Windows Analysis Report
http://remotescripps.org

Overview

General Information

Sample URL:	http://remotescripps.org
Analysis ID:	1432283
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Program does not show much activity (idle)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Classification

Signatures

Source: chromecache_80.2.dr	String found in binary or memory: http://104.154.23.126/data-ingest
Source: chromecache_62.2.dr	String found in binary or memory: https://api-js.mixpanel.com
Source: chromecache_62.2.dr	String found in binary or memory: https://cdn.mxpnl.com
Source: chromecache_75.2.dr	String found in binary or memory: https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Source: chromecache_75.2.dr	String found in binary or memory: https://dtools.zautils.online/geturl/PrivacyGuard/intpgdirect
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Inter:wght
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1pL7SUc.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2pL7SUc.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://impr.zautils.online/impression?c=intpgdirect
Source: chromecache_78.2.dr	String found in binary or memory: https://mc.yandex.
Source: chromecache_78.2.dr	String found in binary or memory: https://mc.yandex.md/cc
Source: chromecache_62.2.dr	String found in binary or memory: https://mixpanel.com
Source: chromecache_75.2.dr	String found in binary or memory: https://red.zautils.online/downloadproxy/intpgdirect/
Source: chromecache_78.2.dr	String found in binary or memory: https://s3.mds.yandex.net/internal-metrika-betas
Source: chromecache_78.2.dr	String found in binary or memory: https://yandex.com/an/sync_cookie
Source: chromecache_78.2.dr	String found in binary or memory: https://yastatic.net/s3/gdpr/v3/gdpr
Source: chromecache_78.2.dr	String found in binary or memory: https://yastatic.net/s3/metrika
Source: chromecache_78.2.dr	String found in binary or memory: https://yastatic.net/s3/taxi-front/yango-gdpr-popup/
Source: chromecache_78.2.dr	String found in binary or memory: https://ymetrica1.com/watch/3/1

Source: classification engine

Classification label: clean1.win@22/44@0/21

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\5c166f86-33b0-438e-9ef6-44ff2f08b22d.tmp

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5324:120:WilError_03

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1904,i,16374361133097479990,13026938040437888917,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://remotescripps.org"
Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\Desktop\"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1904,i,16374361133097479990,13026938040437888917,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\cmd.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.50.36	unknown	United States	15169	GOOGLEUS	false
142.250.189.131	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
35.186.241.51	unknown	United States	15169	GOOGLEUS	false
192.178.50.46	unknown	United States	15169	GOOGLEUS	false
173.194.212.84	unknown	United States	15169	GOOGLEUS	false
130.211.34.183	unknown	United States	15169	GOOGLEUS	false
162.254.207.59	unknown	United States	29066	VELIANET-ASvelianetInternetdiensteGmbHDE	false
142.250.189.138	unknown	United States	15169	GOOGLEUS	false
130.211.5.208	unknown	United States	15169	GOOGLEUS	false
172.67.136.85	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.217.163	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
206.189.225.178	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
93.158.134.119	unknown	Russian Federation	13238	YANDEXRU	false
3.220.57.224	unknown	United States	14618	AMAZON-AESUS	false
87.250.251.119	unknown	Russian Federation	13238	YANDEXRU	false
142.250.217.195	unknown	United States	15169	GOOGLEUS	false
52.20.78.240	unknown	United States	14618	AMAZON-AESUS	false
13.35.116.96	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.4

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cintlp.zautils.online/?subid=90818130074&cid=8899&tag=dm&dkw=remotescripps.org&rhi=a35e5edf-bf95-4e80-bdb3-bc6efdf294a5	false		unknown

ID:	1432283
Product:	CloudBasic
Start time:	19:20:32
Start date:	26.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\Downloads\PrivacyGuardBrowser.1.10.78.0.Msix (copy)	Zip archive data, at least v4.5 to extract, compression method=store	042CC51594DB860354C47A4E8CDCA37D	6104CAE9FA3DA2802CF1A7F3898A3292E49A497A	0A0B6D419AA7520FF29AC5CEC8D1A4A89096319774CF481127A92048566EEB91
C:\Users\user\Downloads\Unconfirmed 149792.crdownload	Zip archive data, at least v4.5 to extract, compression method=store	042CC51594DB860354C47A4E8CDCA37D	6104CAE9FA3DA2802CF1A7F3898A3292E49A497A	0A0B6D419AA7520FF29AC5CEC8D1A4A89096319774CF481127A92048566EEB91
Chrome Cache Entry: 59	ASCII text, with no line terminators	444BCB3A3FCF8389296C49467F27E1D6	7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB	2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
Chrome Cache Entry: 60	ASCII text	321636B637A865FBE03DFC763097C93A	19B3CD567233B477FD409DCD91A8877807CDAA93	D3F8AFFEB970688F1E43FFD004A4F361ADF832B33A8341424478AF33FEFF8A31
Chrome Cache Entry: 61	Web Open Font Format (Version 2), TrueType, length 46704, version 1.0	30A274CD01B6EEB0B082C918B0697F1E	393311BDE26B99A4AD935FA55BAD1DCE7994388B	88DF0B5A7BC397DBC13A26BB8B3742CC62CD1C9B0DDED57DA7832416D6F52F42
Chrome Cache Entry: 62	ASCII text, with very long lines (607)	45A6749860B806A0ED77ED08DFA90B99	C533D7544452DBD40907306BAFAC435541D4E2BF	7C690A6EBB2EEF51E8CCC66161B02197C22F388F1FC23C89E0F5C7B70E1EAC50
Chrome Cache Entry: 63	HTML document, ASCII text, with very long lines (532)	DDCB981B1555F3011E3D550508DA75A8	305978A0C5924B7E34E1DA42914156079C8BE631	E9F67688FEE0150690C92917640AA09F8A80D6B6366B90113F0C5772DFF669CE
Chrome Cache Entry: 64	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	65A5E6CFCA5E73A002CFFC719873A149	E911BC089EA96E29C193456D5F5FF061819D0AAB	C482472C562D96C5798FC44FAE1074DAF1C1650736F4CAC3B0D5C5B869AB9D15
Chrome Cache Entry: 65	GIF image data, version 89a, 1 x 1	DF3E567D6F16D040326C7A0EA29A4F41	EA7DF583983133B62712B5E73BFFBCD45CC53736	548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
Chrome Cache Entry: 66	GIF image data, version 89a, 1 x 1	DF3E567D6F16D040326C7A0EA29A4F41	EA7DF583983133B62712B5E73BFFBCD45CC53736	548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
Chrome Cache Entry: 67	PNG image data, 396 x 185, 8-bit/color RGBA, non-interlaced	C051766E14D74FA91E7FA4D4AE8959CE	5CE2132AC0E9659BD3D707BC77009031C739E307	B973D0FEE87F2189A09C8B1E83E3D315E04F222F35DF77532546244D8E1579C2
Chrome Cache Entry: 68	PNG image data, 396 x 186, 8-bit/color RGBA, non-interlaced	E603411F8E52D0BD1B08A958797A5A79	68C16F9E6F19D091377ACF9692C51EA7756511F8	6C39F31EF6C31169ECBDB8BC1651BD12E4304F1B746B0ECBB8C6F8F4776213F2
Chrome Cache Entry: 69	PNG image data, 396 x 185, 8-bit/color RGBA, non-interlaced	C051766E14D74FA91E7FA4D4AE8959CE	5CE2132AC0E9659BD3D707BC77009031C739E307	B973D0FEE87F2189A09C8B1E83E3D315E04F222F35DF77532546244D8E1579C2
Chrome Cache Entry: 70	ASCII text, with no line terminators	E0AA021E21DDDBD6D8CECEC71E9CF564	9CE3BD4224C8C1780DB56B4125ECF3F24BF748B7	565339BC4D33D72817B583024112EB7F5CDF3E5EEF0252D6EC1B9C9A94E12BB3
Chrome Cache Entry: 71	ISO Media, MP4 v2 [ISO 14496-14]	E00D980C1B68A559BF7E23676122F241	166F348D565A4C8CB3E2A65B6103AD8D983F8127	C902DE0706A30B7C35E32F7C134052A8AED4192FA000A6F774439BC5DB4016C7
Chrome Cache Entry: 72	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	65A5E6CFCA5E73A002CFFC719873A149	E911BC089EA96E29C193456D5F5FF061819D0AAB	C482472C562D96C5798FC44FAE1074DAF1C1650736F4CAC3B0D5C5B869AB9D15
Chrome Cache Entry: 73	ASCII text	B5EAB7AC77B571385845042F9B48594F	EEF93163E4188F9EB3E0B88011DB13DD480B18E4	1E354FB4D88E323D4E8FAC552E3A97A532485B3811CC139D1AF76FDD6B4D321A
Chrome Cache Entry: 74	ASCII text, with no line terminators	E0AA021E21DDDBD6D8CECEC71E9CF564	9CE3BD4224C8C1780DB56B4125ECF3F24BF748B7	565339BC4D33D72817B583024112EB7F5CDF3E5EEF0252D6EC1B9C9A94E12BB3
Chrome Cache Entry: 75	HTML document, Unicode text, UTF-8 text, with very long lines (2013)	72CF58A1AD8B9210DEE622DA84282786	469FA9008BBB8349CA1361E762EC435A826EE732	A19B24D8F86A8322556A5357C838BAC8FEFDDF7828503EBDC73684C158050222
Chrome Cache Entry: 76	PNG image data, 1440 x 1024, 8-bit/color RGBA, non-interlaced	249E0547586A4D640C9E456D65BB7D15	96A1EE9AE0B757C3B6DBE2409E40C361C9977D26	65460F10B9F2022AD931FE2B97A99D5845ADF2D69FFB691A999FD9B7173BE323
Chrome Cache Entry: 77	GIF image data, version 89a, 1 x 1	DF3E567D6F16D040326C7A0EA29A4F41	EA7DF583983133B62712B5E73BFFBCD45CC53736	548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
Chrome Cache Entry: 78	Unicode text, UTF-8 (with BOM) text, with very long lines (547)	34B80871634D0CAB0CE096201F1562E6	1AAA8870E27B161121A2025A750DF7473BA153CD	06733AE2076F97B3446F974C4E4C6EA88BE551D12543FD3D7FECCBBF83ED3575
Chrome Cache Entry: 79	ASCII text	F93FFE3E7659336BDBABD70A7D00A995	24E4ACC6239D78C313521A4B3795E6B18E4DAF72	6B8A445DBDDFB9B7C56FFD4F34B6CA628A0D2C85B6A8F4DA1EDA376694377C3C
Chrome Cache Entry: 80	ASCII text	1F49E3A9C13B729B59E3C645E8EF603F	197D79EB78ED88FDAFBEE9896C23361829DC9E2F	0DCB23E1EEE1EF86D6ED12FE95182A3A2FD6035C778A9C46E6EE8E81FD86C838
Chrome Cache Entry: 81	GIF image data, version 89a, 1 x 1	DF3E567D6F16D040326C7A0EA29A4F41	EA7DF583983133B62712B5E73BFFBCD45CC53736	548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
Chrome Cache Entry: 82	PNG image data, 1440 x 1024, 8-bit/color RGBA, non-interlaced	249E0547586A4D640C9E456D65BB7D15	96A1EE9AE0B757C3B6DBE2409E40C361C9977D26	65460F10B9F2022AD931FE2B97A99D5845ADF2D69FFB691A999FD9B7173BE323
Chrome Cache Entry: 83	PNG image data, 396 x 186, 8-bit/color RGBA, non-interlaced	E603411F8E52D0BD1B08A958797A5A79	68C16F9E6F19D091377ACF9692C51EA7756511F8	6C39F31EF6C31169ECBDB8BC1651BD12E4304F1B746B0ECBB8C6F8F4776213F2

Windows Analysis Report
http://remotescripps.org

Overview

General Information

Detection

Signatures

Classification

Signatures

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted URLs

Windows Analysis Report http://remotescripps.org

Overview

General Information

Detection

Signatures

Classification

Signatures

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted URLs

Windows Analysis Report
http://remotescripps.org