Windows Analysis Report
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn

Overview

General Information

Sample URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn
Analysis ID:	1448168
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn	Avira URL Cloud: detection malicious, Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.gif	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.css	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.ttf	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.woff	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.ttf	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.css	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.woff	Avira URL Cloud: Label: phishing

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49721 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Assets/images/img_trans.gif HTTP/1.1Host: onlinebanking.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Assets/images/img_trans.gif HTTP/1.1Host: onlinebanking.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/header_footer.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/general.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/Dropdown-sprite_slk.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /images/Dropdown-sprite_slk.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global traffic	HTTP traffic detected: GET /images/general.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global traffic	HTTP traffic detected: GET /images/header_footer.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/1css.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/Retail.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/CustomerService.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Fonts/CORISANDELight.woff HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Fonts/CORISANDEBold.woff HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Fonts/CORISANDEBold.ttf HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Fonts/CORISANDELight.ttf HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 46814880-10-20181030130048.webstarterz.com
Source: global traffic	DNS traffic detected: DNS query: onlinebanking.mtb.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: resources.mtb.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 341Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 342Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 341Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 340Keep-Alive: timeout=5, max=97Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Source: chromecache_80.2.dr	String found in binary or memory: http://docs.jquery.com/UI/Resizable#theming
Source: chromecache_80.2.dr	String found in binary or memory: http://docs.jquery.com/UI/Theming/API
Source: chromecache_80.2.dr	String found in binary or memory: http://jqueryui.com/about)
Source: chromecache_65.2.dr	String found in binary or memory: https://onlinebanking.mtb.com/Assets/images/img_trans.gif
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/Dropdown-R.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/Dropdown-sprite_slk.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/FormElements.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/Graphic-Header-Commercial.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/Sign-On-Image.jpg
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/general.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/header_footer.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/icon_backtotop.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/numbers.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/services.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/transparent.png

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49721 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@16/36@14/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,10044513003137732851,7729411015593312326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,10044513003137732851,7729411015593312326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
24.75.29.69	onlinebanking.gslb.mtb.com	United States	16490	MTBUS	false
163.44.198.51	46814880-10-20181030130048.webstarterz.com	Singapore	135161	GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG	false
24.75.29.77	resources.gslb.mtb.com	United States	16490	MTBUS	false
192.216.61.78	unknown	United States	12134	MTBUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
onlinebanking.gslb.mtb.com	24.75.29.69	true
46814880-10-20181030130048.webstarterz.com	163.44.198.51	true
www.google.com	216.58.206.68	true
resources.gslb.mtb.com	24.75.29.77	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
onlinebanking.mtb.com	unknown	unknown
resources.mtb.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn	true		unknown
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.woff	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.css	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.gif	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.ttf	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.ttf	false	Avira URL Cloud: phishing	unknown
https://onlinebanking.mtb.com/Assets/images/img_trans.gif	false	Avira URL Cloud: safe	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://resources.mtb.com/images/general.png	false	Avira URL Cloud: safe	unknown
https://resources.mtb.com/images/header_footer.png	false	Avira URL Cloud: safe	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.css	false	Avira URL Cloud: phishing	unknown
https://resources.mtb.com/images/Dropdown-sprite_slk.png	false	Avira URL Cloud: safe	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.woff	false	Avira URL Cloud: phishing	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:38:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	11D2EDCC9CE70D5E6C72593E04F09D10	DDF46EAD63B6D7764D979B41DEF39E39A98742FC	95E389D926C8C2C199D882E5933BD08449E9CD0CEFDFEE21A9401530D8E28A03
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:38:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3E4AF1D22979EAFEDF40A46DAB150C89	3F8D5585D9ED288953803E14AE73EF94A5B11648	028A843C2B689DD72B3C65103886A7EF0CAA58BEE15A41CF2525D00972795842
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F0937F73BD2376BF16F65B4CCC7E74E8	8F45B3979D02A95D510DB8F1F6CED778E5935A8C	8705D637E1C840108263BD4759496FFD30FD32A4C28530900D45709100A31F47
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:38:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	84D91B82517788B2C9CEBD64C971C6E0	0DFBE7FD2E880D7350919AE3B8F9606A3DE3D2A5	1D7E9AB8DA514F860B92BEED5599A203D4AF4B3CB3D85E06E4E4B100B99F0B01
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:38:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	45EC35DE1A4E8855D91DB777B5E15B2E	DD22DB4FFEBE2C295621FD81403DFC14AA12B43E	FEB19BDFA71E4A1DC8C994177AA623A2E57C19AE4FA6D265C27B45C54DACD71B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:38:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FE980C3EE2BE390EC6E6056741D273EE	E27DA8131C6018CC2602978BA310DE1C44198F70	84B5065AFD3A91F63BAE36BD605EEB528F8F40CE95496F02F5EF603920366240
Chrome Cache Entry: 64	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 65	HTML document, Unicode text, UTF-8 text, with CRLF line terminators	CEA048078DDD78CBADF62FA818BD516D	60DC1B35711D9B848C7848147DE9057D66428691	4B7D4E573F96BA38D2D36DEA49EE9426B7476580177995DF62780C469E16E9E4
Chrome Cache Entry: 66	HTML document, ASCII text	BB493412E8749A7D7123FD01D8949B80	75CE31A5BCE190DFE83731C9E3B5B25BAEC75C3A	B6A07F7585F5ED57C2D84B4E17B436483B0FCE5AC179E2D041AA3D1B8A7B6856
Chrome Cache Entry: 67	ASCII text, with no line terminators	4A0C165E777C3B45791C0C674DBF540D	EF2007A280C73F23BFCC0CAB18099D42458841BB	ED2349D81D83AB770F44304A7FE16D05ACDDC8A2178404BE946DFA848A65642F
Chrome Cache Entry: 68	PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced	652A2382A1D4D1159BFFE5DD9C77877D	84B893FD39255950601DA0C8D65735D28E775892	ACFA0CC8B42493333D9032C79E4D91D7BBDD40995A283A3945075DA6FB2F3CFB
Chrome Cache Entry: 69	PNG image data, 320 x 1024, 8-bit/color RGBA, non-interlaced	FD1D14909F77C734324C5709F87A8D46	C07F2A1FB945E769D529ED93F809B16F748D7AC5	8CF4922DEBA1A04C67E4E38F44162C1891C6DE06CF3712F35EA9823555971CA5
Chrome Cache Entry: 70	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 71	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 72	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 73	PNG image data, 997 x 320, 8-bit/color RGBA, non-interlaced	C88FE85B3383F97419F3214A3C15FD43	E41BE6440D6D917FC53132E5FC1ED5FFD50508AB	9D4854E5E3A1CBD737FCC46B9E2D0FA2B5A719BBDFA9E3316B749007CFFE1E3E
Chrome Cache Entry: 74	Unicode text, UTF-8 (with BOM) text, with very long lines (349), with CRLF line terminators	709FA6A3200B9E089B92ABE550CF1777	5B5D771200311B3296B7C57BDB088F97246BC88B	94E99D3AA48374A30A1FF4F7FA6E38EAAD2187B8A78D0BB0EBB0B6076E231416
Chrome Cache Entry: 75	PNG image data, 27 x 196, 8-bit/color RGBA, non-interlaced	B524494760D944F4085F8DF4EEDA7259	DECC05C78BA97DA986DEE26BE7318FADCD394A5A	06CE076A52C4C19D45BF7DD28EE823E8454E8F371A23BD691970B938847CCF49
Chrome Cache Entry: 76	PNG image data, 27 x 196, 8-bit/color RGBA, non-interlaced	B524494760D944F4085F8DF4EEDA7259	DECC05C78BA97DA986DEE26BE7318FADCD394A5A	06CE076A52C4C19D45BF7DD28EE823E8454E8F371A23BD691970B938847CCF49
Chrome Cache Entry: 77	ASCII text, with CRLF line terminators	E4B55E7618D27A27227C82615624E282	8A18A93CBBCE98253D9E9EB8384E8FBA5D7C5B0B	46893D4A48D48C654BB735868E29EA6C54B259EEBEFE67525BAEF3263AFA54BC
Chrome Cache Entry: 78	PNG image data, 320 x 1024, 8-bit/color RGBA, non-interlaced	FD1D14909F77C734324C5709F87A8D46	C07F2A1FB945E769D529ED93F809B16F748D7AC5	8CF4922DEBA1A04C67E4E38F44162C1891C6DE06CF3712F35EA9823555971CA5
Chrome Cache Entry: 79	PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced	652A2382A1D4D1159BFFE5DD9C77877D	84B893FD39255950601DA0C8D65735D28E775892	ACFA0CC8B42493333D9032C79E4D91D7BBDD40995A283A3945075DA6FB2F3CFB
Chrome Cache Entry: 80	ASCII text, with CRLF line terminators	F2EBA01CB188CB9EE41142988C23F945	C352D1C515A2AD7974176D1CECD037FB42D6750D	2F0EE803E96BC89258A488B089ACC1A1F81AB057670200A5CE4E5ED7218B0CEB
Chrome Cache Entry: 81	PNG image data, 997 x 320, 8-bit/color RGBA, non-interlaced	C88FE85B3383F97419F3214A3C15FD43	E41BE6440D6D917FC53132E5FC1ED5FFD50508AB	9D4854E5E3A1CBD737FCC46B9E2D0FA2B5A719BBDFA9E3316B749007CFFE1E3E

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn	Avira URL Cloud: detection malicious, Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.gif	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.css	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.ttf	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.woff	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.ttf	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.css	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.woff	Avira URL Cloud: Label: phishing

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49721 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Assets/images/img_trans.gif HTTP/1.1Host: onlinebanking.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Assets/images/img_trans.gif HTTP/1.1Host: onlinebanking.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/header_footer.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/general.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/Dropdown-sprite_slk.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /images/Dropdown-sprite_slk.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global traffic	HTTP traffic detected: GET /images/general.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global traffic	HTTP traffic detected: GET /images/header_footer.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/1css.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/Retail.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/CustomerService.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Fonts/CORISANDELight.woff HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Fonts/CORISANDEBold.woff HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Fonts/CORISANDEBold.ttf HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Fonts/CORISANDELight.ttf HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 46814880-10-20181030130048.webstarterz.com
Source: global traffic	DNS traffic detected: DNS query: onlinebanking.mtb.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: resources.mtb.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 341Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 342Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 341Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 340Keep-Alive: timeout=5, max=97Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Source: chromecache_80.2.dr	String found in binary or memory: http://docs.jquery.com/UI/Resizable#theming
Source: chromecache_80.2.dr	String found in binary or memory: http://docs.jquery.com/UI/Theming/API
Source: chromecache_80.2.dr	String found in binary or memory: http://jqueryui.com/about)
Source: chromecache_65.2.dr	String found in binary or memory: https://onlinebanking.mtb.com/Assets/images/img_trans.gif
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/Dropdown-R.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/Dropdown-sprite_slk.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/FormElements.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/Graphic-Header-Commercial.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/Sign-On-Image.jpg
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/general.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/header_footer.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/icon_backtotop.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/numbers.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/services.png
Source: chromecache_80.2.dr	String found in binary or memory: https://resources.mtb.com/images/transparent.png

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49721 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@16/36@14/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,10044513003137732851,7729411015593312326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,10044513003137732851,7729411015593312326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1448168
Product:	CloudBasic
Start time:	00:37:27
Start date:	28.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn