Edit tour

Windows Analysis Report
http://halffreesk.live

Overview

General Information

Sample URL:	http://halffreesk.live
Analysis ID:	1293506
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Connects to several IPs in different countries

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4136 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 4156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1924,i,8524080138355103235,7333843845405872983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 2380 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://halffreesk.live MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; AEC=Ad49MVGiijyX5dxPFAKxKYso-rIS24Ht-Pxs5fU9hHrAzfASnm-jqdQE1g; NID=511=WyMJovC2uA2AEbHQkGfP-KDdYCeg5Q7Mv6gxYT-qeugtrnXImrhmp1SixwS4ydh_E8Z0hdfCLAXvg2WUqsBSfqpx5SFvCCoeGeevqlEfkoxYi9FTISb8Cu7rr5rf9PyyNbLqf2QbxG7ja7jAB6UJQd5CPvMGcYUasORCRKRL1-arNYzfADAWHJvBLXml-Km_uewDreOyJ-MjxAI-i38Tl6LXI3zB; 1P_JAR=2023-08-10-10

Source: classification engine

Classification label: mal56.win@29/260@272/72

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1924,i,8524080138355103235,7333843845405872983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://halffreesk.live
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1924,i,8524080138355103235,7333843845405872983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\chrome_BITS_4136_503697945

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_4136_503697945	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\keys.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_4136_84780253	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_184010061	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_184010061\ssl_error_assistant.pb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_184010061\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_184010061\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_184010061\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_184010061\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_4136_1457793690	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://halffreesk.live	0%	Virustotal		Browse
http://halffreesk.live	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label
http://prismstandard.org/namespaces/prismusagerights/2.1/	0%	URL Reputation	safe
https://halffreesk.live/privacy	100%	Avira URL Cloud	malware
https://www.amtradez.com/wp-content/uploads/2021/12/Amazon-Fire-TV-Stick-4K-Max-Streaming-Media-Player-With-Alexa-Voice-Remote-3rd-Gen.jpg	0%	Avira URL Cloud	safe
https://halffreesk.live/shippinginfo	100%	Avira URL Cloud	malware
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.tradeinn.com%252Ff%252F13740%252F137406236_3%252Fadidas-originals-balanta-96-track-jacket.jpg	100%	Avira URL Cloud	malware
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.amtradez.com%252Fwp-content%252Fuploads%252F2021%252F12%252FAmazon-Fire-TV-Stick-4K-Max-Streaming-Media-Player-With-Alexa-Voice-Remote-3rd-Gen.jpg	100%	Avira URL Cloud	malware
https://www.panda-q.com/2812-large_default/panda-sunglasses-uv-400-folding-frame-kids-panda-bear-sunglasses.jpg	0%	Avira URL Cloud	safe
https://www.softsweetdecordolci.it/5998-large_default/pupazzo-hyppo-love-con-cuore-ti-voglio-bene-30-cm.jpg	0%	Avira URL Cloud	safe
https://www.stampainunclick.com/cms/contenuto/c_99/img/621160.png	0%	Avira URL Cloud	safe
https://www.fuel.com.gr/pub/media/catalog/product/cache/f6ccabc43e7d1c55dd9185c8276d1df5/d/d/dd2002-001-12.jpg	0%	Avira URL Cloud	safe
https://halffreesk.live/favicon.ico	100%	Avira URL Cloud	malware
https://halffreesk.live/advanced_search_result	100%	Avira URL Cloud	malware
https://halffreesk.live/contact_us	100%	Avira URL Cloud	malware
https://www.revellawear.com/images/products/detail/567TIFFemeraldgreenfrontwithcrystals.1.jpg	0%	Avira URL Cloud	safe
https://halffreesk.live/product_details/	100%	Avira URL Cloud	malware
https://halffreesk.live/static/default/css/iconfont.css	100%	Avira URL Cloud	malware
https://halffreesk.live/checkout	100%	Avira URL Cloud	malware
https://insideedgeboutiqueandsports.com/wp-content/uploads/2020/06/wanakome%20web.png	0%	Avira URL Cloud	safe
https://halffreesk.live/static/default/js/vue.min.js	100%	Avira URL Cloud	malware
https://ameliasfinejewelry.com/wp-content/uploads/2020/07/DW-127-1.jpg	0%	Avira URL Cloud	safe
https://halffreesk.live/api/item/random	100%	Avira URL Cloud	malware
https://halffreesk.live/trackorder	100%	Avira URL Cloud	malware
https://halffreesk.live/api/item/info?id=448761091	100%	Avira URL Cloud	malware
https://halffreesk.live/static/zxzxsell/fonts/Graphik-Medium.woff2	100%	Avira URL Cloud	malware
https://halffreesk.live/api/item/type	100%	Avira URL Cloud	malware
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fmedia.generalpants.com%252Fsys-master%252Fimages%252Fhb1%252Fh08%252F9795665428510%252F883985578937_0004.jpg	100%	Avira URL Cloud	malware
https://halffreesk.live/static/zxzxsell/img/b5.jpg	100%	Avira URL Cloud	malware
https://halffreesk.live/static/default/img/20220514153821.png	100%	Avira URL Cloud	malware
https://www.digitalsport.com.ar/files/products/5b55d11a287e3-445772-500x500.jpg	0%	Avira URL Cloud	safe
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.fuel.com.gr%252Fpub%252Fmedia%252Fcatalog%252Fproduct%252Fcache%252Ff6ccabc43e7d1c55dd9185c8276d1df5%252Fd%252Fd%252Fdd2002-001-12.jpg	100%	Avira URL Cloud	malware
https://halffreesk.live/static/zxzxsell/js/main.min.js	100%	Avira URL Cloud	malware
https://halffreesk.live/static/zxzxsell/fonts/Graphik-Bold.woff2	100%	Avira URL Cloud	malware
https://halffreesk.live/faq	100%	Avira URL Cloud	malware
https://halffreesk.live/static/zxzxsell/fonts/fontawesome-webfont.woff2	100%	Avira URL Cloud	malware
https://www.wholesomespetfood.com/wp-content/uploads/WHSMS_40LB_Energy-Series_Energy-Plus_F-600x600.webp	0%	Avira URL Cloud	safe
https://m.veloshop.co.kr/web/product/big/201808/6b1bc2f37bf81b73c89ba4765f481eb8.jpg	0%	Avira URL Cloud	safe
https://halffreesk.live/static/zxzxsell/fonts/ionicons.woff	100%	Avira URL Cloud	malware
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Flookaside.fbsbx.com%252Flookaside%252Fcrawler%252Fmedia%252F%253Fmedia_id%253D504726451652902	100%	Avira URL Cloud	malware
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.wigglestatic.com%252Fproduct-media%252F160761%252Fprod160761_Black_NE_01.jpg	100%	Avira URL Cloud	malware
https://products.blains.com/100/144/1441853.jpg	0%	Avira URL Cloud	safe
https://global.cdn.magazord.com.br/marris/img/2022/03/produto/1696/jaqueta-corta-vento-infantil-masculina-azul-marinho-c-verde-neon-3.jpg?ims=fit-in/425x635/filters:fill(white)	0%	Avira URL Cloud	safe
https://cms-cdn.thesolesupplier.co.uk/2019/05/Nike-M2K-Tekno-Black-Orange-AO3108-014-tsw_w900.png	0%	Avira URL Cloud	safe
https://halffreesk.live/static/default/img/slide_homepage_1.jpeg	100%	Avira URL Cloud	malware
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Flookaside.fbsbx.com%252Flookaside%252Fcrawler%252Fmedia%252F%253Fmedia_id%253D1800677493564179	100%	Avira URL Cloud	malware
https://www.synthmuseum.com/korg/kormp01.jpg	0%	Avira URL Cloud	safe
https://halffreesk.live/static/zxzxsell/css/main.min.css?1	100%	Avira URL Cloud	malware
https://halffreesk.live/api/item/random?num=6&name=	100%	Avira URL Cloud	malware
https://images2.marisa.com.br/medias/sys_master/images/images/hac/h95/11387140505630/Calca-Jeans-Feminina-Cigarrete-Barra-Desfiada-Marisa-10040518701-C2.jpg	0%	Avira URL Cloud	safe
https://halffreesk.live/static/default/js/delighters.js	100%	Avira URL Cloud	malware
https://halffreesk.live/static/zxzxsell/js/jquery.min.js	100%	Avira URL Cloud	malware
https://halffreesk.live/about_us	100%	Avira URL Cloud	malware
https://amtradez.com/wp-content/uploads/2021/12/Amazon-Fire-TV-Stick-4K-Max-Streaming-Media-Player-With-Alexa-Voice-Remote-3rd-Gen.jpg	0%	Avira URL Cloud	safe
https://www.thetshirtmill.com.au/product_view_image/s/image/6/401/487/5001_STAPLE_TEE_WHITE.jpg?1478322878	0%	Avira URL Cloud	safe
https://a-static.mlcdn.com.br/618x463/sandalia-infantil-bibi-afeto-v-masculino-couro-marrom/tocadacorujasl/8689293230/08feff7d3399dc847d5a0f85cdef72c1.jpg	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.synthmuseum.com	172.67.128.76	true	false	unknown
i.ytimg.com	172.217.168.54	true	false	high
jrdunn.com	172.67.37.110	true	false	high
hayumsidaba.com	143.110.185.145	true	false	unknown
images-188528277.eu-west-1.elb.amazonaws.com	54.155.149.16	true	false	high
amtradez.com	23.227.38.32	true	false	unknown
cdn.gdclover.com	172.67.130.130	true	false	unknown
fp28da.wpc.systemcdn.net	93.184.221.225	true	false	unknown
www.revellawear.com	192.84.36.16	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	high
www.panelkirtasiye.com	93.94.253.146	true	false	high
www.google.com	172.217.168.68	true	false	high
tradeinn.com	34.111.145.82	true	false	high
asketica.com	87.236.16.238	true	false	unknown
cdn.shopify.com	23.227.60.200	true	false	high
store.deconetwork.com	65.39.250.34	true	false	unknown
www.soccerpro.com	172.67.43.229	true	false	high
fanatics.frgimages.com	80.67.82.64	true	false	high
clients.l.google.com	142.250.203.110	true	false	high
www.digitalsport.com.ar	18.173.187.87	true	false	unknown
ae01.alicdn.com.danuoyi.alicdn.com	163.181.92.148	true	false	high
media.karousell.com	190.93.245.83	true	false	high
softsweetdecordolci.it	46.16.95.76	true	false	unknown
cfs3.monicavinader.com	104.22.71.121	true	false	high
products.blains.com	18.173.154.86	true	false	unknown
panda-q.com	157.245.224.113	true	false	unknown
111611f.ha.azioncdn.net	186.195.66.65	true	false	unknown
www.stampainunclick.com	93.186.252.173	true	false	unknown
insideedgeboutiqueandsports.com	45.79.71.65	true	false	unknown
shops.myshopify.com	23.227.38.74	true	false	unknown
squarespace.map.fastly.net	151.101.0.238	true	false	unknown
scontent.xx.fbcdn.net	157.240.17.15	true	false	high
cs203.wac.edgecastcdn.net	68.232.35.237	true	false	high
lorisvelos.ch	149.126.4.89	true	false	unknown
images.stockx.com	104.18.218.12	true	false	high
c.media-amazon.com	99.84.92.147	true	false	high
debh2m79z4lnh.cloudfront.net	108.138.36.83	true	false	high
halffreesk.live	104.21.24.64	true	false	unknown
u4l3gmyiw2.map.azionedge.net	179.191.182.65	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
accounts.google.com	172.217.168.77	true	false	high
www.wholesomespetfood.com	104.21.54.74	true	false	unknown
media.generalpants.com	104.21.12.125	true	false	high
di2ponv0v5otw.cloudfront.net	108.138.34.64	true	false	high
iowastyleapparel.com	199.34.228.164	true	false	unknown
media.amazon.map.fastly.net	151.101.1.16	true	false	unknown
www.fuel.com.gr	104.26.9.210	true	false	unknown
1794488p.ha.azioncdn.net	179.191.188.65	true	false	unknown
veloshop.co.kr	210.114.0.245	true	false	unknown
ameliasfinejewelry.com	172.67.137.130	true	false	unknown
media.iwm.org.uk	172.67.40.161	true	false	unknown
luxury-shop.at	194.59.164.32	true	false	unknown
www.amtradez.com	unknown	unknown	false	unknown
www.panda-q.com	unknown	unknown	false	unknown
backend.tops.co.th	unknown	unknown	false	unknown
emea.mizuno.com	unknown	unknown	false	high
images-na.ssl-images-amazon.com	unknown	unknown	false	high
i.ebayimg.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
www.iowastyleapparel.com	unknown	unknown	false	unknown
m.veloshop.co.kr	unknown	unknown	false	unknown
ih1.redbubble.net	unknown	unknown	false	high
rukminim1.flixcart.com	unknown	unknown	false	high
i5.walmartimages.com	unknown	unknown	false	high
mobileimages.lowes.com	unknown	unknown	false	high
images2.marisa.com.br	unknown	unknown	false	unknown
lu.tumi.com	unknown	unknown	false	high
www.thetshirtmill.com.au	unknown	unknown	false	unknown
m.media-amazon.com	unknown	unknown	false	high
www.marc-orian.com	unknown	unknown	false	unknown
images.asos-media.com	unknown	unknown	false	high
images.thdstatic.com	unknown	unknown	false	unknown
images.ikrix.com	unknown	unknown	false	high
static.nike.com	unknown	unknown	false	high
images.tokopedia.net	unknown	unknown	false	high
n.nordstrommedia.com	unknown	unknown	false	high
lookaside.fbsbx.com	unknown	unknown	false	high
www.ps4x4test.com.au	unknown	unknown	false	unknown
www.jomalone.com.au	unknown	unknown	false	unknown
i.etsystatic.com	unknown	unknown	false	high
a-static.mlcdn.com.br	unknown	unknown	false	unknown
cdn.idealo.com	unknown	unknown	false	high
www.softsweetdecordolci.it	unknown	unknown	false	unknown
images.squarespace-cdn.com	unknown	unknown	false	unknown
4cb73f7e99eaf5ae6430-e2e02f70573d204eabc739b1a68e43a5.ssl.cf2.rackcdn.com	unknown	unknown	false	high
ae01.alicdn.com	unknown	unknown	false	high
slimages.macysassets.com	unknown	unknown	false	high
images.dsw.com	unknown	unknown	false	high
cms-cdn.thesolesupplier.co.uk	unknown	unknown	false	unknown
global.cdn.magazord.com.br	unknown	unknown	false	unknown
www.tradeinn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.amtradez.com%252Fwp-content%252Fuploads%252F2021%252F12%252FAmazon-Fire-TV-Stick-4K-Max-Streaming-Media-Player-With-Alexa-Voice-Remote-3rd-Gen.jpg	false	Avira URL Cloud: malware	unknown
https://ae01.alicdn.com/kf/S472b987594ef449ebe21f1cba049da82m/CST-2PCS-Bicycle-Ultralight-Inner-Tube-26-27-5-29-700c-Rubber-Cycing-Interior-Tyre-For.jpg	false		high
https://m.media-amazon.com/images/I/91SsdMmNkgL._AC_UF1000,1000_QL80_.jpg	false		high
https://www.amtradez.com/wp-content/uploads/2021/12/Amazon-Fire-TV-Stick-4K-Max-Streaming-Media-Player-With-Alexa-Voice-Remote-3rd-Gen.jpg	false	Avira URL Cloud: safe	unknown
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.tradeinn.com%252Ff%252F13740%252F137406236_3%252Fadidas-originals-balanta-96-track-jacket.jpg	false	Avira URL Cloud: malware	unknown
https://www.panda-q.com/2812-large_default/panda-sunglasses-uv-400-folding-frame-kids-panda-bear-sunglasses.jpg	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.3.2/swiper-bundle.min.css	false		high
https://m.media-amazon.com/images/I/31Dhot6dYGL._AC_SY580_.jpg	false		high
https://www.softsweetdecordolci.it/5998-large_default/pupazzo-hyppo-love-con-cuore-ti-voglio-bene-30-cm.jpg	false	Avira URL Cloud: safe	unknown
https://cdn.shopify.com/s/files/1/0165/9194/5782/products/tommy-hilfiger-hoodie_5627_2448x.png?v=1652970998	false		high
https://www.stampainunclick.com/cms/contenuto/c_99/img/621160.png	false	Avira URL Cloud: safe	unknown
https://images.stockx.com/images/Supreme-Cheese-Tee-Woodland-Camo.jpg?fit=fill&bg=FFFFFF&w=700&h=500&fm=webp&auto=compress&q=90&dpr=2&trim=color&updated_at=1614200579	false		high
https://cdn.shopify.com/s/files/1/0984/4522/products/AssassinsCreedHoodiesForMen_2_1024x1024.jpg?v=1594270945	false		high
https://www.fuel.com.gr/pub/media/catalog/product/cache/f6ccabc43e7d1c55dd9185c8276d1df5/d/d/dd2002-001-12.jpg	false	Avira URL Cloud: safe	unknown
https://ih1.redbubble.net/image.2939248673.4315/ssrco,slim_fit_t_shirt,mens,fafafa:ca443f4786,front,square_product,600x600.jpg	false		high
https://halffreesk.live/favicon.ico	false	Avira URL Cloud: malware	unknown
https://i.ytimg.com/vi/-_32rvVEpQs/maxresdefault.jpg	false		high
https://halffreesk.live/	false		unknown
https://www.revellawear.com/images/products/detail/567TIFFemeraldgreenfrontwithcrystals.1.jpg	false	Avira URL Cloud: safe	unknown
https://halffreesk.live/static/default/css/iconfont.css	false	Avira URL Cloud: malware	unknown
https://insideedgeboutiqueandsports.com/wp-content/uploads/2020/06/wanakome%20web.png	false	Avira URL Cloud: safe	unknown
https://halffreesk.live/static/default/js/vue.min.js	false	Avira URL Cloud: malware	unknown
https://ameliasfinejewelry.com/wp-content/uploads/2020/07/DW-127-1.jpg	false	Avira URL Cloud: safe	unknown
https://halffreesk.live/	false		unknown
https://halffreesk.live/api/item/random	false	Avira URL Cloud: malware	unknown
https://lookaside.fbsbx.com/lookaside/crawler/media/?media_id=504726451652902	false		high
https://a.nel.cloudflare.com/report/v3?s=u9fktdGX%2BgezURcTgDEVXQD5u2m0OdjF6GwfPwVrXgHewSOI9RW5074Rwe75BuAg%2BjjxKhPVYJWk8X8jbI94NG6FaEs5PeypiGRynd74EgVdLJV0pwmvgMwcxeNhEwBjpg%3D%3D	false		high
https://m.media-amazon.com/images/I/516vB9xIZcL.jpg	false		high
https://ae01.alicdn.com/kf/H4e93dbf45dba486c9878fdbd3cdf4f8bw/BlitzWolf-RGB-Gaming-Chair-Racing-Gaming-Chair-Office-Chair-Executive-Chair-Swivel-Chair-LED-Gamer-Computer.jpg_Q90.jpg_.webp	false		high
https://halffreesk.live/api/item/info?id=448761091	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/static/zxzxsell/fonts/Graphik-Medium.woff2	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/api/item/type	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/category/hot/40_1.html	false		unknown
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fmedia.generalpants.com%252Fsys-master%252Fimages%252Fhb1%252Fh08%252F9795665428510%252F883985578937_0004.jpg	false	Avira URL Cloud: malware	unknown
https://i.ebayimg.com/thumbs/images/g/-kwAAOSwkZxitR5S/s-l300.jpg	false		high
https://halffreesk.live/static/default/img/20220514153821.png	false	Avira URL Cloud: malware	unknown
https://di2ponv0v5otw.cloudfront.net/posts/2022/12/05/638ebd5f4bc6556262a4412e/s_638ebd851741be81df5fb986.jpg	false		high
https://fanatics.frgimages.com/san-antonio-spurs/mens-mitchell-and-ness-tony-parker-black-san-antonio-spurs-hardwood-classics-2001-02-swingman-jersey_pi3702000_ff_3702468-2f9b97b7ec1c36745dc3_full.jpg?_hv=2&w=600	false		high
https://www.digitalsport.com.ar/files/products/5b55d11a287e3-445772-500x500.jpg	false	Avira URL Cloud: safe	unknown
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.fuel.com.gr%252Fpub%252Fmedia%252Fcatalog%252Fproduct%252Fcache%252Ff6ccabc43e7d1c55dd9185c8276d1df5%252Fd%252Fd%252Fdd2002-001-12.jpg	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/static/zxzxsell/js/main.min.js	false	Avira URL Cloud: malware	unknown
https://images-na.ssl-images-amazon.com/images/I/51c+lgi1lCL._AC_UL210_SR210,210_.jpg	false		high
https://ae01.alicdn.com/kf/HTB1UmsoLpXXXXcgXXXXq6xXFXXXE/oMoToys-Rare-Beyblades-Metal-Burst-Top-Video-Game-Edition-Counter-Attack-Leo-King-Leone-D125B.jpg	false		high
https://m.media-amazon.com/images/I/41ySh3us0-L._AC_SY580_.jpg	false		high
https://cfs3.monicavinader.com/images/detail/14523106-ss-bm-lnbb-bla-front-.jpg	false		high
https://halffreesk.live/static/zxzxsell/fonts/Graphik-Bold.woff2	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/static/zxzxsell/fonts/fontawesome-webfont.woff2	false	Avira URL Cloud: malware	unknown
https://i.ebayimg.com/images/g/HfYAAOSw64Jhb9F5/s-l1600.jpg	false		high
https://m.media-amazon.com/images/I/81+XJW18OBL.jpg	false		high
https://images.ikrix.com/product_images/original/colmar-originals-online-padded-jackets-empire-royal-blue-puffer-hooded-jacket-00000136491f00s012.jpg	false		high
https://cdn.shopify.com/s/files/1/1628/6137/products/product-image-746769068.jpg?v=1571312978	false		high
https://media.generalpants.com/sys-master/images/hb1/h08/9795665428510/883985578937_0004.jpg	false		high
https://i.ebayimg.com/images/g/gm0AAOSwK~ldoOpB/s-l500.jpg	false		high
https://m.media-amazon.com/images/I/418utXRRp9L._AC_SY580_.jpg	false		high
https://m.media-amazon.com/images/I/71wtQvaC+CL._AC_UL1500_.jpg	false		high
https://m.veloshop.co.kr/web/product/big/201808/6b1bc2f37bf81b73c89ba4765f481eb8.jpg	false	Avira URL Cloud: safe	unknown
https://www.wholesomespetfood.com/wp-content/uploads/WHSMS_40LB_Energy-Series_Energy-Plus_F-600x600.webp	false	Avira URL Cloud: safe	unknown
https://www.tradeinn.com/f/13740/137406236_3/adidas-originals-balanta-96-track-jacket.jpg	false		high
https://halffreesk.live/static/zxzxsell/fonts/ionicons.woff	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Flookaside.fbsbx.com%252Flookaside%252Fcrawler%252Fmedia%252F%253Fmedia_id%253D504726451652902	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.wigglestatic.com%252Fproduct-media%252F160761%252Fprod160761_Black_NE_01.jpg	false	Avira URL Cloud: malware	unknown
https://global.cdn.magazord.com.br/marris/img/2022/03/produto/1696/jaqueta-corta-vento-infantil-masculina-azul-marinho-c-verde-neon-3.jpg?ims=fit-in/425x635/filters:fill(white)	false	Avira URL Cloud: safe	unknown
https://products.blains.com/100/144/1441853.jpg	false	Avira URL Cloud: safe	unknown
https://cms-cdn.thesolesupplier.co.uk/2019/05/Nike-M2K-Tekno-Black-Orange-AO3108-014-tsw_w900.png	false	Avira URL Cloud: safe	unknown
https://halffreesk.live/static/default/img/slide_homepage_1.jpeg	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Flookaside.fbsbx.com%252Flookaside%252Fcrawler%252Fmedia%252F%253Fmedia_id%253D1800677493564179	false	Avira URL Cloud: malware	unknown
https://www.synthmuseum.com/korg/kormp01.jpg	false	Avira URL Cloud: safe	unknown
https://ae01.alicdn.com/kf/Hcfa8c61b136044b7b90ac568c95ba2d2N/Large-Size-Panama-Cap-Big-Bone-Men-Women-Beach-Wide-Brim-Fedora-High-Quality-Plus-Size.jpg	false		high
https://halffreesk.live/static/zxzxsell/css/main.min.css?1	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/api/item/random?num=6&name=	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/shopping_cart	false		unknown
https://halffreesk.live/shopping_cart	false		unknown
https://images2.marisa.com.br/medias/sys_master/images/images/hac/h95/11387140505630/Calca-Jeans-Feminina-Cigarrete-Barra-Desfiada-Marisa-10040518701-C2.jpg	false	Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://halffreesk.live/static/default/js/delighters.js	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/static/zxzxsell/js/jquery.min.js	false	Avira URL Cloud: malware	unknown
https://amtradez.com/wp-content/uploads/2021/12/Amazon-Fire-TV-Stick-4K-Max-Streaming-Media-Player-With-Alexa-Voice-Remote-3rd-Gen.jpg	false	Avira URL Cloud: safe	unknown
https://m.media-amazon.com/images/I/61LC+P5IURL.jpg	false		high
https://cdn.shopify.com/s/files/1/0484/0009/products/48551Royal-Canin-Puppy-Gravy-Mini-0_1600x1600.jpg?v=1636609132	false		high
https://www.thetshirtmill.com.au/product_view_image/s/image/6/401/487/5001_STAPLE_TEE_WHITE.jpg?1478322878	false	Avira URL Cloud: safe	unknown
https://www.tradeinn.com/f/13693/136931153_5/puma-smash-v2-velcro-trainers.jpg	false		high
https://cdnjs.cloudflare.com/ajax/libs/vue-resource/1.5.3/vue-resource.min.js	false		high
https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.3.2/swiper-bundle.js	false		high
https://cdn.shopify.com/s/files/1/1872/9369/products/Patek-Philippe-Nautilus-3700J_0026_Layer-22.png?v=1665643893	false		high
https://a-static.mlcdn.com.br/618x463/sandalia-infantil-bibi-afeto-v-masculino-couro-marrom/tocadacorujasl/8689293230/08feff7d3399dc847d5a0f85cdef72c1.jpg	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://halffreesk.live/shippinginfo	chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/privacy	chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	false	Avira URL Cloud: malware	unknown
https://twitter.com/benjsperry	chromecache_351.1.dr	false		high
http://prismstandard.org/namespaces/prismusagerights/2.1/	chromecache_532.1.dr	false	URL Reputation: safe	unknown
https://halffreesk.live/contact_us	chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/advanced_search_result	chromecache_337.1.dr	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/checkout	chromecache_342.1.dr	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/product_details/	chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/trackorder	chromecache_337.1.dr	false	Avira URL Cloud: malware	unknown
https://www.instagram.com/	chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	false		high
https://halffreesk.live/static/zxzxsell/img/b5.jpg	chromecache_344.1.dr	false	Avira URL Cloud: malware	unknown
https://halffreesk.live/faq	chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	false	Avira URL Cloud: malware	unknown
https://cdn.jsdelivr.net/npm/vue	chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	false		high
https://github.com/google/material-design-icons	chromecache_351.1.dr	false		high
https://halffreesk.live/about_us	chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
80.67.82.40	unknown	European Union	20940	AKAMAI-ASN1EU	false
93.184.221.225	fp28da.wpc.systemcdn.net	European Union	15133	EDGECASTUS	false
163.181.92.173	unknown	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
18.173.187.55	unknown	United States	3	MIT-GATEWAYSUS	false
104.26.9.210	www.fuel.com.gr	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
45.79.71.65	insideedgeboutiqueandsports.com	United States	63949	LINODE-APLinodeLLCUS	false
172.67.29.187	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.0.212	unknown	United States	13335	CLOUDFLARENETUS	false
18.173.154.86	products.blains.com	United States	3	MIT-GATEWAYSUS	false
80.67.82.34	unknown	European Union	20940	AKAMAI-ASN1EU	false
104.22.14.196	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.24.64	halffreesk.live	United States	13335	CLOUDFLARENETUS	false
172.67.137.130	ameliasfinejewelry.com	United States	13335	CLOUDFLARENETUS	false
104.22.59.218	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.130.130	cdn.gdclover.com	United States	13335	CLOUDFLARENETUS	false
68.232.35.237	cs203.wac.edgecastcdn.net	United States	15133	EDGECASTUS	false
80.67.82.64	fanatics.frgimages.com	European Union	20940	AKAMAI-ASN1EU	false
104.22.39.238	unknown	United States	13335	CLOUDFLARENETUS	false
23.227.38.74	shops.myshopify.com	Canada	13335	CLOUDFLARENETUS	false
108.138.34.64	di2ponv0v5otw.cloudfront.net	United States	16509	AMAZON-02US	false
23.227.60.200	cdn.shopify.com	Canada	62679	SHOPIFYASN1CA	false
108.138.36.83	debh2m79z4lnh.cloudfront.net	United States	16509	AMAZON-02US	false
151.101.0.238	squarespace.map.fastly.net	United States	54113	FASTLYUS	false
54.228.228.178	unknown	United States	16509	AMAZON-02US	false
172.217.168.68	www.google.com	United States	15169	GOOGLEUS	false
157.240.17.15	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
54.155.149.16	images-188528277.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
104.21.54.74	www.wholesomespetfood.com	United States	13335	CLOUDFLARENETUS	false
34.111.145.82	tradeinn.com	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
87.236.16.238	asketica.com	Russian Federation	198610	BEGET-ASRU	false
108.138.39.219	unknown	United States	16509	AMAZON-02US	false
172.217.168.77	accounts.google.com	United States	15169	GOOGLEUS	false
46.16.95.76	softsweetdecordolci.it	Italy	52030	SERVERPLAN-ASIT	false
149.126.4.89	lorisvelos.ch	Switzerland	47302	CYONCH	false
192.84.36.16	www.revellawear.com	United States	55002	DEFENSE-NETUS	false
194.59.164.32	luxury-shop.at	Germany	47583	AS-HOSTINGERLT	false
151.101.1.16	media.amazon.map.fastly.net	United States	54113	FASTLYUS	false
18.173.154.142	unknown	United States	3	MIT-GATEWAYSUS	false
179.191.188.65	1794488p.ha.azioncdn.net	Brazil	52580	AzionTechnologiesLtdaBR	false
179.191.165.65	unknown	Brazil	52580	AzionTechnologiesLtdaBR	false
199.34.228.164	iowastyleapparel.com	United States	27647	WEEBLYUS	false
172.67.217.81	unknown	United States	13335	CLOUDFLARENETUS	false
186.195.66.65	111611f.ha.azioncdn.net	Brazil	262735	GlobalConectLtdaBR	false
172.67.40.161	media.iwm.org.uk	United States	13335	CLOUDFLARENETUS	false
104.18.218.12	images.stockx.com	United States	13335	CLOUDFLARENETUS	false
104.22.71.121	cfs3.monicavinader.com	United States	13335	CLOUDFLARENETUS	false
172.217.168.54	i.ytimg.com	United States	15169	GOOGLEUS	false
93.186.252.173	www.stampainunclick.com	Italy	31034	ARUBA-ASNIT	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false
65.39.250.34	store.deconetwork.com	Canada	13768	COGECO-PEER1CA	false
163.171.147.15	unknown	European Union	54994	QUANTILNETWORKSUS	false
143.110.185.145	hayumsidaba.com	United States	30376	COLLEGE-OF-ST-SCHOLASTICAUS	false
163.181.92.148	ae01.alicdn.com.danuoyi.alicdn.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
23.227.38.32	amtradez.com	Canada	13335	CLOUDFLARENETUS	false
99.84.92.147	c.media-amazon.com	United States	16509	AMAZON-02US	false
172.67.43.229	www.soccerpro.com	United States	13335	CLOUDFLARENETUS	false
172.67.37.110	jrdunn.com	United States	13335	CLOUDFLARENETUS	false
172.67.128.76	www.synthmuseum.com	United States	13335	CLOUDFLARENETUS	false
210.114.0.245	veloshop.co.kr	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
157.245.224.113	panda-q.com	United States	14061	DIGITALOCEAN-ASNUS	false
104.21.12.125	media.generalpants.com	United States	13335	CLOUDFLARENETUS	false
179.191.182.65	u4l3gmyiw2.map.azionedge.net	Brazil	52580	AzionTechnologiesLtdaBR	false
190.93.245.83	media.karousell.com	Costa Rica	13335	CLOUDFLARENETUS	false
104.21.3.86	unknown	United States	13335	CLOUDFLARENETUS	false
18.173.187.87	www.digitalsport.com.ar	United States	3	MIT-GATEWAYSUS	false
172.67.136.99	unknown	United States	13335	CLOUDFLARENETUS	false
93.94.253.146	www.panelkirtasiye.com	Turkey	47123	MEDNAUTILUSTR	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1293506
Start date and time:	2023-08-18 18:20:13 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://halffreesk.live
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@29/260@272/72
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://halffreesk.live/category/hot/40_1.html Browse: https://halffreesk.live/category/new/40_1.html Browse: https://halffreesk.live/shopping_cart

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 172.217.168.67, 34.104.35.123, 172.217.168.10, 172.217.168.74, 142.250.203.106, 216.58.215.234, 23.10.249.163, 23.0.174.235, 104.109.250.148, 104.109.250.196, 23.211.4.210, 104.16.12.105, 104.16.11.105, 23.211.6.8, 23.0.174.81, 23.0.174.98, 104.109.250.17, 104.109.250.24, 95.100.56.253, 23.211.4.203, 104.18.160.41, 104.18.161.41, 104.18.193.33, 104.18.192.33, 23.211.6.10, 23.211.5.22, 80.67.82.57, 80.67.82.33, 23.213.164.176, 151.101.2.132, 151.101.66.132, 151.101.130.132, 151.101.194.132, 104.17.216.100, 104.17.212.100, 104.17.213.100, 104.17.215.100, 104.17.214.100, 23.211.5.161, 23.10.249.147, 23.0.174.8
Excluded domains from analysis (whitelisted): i5-cdn.walmartimages.com.akadns.net, cdn.idealo.com-v1.edgekey.net, e24693.b.akamaiedge.net, j.sni.global.fastly.net, clientservices.googleapis.com, arc.msn.com, a1825.r.akamai.net, images.dsw.com.edgekey.net, e5791.a.akamaiedge.net, prod.jomalone.edgekey.net, tops.co.th.edgekey.net, snir.asos-media.com.edgekey.net, e3886.x.akamaiedge.net, e14801.x.akamaiedge.net, update.googleapis.com, images.tokopedia.net.edgesuite.net, rukminim1.flixcart.com.edgekey.net, emea.mizuno.com.cdn.cloudflare.net, lu.tumi.com.cdn.cloudflare.net, e39664.a.akamaiedge.net, stores.neto.com.au.cdn.cloudflare.net, www.bing.com, e40758.dscx.akamaiedge.net, client.wns.windows.com, www.marc-orian.com.cdn.cloudflare.net, mobileimages.lowes.com.edgekey.net, 2-01-49b5-0153.cdx.cedexis.net, content-autofill.googleapis.com, san-cn.cloudinary.com.edgekey.net, e17413.a.akamaiedge.net, e10798.x.akamaiedge.net, i.etsystatic.com.edgesuite.net, san-cn.cloudinary.com.edgekey.net.globalredir.akadns.net, e16
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1765
Entropy (8bit):	6.016932513650603
Encrypted:	false
SSDEEP:	48:p/hKAGj0FnAp7XgNGIaku9E5tPJXaWqkbszesM:R5Gj0FAlsaBmfPsRD3M
MD5:	6D1D175F88B64546105E3E7C31D1129A
SHA1:	75A1B56F55BB62B05365A0FDBFC7941DE77CBFAF
SHA-256:	A0BC246E8E160A9BB32FA60F4E7A04D148A17125F426509466031E07731FDF81
SHA-512:	5C80908331E30C7EAD67F7F6C5AB064B07626FD9C58925A0D2124D66B25C5AE2F218BDACFB68AFCB332E88EB297CFB7E0A7A9E5E1E54C9B7A510FEF095F9B54F
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiSUxrUllPSmhIVEZacllLRmN5UC12SkJrVjNWbWVLdHo4d1hEb2VPWjBZMCJ9LHsicGF0aCI6InNzbF9lcnJvcl9hc3Npc3RhbnQucGIiLCJyb290X2hhc2giOiJyRFZLUnlPcXBQQnI3RGhkM2VTazBKZzYxUlJXOVNzeHFBYU95WDFiWHFjIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoiZ2lla2NtbWxua2xlbmxhb21wcGtwaGtuam1ubnBuZWgiLCJpdGVtX3ZlcnNpb24iOiI3IiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"nBdNk-7bgnEftAs4hWaHwF1Lk9pt7Eh6pcqe2gyNsE7VnVRp-H27tm1RFAF4htCUlXNJxX6YY-MUiK2DqJpQ3c73KDaFV8DcnadQfcXO3Lbrw7jLYSUaSdzujPkTyhuFcq_BhK0KWiIJ0aJgh7nVOBfAa5AbE6oFlLKMB2Ls0gmzS1-a5hUIu4rw2h9r9jkr6gLYbein5Jk2hdwW3u-1GNjyki4dftG2iZNAI8VhUf5gnCiF4AHCnYSGJsM0RGkmO_HJIzgwpQpP3RDsG2ioeKgxL-kcHhjXWOj3uVGyxpp1FkyHGkeGuqpFZMAxx3CEBiOtFj7i3iQxkgEW-E3uMKI3yA

Source: https://halffreesk.live/privacy	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/shippinginfo	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.tradeinn.com%252Ff%252F13740%252F137406236_3%252Fadidas-originals-balanta-96-track-jacket.jpg	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.amtradez.com%252Fwp-content%252Fuploads%252F2021%252F12%252FAmazon-Fire-TV-Stick-4K-Max-Streaming-Media-Player-With-Alexa-Voice-Remote-3rd-Gen.jpg	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/favicon.ico	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/advanced_search_result	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/contact_us	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/product_details/	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/default/css/iconfont.css	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/checkout	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/default/js/vue.min.js	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/random	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/trackorder	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/info?id=448761091	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/zxzxsell/fonts/Graphik-Medium.woff2	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/type	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fmedia.generalpants.com%252Fsys-master%252Fimages%252Fhb1%252Fh08%252F9795665428510%252F883985578937_0004.jpg	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/zxzxsell/img/b5.jpg	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/default/img/20220514153821.png	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.fuel.com.gr%252Fpub%252Fmedia%252Fcatalog%252Fproduct%252Fcache%252Ff6ccabc43e7d1c55dd9185c8276d1df5%252Fd%252Fd%252Fdd2002-001-12.jpg	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/zxzxsell/js/main.min.js	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/zxzxsell/fonts/Graphik-Bold.woff2	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/faq	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/zxzxsell/fonts/fontawesome-webfont.woff2	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/zxzxsell/fonts/ionicons.woff	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Flookaside.fbsbx.com%252Flookaside%252Fcrawler%252Fmedia%252F%253Fmedia_id%253D504726451652902	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Fwww.wigglestatic.com%252Fproduct-media%252F160761%252Fprod160761_Black_NE_01.jpg	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/default/img/slide_homepage_1.jpeg	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/getImageUrl?url=https%253A%252F%252Flookaside.fbsbx.com%252Flookaside%252Fcrawler%252Fmedia%252F%253Fmedia_id%253D1800677493564179	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/zxzxsell/css/main.min.css?1	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/api/item/random?num=6&name=	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/default/js/delighters.js	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/static/zxzxsell/js/jquery.min.js	Avira URL Cloud: Label: malware
Source: https://halffreesk.live/about_us	Avira URL Cloud: Label: malware

Source: https://halffreesk.live/	HTTP Parser: No favicon
Source: https://halffreesk.live/category/hot/40_1.html	HTTP Parser: No favicon
Source: https://halffreesk.live/category/hot/40_1.html	HTTP Parser: No favicon
Source: https://halffreesk.live/category/new/40_1.html	HTTP Parser: No favicon
Source: https://halffreesk.live/category/new/40_1.html	HTTP Parser: No favicon
Source: https://halffreesk.live/shopping_cart	HTTP Parser: No favicon
Source: https://halffreesk.live/product_details/448761091.html	HTTP Parser: No favicon
Source: https://halffreesk.live/product_details/448761091.html	HTTP Parser: No favicon

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 18 Aug 2023 16:21:17 GMTServer: AmazonS3X-Cache: Error from cloudfrontVia: 1.1 fdeb2756d6789b370622d82fde82a532.cloudfront.net (CloudFront)X-Amz-Cf-Pop: MUC50-P2X-Amz-Cf-Id: boJJqnujhdyorGVU9v7LYYyQ1895aosfLCv9YcBUsH4pvdZbodSrmA==
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddencontent-type: text/html; charset=UTF-8Content-Length: 134via: 1.1 googledate: Fri, 18 Aug 2023 16:22:10 GMTAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Aug 2023 16:22:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: 314X-Sorting-Hat-ShopId: 78302445883X-Storefront-Renderer-Rendered: 1Set-Cookie: keep_alive=7c5c795e-308b-4354-9681-39885f5ee107; path=/; expires=Fri, 18 Aug 2023 16:52:11 GMT; HttpOnly; SameSite=LaxSet-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22AE%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=amtradez.com; path=/; expires=Sat, 19 Aug 2023 16:22:11 GMT; SameSite=LaxSet-Cookie: _y=7a9b839a-a01a-4e94-bd5d-2860531df6c4; Expires=Sat, 17-Aug-24 16:22:11 GMT; Domain=amtradez.com; Path=/; SameSite=LaxSet-Cookie: _s=cf875e5e-74e5-444e-a851-3066921d8691; Expires=Fri, 18-Aug-23 16:52:11 GMT; Domain=amtradez.com; Path=/; SameSite=LaxSet-Cookie: _shopify_y=7a9b839a-a01a-4e94-bd5d-2860531df6c4; Expires=Sat, 17-Aug-24 16:22:11 GMT; Domain=amtradez.com; Path=/; SameSite=LaxSet-Cookie: _shopify_s=cf875e5e-74e5-444e-a851-3066921d8691; Expires=Fri, 18-Aug-23 16:52:11 GMT; Domain=amtradez.com; Path=/; SameSite=LaxX-Shopify-Granular-Consent-Beta: 1
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 18 Aug 2023 16:22:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengeCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D76x39RDNV3f3tq2DbJPwLhhoFueHh2bXogkevCy1iIKHMQrt6pUYLXpCJ6%2BGFW7s4kVJIe1BkDqpcICvSc0JD2nLs%2B3vhVRPxdIb%2FkmpoVmNAWXOgjfYnIlYjAdYoVAMg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7f8b7ec3cbad92b9-FRAalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Fri, 18 Aug 2023 16:22:47 GMTContent-Type: text/htmlContent-Length: 2016Connection: closeServer: PWS/8.3.1.0.8Expires: Fri, 18 Aug 2023 16:22:47 GMTVia: 1.0 PSfgblPAR2rt183:3 (W), 1.1 PS-VIE-01Lw182:6 (W)X-Px: ms PS-VIE-01Lw182VIE,ms PSfgblPAR2rt183CDG(origin)X-Ws-Request-Id: 64df9ad7_PS-VIE-01Lw182_21218-10037

Source: chromecache_351.1.dr	String found in binary or memory: http://creativecommons.org/licenses/by/4.0/
Source: chromecache_351.1.dr	String found in binary or memory: http://ionicons.com/
Source: chromecache_532.1.dr	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: chromecache_532.1.dr	String found in binary or memory: http://prismstandard.org/namespaces/prismusagerights/2.1/
Source: chromecache_532.1.dr	String found in binary or memory: http://www.iwm.org.uk/collections/item/object/30100763
Source: chromecache_532.1.dr	String found in binary or memory: http://www.iwm.org.uk/collections/item/object/30100763H
Source: chromecache_415.1.dr, chromecache_562.1.dr	String found in binary or memory: http://www.redbubble.com/people/arttaver
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/vue
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.3.2/swiper-bundle.js
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.3.2/swiper-bundle.min.css
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vant/2.12.48/index.css
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vant/2.12.48/vant.min.js
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vue-resource/1.5.3/vue-resource.min.js
Source: chromecache_351.1.dr	String found in binary or memory: https://github.com/driftyco/ionicons
Source: chromecache_351.1.dr	String found in binary or memory: https://github.com/google/material-design-icons
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/about_us
Source: chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/advanced_search
Source: chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/advanced_search_result
Source: chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/category
Source: chromecache_342.1.dr	String found in binary or memory: https://halffreesk.live/checkout
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/contact_us
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/faq
Source: chromecache_342.1.dr	String found in binary or memory: https://halffreesk.live/info_shopping_cart
Source: chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/login
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/pay
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/privacy
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/product_details/
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/shippinginfo
Source: chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/shopping_cart
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/default/css/iconfont.css
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/default/js/delighters.js
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/default/js/public.js
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/default/js/vue.min.js
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/shopa/img/USD.png
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/zxzxsell/css/font-awesome.min.css
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/zxzxsell/css/icon.min.css
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/zxzxsell/css/main.min.css?1
Source: chromecache_344.1.dr	String found in binary or memory: https://halffreesk.live/static/zxzxsell/img/b5.jpeg
Source: chromecache_344.1.dr	String found in binary or memory: https://halffreesk.live/static/zxzxsell/img/b5.jpg
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/zxzxsell/img/logo.png
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/zxzxsell/js/jquery.min.js
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/static/zxzxsell/js/main.min.js
Source: chromecache_337.1.dr	String found in binary or memory: https://halffreesk.live/trackorder
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://twitter.com/
Source: chromecache_351.1.dr	String found in binary or memory: https://twitter.com/benjsperry
Source: chromecache_351.1.dr	String found in binary or memory: https://twitter.com/ionicframework
Source: chromecache_344.1.dr, chromecache_509.1.dr, chromecache_342.1.dr, chromecache_337.1.dr	String found in binary or memory: https://www.instagram.com/

Target ID:	0
Start time:	18:21:05
Start date:	18/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff67bb30000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	18:21:06
Start date:	18/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1924,i,8524080138355103235,7333843845405872983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff67bb30000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	18:21:09
Start date:	18/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://halffreesk.live
Imagebase:	0x7ff67bb30000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://halffreesk.live

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_184010061\_metadata\verified_contents.json

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_184010061\manifest.fingerprint

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_184010061\manifest.json

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_184010061\ssl_error_assistant.pb

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\LICENSE

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\_metadata\verified_contents.json

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\keys.json

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\manifest.fingerprint

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4136_413028359\manifest.json

Chrome Cache Entry: 333

Chrome Cache Entry: 334

Chrome Cache Entry: 335

Chrome Cache Entry: 336

Chrome Cache Entry: 337

Chrome Cache Entry: 338

Chrome Cache Entry: 339

Chrome Cache Entry: 340

Chrome Cache Entry: 341

Chrome Cache Entry: 342

Chrome Cache Entry: 343

Chrome Cache Entry: 344

Chrome Cache Entry: 345

Chrome Cache Entry: 346

Chrome Cache Entry: 347

Chrome Cache Entry: 348

Chrome Cache Entry: 349

Chrome Cache Entry: 350

Chrome Cache Entry: 351

Windows Analysis Report
http://halffreesk.live