Edit tour

Windows Analysis Report
https://www.research.net/r/8BZPWB2

Overview

General Information

Sample URL:	https://www.research.net/r/8BZPWB2
Analysis ID:	1490271

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.research.net/r/8BZPWB2 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1908,i,3560242343669076562,1311281938150589448,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://orange-seal-ldgztk.mystrikingly.com/

LLM: Score: 9 Reasons: The domain 'orange-seal-ldgztk.mystrikingly.com' does not match the brand name 'Secure', and the domain'mystrikingly.com' is a known domain provider for creating free websites, which raises concerns about the authenticity and security of the site. DOM: 4.2.pages.csv

Source: https://orange-seal-ldgztk.mystrikingly.com/

HTTP Parser: Base64 decoded: djg5GBPdTZKBVkVAd1UGPU851f2juvohBWzS8Llkvo4fipN9DZcCdGaXl6BMCZ1ZPjhCLEJNPcL577C2PlJH3Fm0He6eO3azpg+4j9vjZ6CkrsuEBavrmqJjBXdOI2Ao3Nw/sngTvEPcKLU68P2TIC89bmmdzCd18m2hDwaxXDE=--teoF/kZy+3MYpge+ZsYLRg==

Source: https://www.research.net/r/8BZPWB2	HTTP Parser: No favicon
Source: https://www.research.net/r/8BZPWB2	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:59571 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:59572 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:59580 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:59709 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59569 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.research.net
Source: global traffic	DNS traffic detected: DNS query: prod.smassets.net
Source: global traffic	DNS traffic detected: DNS query: secure.surveymonkey.com
Source: global traffic	DNS traffic detected: DNS query: cdn.smassets.net
Source: global traffic	DNS traffic detected: DNS query: cdn.signalfx.com
Source: global traffic	DNS traffic detected: DNS query: bam-cell.nr-data.net
Source: global traffic	DNS traffic detected: DNS query: surveymonkey-assets.s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: orange-seal-ldgztk.mystrikingly.com
Source: global traffic	DNS traffic detected: DNS query: static-fonts-css.strikinglycdn.com
Source: global traffic	DNS traffic detected: DNS query: static-assets.strikinglycdn.com
Source: global traffic	DNS traffic detected: DNS query: assets.strikingly.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: static-fonts.strikinglycdn.com
Source: global traffic	DNS traffic detected: DNS query: d26b395fwzu5fz.cloudfront.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 59586 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 59723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59668
Source: unknown	Network traffic detected: HTTP traffic on port 59746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59667
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59669
Source: unknown	Network traffic detected: HTTP traffic on port 59781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59675
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59677
Source: unknown	Network traffic detected: HTTP traffic on port 59769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59676
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59671
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59670
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59673
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 59608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59679
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59678
Source: unknown	Network traffic detected: HTTP traffic on port 59631 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59685
Source: unknown	Network traffic detected: HTTP traffic on port 59792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59688
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59687
Source: unknown	Network traffic detected: HTTP traffic on port 59574 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59681
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59683
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 59712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59680
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 59620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 59678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59655 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59576
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59575
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59578
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59577
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59572
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59693
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59571
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59692
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59574
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59695
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59573
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59694
Source: unknown	Network traffic detected: HTTP traffic on port 59642 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59691
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59690
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 59757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 59587 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59579
Source: unknown	Network traffic detected: HTTP traffic on port 59619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59587
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59586
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59589
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59588
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59583
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59582
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59585
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59584
Source: unknown	Network traffic detected: HTTP traffic on port 59689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59581
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59580
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 59735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 59733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59628
Source: unknown	Network traffic detected: HTTP traffic on port 59630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59749
Source: unknown	Network traffic detected: HTTP traffic on port 59618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59748
Source: unknown	Network traffic detected: HTTP traffic on port 59596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59629
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59623
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59626
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59625
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59631
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59633
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59632
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59753
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59750
Source: unknown	Network traffic detected: HTTP traffic on port 59679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59667 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59585 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59639
Source: unknown	Network traffic detected: HTTP traffic on port 59701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59638
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59759
Source: unknown	Network traffic detected: HTTP traffic on port 59656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59635
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59634
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59637
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59636
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59642
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59641
Source: unknown	Network traffic detected: HTTP traffic on port 59744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59762
Source: unknown	Network traffic detected: HTTP traffic on port 59768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59644
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59643
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59640
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59760
Source: unknown	Network traffic detected: HTTP traffic on port 59607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59641 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59668 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59649
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59646
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59645
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59648
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59647
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59653
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59652
Source: unknown	Network traffic detected: HTTP traffic on port 59767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59655
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59654
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59775
Source: unknown	Network traffic detected: HTTP traffic on port 59722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59770
Source: unknown	Network traffic detected: HTTP traffic on port 59575 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59651
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59650
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59771
Source: unknown	Network traffic detected: HTTP traffic on port 59629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59657
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59656
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59659
Source: unknown	Network traffic detected: HTTP traffic on port 59745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59658
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59664
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59663
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59666
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59665
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59786
Source: unknown	Network traffic detected: HTTP traffic on port 59657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59660
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59662
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59661
Source: unknown	Network traffic detected: HTTP traffic on port 59700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59782
Source: unknown	Network traffic detected: HTTP traffic on port 59790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59577 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59589 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59669 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59617 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59628 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59590 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59670 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59658 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59576 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59605 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59598
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59597
Source: unknown	Network traffic detected: HTTP traffic on port 59682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59593
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59595
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59590
Source: unknown	Network traffic detected: HTTP traffic on port 59604 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59592
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59591
Source: unknown	Network traffic detected: HTTP traffic on port 59753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59638 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59578 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59615 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59626 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59592 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59614 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59637 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59648 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59580 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59603 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59579 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59593 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59650 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59636 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59601 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59647 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59591 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59613 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59651 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59635 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59581 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59646 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59700
Source: unknown	Network traffic detected: HTTP traffic on port 59634 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59702
Source: unknown	Network traffic detected: HTTP traffic on port 59611 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59710
Source: unknown	Network traffic detected: HTTP traffic on port 59686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59583 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59663 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59719
Source: unknown	Network traffic detected: HTTP traffic on port 59698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59595 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59715
Source: unknown	Network traffic detected: HTTP traffic on port 59726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59712
Source: unknown	Network traffic detected: HTTP traffic on port 59652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59711
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59600
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59720
Source: unknown	Network traffic detected: HTTP traffic on port 59737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59645 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59609
Source: unknown	Network traffic detected: HTTP traffic on port 59697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59606
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59605
Source: unknown	Network traffic detected: HTTP traffic on port 59702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59608
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59607
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59728
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59723
Source: unknown	Network traffic detected: HTTP traffic on port 59783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59601
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59722
Source: unknown	Network traffic detected: HTTP traffic on port 59760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59604
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59603
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59611
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59610
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59731
Source: unknown	Network traffic detected: HTTP traffic on port 59571 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59617
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59738
Source: unknown	Network traffic detected: HTTP traffic on port 59749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59616
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59619
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59618
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59613
Source: unknown	Network traffic detected: HTTP traffic on port 59633 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59612
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59615
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59614
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59620
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59622
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59743
Source: unknown	Network traffic detected: HTTP traffic on port 59794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59621
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59742
Source: unknown	Network traffic detected: HTTP traffic on port 59582 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59664 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 59699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59653 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59573 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59665 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59770 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:59571 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:59572 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:59580 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:59709 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@20/133@44/301

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.research.net/r/8BZPWB2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1908,i,3560242343669076562,1311281938150589448,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1908,i,3560242343669076562,1311281938150589448,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Source	Detection	Scanner	Label	Link
https://www.research.net/r/8BZPWB2	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
dukt9g6vj8lpb.cloudfront.net	52.84.150.39	true	false	unknown
d29twgdo50231s.cloudfront.net	18.245.46.89	true	false	unknown
fastly-tls12-bam-cell.nr-data.net	162.247.243.30	true	false	unknown
d15akbylw3vqc5.cloudfront.net	18.238.243.20	true	false	unknown
s3-w.us-east-1.amazonaws.com	16.182.67.137	true	false	unknown
d26b395fwzu5fz.cloudfront.net	18.238.248.87	true	false	unknown
d2yx97y2ukjhui.cloudfront.net	18.244.18.42	true	false	unknown
dy7t0zkjx7o42.cloudfront.net	13.224.189.23	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
cdn.signalfx.com	18.165.183.26	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
d2redq3h1nilmz.cloudfront.net	18.66.147.104	true	false	unknown
d3t35iddbz3muz.cloudfront.net	18.66.102.17	true	false	unknown
cdn.smassets.net	unknown	unknown	false	unknown
static-assets.strikinglycdn.com	unknown	unknown	false	unknown
static-fonts.strikinglycdn.com	unknown	unknown	false	unknown
surveymonkey-assets.s3.amazonaws.com	unknown	unknown	false	unknown
prod.smassets.net	unknown	unknown	false	unknown
assets.strikingly.com	unknown	unknown	false	unknown
orange-seal-ldgztk.mystrikingly.com	unknown	unknown	true	unknown
static-fonts-css.strikinglycdn.com	unknown	unknown	false	unknown
www.research.net	unknown	unknown	false	unknown
bam-cell.nr-data.net	unknown	unknown	false	unknown
secure.surveymonkey.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://orange-seal-ldgztk.mystrikingly.com/	true		unknown
https://www.research.net/r/8BZPWB2	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
18.244.18.42	d2yx97y2ukjhui.cloudfront.net	United States	16509	AMAZON-02US	false
18.239.18.88	unknown	United States	16509	AMAZON-02US	false
18.66.102.17	d3t35iddbz3muz.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
18.66.102.128	unknown	United States	3	MIT-GATEWAYSUS	false
162.247.243.30	fastly-tls12-bam-cell.nr-data.net	United States	13335	CLOUDFLARENETUS	false
18.238.243.20	d15akbylw3vqc5.cloudfront.net	United States	16509	AMAZON-02US	false
172.217.23.99	unknown	United States	15169	GOOGLEUS	false
18.173.205.26	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.186.110	unknown	United States	15169	GOOGLEUS	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false
18.245.46.89	d29twgdo50231s.cloudfront.net	United States	16509	AMAZON-02US	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
18.66.147.104	d2redq3h1nilmz.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
18.238.248.138	unknown	United States	16509	AMAZON-02US	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
18.165.183.26	cdn.signalfx.com	United States	3	MIT-GATEWAYSUS	false
3.5.27.166	unknown	United States	14618	AMAZON-AESUS	false
142.250.185.234	unknown	United States	15169	GOOGLEUS	false
13.224.189.23	dy7t0zkjx7o42.cloudfront.net	United States	16509	AMAZON-02US	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
64.233.167.84	unknown	United States	15169	GOOGLEUS	false
16.182.67.137	s3-w.us-east-1.amazonaws.com	United States	unknown	unknown	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.238.243.34	unknown	United States	16509	AMAZON-02US	false
18.238.248.87	d26b395fwzu5fz.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.184.238	unknown	United States	15169	GOOGLEUS	false
52.84.150.39	dukt9g6vj8lpb.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1490271
Start date and time:	2024-08-08 23:27:37 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.research.net/r/8BZPWB2
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@20/133@44/301

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.23.99, 142.250.184.238, 64.233.167.84, 34.104.35.123, 142.250.181.227, 2.19.126.137
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://www.research.net/r/8BZPWB2

LLM Input / Output

Input	Output
URL: https://www.research.net/r/8BZPWB2 Model: jbxai	{"result":false,"interest_score":"0.064"}
	{"result":false,"interest_score":"0.064"}
URL: https://orange-seal-ldgztk.mystrikingly.com/ Model: jbxai	{"phishing_score":9,"brand_name":"Secure","reasons":"The domain 'orange-seal-ldgztk.mystrikingly.com' does not match the brand name 'Secure', and the domain'mystrikingly.com' is a known domain provider for creating free websites, which raises concerns about the authenticity and security of the site.","interest_score":"0.980"}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 8 20:28:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9890337819855897
Encrypted:	false
SSDEEP:
MD5:	9D1265780DE5B095B3927B9427FA2993
SHA1:	7D54F312F7B60D721E5C6F7C6551C49B018FA4C8
SHA-256:	A93FC710D2A1E466F3CA93262CA6A64373B129CDED2592A07E8CBC87FCB08B4B
SHA-512:	FA7D62A0FD9F30A118AC458FADB15AB175BEB9AAE10F7C9C6295DA531FBA6901287765AEA6392FB8F16935D2071FA3ECB03D78C2D6289337B4C63AE51C977B0A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......s.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yy.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........2.uw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 30494
Category:	downloaded
Size (bytes):	10418
Entropy (8bit):	7.9763942714922
Encrypted:	false
SSDEEP:
MD5:	45CE9A5F984EA04B0EC310FC552536B9
SHA1:	285321ED536BCD2CA2065E2345ECB6FF9BC2899D
SHA-256:	59291A0ECE85C59A3841C626DA69349B42E5760A76BA44B3322E82A07CE82F7C
SHA-512:	BE7DFD1C06139AEBC11E901AC5CC9253A9A7DF3717FA627732061E4E74C20D6F47914B10224C011708786C2E13ADFD8C5AD11BCD428C94B140EEF4661A602283
Malicious:	false
Reputation:	unknown
URL:	https://static-assets.strikinglycdn.com/webpack/5366.b1ff087e5ce6361c4ea7-site-bundle.js
Preview:	...........}.v....\|..I....EYW.&;...Y.$....,Y.MS...EjH.......v......S..A.....k%...U..n(...'.wI....m.."IW~.&qc.Q..2J..^.v...O...]...C..Y....z..#j.................23.-.;z....o....ur...l..IJ..T..~2...&[....1%..3...&..N3'.......:I..K.n..bpa.H.;..+USs....5...F.....Vw`.. ....7..e.M\| .v..nU`....<...P..n..H..aw8p,.........4...n."><.p.{-.DX<.....`.~..P..D.Y..s..c.9M.4...'.~.......3>=uN</0w.s ..0w.b....x.....Q..Enh.jM.f..3b\C.[?.P......u8X.....e_[).7i\|.b.{......]]'...b............d._i...6.I:..$..u..aX6...,.N..N..V.?...HnA..>1.7.....1B8.B.8......&R.z.......z.....&_..;0... K....u0.d.5.{.S......"[o1N.e.I....<.,.K....W^kt.z5...v....&.di.~..s...{3......Xrd....g../J.k.{.A...g[k.......58..$.....z..[b2`..@v...#.....A.L.J.....^T.$2..lRb.f4.9.o"....\|F... .n.p.h...U<6...n..WT..(m6%..8f...K{.....!1N."....0f.........wi..w...S.`..-.A\.l.a\.\|''..47..N.<.k.4d.(.J....5.vF....F...........8.g.....N...[\..2.5..._u.......D......fd..;..r7?.T...sP6'f...8,.h.h. ..4.k.....

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 8412
Category:	dropped
Size (bytes):	3479
Entropy (8bit):	7.947632880538887
Encrypted:	false
SSDEEP:
MD5:	48910C6D74A41566DF332445F199FA3D
SHA1:	9B7D50DEDFF0AF06B89A60065D306A9429F45A92
SHA-256:	BCEF2F62D4C86DC7E01302DDB4C7975678CD3FC25D2CABF28783F0FCCEF4116B
SHA-512:	38BE3D1111BDBC81C9424AC9324715C07875856C257CC6BFF94229C00ADF5684ABD1C97873FC961C684662D9047A1209FCAA59F13E7A48B713972BBA8B8D67CE
Malicious:	false
Reputation:	unknown
Preview:	...........Yms.8..~.B..x..BYy.zp.....k..x..d.E..D..8 ).c.~.=.IQr.$....@._.n4{..t>(.I.P.Ltb9Sz...4..H...wGo........G"\|..u.?z..E.....Q".....dtv9r....k..L$3.NL. .=Y..v..a..K%....?bX....E.p.c..=...7+dh.u$.L..U.;.+..oo_..KY.+.S...X....x..o.....2..y.d.....ye.:..G-.B...K.BF...t...F.2n6.\....-..P0},v..\|..s....B1+X.2...3G.I.^...8.V........t....H.UT.u..ct..#..j.\|:.:.x6....u..G.a,.....wo`.@g....Q.1LT..2X./s..Y....x........7K.8w.G..hb.2.....OX..U..?..W.$....l.@....Y..ia..5......S.$.N.nX......a....N.%.<....... .q.1.p..JFb.K.9yi C.,..V...rrl.OoD....cE3I......Zh..n.$../......a.H.Y.......~.7...wo.!.g\ .O>...=....'.g.D.n..~z/V..k]<.J..9....S......?..Y.X...E....2..Q-..E.62H.a..h..."...9...+..\].......pr.].LE...{...1y...9.r.e....@.....Yk....e.?8.=a: .;......%....;.x.G..#.tEX.U.$^.9.t.....O_..._ u...t..%.z.&.....B....R.U...'......y~uq2......`..%..5....L ..K...2m9.?.9.,Q..G...)...[}..C{}.]Uj.\|@hV,.o..mls9....D.c..L...).........v..*U...'.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.research.net/r/8BZPWB2

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 286

Chrome Cache Entry: 287

Chrome Cache Entry: 289

Chrome Cache Entry: 292

Chrome Cache Entry: 293

Chrome Cache Entry: 295

Chrome Cache Entry: 296

Chrome Cache Entry: 297

Chrome Cache Entry: 299

Chrome Cache Entry: 300

Chrome Cache Entry: 303

Chrome Cache Entry: 304

Chrome Cache Entry: 306

Chrome Cache Entry: 307

Chrome Cache Entry: 308

Chrome Cache Entry: 309

Chrome Cache Entry: 311

Chrome Cache Entry: 313

Chrome Cache Entry: 314

Chrome Cache Entry: 317

Chrome Cache Entry: 318

Chrome Cache Entry: 320

Chrome Cache Entry: 322

Chrome Cache Entry: 323

Chrome Cache Entry: 324

Chrome Cache Entry: 326

Chrome Cache Entry: 328

Chrome Cache Entry: 330

Chrome Cache Entry: 332

Chrome Cache Entry: 335

Chrome Cache Entry: 337

Chrome Cache Entry: 340

Windows Analysis Report
https://www.research.net/r/8BZPWB2