Windows Analysis Report
https://atpscan.global.hornetsecurity.com/?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-Bw

Overview

General Information

Sample URL:	https://atpscan.global.hornetsecurity.com/?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2
Analysis ID:	1542226
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://atpscan.global.hornetsecurity.com/?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6v

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

HTML body contains low number of good links

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: Base64 decoded: https://e-signsecuredportal.com/

HTML title does not match URL

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: Title: Verify Your Identity does not match URL

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: No favicon

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: No <meta name="author".. found

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49754 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49725 version: TLS 1.2

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: atpscan.global.hornetsecurity.com to https://securelinks.cloud-security.net/v4?d=nnvkjrcots6jucsol6gfyt9dotvhrx9_0n2vbuk3wgl4rfm1m4gwz-cei5v3dmlh&f=vrgvoaknoixcqpnn5e8zd55savwpszujoffy4rbluwaxi18gkkilhnldioqxjysl&i=&k=imq7&m=eg31pqdiru2qx94y2dnguum54tambzzzpaqn8qexagjvzcg-ovpo4om5v2lrlns7wwmwrl4cnmlsokgwfwk2tbd2kmpravddtyg9pjuhzhfw-bwkapmd9w6_zqvwxfvn&n=kntsaiodbnsjqebsezdwh34xn1iteqqfp1uznpogi5wawwc1dwtbevnqxgm5h-f7&r=2ow9ckz98a-5wptqw8y-zawn-mjunt25fcqbqzqwdypdzl3_st7dioypzt-h-3hx&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3a%2f%2ft.ly%2fe_r6v
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: t.ly to https://407842.seu2.cleverreach.com/c/100263302/0a256ff41-slvagr
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: 407842.seu2.cleverreach.com to https://potopoto.z13.web.core.windows.net/

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49754 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: global traffic	HTTP traffic detected: GET /?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6v HTTP/1.1Host: atpscan.global.hornetsecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v4?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6v HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Hornet-Regular.021743c5464be55c.woff2 HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://securelinks.cloud-security.net/v4?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6vAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /runtime.931bdb8976401128.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /polyfills.607595976de3afd5.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /main.2a45a72e85716257.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles.291c02806014e652.css HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /runtime.931bdb8976401128.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /polyfills.607595976de3afd5.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /main.2a45a72e85716257.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app/config/config.json HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /Content-type: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /895.cb1f795f6b72d74a.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app/config/config.json HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /895.cb1f795f6b72d74a.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Hornet-SemiBold.bf9154546071add8.woff2 HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://securelinks.cloud-security.net/v4?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6vAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /translations/en.json HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /Content-type: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/load.svg HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shield-loop-solid.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shield-check-solid.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/completed.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /e_R6v HTTP/1.1Host: t.lyConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analyse HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shield-loop-solid.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /translations/en.json HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c/100263302/0a256ff41-slvagr HTTP/1.1Host: 407842.seu2.cleverreach.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/load.svg HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/completed.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shield-check-solid.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /imagery/reviews/07LERcQBRVgcVKystB3aGUU-11.fit_scale.size_1028x578.v1569471957.jpg HTTP/1.1Host: i.pcmag.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://potopoto.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /imagery/reviews/07LERcQBRVgcVKystB3aGUU-11.fit_scale.size_1028x578.v1569471957.jpg HTTP/1.1Host: i.pcmag.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: atpscan.global.hornetsecurity.com
Source: global traffic	DNS traffic detected: DNS query: securelinks.cloud-security.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: t.ly
Source: global traffic	DNS traffic detected: DNS query: 407842.seu2.cleverreach.com
Source: global traffic	DNS traffic detected: DNS query: i.pcmag.com

Source: unknown

HTTP traffic detected: POST /analyse HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveContent-Length: 518sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*Content-type: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://securelinks.cloud-security.netSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 19Content-Type: text/plain; charset=utf-8Date: Fri, 25 Oct 2024 15:09:15 GMTVary: OriginX-Content-Type-Options: nosniffX-Request-Id: csdr96qgtons73ajmoagConnection: close

Source: chromecache_84.2.dr, chromecache_83.2.dr	String found in binary or memory: https://i.pcmag.com/imagery/reviews/07LERcQBRVgcVKystB3aGUU-11.fit_scale.size_1028x578.v1569471957.j
Source: chromecache_101.2.dr	String found in binary or memory: https://securelinks.cloud-security.net/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49725 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@19/54@16/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1888,i,3762134228026261569,15155687349111113855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://atpscan.global.hornetsecurity.com/?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6v"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1888,i,3762134228026261569,15155687349111113855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
54.72.231.100	407842.seu2.cleverreach.com	United States	16509	AMAZON-02US	false
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
104.16.21.118	unknown	United States	13335	CLOUDFLARENETUS	false
94.100.136.44	atpscan.global.hornetsecurity.com	Germany	24679	SSERV-ASDE	false
94.100.133.74	securelinks.cloud-security.net	Germany	25394	MK-NETZDIENSTE-ASDE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.16.20.118	i.pcmag.com	United States	13335	CLOUDFLARENETUS	false
104.20.7.133	t.ly	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.8

Contacted Domains

Name	IP	Active
407842.seu2.cleverreach.com	54.72.231.100	true
t.ly	104.20.7.133	true
securelinks.cloud-security.net	94.100.133.74	true
atpscan.global.hornetsecurity.com	94.100.136.44	true
www.google.com	142.250.185.228	true
i.pcmag.com	104.16.20.118	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Reputation
https://407842.seu2.cleverreach.com/c/100263302/0a256ff41-slvagr	false	unknown
https://securelinks.cloud-security.net/Hornet-Regular.021743c5464be55c.woff2	false	unknown
https://securelinks.cloud-security.net/polyfills.607595976de3afd5.js	false	unknown
https://securelinks.cloud-security.net/main.2a45a72e85716257.js	false	unknown
https://securelinks.cloud-security.net/translations/en.json	false	unknown
https://atpscan.global.hornetsecurity.com/?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6v	true	unknown
https://securelinks.cloud-security.net/analyse	false	unknown
https://securelinks.cloud-security.net/images/load.svg	false	unknown
https://securelinks.cloud-security.net/images/shield-loop-solid.png	false	unknown
https://i.pcmag.com/imagery/reviews/07LERcQBRVgcVKystB3aGUU-11.fit_scale.size_1028x578.v1569471957.jpg	false	unknown
https://securelinks.cloud-security.net/app/config/config.json	false	unknown
https://t.ly/e_R6v	false	unknown
https://securelinks.cloud-security.net/images/completed.png	false	unknown
https://securelinks.cloud-security.net/v4?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https:%2F%2Ft.ly%2Fe_R6v	false	unknown
https://securelinks.cloud-security.net/runtime.931bdb8976401128.js	false	unknown
https://securelinks.cloud-security.net/v4?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6v	false	unknown
https://securelinks.cloud-security.net/redirect	false	unknown
https://securelinks.cloud-security.net/images/shield-check-solid.png	false	unknown
https://securelinks.cloud-security.net/styles.291c02806014e652.css	false	unknown
https://securelinks.cloud-security.net/895.cb1f795f6b72d74a.js	false	unknown
https://securelinks.cloud-security.net/Hornet-SemiBold.bf9154546071add8.woff2	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 14:09:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	472A2806F20D94DA0CE1DF7501D97181	7131E0E5DB3CDD7DAAABC43BB10CCBF9652854AA	2AE2A0BD2AAC03F1C5E7D90C976AAFCCBC21A6198BD7C9CE389FE3D49F04E9CB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 14:09:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	334A9E9AB0CD798BC64142E5BC5F5117	0BC19A5FEFFE7236FEAA1D35989C5B0B86D61C0C	CBF7758755C6DCC1B0B5AA8C81A9CF73EED6E9259971A14AC69EA8422923646C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D623311040314AC2C58D0C513FFFBE29	79D33B37BDB34ACE8F85DA83B67E6C9359906658	8193222850AEB6EAA873360590DAB58CECEAC8DEA0721678219443A0E9BCD8AE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 14:09:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7ECE3FFC50369EB78715FC822B6D611A	CBD6439CE6817693F20D98B4CABD3EF70B56A383	BE12CAF9A64AE703ADCE5F74D77BCBDEE0000108290D478A060BEBEE5111E6C1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 14:09:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B8AE6D97D686403432A17AA0F1F153C3	63B21D8F7A0D9FA053A58B478D2EA60FA66DB397	76CA99C3335FDE249CE68CB83F567CA218380DFADA9333EA2FCD01F6AB6F5688
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 14:09:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4E48E35967A099EE34D7C3B94A1502BE	733A44F4F4E52B546E4239644A741820196B7B6D	ECE5ECEC4345531D9DD4D11093C96C6A7679589391B703BC771475F98EB50568
Chrome Cache Entry: 100	ASCII text, with very long lines (18184), with no line terminators	54A2FDC2B4724205992E6F298F7312C7	28CA902D75B385FB6CEF316ECB2956189044C25E	A6C1E87D452718BAD7478CB9C59A730DB53568CFCB32E9191F031B728A600195
Chrome Cache Entry: 101	HTML document, ASCII text, with very long lines (33584)	405F327FD4070156415BF660C83114BF	776A3DEA1357AFD5808E902DE06FEFE4689595B6	4101C08285F03EC85E358BE8E21CF1D297D6A58C2E36B89F8FA4BD1A6C169D43
Chrome Cache Entry: 102	SVG Scalable Vector Graphics image	02EFC42E535F3957B39856795900CB0B	C87B16C080AEE832CA6086AE4FAD27EB98C60780	C02B9B424716C0BAF1BE2CB183899C6AE0252AB2DEBA23071FBD61DB4303338C
Chrome Cache Entry: 103	PNG image data, 49 x 41, 8-bit colormap, non-interlaced	2FD4F7E868BDFC2783336BFF3023B54D	34B74C34C949FECFD9EF4D306461979E2B27FFE5	4D1957F26FD121F764E588060F2B27C97700D0E917F9102D57FB2FC3F281E5B7
Chrome Cache Entry: 104	PNG image data, 40 x 41, 8-bit colormap, non-interlaced	3DE33DFA1B245F7553171CE3833B354D	F4438771EB078C7A522DBC3993716216788FE613	811539B2DF228C281BACF0E9D94EABD239F9EFE1F97716F27071424A5F32A149
Chrome Cache Entry: 75	ASCII text, with very long lines (65536), with no line terminators	6E65A57136F66F1A805A84D88C73EFB0	A2F504264EA295C294F2DF1CA1B906BB41E23EAA	800EF65BCCBFC293578C2F91838AD7D275D23510CA7EE9550253D8386433D5A2
Chrome Cache Entry: 76	ASCII text, with very long lines (2713), with no line terminators	729E0FE362596C5EF65C24665F65D8B5	5D4E6FB63E3940F2F3118B425CF141F37D7FC70A	3BC50B46C582A501E07A8E0E76FF660BCD575EE6D561DBF8760FB6E04503B328
Chrome Cache Entry: 77	JSON data	E70A7FEA65196A80D6893563C6320B17	391FBF6210CE6C3B0D4B47AADAB1B0D72F498CC0	D3FED4BCC05BF65575D05CD3E7E90BA6200B13BD1B4FE0EDC3A20971BA08684B
Chrome Cache Entry: 78	ASCII text	595E88012A6521AAE3E12CBEBE76EB9E	DA3968197E7BF67AA45A77515B52BA2710C5FC34	B16E15764B8BC06C5C3F9F19BC8B99FA48E7894AA5A6CCDAD65DA49BBF564793
Chrome Cache Entry: 79	ASCII text, with very long lines (34317), with no line terminators	AD0E75BA8A3ECE9A1C9B77505FEE0CED	4592F816CCF9333A7300ED0792F2F0407C00297C	5456382D2FBCD1FB337FCB90034B05A1A1A141F5D8E38165D416BF41B76F479D
Chrome Cache Entry: 80	ASCII text, with no line terminators	156DF0210BF420106CB8AFEBCB3A27D2	970B5EA1194F50A291A239C58D73159FDEC1BA64	EBDD332E8562CE34374C310F84F4527D93D3F9D2AC27410F824C6647A4DF1DDB
Chrome Cache Entry: 81	JSON data	48CEF5284EEBCF3B1380D6710357990C	B381F3445730FEFD66485A85E761CF6323D59AD9	CDFC8444656AA534028FB59331119A15CE73E5129435B877ED8AA11A65C91FA7
Chrome Cache Entry: 82	SVG Scalable Vector Graphics image	02EFC42E535F3957B39856795900CB0B	C87B16C080AEE832CA6086AE4FAD27EB98C60780	C02B9B424716C0BAF1BE2CB183899C6AE0252AB2DEBA23071FBD61DB4303338C
Chrome Cache Entry: 83	HTML document, ASCII text, with very long lines (2225), with CRLF line terminators	39BA494BC5E0FF72E02202A4C2BAD9A4	C44B996E1A974FA1AD336A4806318CB3C9B75F43	349A5A03840106F8816A12AA79742F56A53C1E8709A8DAC814444F8EB34561A8
Chrome Cache Entry: 84	HTML document, ASCII text, with very long lines (2225), with CRLF line terminators	39BA494BC5E0FF72E02202A4C2BAD9A4	C44B996E1A974FA1AD336A4806318CB3C9B75F43	349A5A03840106F8816A12AA79742F56A53C1E8709A8DAC814444F8EB34561A8
Chrome Cache Entry: 85	RIFF (little-endian) data, Web/P image, VP8 encoding, 1027x578, Scaling: [none]x[none], YUV color, decoders should clamp	97537D0194BEE1D3361D960B62461B7B	6BA088D371442DB35A5277C560B7D642EFAE4C63	0701C1C3258BDFD0D2AAFFA1A11AB40ECE66B0DD1EEE084EEE5B72F0FF323F9F
Chrome Cache Entry: 86	PNG image data, 49 x 41, 8-bit colormap, non-interlaced	2FD4F7E868BDFC2783336BFF3023B54D	34B74C34C949FECFD9EF4D306461979E2B27FFE5	4D1957F26FD121F764E588060F2B27C97700D0E917F9102D57FB2FC3F281E5B7
Chrome Cache Entry: 87	JSON data	48CEF5284EEBCF3B1380D6710357990C	B381F3445730FEFD66485A85E761CF6323D59AD9	CDFC8444656AA534028FB59331119A15CE73E5129435B877ED8AA11A65C91FA7
Chrome Cache Entry: 88	JSON data	E70A7FEA65196A80D6893563C6320B17	391FBF6210CE6C3B0D4B47AADAB1B0D72F498CC0	D3FED4BCC05BF65575D05CD3E7E90BA6200B13BD1B4FE0EDC3A20971BA08684B
Chrome Cache Entry: 89	ASCII text, with very long lines (2713), with no line terminators	729E0FE362596C5EF65C24665F65D8B5	5D4E6FB63E3940F2F3118B425CF141F37D7FC70A	3BC50B46C582A501E07A8E0E76FF660BCD575EE6D561DBF8760FB6E04503B328
Chrome Cache Entry: 90	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1027x578, components 3	BA95825498DD0008BD553C49F6C680C8	FC365DE9D5C221BA0D89A58321D409D5149B2E92	45074ABB8B3528BB65BCDF5BBAE6BEBDA3EF318718CD4FDE17B0A9B23E9F6921
Chrome Cache Entry: 91	ASCII text, with very long lines (18184), with no line terminators	54A2FDC2B4724205992E6F298F7312C7	28CA902D75B385FB6CEF316ECB2956189044C25E	A6C1E87D452718BAD7478CB9C59A730DB53568CFCB32E9191F031B728A600195
Chrome Cache Entry: 92	PNG image data, 495 x 309, 8-bit colormap, non-interlaced	D53A85BF4EC9FCCB0D4D211B8D76DBAD	ADEC794DB162E17B34C90BCEB69A2E5847496AD0	3747D2D6D30FD7EB538C98C936ED43912A4636B3F4D2C6FAB5F2FB144133D79C
Chrome Cache Entry: 93	PNG image data, 495 x 309, 8-bit colormap, non-interlaced	D53A85BF4EC9FCCB0D4D211B8D76DBAD	ADEC794DB162E17B34C90BCEB69A2E5847496AD0	3747D2D6D30FD7EB538C98C936ED43912A4636B3F4D2C6FAB5F2FB144133D79C
Chrome Cache Entry: 94	Web Open Font Format (Version 2), TrueType, length 49920, version 1.0	26506E803D3D8B51270718F8A93DA7FD	6D15EA085D9835E27535892C4212EE8F56E48384	ECFE794CBBA27DA3987A32504E6A35AB5A5A67BD70D69B89444FAC4882DC5895
Chrome Cache Entry: 95	ASCII text, with very long lines (34317), with no line terminators	AD0E75BA8A3ECE9A1C9B77505FEE0CED	4592F816CCF9333A7300ED0792F2F0407C00297C	5456382D2FBCD1FB337FCB90034B05A1A1A141F5D8E38165D416BF41B76F479D
Chrome Cache Entry: 96	ASCII text, with very long lines (8206)	36CE11FA3B14B9F4C950F1DB634D3E63	D844C00B783BA7E250563C19775E884AD2A32BE7	90EF5F750A447710E60902B4E4CD51BA95B38E2C6925DB2742ED5369F87017CF
Chrome Cache Entry: 97	ASCII text, with very long lines (65536), with no line terminators	6E65A57136F66F1A805A84D88C73EFB0	A2F504264EA295C294F2DF1CA1B906BB41E23EAA	800EF65BCCBFC293578C2F91838AD7D275D23510CA7EE9550253D8386433D5A2
Chrome Cache Entry: 98	PNG image data, 40 x 41, 8-bit colormap, non-interlaced	3DE33DFA1B245F7553171CE3833B354D	F4438771EB078C7A522DBC3993716216788FE613	811539B2DF228C281BACF0E9D94EABD239F9EFE1F97716F27071424A5F32A149
Chrome Cache Entry: 99	Web Open Font Format (Version 2), TrueType, length 48108, version 1.0	5619FCCB91BD4D8B2847CD88A22BB8D7	47C1A0C78B4FD45746FF3FCB1041BF96F5F45C27	FB275F3A183E4552E77ED48A1BF545066596CE929F40CB72979C559D173F3795

AV Detection

Antivirus / Scanner detection for submitted sample

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

HTML body contains low number of good links

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: Base64 decoded: https://e-signsecuredportal.com/

HTML title does not match URL

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: Title: Verify Your Identity does not match URL

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: No favicon

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: No <meta name="author".. found

Source: https://potopoto.z13.web.core.windows.net/

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49754 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49725 version: TLS 1.2

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: atpscan.global.hornetsecurity.com to https://securelinks.cloud-security.net/v4?d=nnvkjrcots6jucsol6gfyt9dotvhrx9_0n2vbuk3wgl4rfm1m4gwz-cei5v3dmlh&f=vrgvoaknoixcqpnn5e8zd55savwpszujoffy4rbluwaxi18gkkilhnldioqxjysl&i=&k=imq7&m=eg31pqdiru2qx94y2dnguum54tambzzzpaqn8qexagjvzcg-ovpo4om5v2lrlns7wwmwrl4cnmlsokgwfwk2tbd2kmpravddtyg9pjuhzhfw-bwkapmd9w6_zqvwxfvn&n=kntsaiodbnsjqebsezdwh34xn1iteqqfp1uznpogi5wawwc1dwtbevnqxgm5h-f7&r=2ow9ckz98a-5wptqw8y-zawn-mjunt25fcqbqzqwdypdzl3_st7dioypzt-h-3hx&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3a%2f%2ft.ly%2fe_r6v
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: t.ly to https://407842.seu2.cleverreach.com/c/100263302/0a256ff41-slvagr
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: 407842.seu2.cleverreach.com to https://potopoto.z13.web.core.windows.net/

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49754 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: global traffic	HTTP traffic detected: GET /?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6v HTTP/1.1Host: atpscan.global.hornetsecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v4?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6v HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Hornet-Regular.021743c5464be55c.woff2 HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://securelinks.cloud-security.net/v4?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6vAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /runtime.931bdb8976401128.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /polyfills.607595976de3afd5.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /main.2a45a72e85716257.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles.291c02806014e652.css HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /runtime.931bdb8976401128.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /polyfills.607595976de3afd5.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /main.2a45a72e85716257.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app/config/config.json HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /Content-type: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /895.cb1f795f6b72d74a.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app/config/config.json HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /895.cb1f795f6b72d74a.js HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Hornet-SemiBold.bf9154546071add8.woff2 HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securelinks.cloud-security.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://securelinks.cloud-security.net/v4?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6vAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /translations/en.json HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /Content-type: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/load.svg HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shield-loop-solid.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shield-check-solid.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/completed.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /e_R6v HTTP/1.1Host: t.lyConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analyse HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shield-loop-solid.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /translations/en.json HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c/100263302/0a256ff41-slvagr HTTP/1.1Host: 407842.seu2.cleverreach.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/load.svg HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/completed.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shield-check-solid.png HTTP/1.1Host: securelinks.cloud-security.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /imagery/reviews/07LERcQBRVgcVKystB3aGUU-11.fit_scale.size_1028x578.v1569471957.jpg HTTP/1.1Host: i.pcmag.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://potopoto.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /imagery/reviews/07LERcQBRVgcVKystB3aGUU-11.fit_scale.size_1028x578.v1569471957.jpg HTTP/1.1Host: i.pcmag.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: atpscan.global.hornetsecurity.com
Source: global traffic	DNS traffic detected: DNS query: securelinks.cloud-security.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: t.ly
Source: global traffic	DNS traffic detected: DNS query: 407842.seu2.cleverreach.com
Source: global traffic	DNS traffic detected: DNS query: i.pcmag.com

Source: unknown

Source: global traffic

Source: chromecache_84.2.dr, chromecache_83.2.dr	String found in binary or memory: https://i.pcmag.com/imagery/reviews/07LERcQBRVgcVKystB3aGUU-11.fit_scale.size_1028x578.v1569471957.j
Source: chromecache_101.2.dr	String found in binary or memory: https://securelinks.cloud-security.net/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49725 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@19/54@16/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1888,i,3762134228026261569,15155687349111113855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://atpscan.global.hornetsecurity.com/?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6v"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1888,i,3762134228026261569,15155687349111113855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1542226
Product:	CloudBasic
Start time:	17:07:57
Start date:	25.10.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs