Windows Analysis Report
https://cya.nz/br9sO

Overview

General Information

Sample URL:	https://cya.nz/br9sO
Analysis ID:	1522424

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Multi AV Scanner detection for domain / URL

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Invalid T&C link found

Stores files to the Windows start menu directory

Suspicious form URL found

Classification

Signatures

AV Detection

Multi AV Scanner detection for domain / URL

Source: 6569783.ru

Virustotal: Detection: 10%

Perma Link

Phishing

AI detected phishing page

Source: https://6569783.ru/102387erywfisv4235/login.html?Key=8.46.123.33=2614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada418.46.123.33United%20States

LLM: Score: 10 Reasons: The legitimate domain for Westpac is westpac.com.au., The provided URL (6569783.ru) does not match the legitimate domain., The URL uses a .ru domain extension, which is unusual for an Australian bank like Westpac., The URL contains a numeric string which is suspicious and not typical for legitimate banking URLs., The input fields (Customer ID or username, Password) are commonly targeted in phishing attacks. DOM: 8.6.pages.csv

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://cya.nz/br9sO

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....

HTML title does not match URL

HTTP Parser: Title: Westpac One - Online Banking does not match URL

Invalid T&C link found

Source: https://6569783.ru/102387erywfisv4235/login.html?Key=8.46.123.33=2614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada418.46.123.33United%20States	HTTP Parser: Invalid link: Terms & Conditions
Source: https://6569783.ru/102387erywfisv4235/login.html?Key=8.46.123.33=2614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada418.46.123.33United%20States	HTTP Parser: Invalid link: Terms & Conditions
Source: https://6569783.ru/102387erywfisv4235/login.html?Key=8.46.123.33=2614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada418.46.123.33United%20States	HTTP Parser: Invalid link: Privacy policy

Suspicious form URL found

HTTP Parser: Form action: ./settings/log.php

HTTP Parser: <input type="password" .../> found

Source: https://cya.nz/br9sO	HTTP Parser: No favicon
Source: https://cya.nz/br9sO	HTTP Parser: No favicon
Source: https://cya.nz/br9sO	HTTP Parser: No favicon
Source: https://6569783.ru/102387erywfisv4235	HTTP Parser: No favicon

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:50375 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:50378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:50380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:50416 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /102387erywfisv4235/ HTTP/1.1Host: 6569783.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: W8gZuo7Vjlpx3Vo7pkvfWPt7cBg=hqefp4zzCuDbZ85F1bMO74RoQnw; ODuoEUtQH5WUt6B-KX4NSOXDM4g=1727656126; 1CmNFyxAjOWc94uOgQ7RHMr4GVc=1727742526; QNdEhZZYPsGxaOs466ITO6hx5WI=at5AvBxOIX1iNH3gBZZMUdvzG5w; qHN3uiRV9X-9bXqCaahXnVPEaKE=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; -hVgq7ZgDQjSxbYmNuuMxXNcfUI=1727656138; atnxErGdvfER-6Aa4y6JsqQDwfU=1727742538; emSH10uThe-Tr6EYLNFvfq5J0BI=RYVjdnNQKCSypkt3zgRUvP1-srM

Source: global traffic	DNS traffic detected: DNS query: cya.nz
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 6569783.ru

Source: unknown	Network traffic detected: HTTP traffic on port 50420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 50423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 50398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 50351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 50371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 50402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50403
Source: unknown	Network traffic detected: HTTP traffic on port 50419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50404
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50409
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50408
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown	Network traffic detected: HTTP traffic on port 50425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 50379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 50354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50400
Source: unknown	Network traffic detected: HTTP traffic on port 50396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50370
Source: unknown	Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50413
Source: unknown	Network traffic detected: HTTP traffic on port 50418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50418
Source: unknown	Network traffic detected: HTTP traffic on port 50424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50419
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50373
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50374
Source: unknown	Network traffic detected: HTTP traffic on port 50376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50410
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50376
Source: unknown	Network traffic detected: HTTP traffic on port 50353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50379
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50411
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50380
Source: unknown	Network traffic detected: HTTP traffic on port 50404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50382
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50381
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50424
Source: unknown	Network traffic detected: HTTP traffic on port 50387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50426
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50383
Source: unknown	Network traffic detected: HTTP traffic on port 50391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50385
Source: unknown	Network traffic detected: HTTP traffic on port 50370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50420
Source: unknown	Network traffic detected: HTTP traffic on port 50356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50422
Source: unknown	Network traffic detected: HTTP traffic on port 50373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50391
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50390
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50392
Source: unknown	Network traffic detected: HTTP traffic on port 50413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50394
Source: unknown	Network traffic detected: HTTP traffic on port 50426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50397
Source: unknown	Network traffic detected: HTTP traffic on port 50378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50396
Source: unknown	Network traffic detected: HTTP traffic on port 50394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50398
Source: unknown	Network traffic detected: HTTP traffic on port 50355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50344 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:50375 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:50378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:50380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:50416 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@20/15@24/75

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1796,i,10282880212220693762,3374285364328670551,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cya.nz/br9sO"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1796,i,10282880212220693762,3374285364328670551,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.66.183	cya.nz	United States	13335	CLOUDFLARENETUS	false
142.250.186.35	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
74.125.71.84	unknown	United States	15169	GOOGLEUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	6569783.ru	European Union	13335	CLOUDFLARENETUS	true
142.250.186.142	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.186.138	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
a.nel.cloudflare.com	35.190.80.1	true
6569783.ru	188.114.96.3	true
challenges.cloudflare.com	104.18.95.41	true
www.google.com	142.250.185.100	true
cya.nz	104.21.66.183	true

Contacted URLs

Name	Malicious	Reputation
https://cya.nz/br9sO	false	unknown
https://6569783.ru/102387erywfisv4235/login.html?Key=8.46.123.33=2614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada418.46.123.33United%20States	true	unknown
https://6569783.ru/102387erywfisv4235	true	unknown
http://6569783.ru/102387erywfisv4235/	true	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 23:28:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D3088BCA939E6ED939298F01F597F8B0	672212D68947DB6B323F3B9E02AE27EC43127A99	B0B29A43762FBFE853BA0FA610CB5FC5723622F1A136A41BBDFF5715AE2A55BD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 23:28:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A660B8FA5324F6B34732442A3034B9D1	82019118A406A0F37635044DBB7F74BA75C67BB0	A4824E169A40867B3C6F7DD4A810EFE5FD7A3D8BA2AFD617F21BA0B754EC0C27
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	AFA3F800A6A706D0A8093C874B1ECE18	F51DBCC9C982053561110224C0567CC442F78A80	78173C1783A1C6096CEEE53C4464B3E83E0E3E8EAB44D79F064DF22587E63A9E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 23:28:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5AAD21CCE3406D5F87FD66A0F40BE8D0	F5B58CA54E318651D6352D699782F1CB7D20259D	E1531D7AFE6377FDC4F3B7B0EEDB2B31C3586FC777DEAC4117922F9287DEB0D2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 23:28:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8A6AD80D0DF6C3CE0359764682A1950E	D694CE9C73D8A6A77792DBE77743424CF8079682	D8FE241EACE138470BA55C59F5D16707B393FAF81821374864160408D88C74EA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 23:28:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	154C87876FE2C413773069564E9D59FF	76F3271C999A5004BF18655DF0D824D47143F234	171ED6A11224819E20640B8D857E3F209578C71343B6FE316DB434165E7D326A
Chrome Cache Entry: 65	ASCII text, with very long lines (7982), with no line terminators	338153E6FFC0E6AC6C66EA22C2AF06EF	ADC90EC886A6B8181F6812994A49D264692D0943	40D01C66CD8F6F1C43F216E348BAE42B666887C4F60EF5E3F12C9D8BE76E169A
Chrome Cache Entry: 68	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	BBB5403436CDDF084593EE4879400705	813CC8439896164FA76298F19544D7379C585C58	6F6B7923890528758F501E44DFA1095BE86C70C6664A0CDBAF51C297BF60ADF6
Chrome Cache Entry: 69	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 71	ASCII text, with very long lines (47261)	E07E7ED6F75A7D48B3DF3C153EB687EB	4601D83C67CC128D1E75D3E035FB8A3BDFA1EE34	96BD1C81D59D6AC2EC9F8EBE4937A315E85443667C5728A7CD9053848DD8D3D7
Chrome Cache Entry: 72	PNG image data, 83 x 78, 8-bit/color RGB, non-interlaced	5A68C5D9F3F28C2EADDCA1D44E1294D8	C20FCB22A1B8F289119594B37812582FC270BFFE	2CA0C740D856898E314FBFDE9F2302ADC5BD1D531F05C65B69F12C8F1A5281A3
Chrome Cache Entry: 73	ASCII text, with very long lines (8029), with no line terminators	4F97A89E8EA5DE78A446F6338A886F3E	4946B5ED55610F54F913FDC9E50264C3F2948D0E	F59159D0D0A17CC889A86E8F1672941CBDF259D04EF61D5F9329E644303009C3
Chrome Cache Entry: 74	ASCII text, with no line terminators	96B191AE794C2C78387B3F4F9BB7A251	F974547DF0ADFFB7E80699552C6BCE3E709343A6	CE76758AEEF2CAF12021AFB5257D0CA4E9E5C20015C2C85D68BB27FA6B1AFB28
Chrome Cache Entry: 75	HTML document, ASCII text, with no line terminators	6147CA10712E483B5EE714D29C21E439	7BFFD4014EFE0ACE62D03599877153159E2A01B6	E5128B5E331CAD19DF2F67041FFC85BF716D6E6106DEA098C37524593FB268E9
Chrome Cache Entry: 76	HTML document, Unicode text, UTF-8 text, with very long lines (39476)	8A0D7418078F52E2A0671A735BEEAF11	8AE33939E9802E5B8F7072C2A7DADD031399A4C6	71E5752B934D863E65552D2C896D8AACE1945532A02744D2DA9B71096D62F740

AV Detection

Multi AV Scanner detection for domain / URL

Source: 6569783.ru

Virustotal: Detection: 10%

Perma Link

Phishing

AI detected phishing page

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://cya.nz/br9sO

HTML title does not match URL

HTTP Parser: Title: Westpac One - Online Banking does not match URL

Invalid T&C link found

Source: https://6569783.ru/102387erywfisv4235/login.html?Key=8.46.123.33=2614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada418.46.123.33United%20States	HTTP Parser: Invalid link: Terms & Conditions
Source: https://6569783.ru/102387erywfisv4235/login.html?Key=8.46.123.33=2614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada418.46.123.33United%20States	HTTP Parser: Invalid link: Terms & Conditions
Source: https://6569783.ru/102387erywfisv4235/login.html?Key=8.46.123.33=2614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada412614c9803e792bcdd7681585f9cada418.46.123.33United%20States	HTTP Parser: Invalid link: Privacy policy

Suspicious form URL found

HTTP Parser: Form action: ./settings/log.php

HTTP Parser: <input type="password" .../> found

Source: https://cya.nz/br9sO	HTTP Parser: No favicon
Source: https://cya.nz/br9sO	HTTP Parser: No favicon
Source: https://cya.nz/br9sO	HTTP Parser: No favicon
Source: https://6569783.ru/102387erywfisv4235	HTTP Parser: No favicon

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:50375 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:50378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:50380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:50416 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: global traffic	DNS traffic detected: DNS query: cya.nz
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 6569783.ru

Source: unknown	Network traffic detected: HTTP traffic on port 50420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 50423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 50398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 50351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 50371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 50402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50403
Source: unknown	Network traffic detected: HTTP traffic on port 50419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50404
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50409
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50408
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown	Network traffic detected: HTTP traffic on port 50425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 50379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 50354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50400
Source: unknown	Network traffic detected: HTTP traffic on port 50396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50370
Source: unknown	Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50413
Source: unknown	Network traffic detected: HTTP traffic on port 50418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50418
Source: unknown	Network traffic detected: HTTP traffic on port 50424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50419
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50373
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50374
Source: unknown	Network traffic detected: HTTP traffic on port 50376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50410
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50376
Source: unknown	Network traffic detected: HTTP traffic on port 50353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50379
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50411
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50380
Source: unknown	Network traffic detected: HTTP traffic on port 50404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50382
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50381
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50424
Source: unknown	Network traffic detected: HTTP traffic on port 50387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50426
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50383
Source: unknown	Network traffic detected: HTTP traffic on port 50391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50385
Source: unknown	Network traffic detected: HTTP traffic on port 50370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50420
Source: unknown	Network traffic detected: HTTP traffic on port 50356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50422
Source: unknown	Network traffic detected: HTTP traffic on port 50373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50391
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50390
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50392
Source: unknown	Network traffic detected: HTTP traffic on port 50413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50394
Source: unknown	Network traffic detected: HTTP traffic on port 50426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50397
Source: unknown	Network traffic detected: HTTP traffic on port 50378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50396
Source: unknown	Network traffic detected: HTTP traffic on port 50394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50398
Source: unknown	Network traffic detected: HTTP traffic on port 50355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50344 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:50375 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:50378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:50380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:50416 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@20/15@24/75

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1796,i,10282880212220693762,3374285364328670551,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cya.nz/br9sO"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1796,i,10282880212220693762,3374285364328670551,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1522424
Product:	CloudBasic
Start time:	02:28:02
Start date:	30.09.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://cya.nz/br9sO

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://cya.nz/br9sO

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://cya.nz/br9sO