Windows Analysis Report
https://t.co/IU0OeVJDt5

Overview

General Information

Sample URL:	https://t.co/IU0OeVJDt5
Analysis ID:	1546033

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Signatures

Source: http://o0nn8ra4fwt8mt.insightterrace.top/robot/	HTTP Parser: No favicon
Source: http://o0nn8ra4fwt8mt.insightterrace.top/robot/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49720 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 26MB later: 35MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Thu, 31 Oct 2024 10:57:09 GMTserver: Apache/2.4.62 (Debian)last-modified: Thu, 31 Oct 2024 05:47:04 GMTetag: "88c-625bf59200019-gzip"accept-ranges: bytesvary: Accept-Encodingcontent-encoding: gzipcontent-length: 957content-type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 56 5b 6f db 36 14 7e 56 7e c5 99 fa b2 00 96 e4 5b 1c 43 95 bc 16 5d 0a 6c 0f 6b b0 78 58 fb 54 d0 22 25 31 a6 48 81 a4 1c bb 45 ff fb 0e 25 f9 9a b4 7d 9c 01 49 47 e7 7e d3 47 27 bf fc fe e1 dd f2 d3 fd 1d 94 b6 12 8b ab c4 3d 40 10 59 a4 3e 93 fe e2 0a 20 29 19 a1 8e 40 b2 62 96 40 56 12 6d 98 4d fd 7f 96 ef 83 b9 0f d1 a9 50 92 8a a5 fe 86 b3 a7 5a 69 eb 43 a6 a4 65 12 95 9f 38 b5 65 4a d9 86 67 2c 68 5f 06 c0 25 b7 9c 88 c0 64 44 b0 74 14 0e 8f ce 2c b7 82 2d fe 6c 8c 05 02 95 aa d0 47 18 86 49 d4 f1 3b 1d 63 77 7b 1a 60 a5 e8 0e be f6 2f 00 39 c6 0d 72 52 71 b1 8b c1 7f 78 0f f7 5a c1 92 6d ad 3f 00 43 a4 09 0c d3 3c 7f 7d d0 5f 91 6c 5d 68 d5 48 1a c3 ab 7c 96 df e6 f3 a3 90 72 53 0b 82 8e 72 c1 b6 47 f6 23 66 c7 f3 5d d0 d7 18 43 86 77 a6 8f 0a 4e 3d a0 5c b3 cc 72 25 51 ae 44 53 c9 a3 9c 08 5e c8 80 5b 56 99 e7 c6 35 a1 94 cb 22 b0 aa 8e 61 34 dc 94 47 11 fa 51 1a f3 1c de 8c 56 e3 6c cf ff d6 3f 43 97 0f e1 92 e9 93 7e 1c eb 0b f6 d6 79 fb 7b 16 30 86 f1 b4 de f6 b7 59 4f 9d 34 4a 69 ca 74 a0 09 e5 0d 66 3d 3f 95 55 64 db 8d 36 86 e9 e4 4c d2 76 c2 94 9a cb 75 0c c3 53 6f 8e 4d a8 7a 42 36 c6 9a e0 e5 02 07 23 bc e9 62 45 7e bd 19 c0 f8 76 00 d3 e9 00 86 e1 70 7e 3d 38 d8 42 6b e1 14 e7 df b7 18 8d af 0f fd e9 1e 1e c0 15 5e ab c6 5a 25 4f 3a f4 9d 21 1f ba e2 82 8c c6 58 d4 5e 72 e5 79 3f dd 80 1f 4e b8 20 ed 64 cf ba 7b ba 86 d3 c9 74 96 b1 e7 63 bf 1c dc c5 48 5e 18 57 dc b6 c9 28 c1 29 bc 9a 90 09 5d 4d 5e 9f 7f 2a 86 7f 61 a8 35 3b b7 3d 1f ce a8 bf 86 2f 77 7a f6 6c 36 e3 5e f9 60 30 be 71 26 87 1b 0e f4 e6 1a 51 00 d1 e4 72 89 bb f1 c4 a5 da 30 3d 38 e7 e5 2a 6b cc 8b ab 1d 5f 16 f7 ed 27 96 ff 4b 81 b8 7c a1 44 24 82 af ed 2a 7a 17 8b f7 83 ad f2 f6 15 25 51 87 7d 9e c3 e7 68 0f d0 89 c3 c0 1e 1b 29 df 40 26 88 31 a9 7f 80 03 84 73 cf 4b 72 a5 2b 20 2d 22 a5 3e a6 66 89 cc 58 58 97 b5 0f 88 e0 a5 a2 a9 7f ff e1 61 d9 29 0b b2 62 02 09 8f 12 4b 82 2a 23 b5 45 f8 ff dc 68 91 fa a5 b5 75 1c 45 86 23 c8 12 bd 62 92 e5 dc 86 08 57 11 62 40 c1 6c f4 9b c1 c5 5f b3 5d fa 56 df ee d6 b3 87 ba e4 8f bb f9 a7 8f 76 33 d3 43 71 9b 35 ff 4e ea bb bf df d2 7b df 45 c0 bc 52 ff 10 e1 b3 55 6b 3c 80 9c 80 d3 67 fc a0 cd cb 49 5d 96 5e f5 ae 93 02 69 b0 00 cd bf 10 57 1d b4 aa a1 53 48 08 94 9a e5 5d ce 06 93 de fb 0b 95 2e 22 aa 32 13 35 78 20 04 15 91 0d 11 51 a9 9e 10 76 0f e5 22 a6 a1 db c6 06 8f 26 f2 61 f1 07 f6 4c 37 6d 03 4d 12 91 45 17 81 cb ba b1 60 77 35 1e 7f d6 9d 33 fd 51 78 59 11 bc 50 4e 7b ec a1 8f a8 2d cb 91 ee cd 8d f0 5c b9 eb 6b 70 32 d0 24 42 ad c5 51 bf 1f b9 5b 2f 14 f6 18 d7 25 65 9a 55 c5 91 fb d7 dd c7 65 12 75 a2 de be 8d ed f6 a2 a5 4c a6 79 6d c1 e8 ec d8 af 46 d6 eb 02 0f 96 2a 7a b3
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Thu, 31 Oct 2024 10:57:44 GMTserver: Apache/2.4.62 (Debian)last-modified: Thu, 31 Oct 2024 05:47:04 GMTetag: "88c-625bf59200019-gzip"accept-ranges: bytesvary: Accept-Encodingcontent-encoding: gzipcontent-length: 957content-type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 56 5b 6f db 36 14 7e 56 7e c5 99 fa b2 00 96 e4 5b 1c 43 95 bc 16 5d 0a 6c 0f 6b b0 78 58 fb 54 d0 22 25 31 a6 48 81 a4 1c bb 45 ff fb 0e 25 f9 9a b4 7d 9c 01 49 47 e7 7e d3 47 27 bf fc fe e1 dd f2 d3 fd 1d 94 b6 12 8b ab c4 3d 40 10 59 a4 3e 93 fe e2 0a 20 29 19 a1 8e 40 b2 62 96 40 56 12 6d 98 4d fd 7f 96 ef 83 b9 0f d1 a9 50 92 8a a5 fe 86 b3 a7 5a 69 eb 43 a6 a4 65 12 95 9f 38 b5 65 4a d9 86 67 2c 68 5f 06 c0 25 b7 9c 88 c0 64 44 b0 74 14 0e 8f ce 2c b7 82 2d fe 6c 8c 05 02 95 aa d0 47 18 86 49 d4 f1 3b 1d 63 77 7b 1a 60 a5 e8 0e be f6 2f 00 39 c6 0d 72 52 71 b1 8b c1 7f 78 0f f7 5a c1 92 6d ad 3f 00 43 a4 09 0c d3 3c 7f 7d d0 5f 91 6c 5d 68 d5 48 1a c3 ab 7c 96 df e6 f3 a3 90 72 53 0b 82 8e 72 c1 b6 47 f6 23 66 c7 f3 5d d0 d7 18 43 86 77 a6 8f 0a 4e 3d a0 5c b3 cc 72 25 51 ae 44 53 c9 a3 9c 08 5e c8 80 5b 56 99 e7 c6 35 a1 94 cb 22 b0 aa 8e 61 34 dc 94 47 11 fa 51 1a f3 1c de 8c 56 e3 6c cf ff d6 3f 43 97 0f e1 92 e9 93 7e 1c eb 0b f6 d6 79 fb 7b 16 30 86 f1 b4 de f6 b7 59 4f 9d 34 4a 69 ca 74 a0 09 e5 0d 66 3d 3f 95 55 64 db 8d 36 86 e9 e4 4c d2 76 c2 94 9a cb 75 0c c3 53 6f 8e 4d a8 7a 42 36 c6 9a e0 e5 02 07 23 bc e9 62 45 7e bd 19 c0 f8 76 00 d3 e9 00 86 e1 70 7e 3d 38 d8 42 6b e1 14 e7 df b7 18 8d af 0f fd e9 1e 1e c0 15 5e ab c6 5a 25 4f 3a f4 9d 21 1f ba e2 82 8c c6 58 d4 5e 72 e5 79 3f dd 80 1f 4e b8 20 ed 64 cf ba 7b ba 86 d3 c9 74 96 b1 e7 63 bf 1c dc c5 48 5e 18 57 dc b6 c9 28 c1 29 bc 9a 90 09 5d 4d 5e 9f 7f 2a 86 7f 61 a8 35 3b b7 3d 1f ce a8 bf 86 2f 77 7a f6 6c 36 e3 5e f9 60 30 be 71 26 87 1b 0e f4 e6 1a 51 00 d1 e4 72 89 bb f1 c4 a5 da 30 3d 38 e7 e5 2a 6b cc 8b ab 1d 5f 16 f7 ed 27 96 ff 4b 81 b8 7c a1 44 24 82 af ed 2a 7a 17 8b f7 83 ad f2 f6 15 25 51 87 7d 9e c3 e7 68 0f d0 89 c3 c0 1e 1b 29 df 40 26 88 31 a9 7f 80 03 84 73 cf 4b 72 a5 2b 20 2d 22 a5 3e a6 66 89 cc 58 58 97 b5 0f 88 e0 a5 a2 a9 7f ff e1 61 d9 29 0b b2 62 02 09 8f 12 4b 82 2a 23 b5 45 f8 ff dc 68 91 fa a5 b5 75 1c 45 86 23 c8 12 bd 62 92 e5 dc 86 08 57 11 62 40 c1 6c f4 9b c1 c5 5f b3 5d fa 56 df ee d6 b3 87 ba e4 8f bb f9 a7 8f 76 33 d3 43 71 9b 35 ff 4e ea bb bf df d2 7b df 45 c0 bc 52 ff 10 e1 b3 55 6b 3c 80 9c 80 d3 67 fc a0 cd cb 49 5d 96 5e f5 ae 93 02 69 b0 00 cd bf 10 57 1d b4 aa a1 53 48 08 94 9a e5 5d ce 06 93 de fb 0b 95 2e 22 aa 32 13 35 78 20 04 15 91 0d 11 51 a9 9e 10 76 0f e5 22 a6 a1 db c6 06 8f 26 f2 61 f1 07 f6 4c 37 6d 03 4d 12 91 45 17 81 cb ba b1 60 77 35 1e 7f d6 9d 33 fd 51 78 59 11 bc 50 4e 7b ec a1 8f a8 2d cb 91 ee cd 8d f0 5c b9 eb 6b 70 32 d0 24 42 ad c5 51 bf 1f b9 5b 2f 14 f6 18 d7 25 65 9a 55 c5 91 fb d7 dd c7 65 12 75 a2 de be 8d ed f6 a2 a5 4c a6 79 6d c1 e8 ec d8 af 46 d6 eb 02 0f 96 2a 7a b3

Source: global traffic	HTTP traffic detected: GET /?ywuiz9umdg86equfk59av HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://t.co/IU0OeVJDt5Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /robot HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://t.co/IU0OeVJDt5Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /robot/ HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://t.co/IU0OeVJDt5Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widget/?sitekey=Ar7yk6Sphijy8YXtv6r0l7cuW3pERAdP HTTP/1.1Host: similarbenefit.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://o0nn8ra4fwt8mt.insightterrace.top/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://o0nn8ra4fwt8mt.insightterrace.top/robot/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://o0nn8ra4fwt8mt.insightterrace.top/robot/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /robot/ HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: o0nn8ra4fwt8mt.insightterrace.top
Source: global traffic	DNS traffic detected: DNS query: unpkg.com
Source: global traffic	DNS traffic detected: DNS query: similarbenefit.top
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49720 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@19/12@14/141

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1956,i,10054742530678617658,9203882097335685757,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/IU0OeVJDt5"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1956,i,10054742530678617658,9203882097335685757,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.217.16.206	unknown	United States	15169	GOOGLEUS	false
104.17.248.203	unknown	United States	13335	CLOUDFLARENETUS	false
173.194.76.84	unknown	United States	15169	GOOGLEUS	false
216.58.206.67	unknown	United States	15169	GOOGLEUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
216.58.206.35	unknown	United States	15169	GOOGLEUS	false
134.122.65.250	similarbenefit.top	United States	14061	DIGITALOCEAN-ASNUS	false
142.250.185.170	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
104.17.249.203	unpkg.com	United States	13335	CLOUDFLARENETUS	false
172.66.0.227	t.co	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
t.co	172.66.0.227	true
similarbenefit.top	134.122.65.250	true
www.google.com	216.58.206.36	true
o0nn8ra4fwt8mt.insightterrace.top	134.122.65.250	true
unpkg.com	104.17.249.203	true

Contacted URLs

Name	Malicious	Reputation
http://o0nn8ra4fwt8mt.insightterrace.top/robot/	false	unknown
http://o0nn8ra4fwt8mt.insightterrace.top/robot	false	unknown
http://o0nn8ra4fwt8mt.insightterrace.top/favicon.ico	false	unknown
http://similarbenefit.top/widget/?sitekey=Ar7yk6Sphijy8YXtv6r0l7cuW3pERAdP	false	unknown
http://o0nn8ra4fwt8mt.insightterrace.top/?ywuiz9umdg86equfk59av	false	unknown

ID:	1546033
Product:	CloudBasic
Start time:	11:56:38
Start date:	31.10.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:57:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0CDD9D34C0FB64F99F81A2460800BD11	EF5D7DCF84F790C620BC370A115800F96971BC76	C94C3918D9C88AE21FFBAB9F48A227A352ABBA55145BF19D60C58AD9A777E712
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:57:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	709FC1733F440316F115CA214A17B5EE	6BEBFCEEC2067C687D55CBED685AC9CF7212B992	05233009A0996F12CF3FCF83D4B60FE641B86A8730DDB96CB3CE98AD09E4994D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3B180E6A155EE83DB1D6F778B758A52E	775E84B1A6B517057A7E3C543492C92313B94C15	7B71ABAF29615C2D797EA1CED797230243C864A2EF7E78690FE692C6F2A50521
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:57:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	06DBD63298A199CF690CB519E63ED667	188639C55C0E0F60106C6359E8D456811F218B73	EBB98BCB55EB78BA93AE636B27109664D0CD82F666CCE51A30EBEF6E72E1BDF0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:57:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F03BEC63D4911E988F6FAE2BB373B826	045D75CA11B2B6743F88A4340DFD2B2A30457CA5	D1B23FE326BC35AC39730F9817099E9ABF79617CDE6DD591E275C2A0AB5BD27B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:57:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7EBE62D8FDD33C50013324EE8BEF774D	EC7582887A694509BEB5589BF3952BC6A9C0CCB9	F5F5E7AA91D2B0ECDD57BD339A31C29AB98532E8631EBE068632C40B5F726205
Chrome Cache Entry: 58	HTML document, ASCII text, with very long lines (379), with no line terminators	FFF2572BC53F70A24F54BBF3A7E4DCD6	6852BFF426206071BD7D8C3B6075887274AE4BF2	36637B6332EF8C9A51AD9962641E6F57A80693C21DF02D06CE67E538B663F3E4
Chrome Cache Entry: 60	gzip compressed data, from Unix, original size modulo 2^32 2188	0001A45561AAE71A17C4E9AF4DDDBB59	B3C4A0F8F7BE784333D686541E26A4A6E1D38EF5	66CE8DB33DBFF5DC9A28C00D50B33C24BF11413489C6122C4402BA260A390E75
Chrome Cache Entry: 61	Unicode text, UTF-8 text, with very long lines (8485)	AE8E2DDAE8AA1373BF37B93EFDE877A3	F61800043C60CF5ED9C11572BDB2AAE8E2D8A79D	23BAA60185612EEFEAFC5EEB8850F0B55598493574454AF61C3C9A103705AC59
Chrome Cache Entry: 63	ASCII text, with very long lines (4386), with no line terminators	2E83C49B37BDD1D72763257A388C05B8	22FC9B9E93EABC4F54DADC0F1F84F27B379CC48F	7E4136A97B924F39B858CA3C29B9B826D66D08FC128EE5188530BA3318836B0E
Chrome Cache Entry: 64	HTML document, ASCII text	DDA6A9BF091D412CBDC2226CE3EB1059	437E841F9374C52EE3D2A30ED5A8C80E86600FFE	BEF140A1A96994029153DCA8C00B1750B9A5A764FB9DB2DC68D7BB40E8A29E8A
Chrome Cache Entry: 65	ASCII text, with no line terminators	B9C851D1C81E864D111510E5D1A1E2F9	0F08DC93ACDBBF85898FCD6F2150EDEDDFD343B1	F76B74F9F0970BFD035A35C34B7000F425B485149EDF35A1E2EF0183A6CA4CFC

Windows Analysis Report
https://t.co/IU0OeVJDt5

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://t.co/IU0OeVJDt5

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://t.co/IU0OeVJDt5