Create Interactive Tour

Windows Analysis Report
https://k6t.utackhepr.com/WE76L1u/

Overview

General Information

Sample URL:https://k6t.utackhepr.com/WE76L1u/
Analysis ID:1540149

Detection

Tycoon2FA
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Tycoon 2FA PaaS
HTML page contains hidden javascript code
Invalid T&C link found
Stores files to the Windows start menu directory
Suspicious form URL found

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 2904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1848,i,11068220012602488511,5577407360467093878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2992 --field-trial-handle=1848,i,11068220012602488511,5577407360467093878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1848,i,11068220012602488511,5577407360467093878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 2884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://k6t.utackhepr.com/WE76L1u/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup
SourceRuleDescriptionAuthorStrings
1.0.pages.csvJoeSecurity_Tycoon2FAYara detected Tycoon 2FA PaaSJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Source: Yara matchFile source: 1.0.pages.csv, type: HTML
    Source: https://k6t.utackhepr.com/WE76L1u/HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none" viewBox="0 0 26 26"><path fill="#d9d9d9" d="M13 0a13 13 0 1 0 0 26 13 13 0 0 0 0-26m0 24a11 11 0 1 1 0-22 11 11 0 0 1 0 22"/><path fill="#d9d9d9" d="m10.955 16.055-3.95-4.125-1.445...
    Source: https://www.etsy.com/HTTP Parser: Invalid link: Privacy settings
    Source: https://www.etsy.com/HTTP Parser: Invalid link: Privacy settings
    Source: https://www.etsy.com/HTTP Parser: Form action: /search.php
    Source: https://www.etsy.com/HTTP Parser: Form action: /search.php
    Source: https://www.etsy.com/HTTP Parser: Iframe src: //www.googletagmanager.com/ns.html?id=GTM-KWW5SS
    Source: https://www.etsy.com/HTTP Parser: Iframe src: //www.googletagmanager.com/ns.html?id=GTM-KWW5SS
    Source: https://k6t.utackhepr.com/WE76L1u/HTTP Parser: No favicon
    Source: https://www.etsy.com/HTTP Parser: No <meta name="author".. found
    Source: https://www.etsy.com/HTTP Parser: No <meta name="author".. found
    Source: https://www.etsy.com/HTTP Parser: No <meta name="copyright".. found
    Source: https://www.etsy.com/HTTP Parser: No <meta name="copyright".. found
    Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.129.224:443 -> 192.168.2.18:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.224:443 -> 192.168.2.18:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.18:49852 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49859 version: TLS 1.2
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: k6t.utackhepr.com
    Source: global trafficDNS traffic detected: DNS query: code.jquery.com
    Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: 5o2ao1cz0wlrexnp6hpfodoow8jghtfrqj3t3n0ocaiyzjfqipv98mig.tardfaca.com
    Source: global trafficDNS traffic detected: DNS query: www.etsy.com
    Source: global trafficDNS traffic detected: DNS query: i.etsystatic.com
    Source: global trafficDNS traffic detected: DNS query: www.dwin1.com
    Source: global trafficDNS traffic detected: DNS query: trkn.us
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: s.pinimg.com
    Source: global trafficDNS traffic detected: DNS query: web.btncdn.com
    Source: global trafficDNS traffic detected: DNS query: resources.xg4ken.com
    Source: global trafficDNS traffic detected: DNS query: cdn.pdst.fm
    Source: global trafficDNS traffic detected: DNS query: analytics.tiktok.com
    Source: global trafficDNS traffic detected: DNS query: pt.ispot.tv
    Source: global trafficDNS traffic detected: DNS query: google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
    Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.129.224:443 -> 192.168.2.18:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.224:443 -> 192.168.2.18:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.18:49852 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49859 version: TLS 1.2
    Source: classification engineClassification label: mal48.phis.win@25/6@54/371
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1848,i,11068220012602488511,5577407360467093878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://k6t.utackhepr.com/WE76L1u/"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1848,i,11068220012602488511,5577407360467093878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2992 --field-trial-handle=1848,i,11068220012602488511,5577407360467093878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1848,i,11068220012602488511,5577407360467093878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2992 --field-trial-handle=1848,i,11068220012602488511,5577407360467093878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1848,i,11068220012602488511,5577407360467093878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Drive-by Compromise
    Windows Management Instrumentation1
    Registry Run Keys / Startup Folder
    1
    Process Injection
    1
    Masquerading
    OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    Registry Run Keys / Startup Folder
    1
    Process Injection
    LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Obfuscated Files or Information
    Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    star-mini.c10r.facebook.com
    157.240.251.35
    truefalse
      unknown
      a.nel.cloudflare.com
      35.190.80.1
      truefalse
        unknown
        google.com
        172.217.16.206
        truefalse
          unknown
          5o2ao1cz0wlrexnp6hpfodoow8jghtfrqj3t3n0ocaiyzjfqipv98mig.tardfaca.com
          172.67.222.46
          truefalse
            unknown
            alb-ireland-ext-ingress-group-474278744.eu-west-1.elb.amazonaws.com
            52.18.219.111
            truefalse
              unknown
              web.btncdn.com
              18.239.94.73
              truefalse
                unknown
                ax-0001.ax-msedge.net
                150.171.28.10
                truefalse
                  unknown
                  code.jquery.com
                  151.101.194.137
                  truefalse
                    unknown
                    cdnjs.cloudflare.com
                    104.17.24.14
                    truefalse
                      unknown
                      dualstack.pinterest.map.fastly.net
                      151.101.0.84
                      truefalse
                        unknown
                        k6t.utackhepr.com
                        188.114.96.3
                        truefalse
                          unknown
                          challenges.cloudflare.com
                          104.18.94.41
                          truefalse
                            unknown
                            etsy.map.fastly.net
                            151.101.1.224
                            truefalse
                              unknown
                              cdn.pdst.fm
                              35.244.142.80
                              truefalse
                                unknown
                                www.google.com
                                142.250.185.164
                                truefalse
                                  unknown
                                  trkn.us
                                  95.101.111.153
                                  truefalse
                                    unknown
                                    d2pbcviywxotf2.cloudfront.net
                                    143.204.215.118
                                    truefalse
                                      unknown
                                      www.facebook.com
                                      unknown
                                      unknownfalse
                                        unknown
                                        www.dwin1.com
                                        unknown
                                        unknownfalse
                                          unknown
                                          www.etsy.com
                                          unknown
                                          unknownfalse
                                            unknown
                                            resources.xg4ken.com
                                            unknown
                                            unknownfalse
                                              unknown
                                              s.pinimg.com
                                              unknown
                                              unknownfalse
                                                unknown
                                                pt.ispot.tv
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  analytics.tiktok.com
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    i.etsystatic.com
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      NameMaliciousAntivirus DetectionReputation
                                                      https://k6t.utackhepr.com/WE76L1u/false
                                                        unknown
                                                        https://www.etsy.com/false
                                                          unknown
                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs
                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          151.101.129.224
                                                          unknownUnited States
                                                          54113FASTLYUSfalse
                                                          142.250.185.78
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          151.101.0.84
                                                          dualstack.pinterest.map.fastly.netUnited States
                                                          54113FASTLYUSfalse
                                                          18.239.94.73
                                                          web.btncdn.comUnited States
                                                          16509AMAZON-02USfalse
                                                          2.18.64.26
                                                          unknownEuropean Union
                                                          6057AdministracionNacionaldeTelecomunicacionesUYfalse
                                                          104.18.94.41
                                                          challenges.cloudflare.comUnited States
                                                          13335CLOUDFLARENETUSfalse
                                                          151.101.193.224
                                                          unknownUnited States
                                                          54113FASTLYUSfalse
                                                          74.125.206.84
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          52.18.219.111
                                                          alb-ireland-ext-ingress-group-474278744.eu-west-1.elb.amazonaws.comUnited States
                                                          16509AMAZON-02USfalse
                                                          142.250.185.164
                                                          www.google.comUnited States
                                                          15169GOOGLEUSfalse
                                                          150.171.28.10
                                                          ax-0001.ax-msedge.netUnited States
                                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                          151.101.66.137
                                                          unknownUnited States
                                                          54113FASTLYUSfalse
                                                          142.250.186.131
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          151.101.194.137
                                                          code.jquery.comUnited States
                                                          54113FASTLYUSfalse
                                                          35.190.80.1
                                                          a.nel.cloudflare.comUnited States
                                                          15169GOOGLEUSfalse
                                                          95.101.111.153
                                                          trkn.usEuropean Union
                                                          12956TELEFONICATELXIUSESfalse
                                                          172.67.222.46
                                                          5o2ao1cz0wlrexnp6hpfodoow8jghtfrqj3t3n0ocaiyzjfqipv98mig.tardfaca.comUnited States
                                                          13335CLOUDFLARENETUSfalse
                                                          142.250.184.202
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          104.17.24.14
                                                          cdnjs.cloudflare.comUnited States
                                                          13335CLOUDFLARENETUSfalse
                                                          142.250.185.67
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          216.58.212.136
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          1.1.1.1
                                                          unknownAustralia
                                                          13335CLOUDFLARENETUSfalse
                                                          151.101.1.224
                                                          etsy.map.fastly.netUnited States
                                                          54113FASTLYUSfalse
                                                          172.217.16.206
                                                          google.comUnited States
                                                          15169GOOGLEUSfalse
                                                          142.250.185.238
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          142.251.173.84
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          150.171.27.10
                                                          unknownUnited States
                                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                          64.233.167.84
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          239.255.255.250
                                                          unknownReserved
                                                          unknownunknownfalse
                                                          188.114.96.3
                                                          k6t.utackhepr.comEuropean Union
                                                          13335CLOUDFLARENETUSfalse
                                                          64.233.184.84
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          104.21.67.123
                                                          unknownUnited States
                                                          13335CLOUDFLARENETUSfalse
                                                          35.244.142.80
                                                          cdn.pdst.fmUnited States
                                                          15169GOOGLEUSfalse
                                                          142.250.185.72
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          151.101.2.132
                                                          unknownUnited States
                                                          54113FASTLYUSfalse
                                                          172.217.16.196
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          157.240.251.35
                                                          star-mini.c10r.facebook.comUnited States
                                                          32934FACEBOOKUSfalse
                                                          104.17.25.14
                                                          unknownUnited States
                                                          13335CLOUDFLARENETUSfalse
                                                          143.204.215.118
                                                          d2pbcviywxotf2.cloudfront.netUnited States
                                                          16509AMAZON-02USfalse
                                                          IP
                                                          192.168.2.18
                                                          192.168.2.4
                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1540149
                                                          Start date and time:2024-10-23 13:38:56 +02:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                          Sample URL:https://k6t.utackhepr.com/WE76L1u/
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:18
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • EGA enabled
                                                          Analysis Mode:stream
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal48.phis.win@25/6@54/371
                                                          • Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, svchost.exe
                                                          • Excluded IPs from analysis (whitelisted): 184.28.90.27, 142.250.185.67, 142.250.185.238, 64.233.184.84, 34.104.35.123
                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, clientservices.googleapis.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • VT rate limit hit for: https://k6t.utackhepr.com/WE76L1u/
                                                          InputOutput
                                                          URL: https://k6t.utackhepr.com/WE76L1u/ Model: claude-3-haiku-20240307
                                                          ```json
                                                          {
                                                            "contains_trigger_text": true,
                                                            "trigger_text": "Please finish the action below to confirm you are human.",
                                                            "prominent_button_name": "unknown",
                                                            "text_input_field_labels": "unknown",
                                                            "pdf_icon_visible": false,
                                                            "has_visible_captcha": true,
                                                            "has_urgent_text": false,
                                                            "has_visible_qrcode": false
                                                          }
                                                          URL: https://k6t.utackhepr.com/WE76L1u/ Model: claude-3-haiku-20240307
                                                          ```json
                                                          {
                                                            "contains_trigger_text": true,
                                                            "trigger_text": "Please finish the action below to confirm you are human.",
                                                            "prominent_button_name": "Verifying...",
                                                            "text_input_field_labels": "unknown",
                                                            "pdf_icon_visible": false,
                                                            "has_visible_captcha": true,
                                                            "has_urgent_text": false,
                                                            "has_visible_qrcode": false
                                                          }
                                                          URL: https://k6t.utackhepr.com/WE76L1u/ Model: claude-3-haiku-20240307
                                                          ```json
                                                          {
                                                            "brands": [
                                                              "Cloudflare"
                                                            ]
                                                          }
                                                          URL: https://k6t.utackhepr.com/WE76L1u/ Model: claude-3-haiku-20240307
                                                          ```json
                                                          {
                                                            "brands": [
                                                              "Cloudflare"
                                                            ]
                                                          }
                                                          URL: https://www.etsy.com/ Model: claude-3-haiku-20240307
                                                          ```json
                                                          {
                                                            "contains_trigger_text": false,
                                                            "trigger_text": "unknown",
                                                            "prominent_button_name": "Shop now",
                                                            "text_input_field_labels": "unknown",
                                                            "pdf_icon_visible": false,
                                                            "has_visible_captcha": false,
                                                            "has_urgent_text": false,
                                                            "has_visible_qrcode": false
                                                          }
                                                          URL: https://www.etsy.com/ Model: claude-3-haiku-20240307
                                                          ```json
                                                          {
                                                            "brands": [
                                                              "Etsy"
                                                            ]
                                                          }
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 10:39:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                          Category:dropped
                                                          Size (bytes):2675
                                                          Entropy (8bit):3.9671778142405962
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:29C79442BD7210ED09207C1A3DBDD067
                                                          SHA1:B8223ACC7F1040448E4B83DE9B76E2954273BC7F
                                                          SHA-256:3FEFC109AD0E9E405A54F90A884DDF840EB51B2F25A6E81473AC37977E81E72C
                                                          SHA-512:AB0EC496E0EE3391602C9B030FDCE05A129B9FEBC760AE869CC1BB13ED7E73E3F17C2B007E26C0B6FB512BCBD4F9C949D735D73C06AC129E95FC2D4065F11EE7
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:L..................F.@.. ...$+.,....jK.8@%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY.\....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY.\....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.\...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.\.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............zw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 10:39:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                          Category:dropped
                                                          Size (bytes):2677
                                                          Entropy (8bit):3.9826170145942816
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:5E2196DED37BF86090BCB355A901E85E
                                                          SHA1:F342BE5E00EFB13DB38250695F52AF1F1042B4A8
                                                          SHA-256:D33908B68AD0D5909EA319F7581786E4B7E85C13D3E22258A940DFEE86B63788
                                                          SHA-512:B8AE71BFA7FD6FEC86729B1736973E90CFCDECF55CA4348F888A8D7094AE18F59F278F79615F4F5202965462C91146ED44E67AF3C47685A32D5D64409578D2C7
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:L..................F.@.. ...$+.,....FIu8@%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY.\....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY.\....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.\...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.\.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............zw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                          Category:dropped
                                                          Size (bytes):2691
                                                          Entropy (8bit):3.996382225779921
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:34AB70A2B626F5C5B8EAEC3B4AD476BC
                                                          SHA1:E7910C558FC00B3D5BD9E3DE87FBA7A4790570AB
                                                          SHA-256:A61483D3CC24F283A7F1BC994E44F86DF95DB0FA63979A5CF094A75B23A6FBBF
                                                          SHA-512:8EDCDE6C8E8354FDFA6FC71E3F98CFAF35707751FC91B08AA96395ABA932440688C45D137137F1CC236D8FF50268CA3A87797CAD4184EDDCEF4D9AD580E18FC7
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY.\....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY.\....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.\...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............zw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 10:39:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                          Category:dropped
                                                          Size (bytes):2679
                                                          Entropy (8bit):3.980306657099293
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:7E3893FD2E067BCA087672246C1D1B0D
                                                          SHA1:2C5FFB5BF790F6910266F3D12E53633616572023
                                                          SHA-256:ED4473170DC8689C9454605EB138323876E3CDE78E66C28019456B40E5107C1D
                                                          SHA-512:B2E776F77F4378BC2C01557899F8E7E6F0716D44B3B5FFD8441C49A14FD6273CD5A49647B96E69B383F68E9F61530C4793DFB58661D10570CDDAF461FD69F3AD
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:L..................F.@.. ...$+.,......h8@%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY.\....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY.\....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.\...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.\.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............zw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 10:39:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                          Category:dropped
                                                          Size (bytes):2679
                                                          Entropy (8bit):3.9711116530416932
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:1CF4E7FE6B14137CD6FC690B1CE02EDC
                                                          SHA1:66FF30D0492436AE8BE4CA28CE68A89A1E505D51
                                                          SHA-256:0C8E75452114CD6D24ADE9873298A49D605FB471EEADC0ED538A3F1E91177104
                                                          SHA-512:2092C57171862566D5F20F0E36390A81B04F3C5976567BEA8C483B40BC5AA6D946A670615DF59BA97091E58B8DD86AC20EC53F5D19CF91C0B328E65C0666EDF1
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:L..................F.@.. ...$+.,.......8@%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY.\....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY.\....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.\...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.\.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............zw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 10:39:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                          Category:dropped
                                                          Size (bytes):2681
                                                          Entropy (8bit):3.9814517239661464
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:07C88F8C598D56783F9B014022B28EF5
                                                          SHA1:B063180D59E19F51AC6CA4F73FBB4752B85503C8
                                                          SHA-256:2A24770DD3ABDAE7EE8C007D0C14EEEAE3DBA4F0E4C44C1BDDC376BB8A1D640F
                                                          SHA-512:A7535348E352AEF9D9923194620D1F858F743B421069B36AE24E54A469274695D7EFB3CECBD80DA9C73B7D7A059DC7BBA84342BAC997B05B622BD4580F788ACF
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:L..................F.@.. ...$+.,....&.^8@%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY.\....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY.\....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.\...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.\.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............zw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                          No static file info