi AV Scanner detection for submitted file

Source: https://topteamoscarlubricants.online/nba#ZGluYUBqdmRtLmNvLnph

Virustotal: Detection: 5%

Perma Link

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_72, type: DROPPED

HTML body contains low number of good links

Source: https://pub-62009b09df5e4a61a73b8cb258f20f88.r2.dev/aqyywuwyhdhhhruemdkeelz.html?VGHBJGKFHVFJDKDFUVYFIUJNBTMRJKJ3ERUYFR89UBRNMEWJDUVY89EUIHJJRKDIUYCDGHBJIEUFYGHEBNJEWDUCYHBHUCDYWGHBNJFVIUYEGHBEJFIUYVG&#dina@jvdm.co.za

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

HTTP Parser: Title: Email Server Update does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://pub-62009b09df5e4a61a73b8cb258f20f88.r2.dev/aqyywuwyhdhhhruemdkeelz.html?VGHBJGKFHVFJDKDFUVYFIUJNBTMRJKJ3ERUYFR89UBRNMEWJDUVY89EUIHJJRKDIUYCDGHBJIEUFYGHEBNJEWDUCYHBHUCDYWGHBNJFVIUYEGHBEJFIUYVG&#dina@jvdm.co.za	HTTP Parser: No favicon
Source: https://pub-62009b09df5e4a61a73b8cb258f20f88.r2.dev/aqyywuwyhdhhhruemdkeelz.html?VGHBJGKFHVFJDKDFUVYFIUJNBTMRJKJ3ERUYFR89UBRNMEWJDUVY89EUIHJJRKDIUYCDGHBJIEUFYGHEBNJEWDUCYHBHUCDYWGHBNJFVIUYEGHBEJFIUYVG&#dina@jvdm.co.za	HTTP Parser: No favicon

Source: https://pub-62009b09df5e4a61a73b8cb258f20f88.r2.dev/aqyywuwyhdhhhruemdkeelz.html?VGHBJGKFHVFJDKDFUVYFIUJNBTMRJKJ3ERUYFR89UBRNMEWJDUVY89EUIHJJRKDIUYCDGHBJIEUFYGHEBNJEWDUCYHBHUCDYWGHBNJFVIUYEGHBEJFIUYVG&#dina@jvdm.co.za	HTTP Parser: No <meta name="author".. found
Source: https://pub-62009b09df5e4a61a73b8cb258f20f88.r2.dev/aqyywuwyhdhhhruemdkeelz.html?VGHBJGKFHVFJDKDFUVYFIUJNBTMRJKJ3ERUYFR89UBRNMEWJDUVY89EUIHJJRKDIUYCDGHBJIEUFYGHEBNJEWDUCYHBHUCDYWGHBNJFVIUYEGHBEJFIUYVG&#dina@jvdm.co.za	HTTP Parser: No <meta name="author".. found

Source: https://pub-62009b09df5e4a61a73b8cb258f20f88.r2.dev/aqyywuwyhdhhhruemdkeelz.html?VGHBJGKFHVFJDKDFUVYFIUJNBTMRJKJ3ERUYFR89UBRNMEWJDUVY89EUIHJJRKDIUYCDGHBJIEUFYGHEBNJEWDUCYHBHUCDYWGHBNJFVIUYEGHBEJFIUYVG&#dina@jvdm.co.za	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-62009b09df5e4a61a73b8cb258f20f88.r2.dev/aqyywuwyhdhhhruemdkeelz.html?VGHBJGKFHVFJDKDFUVYFIUJNBTMRJKJ3ERUYFR89UBRNMEWJDUVY89EUIHJJRKDIUYCDGHBJIEUFYGHEBNJEWDUCYHBHUCDYWGHBNJFVIUYEGHBEJFIUYVG&#dina@jvdm.co.za	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49731 version: TLS 1.2

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2032514 ET CURRENT_EVENTS Generic Multibrand NewInjection Phishing Landing Template 104.18.3.35:443 -> 192.168.2.16:49707

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: unknown

DNS traffic detected: queries for: topteamoscarlubricants.online

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49731 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@14/18@22/89

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://topteamoscarlubricants.online/nba#ZGluYUBqdmRtLmNvLnph
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1932,i,10420052389361484476,14335600393112672327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1932,i,10420052389361484476,14335600393112672327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.18.3.35	pub-62009b09df5e4a61a73b8cb258f20f88.r2.dev	United States	13335	CLOUDFLARENETUS	true
172.64.106.23	unknown	United States	13335	CLOUDFLARENETUS	false
198.54.120.225	topteamoscarlubricants.online	United States	22612	NAMECHEAP-NETUS	true
142.251.167.100	unknown	United States	15169	GOOGLEUS	false
52.85.151.31	d26p066pn2w0s0.cloudfront.net	United States	16509	AMAZON-02US	false
104.18.40.68	unknown	United States	13335	CLOUDFLARENETUS	false
172.64.107.23	unknown	United States	13335	CLOUDFLARENETUS	false
142.251.16.104	www.google.com	United States	15169	GOOGLEUS	false
142.251.111.207	unknown	United States	15169	GOOGLEUS	false
142.251.111.94	unknown	United States	15169	GOOGLEUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
142.251.167.95	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
198.54.115.5	kevinzamineguy.online	United States	22612	NAMECHEAP-NETUS	false
142.250.31.94	unknown	United States	15169	GOOGLEUS	false
172.253.62.207	unknown	United States	15169	GOOGLEUS	false
18.235.6.110	image.thum.io	United States	14618	AMAZON-AESUS	false
142.250.31.95	unknown	United States	15169	GOOGLEUS	false
142.251.163.84	unknown	United States	15169	GOOGLEUS	false
172.253.115.95	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
d26p066pn2w0s0.cloudfront.net	52.85.151.31	true
kevinzamineguy.online	198.54.115.5	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
pub-62009b09df5e4a61a73b8cb258f20f88.r2.dev	104.18.3.35	true
www.google.com	142.251.16.104	true
topteamoscarlubricants.online	198.54.120.225	true
image.thum.io	18.235.6.110	true
ka-f.fontawesome.com	unknown	unknown
kit.fontawesome.com	unknown	unknown
logo.clearbit.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pub-62009b09df5e4a61a73b8cb258f20f88.r2.dev/aqyywuwyhdhhhruemdkeelz.html?VGHBJGKFHVFJDKDFUVYFIUJNBTMRJKJ3ERUYFR89UBRNMEWJDUVY89EUIHJJRKDIUYCDGHBJIEUFYGHEBNJEWDUCYHBHUCDYWGHBNJFVIUYEGHBEJFIUYVG&#dina@jvdm.co.za	false		unknown

ID:	1416964
Product:	CloudBasic
Start time:	11:12:55
Start date:	28.03.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 09:13:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	798B605186A7D71178660D37E896138A	CD47B095F76D36C577AA4039E3091728743C57E6	A939746E94CDFD6318393EEF2410C4E52E43F9225D95B5B37E94F79B20AB2FEF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 09:13:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	AF0937F500FA116D67977AE9B8441C7C	5FCE7E6C9E2F514809C697E6BC7533D850958F45	0559BE2A75802D7B5D66D5A583426C22D0EC31833FD1CE3BA59B684F9E32855D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	AFB1F632EFC750AC09F6459E1736CA9B	4CC9758FB4CFE36533F2021FF9A0BD83067B7EAA	ABE5FE3C76DFBBC3CD2257A1C009EDE9262EBE96F91D4AB81764B1CDB311C3DC
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 09:13:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	33CD0DF113D60CD8EA0620EE7C002860	F3A660C22FF7D4FD9AA571643D28BFD5F244CC58	34A576858571A565C1C1361632F2224F7E829111BE5813BFC694318989C5090F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 09:13:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6B68ABF71E1FEA26D1AD3A4994FF84B9	6AC3B0E94BD53B3563B031E7CC7C94DD534282E7	50993A0C3FF6F95BCE6324B5D0DF681A32C91E8E8CACECF63A99145E519F4743
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 09:13:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CCDC67606554C541AFAFC20471C6AB41	68989B3E3E60C286192F2273F709C352CB32023E	DC7A23CFD07469FA13D43F8415FA1B5F5A543312DAB70641686C6741C3C2BE43
Chrome Cache Entry: 60	ASCII text, with no line terminators	5E5CC2D76001022C009DDBBF4000B994	2074EFD2F5A14583638C71C5AA9C734681044D35	EFD0403B3FAC0227659FEBA32344C272E836229D1A808C13DF9BD53F15E06562
Chrome Cache Entry: 61	HTML document, ASCII text, with very long lines (611)	DF3D48946E8D3F5A83608308EDBB4B86	47B9C40C97ABF2658DF96B1C06109324E15E1A00	570A6631252B8A52DF4DE0E953AE77DBDF524DFC3637CDA2840494A0D2B49499
Chrome Cache Entry: 62	ASCII text	CBA4ED6C809962AC6C2A26842183B67A	3F8E077AFC8EF5BAB7FA626EA782DAE34D419BBE	AAE65C231008861C6430EBE296C926E728C4D2CCB1492F86E42D760E9B67D9A5
Chrome Cache Entry: 63	ASCII text, with very long lines (11461)	55D343A40C7166A79FD314F13CBB2E93	96904A849C32CA220E0AAA2AE3E81CF2B5CDF764	A1F75D6278713A84A8F28A392C77CA8A6A7C32BF14314D4A34A6CE2F06CFDF7A
Chrome Cache Entry: 64	ASCII text, with very long lines (65325)	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
Chrome Cache Entry: 65	ASCII text, with very long lines (60130)	A12EC7EBE75A4D59A5DD6B79E2BA2E16	28F5DCC595EE6D4163481EF64170180502C8629B	FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
Chrome Cache Entry: 67	HTML document, ASCII text, with CRLF line terminators	D2B734DA2A7AFA820DBCCF45952505CC	272B5F869FB35CA0EED6665DD6537715C69F0BCD	81679661865DD4F9B47D6E73A6B90CBA3D5EBC6E903166336C205904284FAC30
Chrome Cache Entry: 68	PNG image data, 1200 x 1200, 8-bit/color RGB, non-interlaced	C40CE5C266AF346E8F30ED9F05319CB1	4C6C3CA03FB302F66418A27AFB03A501D17E09A3	A37626BB459359C0FA99FE24EB0B6959BA31ED551F0834514114A75B745D71DE
Chrome Cache Entry: 71	ASCII text, with very long lines (26500)	76F34B71FC9FB641507FF6A822CC07F5	73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4	6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8
Chrome Cache Entry: 72	PHP script, ASCII text, with very long lines (58614), with CRLF line terminators	3859B9C582405B91745BD76A31ECF9A4	AB1AEE51EDF37456013605D01D2ABB3F10297A50	DC3E5937D7DA251A1D98A377D7BC61C7ECCB80A99AFB7E8C3D99068BE4897488
Chrome Cache Entry: 73	PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced	40AE4F6568F8A76588FF3DCB4D5F43B4	F3643C44611D47E477C2B718C2FF40A20182964C	31CCB91FFA866D8E061ADA54BC00A8EE5F098EB8014607EB92F25D3B8A9EAB2F
Chrome Cache Entry: 74	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E

Windows Analysis Report
https://topteamoscarlubricants.online/nba#ZGluYUBqdmRtLmNvLnph

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://topteamoscarlubricants.online/nba#ZGluYUBqdmRtLmNvLnph

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://topteamoscarlubricants.online/nba#ZGluYUBqdmRtLmNvLnph