IOC Report
http://fslink.standardgas.tech/email/track/click?hash=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7Im11c3RoIjoiaHR0cHM6Ly9zdGFuZGFyZGdhcy5jby51ay8iLCJsaW9uIjoiNzRhYmUiLCJnb3JpbGxhIjoiNzM5NTdkYzZmIiwidGlnZXIiOiJmc2xpbmsuc3RhbmRhcmRnYXMudGVjaCJ9LCJpYXQiOjE3MTE3MTgxNzF9.GObAfB9-W30YZAcFQEaUUr1adsRZ

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 13:24:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 13:24:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 13:24:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 13:24:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 13:24:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2332,i,2561121658780983728,16714650706840118425,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fslink.standardgas.tech/email/track/click?hash=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7Im11c3RoIjoiaHR0cHM6Ly9zdGFuZGFyZGdhcy5jby51ay8iLCJsaW9uIjoiNzRhYmUiLCJnb3JpbGxhIjoiNzM5NTdkYzZmIiwidGlnZXIiOiJmc2xpbmsuc3RhbmRhcmRnYXMudGVjaCJ9LCJpYXQiOjE3MTE3MTgxNzF9.GObAfB9-W30YZAcFQEaUUr1adsRZUylouWnCALm9Rw8~eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImhvcnNlIjoidGF5bG9yLnRpbGxtYW5AaGVzcy5jb20iLCJjYW1lbCI6IjczYzk0MjY2YyJ9LCJpYXQiOjE3MTE3MTgxNzF9.Q0_ACLinD2V4DqUHXcxadKsx9ECWaao5bGeKKk8Sfsw"

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.214.172
www.google.com
142.251.111.105
fslink.freshsales.io
52.22.65.235
fp2e7a.wpc.phicdn.net
192.229.211.108
standardgas.co.uk
94.136.40.82
windowsupdatebg.s.llnwi.net
69.164.0.0
fslink.standardgas.tech
unknown

IPs

IP
Domain
Country
Malicious
52.22.65.235
fslink.freshsales.io
United States
94.136.40.82
standardgas.co.uk
United Kingdom
239.255.255.250
unknown
Reserved
142.251.111.105
www.google.com
United States
192.168.2.5
unknown
unknown