Windows Analysis Report
https://is.gd/by2jss

Overview

General Information

Sample URL:	https://is.gd/by2jss
Analysis ID:	1527157
Tags:	openphish
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://is.gd/by2jss

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: http://buymore.com.ng/tamask-v2/MT/index.html	LLM: Score: 7 Reasons: The brand 'MetaMask' is a known cryptocurrency wallet service., The legitimate domain for MetaMask is 'metamask.io'., The provided URL 'buymore.com.ng' does not match the legitimate domain for MetaMask., The domain 'buymore.com.ng' is unrelated to MetaMask and uses a '.ng' extension, which is unusual for MetaMask., The presence of input fields asking for a secret recovery phrase is a common phishing tactic. DOM: 0.0.pages.csv
Source: http://buymore.com.ng/tamask-v2/MT/index.html	LLM: Score: 7 Reasons: The brand 'MetaMask' is known and typically associated with the domain 'metamask.io'., The URL 'buymore.com.ng' does not match the legitimate domain for MetaMask., The domain 'buymore.com.ng' is unrelated to MetaMask and uses a '.ng' extension, which is unusual for MetaMask., The presence of input fields asking for a secret recovery phrase is a common phishing tactic targeting cryptocurrency users., The URL does not contain any elements that would suggest a legitimate association with MetaMask. DOM: 0.1.pages.csv

HTML body contains low number of good links

Source: http://buymore.com.ng/tamask-v2/MT/index.html

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: http://buymore.com.ng/tamask-v2/MT/index.html

HTTP Parser: Title: MetaMask Card does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Source: http://buymore.com.ng/tamask-v2/MT/index.html

HTTP Parser: Has password / email / username input fields

Source: http://buymore.com.ng/tamask-v2/MT/index.html

HTTP Parser: <input type="password" .../> found

Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="author".. found
Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="author".. found
Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="author".. found

Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="copyright".. found
Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="copyright".. found
Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49743 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49759 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49766 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49761 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.5:61918 -> 1.1.1.1:53

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49743 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49759 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49766 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 18:27:22 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 05 Oct 2024 10:45:06 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 9398Keep-Alive: timeout=5, max=75Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 92 df 92 db c8 bd df af 8f aa f4 0e bd d0 ca e6 e4 0c 48 34 08 90 e0 68 38 f1 4a 9a 29 2b de b5 e5 95 7c d6 9b 63 d7 aa 01 34 c9 de 01 ba e1 ee 06 87 5c ed 54 e5 35 72 17 e7 e6 54 e5 2e b9 4d aa 72 b1 e5 17 c9 0b e4 15 d2 0d 90 44 13 c3 9e 19 ed 2c 37 36 4b a0 34 68 f4 ef ff e7 f7 fd bf ff f3 7f 3f 7e 74 fa c9 cb df bd 78 fb f5 eb 73 30 93 79 76 a6 2e f4 1b 64 88 4e c7 0e a6 4e 75 83 51 aa de 40 3d a7 39 96 08 24 33 c4 05 96 63 e7 0f 6f 2f dc c8 d9 b2 51 94 e3 b1 33 27 f8 aa 60 5c 3a 20 61 54 62 aa 7c af 48 2a 67 e3 14 cf 49 82 dd ea e3 18 10 4a 24 41 99 2b 12 94 e1 31 ec 7a bb 72 71 3c c1 9c 63 6e e4 2a a9 40 13 ec 96 3c db 04 48 22 33 7c f6 85 0a fb 02 89 4b f0 02 f1 f4 b4 57 5f de 4c 39 65 6c 9a e1 98 99 fd 51 46 68 8a 17 bb 3a d8 b8 bb 14 5f 89 0f 8c 79 70 09 41 49 51 60 b9 89 ca 08 bd 04 1c 67 63 87 28 2f 07 cc 14 a0 b1 d3 ed 5d b0 2c c5 bc a7 2f bb 05 9d 6e fc 45 c2 49 21 81 e0 89 e1 f5 ed 5f 4a cc 97 dd 9c d0 ee b7 c2 39 3b ed d5 5e f7 88 71 fb 5d a8 7e 3f 2e 52 c7 aa 28 b5 78 89 a7 9c c8 e5 d8 11 33 e4 87 03 d7 ff 0d bb 1c 7e 11 ff 6e b9 28 a6 7f f8 97 f9 67 97 bd 5f ff 07 ff 5b 32 fd dd 9b af df f8 a8 fc 4d f0 7a f2 5d 9c 0f cb 5f 0f bc b1 c2 c3 99 10 8c 93 29 a1 63 07 51 46 97 39 2b 6f 76 f3 93 0f 52 30 b5 0a be 8e 69 8d d1 8f 02 f7 b3 e2 b7 f1 74 36 7a fe cf 5f c3 df ff 46 ce fb 5f d2 e1 57 fd 7c fa 7a 31 fb c3 e8 37 bd 37 c9 ef c5 67 af 87 b3 3f 90 f8 8f fd d1 b7 c3 09 ba bc 78 2d 2e e7 7f 2c c5 7c 82 bc 38 f8 fd bd 46 3b 15 72 b9 d1 b5 7e 7e 45 f2 82 71 09 4a 9e 75 9c 5e ef 69 df 7b da 87 4f fb c3 a7 fd e0 e9 e0 e5 d3 41 f8 74 f0 e2 e9 40 9d 47 4f 07 e7 4f 07 c3 ea e6 fc a9 af ce 17 d5 cd 8b b5 29 ec 3d 1d f4 9f 0e f5 bf de d3 40 bd fc a7 c3 d1 d3 a1 f7 74 a8 a2 2f 94 71 b0 0a 51 df ca 4b 65 50 b6 2a a7 73 f4 6c 77 43 bf 9c 49 59 88 93 5e 6f a2 34 2d ba b5 d2 51 41 44 37 61 79 2f 11 c2 ff f7 13 94 93 6c 39 7e ad e8 12 2a 4e ae a6 33 f9 ab be e7 3d 0b d4 ff 50 fd 1f a8 ff 43 f5 3f 52 ff 47 9e f7 8b 94 88 22 43 cb b1 b8 42 c5 2f 75 dd c7 8f fe dd 7b 5d 3d 47 5c 71 3b 01 5e d5 4b 81 d2 94 d0 69 fd 79 fd f8 51 cc d2 65 e5 06 62 b6 70 05 f9 ae 32 c6 8c ab d5 ba ea aa 1e 40 b7 e9 d6 1d 9d 80 5f ae 7a fa e5 31 10 88 0a 57 60 4e 26 ab 6c a5 94 8c 1e 13 5a 94 52 59 71 86 13 59 65 df 4a 40 e8 4c 85 c8 3a 44 4d 4c 25 22 14 f3 ca f1 8a a4 72 76 02 d4 32 9e 99 cd fb 5e b1 00 a8 94 6c 15 34 c3 28 d5 ed 55 31 ab d1 4f c0 24 c3 75 c3 28 23 53 ea 12 89 73 71 02 12 ac 24 c9 ab fb 6f 4b 21 c9 64 e9 ea 9a ea f6 04 88 02 25 d8 8d b1 bc c2 98 ae 72 d7 6d eb ec e6 04 1b 70 c3 a2 ae 51 33 3a 01 50 75 26 58 46 52 f0 24 49 12 c3 e4 72 94 92 52 35 10 56 11 3a f5 84 f1 dc cd d5 b4 eb d6 2d e3 86 c6 b8 3b 2b a5 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 18:27:23 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 22 Jun 2024 00:19:16 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 8178Keep-Alive: timeout=5, max=75Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 95 72 6d 9b db b6 b5 ed f7 fe 0a ea 9c 1e 01 88 20 5a 4a 4f ef b9 97 32 a2 c7 b1 c7 8d 53 c7 e3 13 db 75 53 45 4f 03 91 9b 12 62 0a 60 01 68 64 55 e2 7f bf 1b 7c 91 a8 99 49 d2 3e f6 88 c0 c6 7e 59 7b ad f5 e4 8b df 45 cf 4d 79 b0 6a bd f1 11 7d ce a2 97 90 81 55 a9 89 fe a6 ee 4c 61 a2 2f 27 d3 ff f9 5d f4 42 39 6f d5 6a e7 21 8b 76 1a 33 22 bf 81 e8 bb 57 ef a3 d7 2a 05 ed 20 a2 45 7b f0 60 b7 2e 92 16 22 e9 a3 8d f7 65 f2 e4 89 29 f1 c9 ec 6c 0a b1 b1 eb 27 6d aa 7b 82 0d 58 fc bb e8 8b 27 34 df e9 d4 2b a3 29 70 cf 8e c4 ac 7e 86 d4 13 21 fc a1 04 93 47 f0 b9 34 d6 bb e1 90 84 e9 b9 d2 90 91 41 f7 b8 35 d9 ae 80 79 f3 89 db 54 e1 29 4b 48 d7 f6 d2 a9 a9 1e 0e 9b 6f 2c b7 d9 bc 39 52 cf 12 88 df 9a b2 04 1b 8a 2b 46 fd 46 39 7e 46 86 b0 76 b8 5f 20 02 a1 cd ba 78 04 14 d8 d1 82 df 59 3c 23 c2 45 03 3e 7a d9 26 2c 71 b8 38 56 b1 37 ef b0 54 af e3 54 16 05 d6 54 e7 0e be d9 5a e5 74 3a 10 02 62 6d 32 78 8f 70 59 d3 75 b1 9c dd 49 1b 19 b1 06 ff dc 6c cb a0 c2 3b 7f 28 70 30 d7 bb a2 60 b3 76 ba 9f 9b 85 5f 26 e6 d2 d9 5c b0 91 6f de 7f f7 3a 40 69 fa bf 91 5b 98 03 6e 5c a2 54 da bf c1 d0 e9 04 f1 c6 38 7f 29 d7 a1 1c 61 0d 3a 28 51 66 d2 dd 16 f3 e3 95 c9 0e 33 b7 57 3e dd d0 4b 47 76 4c a5 83 66 54 52 1f bf be 7d f1 03 49 3a 7a 62 b3 d7 60 5f 5c 35 a9 d3 fe b3 6b dc cb ad 5f ab b0 ba 42 41 80 71 2b 54 6c ee c0 e6 85 d9 f3 b2 77 f9 2b 77 bd db 0f 1d 1f 4f a8 dc 79 73 72 a9 35 c8 d2 93 d8 83 f3 d4 8e dc a8 64 b8 ba a6 81 9d 9e 0c 36 6c db 30 8d 3a 22 d6 3c 77 e0 df d6 fc 70 25 cc 70 68 ce 8b 76 23 14 0a 5e af 88 c2 85 73 bd 79 38 cf c7 41 cb 05 79 ff 82 70 f2 fe d9 d7 af 6f c8 32 56 68 de cf b7 39 bd f4 61 58 e3 bc f4 2a 0d d2 78 6a 38 29 8d 53 b5 67 d9 dc 52 c3 12 93 a0 50 f7 88 eb d8 ba 29 20 7c 92 ec 17 1e 2e cb 95 dd 72 be 67 80 76 8b f3 06 7e 38 a4 67 9f f8 d3 09 19 89 73 65 5d d7 ee f9 46 15 19 0b 1e ea d1 e6 2e 1e 8b 82 1d 6b 8b 5d 5c 85 4c 63 46 2f d0 2b cd ce c6 1f a0 fb 06 0d b0 e0 7c bc f8 f0 77 0e 3c f0 df bd 45 67 ad 6e 71 6a b6 61 54 c7 d4 db 96 4c ea d9 30 0c 8f 5f dc 3e ff f0 dd cd 9b f7 7f 7f 7b fb ee d5 fb 57 b7 6f fe fe f2 f6 f5 eb db 8f af de fc 29 68 8c 68 3d d7 f8 f5 09 70 29 ce e3 52 0b d2 c3 f7 52 af 81 b2 99 8c d1 18 ef bc b4 9e 2a 3e 61 bc be df e8 8c 6a bc d5 50 0a 21 03 94 ad d1 cf 74 8a b6 33 f6 b9 d1 5e 2a 14 71 86 eb 02 92 5d 0c 87 3e 7c 4e 27 85 a9 f5 a3 a3 9a 75 9b 96 b4 60 f3 22 b1 f8 a9 3b e6 22 10 dd f9 2e 8f 37 c6 f9 79 46 9b 03 b2 98 04 32 1d ee 59 07 7a 24 cb 8b f2 d3 a7 d2 ae eb 85 5c 5c 80 5e fb cd 70 78 67 54 16 4d 10 c8 f9 69 31 5d ce fb 97 84 78 53 12 6e 44 fd 0d ce 98 13 97 5a 53 14 ef f1 9e b4 e7 d7 90 7b 82 14 f6 dc 85 8b 36 d6 c2 1a 75 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 18:27:26 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 22 Jun 2024 00:19:16 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 8178Keep-Alive: timeout=5, max=75Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 95 72 6d 9b db b6 b5 ed f7 fe 0a ea 9c 1e 01 88 20 5a 4a 4f ef b9 97 32 a2 c7 b1 c7 8d 53 c7 e3 13 db 75 53 45 4f 03 91 9b 12 62 0a 60 01 68 64 55 e2 7f bf 1b 7c 91 a8 99 49 d2 3e f6 88 c0 c6 7e 59 7b ad f5 e4 8b df 45 cf 4d 79 b0 6a bd f1 11 7d ce a2 97 90 81 55 a9 89 fe a6 ee 4c 61 a2 2f 27 d3 ff f9 5d f4 42 39 6f d5 6a e7 21 8b 76 1a 33 22 bf 81 e8 bb 57 ef a3 d7 2a 05 ed 20 a2 45 7b f0 60 b7 2e 92 16 22 e9 a3 8d f7 65 f2 e4 89 29 f1 c9 ec 6c 0a b1 b1 eb 27 6d aa 7b 82 0d 58 fc bb e8 8b 27 34 df e9 d4 2b a3 29 70 cf 8e c4 ac 7e 86 d4 13 21 fc a1 04 93 47 f0 b9 34 d6 bb e1 90 84 e9 b9 d2 90 91 41 f7 b8 35 d9 ae 80 79 f3 89 db 54 e1 29 4b 48 d7 f6 d2 a9 a9 1e 0e 9b 6f 2c b7 d9 bc 39 52 cf 12 88 df 9a b2 04 1b 8a 2b 46 fd 46 39 7e 46 86 b0 76 b8 5f 20 02 a1 cd ba 78 04 14 d8 d1 82 df 59 3c 23 c2 45 03 3e 7a d9 26 2c 71 b8 38 56 b1 37 ef b0 54 af e3 54 16 05 d6 54 e7 0e be d9 5a e5 74 3a 10 02 62 6d 32 78 8f 70 59 d3 75 b1 9c dd 49 1b 19 b1 06 ff dc 6c cb a0 c2 3b 7f 28 70 30 d7 bb a2 60 b3 76 ba 9f 9b 85 5f 26 e6 d2 d9 5c b0 91 6f de 7f f7 3a 40 69 fa bf 91 5b 98 03 6e 5c a2 54 da bf c1 d0 e9 04 f1 c6 38 7f 29 d7 a1 1c 61 0d 3a 28 51 66 d2 dd 16 f3 e3 95 c9 0e 33 b7 57 3e dd d0 4b 47 76 4c a5 83 66 54 52 1f bf be 7d f1 03 49 3a 7a 62 b3 d7 60 5f 5c 35 a9 d3 fe b3 6b dc cb ad 5f ab b0 ba 42 41 80 71 2b 54 6c ee c0 e6 85 d9 f3 b2 77 f9 2b 77 bd db 0f 1d 1f 4f a8 dc 79 73 72 a9 35 c8 d2 93 d8 83 f3 d4 8e dc a8 64 b8 ba a6 81 9d 9e 0c 36 6c db 30 8d 3a 22 d6 3c 77 e0 df d6 fc 70 25 cc 70 68 ce 8b 76 23 14 0a 5e af 88 c2 85 73 bd 79 38 cf c7 41 cb 05 79 ff 82 70 f2 fe d9 d7 af 6f c8 32 56 68 de cf b7 39 bd f4 61 58 e3 bc f4 2a 0d d2 78 6a 38 29 8d 53 b5 67 d9 dc 52 c3 12 93 a0 50 f7 88 eb d8 ba 29 20 7c 92 ec 17 1e 2e cb 95 dd 72 be 67 80 76 8b f3 06 7e 38 a4 67 9f f8 d3 09 19 89 73 65 5d d7 ee f9 46 15 19 0b 1e ea d1 e6 2e 1e 8b 82 1d 6b 8b 5d 5c 85 4c 63 46 2f d0 2b cd ce c6 1f a0 fb 06 0d b0 e0 7c bc f8 f0 77 0e 3c f0 df bd 45 67 ad 6e 71 6a b6 61 54 c7 d4 db 96 4c ea d9 30 0c 8f 5f dc 3e ff f0 dd cd 9b f7 7f 7f 7b fb ee d5 fb 57 b7 6f fe fe f2 f6 f5 eb db 8f af de fc 29 68 8c 68 3d d7 f8 f5 09 70 29 ce e3 52 0b d2 c3 f7 52 af 81 b2 99 8c d1 18 ef bc b4 9e 2a 3e 61 bc be df e8 8c 6a bc d5 50 0a 21 03 94 ad d1 cf 74 8a b6 33 f6 b9 d1 5e 2a 14 71 86 eb 02 92 5d 0c 87 3e 7c 4e 27 85 a9 f5 a3 a3 9a 75 9b 96 b4 60 f3 22 b1 f8 a9 3b e6 22 10 dd f9 2e 8f 37 c6 f9 79 46 9b 03 b2 98 04 32 1d ee 59 07 7a 24 cb 8b f2 d3 a7 d2 ae eb 85 5c 5c 80 5e fb cd 70 78 67 54 16 4d 10 c8 f9 69 31 5d ce fb 97 84 78 53 12 6e 44 fd 0d ce 98 13 97 5a 53 14 ef f1 9e b4 e7 d7 90 7b 82 14 f6 dc 85 8b 36 d6 c2 1a 75 3a

Source: global traffic	HTTP traffic detected: GET /by2jss HTTP/1.1Host: is.gdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/index.html HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery-3.1.1.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery-3.3.1.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveOrigin: http://buymore.com.ngUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/popper.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveOrigin: http://buymore.com.ngUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/icon.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/logo.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/Crypto/fonts.png HTTP/1.1Host: 0174meldingen.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/confirm.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/full.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/eye-close.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/tada.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/logo.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/popper.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/icon.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery-3.1.1.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery-3.3.1.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/confirm.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/full.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/eye-close.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/tada.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: is.gd
Source: global traffic	DNS traffic detected: DNS query: buymore.com.ng
Source: global traffic	DNS traffic detected: DNS query: 0174meldingen.online
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 06 Oct 2024 18:27:23 GMTServer: ApacheContent-Length: 0Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8

Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61926
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61926 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49761 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@22/48@10/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2468,i,12268834004386701736,15261720488238249562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://is.gd/by2jss"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2468,i,12268834004386701736,15261720488238249562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.185.129.112	buymore.com.ng	United States	46606	UNIFIEDLAYER-AS-1US	true
173.208.194.98	0174meldingen.online	United States	32097	WIIUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.25.234.53	is.gd	United States	13335	CLOUDFLARENETUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
0174meldingen.online	173.208.194.98	true
www.google.com	142.250.186.164	true
buymore.com.ng	192.185.129.112	true
is.gd	104.25.234.53	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true

Contacted URLs

Name	Malicious	Reputation
https://is.gd/by2jss	true	unknown
http://buymore.com.ng/tamask-v2/MT/Folder/jquery-3.1.1.min.js	false	unknown
http://buymore.com.ng/tamask-v2/MT/Folder/tada.png	false	unknown
http://buymore.com.ng/tamask-v2/MT/Folder/popper.min.js	false	unknown
http://buymore.com.ng/tamask-v2/MT/index.html	true	unknown
http://buymore.com.ng/tamask-v2/MT/Folder/eye-close.png	false	unknown
http://buymore.com.ng/tamask-v2/MT/Folder/icon.png	false	unknown
http://0174meldingen.online/css/Crypto/fonts.png	false	unknown
http://buymore.com.ng/tamask-v2/MT/Folder/full.png	false	unknown
http://buymore.com.ng/tamask-v2/MT/Folder/logo.png	false	unknown
http://buymore.com.ng/tamask-v2/MT/Folder/jquery-3.3.1.js	false	unknown
http://buymore.com.ng/tamask-v2/MT/Folder/confirm.png	false	unknown
http://buymore.com.ng/tamask-v2/MT/Folder/jquery.min.js	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 6 17:27:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4BA99019FE0BC57A00074A8B703AD81A	0286784F42938E568F86DEA8939961FED5D6FDAC	908040F7D7D8A061EAE3BFBDFBD5E8A6DF028C59191FBB88E1125D4175B19237
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 6 17:27:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	365DB4C2200BED1968DFC01EE495D217	56C8414669902672E0C621AEDE373F410DD77056	F95764EAF1823C96C78871E9646465F1F5930A9778B13A3662E8436E6BEF2CA3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5FFFCD2C593C1EF3C4557A3074A0A961	CA3F0DFC2D602CE3EB3CBE895578038E2AF21D1F	FF24A0601A62948CC592ABC4A51A307AAB033359AF2ECC1F1E9E52B2DC7DC96A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 6 17:27:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	57870C045426DBF6447DE6380AFCBE90	415FA62D9FD981D54AFDD87B92D439BBBDE98518	3B98A682E7185033535DD01E2DD29BB5410FB655A2A5082E149CE0A36945DC54
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 6 17:27:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1BEF770AD1C6D333EF0685589CA1F462	583CA535302B1B6C4A510ED3D0EE7AA1989415D4	A898E6CB3F20FB65D1A5D08A42590A38A80C8F8F8B69F5AA7877B16D62E8D6B9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 6 17:27:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	525FC0FCD7FB9F27F21D104FF3650E24	EC18F5482F6337B34B617BCBED4877F594642DE6	1EBF10A3519D75158FCA04D6AACE00D0E4567F958CE3A5FAD5C30DC86B471309
Chrome Cache Entry: 136	PNG image data, 440 x 87, 8-bit/color RGBA, non-interlaced	658377D041ADD6DFF531446D93372623	6BC1F737C58EA71E6FC193D868D7C56E515D38C7	461EF0864ED3D660C3F24B34676A3704F4609BDF6EFC82720C9119C1606CB0A1
Chrome Cache Entry: 137	Web Open Font Format (Version 2), TrueType, length 7816, version 1.0	25B0E113CA7CCE3770D542736DB26368	CB726212D5D525021752A1D8470A0FB593E0C49E	9338E65FC077355C7A87AE0D64CC101E23B9BF8AD78AE65F0F319C857311B526
Chrome Cache Entry: 138	PNG image data, 30 x 28, 8-bit/color RGBA, non-interlaced	5FDBA10B3DD02AB00A4746C1C1FDAB89	584F3275D15147C3CBE5B99468D6EFC9E407B45B	88746BDB585F8BF1DAA92CE979DBECF942F98C36E9E33AF52D5EE0BA43157306
Chrome Cache Entry: 139	PNG image data, 51 x 51, 8-bit/color RGBA, non-interlaced	F419183716DF0C9BCEFFF5389522958C	CF56E3EF9C5B162BECE6DFFE9E1B220526F7AC7E	0DFA5859ACD573CAF7190FA333E1551503CC295EBABE5C7051C90CFBF9D190A9
Chrome Cache Entry: 140	gzip compressed data, from Unix, original size modulo 2^32 85578	619E5664A321B65BF4139F82773DBD80	B149909FA3281F2C0F6217EA74D90C97E90EB82F	4CB103CC24504B415BC9667E315A515DDBD58B2E17C82ADFF5A9FE25F12300FB
Chrome Cache Entry: 141	gzip compressed data, from Unix, original size modulo 2^32 19188	65BB6603CD02F2DDAEE7ACEB4AD45900	8B6CB6F6ADFBD115B96B929FF1C7E863EBE08AD1	E57FEFA45F83431BAEE371EA4EB76883C1425343EA79883BEF37F2050EC0AF64
Chrome Cache Entry: 142	gzip compressed data, from Unix, original size modulo 2^32 86709	68EDEBB07B777F67728EC3E20CABF638	4B44786ACDA9A8C614B59A4EE4589F40EED5A531	4E6AE5202295EA06D1F1C6290C616F9F6043F35E64B38443D8A55AC586930EDE
Chrome Cache Entry: 143	PNG image data, 30 x 28, 8-bit/color RGBA, non-interlaced	5FDBA10B3DD02AB00A4746C1C1FDAB89	584F3275D15147C3CBE5B99468D6EFC9E407B45B	88746BDB585F8BF1DAA92CE979DBECF942F98C36E9E33AF52D5EE0BA43157306
Chrome Cache Entry: 144	ASCII text, with very long lines (1100), with no line terminators	8E4F858DC43CE5CD88CB1EB0C7FBBB00	66A55745B6E025FBD0D919858F04B87FBB977D6E	2158C29A6D4F27D87634D2EA188345FECEB5D744A666EF20B079F3DB00A06344
Chrome Cache Entry: 145	PNG image data, 197 x 46, 8-bit/color RGBA, non-interlaced	DFB72BACBB061E094FC7A7CDE620FD00	9799F5A0CA2AC4FF12A91C885380B8C74E99E879	8EF89F39E8D91C95215C408083A0F88791FA85DA70D5B68680B9E53A28D4C21E
Chrome Cache Entry: 146	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	94AB490CA05B42DCDFAF9252B8E81AB4	FFF88ED7570440539F9C26C54D8EF509ADC539D1	68BA91DB08E7F6E67D5AA7C6314427E93475C351F08131961B244D173E92E460
Chrome Cache Entry: 147	Web Open Font Format (Version 2), TrueType, length 5552, version 1.0	AA42A9A3D4FC9951ED37945FF1AF85DC	6CD63D09CC1F526ABA20B654EF5B55F8104586C6	A526DAC26FCC645D428764B07FD6AE2AD3399129B75C22C8E149278157291189
Chrome Cache Entry: 148	gzip compressed data, from Unix, original size modulo 2^32 271751	C909472224C237DD25696476CC021DE2	5C783A90884561EEEAE35F878AD934B49C57A6FA	A7302073F6B7D7CDED76CB063A8D9F5118028AAA6EAC9C54E74BF5DC1FAD9BA3
Chrome Cache Entry: 149	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced	70F6CE04FAFBDD42AE82F89667156B97	566E9805C141E94477463232279D70117B2B3C2C	1F7FA9E9C13E554F4777775B767FD61834DAD108D696F6CE518122D629E62AF6
Chrome Cache Entry: 150	gzip compressed data, from Unix, original size modulo 2^32 86709	68EDEBB07B777F67728EC3E20CABF638	4B44786ACDA9A8C614B59A4EE4589F40EED5A531	4E6AE5202295EA06D1F1C6290C616F9F6043F35E64B38443D8A55AC586930EDE
Chrome Cache Entry: 151	PNG image data, 197 x 46, 8-bit/color RGBA, non-interlaced	DFB72BACBB061E094FC7A7CDE620FD00	9799F5A0CA2AC4FF12A91C885380B8C74E99E879	8EF89F39E8D91C95215C408083A0F88791FA85DA70D5B68680B9E53A28D4C21E
Chrome Cache Entry: 152	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	94AB490CA05B42DCDFAF9252B8E81AB4	FFF88ED7570440539F9C26C54D8EF509ADC539D1	68BA91DB08E7F6E67D5AA7C6314427E93475C351F08131961B244D173E92E460
Chrome Cache Entry: 153	gzip compressed data, from Unix, original size modulo 2^32 60893	1E9813954EDF606C7551C671CC052964	44D2D467F2065FB8ED8D1434F9AAC1D9C63ABD84	5FFA9324FBBA161C85712482149393F49221EF1EF19D57C8A94F5BE72003554E
Chrome Cache Entry: 154	PNG image data, 440 x 87, 8-bit/color RGBA, non-interlaced	658377D041ADD6DFF531446D93372623	6BC1F737C58EA71E6FC193D868D7C56E515D38C7	461EF0864ED3D660C3F24B34676A3704F4609BDF6EFC82720C9119C1606CB0A1
Chrome Cache Entry: 155	PNG image data, 51 x 51, 8-bit/color RGBA, non-interlaced	F419183716DF0C9BCEFFF5389522958C	CF56E3EF9C5B162BECE6DFFE9E1B220526F7AC7E	0DFA5859ACD573CAF7190FA333E1551503CC295EBABE5C7051C90CFBF9D190A9
Chrome Cache Entry: 156	ASCII text	3B584B90739AC2DE5A21FF884FFE5428	DDAE0070CBC299E32AB0F61A3BDEFA3A4D4D07BE	B54469A21994F21A482F3A8E006B7F887A973E9519C3D7D55D379FF2ACD33C87
Chrome Cache Entry: 157	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced	70F6CE04FAFBDD42AE82F89667156B97	566E9805C141E94477463232279D70117B2B3C2C	1F7FA9E9C13E554F4777775B767FD61834DAD108D696F6CE518122D629E62AF6
Chrome Cache Entry: 158	gzip compressed data, from Unix, original size modulo 2^32 85578	619E5664A321B65BF4139F82773DBD80	B149909FA3281F2C0F6217EA74D90C97E90EB82F	4CB103CC24504B415BC9667E315A515DDBD58B2E17C82ADFF5A9FE25F12300FB
Chrome Cache Entry: 159	gzip compressed data, from Unix, original size modulo 2^32 19188	65BB6603CD02F2DDAEE7ACEB4AD45900	8B6CB6F6ADFBD115B96B929FF1C7E863EBE08AD1	E57FEFA45F83431BAEE371EA4EB76883C1425343EA79883BEF37F2050EC0AF64
Chrome Cache Entry: 160	Web Open Font Format (Version 2), TrueType, length 7884, version 1.0	9212F6F9860F9FC6C69B02FEDF6DB8C3	AC6D71B4D5FDD2B3DABC9A06FF6C001E4251DA0B	7D93459D86585BFCDBB7E0376056226ADB25821EE54B96236FE2123E9560929F
Chrome Cache Entry: 161	gzip compressed data, from Unix, original size modulo 2^32 271751	C909472224C237DD25696476CC021DE2	5C783A90884561EEEAE35F878AD934B49C57A6FA	A7302073F6B7D7CDED76CB063A8D9F5118028AAA6EAC9C54E74BF5DC1FAD9BA3

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://is.gd/by2jss

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: http://buymore.com.ng/tamask-v2/MT/index.html	LLM: Score: 7 Reasons: The brand 'MetaMask' is a known cryptocurrency wallet service., The legitimate domain for MetaMask is 'metamask.io'., The provided URL 'buymore.com.ng' does not match the legitimate domain for MetaMask., The domain 'buymore.com.ng' is unrelated to MetaMask and uses a '.ng' extension, which is unusual for MetaMask., The presence of input fields asking for a secret recovery phrase is a common phishing tactic. DOM: 0.0.pages.csv
Source: http://buymore.com.ng/tamask-v2/MT/index.html	LLM: Score: 7 Reasons: The brand 'MetaMask' is known and typically associated with the domain 'metamask.io'., The URL 'buymore.com.ng' does not match the legitimate domain for MetaMask., The domain 'buymore.com.ng' is unrelated to MetaMask and uses a '.ng' extension, which is unusual for MetaMask., The presence of input fields asking for a secret recovery phrase is a common phishing tactic targeting cryptocurrency users., The URL does not contain any elements that would suggest a legitimate association with MetaMask. DOM: 0.1.pages.csv

HTML body contains low number of good links

Source: http://buymore.com.ng/tamask-v2/MT/index.html

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: http://buymore.com.ng/tamask-v2/MT/index.html

HTTP Parser: Title: MetaMask Card does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Source: http://buymore.com.ng/tamask-v2/MT/index.html

HTTP Parser: Has password / email / username input fields

Source: http://buymore.com.ng/tamask-v2/MT/index.html

HTTP Parser: <input type="password" .../> found

Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="author".. found
Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="author".. found
Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="author".. found

Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="copyright".. found
Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="copyright".. found
Source: http://buymore.com.ng/tamask-v2/MT/index.html	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49743 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49759 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49766 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49761 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.5:61918 -> 1.1.1.1:53

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49743 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49759 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49766 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 18:27:22 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 05 Oct 2024 10:45:06 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 9398Keep-Alive: timeout=5, max=75Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 92 df 92 db c8 bd df af 8f aa f4 0e bd d0 ca e6 e4 0c 48 34 08 90 e0 68 38 f1 4a 9a 29 2b de b5 e5 95 7c d6 9b 63 d7 aa 01 34 c9 de 01 ba e1 ee 06 87 5c ed 54 e5 35 72 17 e7 e6 54 e5 2e b9 4d aa 72 b1 e5 17 c9 0b e4 15 d2 0d 90 44 13 c3 9e 19 ed 2c 37 36 4b a0 34 68 f4 ef ff e7 f7 fd bf ff f3 7f 3f 7e 74 fa c9 cb df bd 78 fb f5 eb 73 30 93 79 76 a6 2e f4 1b 64 88 4e c7 0e a6 4e 75 83 51 aa de 40 3d a7 39 96 08 24 33 c4 05 96 63 e7 0f 6f 2f dc c8 d9 b2 51 94 e3 b1 33 27 f8 aa 60 5c 3a 20 61 54 62 aa 7c af 48 2a 67 e3 14 cf 49 82 dd ea e3 18 10 4a 24 41 99 2b 12 94 e1 31 ec 7a bb 72 71 3c c1 9c 63 6e e4 2a a9 40 13 ec 96 3c db 04 48 22 33 7c f6 85 0a fb 02 89 4b f0 02 f1 f4 b4 57 5f de 4c 39 65 6c 9a e1 98 99 fd 51 46 68 8a 17 bb 3a d8 b8 bb 14 5f 89 0f 8c 79 70 09 41 49 51 60 b9 89 ca 08 bd 04 1c 67 63 87 28 2f 07 cc 14 a0 b1 d3 ed 5d b0 2c c5 bc a7 2f bb 05 9d 6e fc 45 c2 49 21 81 e0 89 e1 f5 ed 5f 4a cc 97 dd 9c d0 ee b7 c2 39 3b ed d5 5e f7 88 71 fb 5d a8 7e 3f 2e 52 c7 aa 28 b5 78 89 a7 9c c8 e5 d8 11 33 e4 87 03 d7 ff 0d bb 1c 7e 11 ff 6e b9 28 a6 7f f8 97 f9 67 97 bd 5f ff 07 ff 5b 32 fd dd 9b af df f8 a8 fc 4d f0 7a f2 5d 9c 0f cb 5f 0f bc b1 c2 c3 99 10 8c 93 29 a1 63 07 51 46 97 39 2b 6f 76 f3 93 0f 52 30 b5 0a be 8e 69 8d d1 8f 02 f7 b3 e2 b7 f1 74 36 7a fe cf 5f c3 df ff 46 ce fb 5f d2 e1 57 fd 7c fa 7a 31 fb c3 e8 37 bd 37 c9 ef c5 67 af 87 b3 3f 90 f8 8f fd d1 b7 c3 09 ba bc 78 2d 2e e7 7f 2c c5 7c 82 bc 38 f8 fd bd 46 3b 15 72 b9 d1 b5 7e 7e 45 f2 82 71 09 4a 9e 75 9c 5e ef 69 df 7b da 87 4f fb c3 a7 fd e0 e9 e0 e5 d3 41 f8 74 f0 e2 e9 40 9d 47 4f 07 e7 4f 07 c3 ea e6 fc a9 af ce 17 d5 cd 8b b5 29 ec 3d 1d f4 9f 0e f5 bf de d3 40 bd fc a7 c3 d1 d3 a1 f7 74 a8 a2 2f 94 71 b0 0a 51 df ca 4b 65 50 b6 2a a7 73 f4 6c 77 43 bf 9c 49 59 88 93 5e 6f a2 34 2d ba b5 d2 51 41 44 37 61 79 2f 11 c2 ff f7 13 94 93 6c 39 7e ad e8 12 2a 4e ae a6 33 f9 ab be e7 3d 0b d4 ff 50 fd 1f a8 ff 43 f5 3f 52 ff 47 9e f7 8b 94 88 22 43 cb b1 b8 42 c5 2f 75 dd c7 8f fe dd 7b 5d 3d 47 5c 71 3b 01 5e d5 4b 81 d2 94 d0 69 fd 79 fd f8 51 cc d2 65 e5 06 62 b6 70 05 f9 ae 32 c6 8c ab d5 ba ea aa 1e 40 b7 e9 d6 1d 9d 80 5f ae 7a fa e5 31 10 88 0a 57 60 4e 26 ab 6c a5 94 8c 1e 13 5a 94 52 59 71 86 13 59 65 df 4a 40 e8 4c 85 c8 3a 44 4d 4c 25 22 14 f3 ca f1 8a a4 72 76 02 d4 32 9e 99 cd fb 5e b1 00 a8 94 6c 15 34 c3 28 d5 ed 55 31 ab d1 4f c0 24 c3 75 c3 28 23 53 ea 12 89 73 71 02 12 ac 24 c9 ab fb 6f 4b 21 c9 64 e9 ea 9a ea f6 04 88 02 25 d8 8d b1 bc c2 98 ae 72 d7 6d eb ec e6 04 1b 70 c3 a2 ae 51 33 3a 01 50 75 26 58 46 52 f0 24 49 12 c3 e4 72 94 92 52 35 10 56 11 3a f5 84 f1 dc cd d5 b4 eb d6 2d e3 86 c6 b8 3b 2b a5 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 18:27:23 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 22 Jun 2024 00:19:16 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 8178Keep-Alive: timeout=5, max=75Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 95 72 6d 9b db b6 b5 ed f7 fe 0a ea 9c 1e 01 88 20 5a 4a 4f ef b9 97 32 a2 c7 b1 c7 8d 53 c7 e3 13 db 75 53 45 4f 03 91 9b 12 62 0a 60 01 68 64 55 e2 7f bf 1b 7c 91 a8 99 49 d2 3e f6 88 c0 c6 7e 59 7b ad f5 e4 8b df 45 cf 4d 79 b0 6a bd f1 11 7d ce a2 97 90 81 55 a9 89 fe a6 ee 4c 61 a2 2f 27 d3 ff f9 5d f4 42 39 6f d5 6a e7 21 8b 76 1a 33 22 bf 81 e8 bb 57 ef a3 d7 2a 05 ed 20 a2 45 7b f0 60 b7 2e 92 16 22 e9 a3 8d f7 65 f2 e4 89 29 f1 c9 ec 6c 0a b1 b1 eb 27 6d aa 7b 82 0d 58 fc bb e8 8b 27 34 df e9 d4 2b a3 29 70 cf 8e c4 ac 7e 86 d4 13 21 fc a1 04 93 47 f0 b9 34 d6 bb e1 90 84 e9 b9 d2 90 91 41 f7 b8 35 d9 ae 80 79 f3 89 db 54 e1 29 4b 48 d7 f6 d2 a9 a9 1e 0e 9b 6f 2c b7 d9 bc 39 52 cf 12 88 df 9a b2 04 1b 8a 2b 46 fd 46 39 7e 46 86 b0 76 b8 5f 20 02 a1 cd ba 78 04 14 d8 d1 82 df 59 3c 23 c2 45 03 3e 7a d9 26 2c 71 b8 38 56 b1 37 ef b0 54 af e3 54 16 05 d6 54 e7 0e be d9 5a e5 74 3a 10 02 62 6d 32 78 8f 70 59 d3 75 b1 9c dd 49 1b 19 b1 06 ff dc 6c cb a0 c2 3b 7f 28 70 30 d7 bb a2 60 b3 76 ba 9f 9b 85 5f 26 e6 d2 d9 5c b0 91 6f de 7f f7 3a 40 69 fa bf 91 5b 98 03 6e 5c a2 54 da bf c1 d0 e9 04 f1 c6 38 7f 29 d7 a1 1c 61 0d 3a 28 51 66 d2 dd 16 f3 e3 95 c9 0e 33 b7 57 3e dd d0 4b 47 76 4c a5 83 66 54 52 1f bf be 7d f1 03 49 3a 7a 62 b3 d7 60 5f 5c 35 a9 d3 fe b3 6b dc cb ad 5f ab b0 ba 42 41 80 71 2b 54 6c ee c0 e6 85 d9 f3 b2 77 f9 2b 77 bd db 0f 1d 1f 4f a8 dc 79 73 72 a9 35 c8 d2 93 d8 83 f3 d4 8e dc a8 64 b8 ba a6 81 9d 9e 0c 36 6c db 30 8d 3a 22 d6 3c 77 e0 df d6 fc 70 25 cc 70 68 ce 8b 76 23 14 0a 5e af 88 c2 85 73 bd 79 38 cf c7 41 cb 05 79 ff 82 70 f2 fe d9 d7 af 6f c8 32 56 68 de cf b7 39 bd f4 61 58 e3 bc f4 2a 0d d2 78 6a 38 29 8d 53 b5 67 d9 dc 52 c3 12 93 a0 50 f7 88 eb d8 ba 29 20 7c 92 ec 17 1e 2e cb 95 dd 72 be 67 80 76 8b f3 06 7e 38 a4 67 9f f8 d3 09 19 89 73 65 5d d7 ee f9 46 15 19 0b 1e ea d1 e6 2e 1e 8b 82 1d 6b 8b 5d 5c 85 4c 63 46 2f d0 2b cd ce c6 1f a0 fb 06 0d b0 e0 7c bc f8 f0 77 0e 3c f0 df bd 45 67 ad 6e 71 6a b6 61 54 c7 d4 db 96 4c ea d9 30 0c 8f 5f dc 3e ff f0 dd cd 9b f7 7f 7f 7b fb ee d5 fb 57 b7 6f fe fe f2 f6 f5 eb db 8f af de fc 29 68 8c 68 3d d7 f8 f5 09 70 29 ce e3 52 0b d2 c3 f7 52 af 81 b2 99 8c d1 18 ef bc b4 9e 2a 3e 61 bc be df e8 8c 6a bc d5 50 0a 21 03 94 ad d1 cf 74 8a b6 33 f6 b9 d1 5e 2a 14 71 86 eb 02 92 5d 0c 87 3e 7c 4e 27 85 a9 f5 a3 a3 9a 75 9b 96 b4 60 f3 22 b1 f8 a9 3b e6 22 10 dd f9 2e 8f 37 c6 f9 79 46 9b 03 b2 98 04 32 1d ee 59 07 7a 24 cb 8b f2 d3 a7 d2 ae eb 85 5c 5c 80 5e fb cd 70 78 67 54 16 4d 10 c8 f9 69 31 5d ce fb 97 84 78 53 12 6e 44 fd 0d ce 98 13 97 5a 53 14 ef f1 9e b4 e7 d7 90 7b 82 14 f6 dc 85 8b 36 d6 c2 1a 75 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 18:27:26 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 22 Jun 2024 00:19:16 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 8178Keep-Alive: timeout=5, max=75Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 95 72 6d 9b db b6 b5 ed f7 fe 0a ea 9c 1e 01 88 20 5a 4a 4f ef b9 97 32 a2 c7 b1 c7 8d 53 c7 e3 13 db 75 53 45 4f 03 91 9b 12 62 0a 60 01 68 64 55 e2 7f bf 1b 7c 91 a8 99 49 d2 3e f6 88 c0 c6 7e 59 7b ad f5 e4 8b df 45 cf 4d 79 b0 6a bd f1 11 7d ce a2 97 90 81 55 a9 89 fe a6 ee 4c 61 a2 2f 27 d3 ff f9 5d f4 42 39 6f d5 6a e7 21 8b 76 1a 33 22 bf 81 e8 bb 57 ef a3 d7 2a 05 ed 20 a2 45 7b f0 60 b7 2e 92 16 22 e9 a3 8d f7 65 f2 e4 89 29 f1 c9 ec 6c 0a b1 b1 eb 27 6d aa 7b 82 0d 58 fc bb e8 8b 27 34 df e9 d4 2b a3 29 70 cf 8e c4 ac 7e 86 d4 13 21 fc a1 04 93 47 f0 b9 34 d6 bb e1 90 84 e9 b9 d2 90 91 41 f7 b8 35 d9 ae 80 79 f3 89 db 54 e1 29 4b 48 d7 f6 d2 a9 a9 1e 0e 9b 6f 2c b7 d9 bc 39 52 cf 12 88 df 9a b2 04 1b 8a 2b 46 fd 46 39 7e 46 86 b0 76 b8 5f 20 02 a1 cd ba 78 04 14 d8 d1 82 df 59 3c 23 c2 45 03 3e 7a d9 26 2c 71 b8 38 56 b1 37 ef b0 54 af e3 54 16 05 d6 54 e7 0e be d9 5a e5 74 3a 10 02 62 6d 32 78 8f 70 59 d3 75 b1 9c dd 49 1b 19 b1 06 ff dc 6c cb a0 c2 3b 7f 28 70 30 d7 bb a2 60 b3 76 ba 9f 9b 85 5f 26 e6 d2 d9 5c b0 91 6f de 7f f7 3a 40 69 fa bf 91 5b 98 03 6e 5c a2 54 da bf c1 d0 e9 04 f1 c6 38 7f 29 d7 a1 1c 61 0d 3a 28 51 66 d2 dd 16 f3 e3 95 c9 0e 33 b7 57 3e dd d0 4b 47 76 4c a5 83 66 54 52 1f bf be 7d f1 03 49 3a 7a 62 b3 d7 60 5f 5c 35 a9 d3 fe b3 6b dc cb ad 5f ab b0 ba 42 41 80 71 2b 54 6c ee c0 e6 85 d9 f3 b2 77 f9 2b 77 bd db 0f 1d 1f 4f a8 dc 79 73 72 a9 35 c8 d2 93 d8 83 f3 d4 8e dc a8 64 b8 ba a6 81 9d 9e 0c 36 6c db 30 8d 3a 22 d6 3c 77 e0 df d6 fc 70 25 cc 70 68 ce 8b 76 23 14 0a 5e af 88 c2 85 73 bd 79 38 cf c7 41 cb 05 79 ff 82 70 f2 fe d9 d7 af 6f c8 32 56 68 de cf b7 39 bd f4 61 58 e3 bc f4 2a 0d d2 78 6a 38 29 8d 53 b5 67 d9 dc 52 c3 12 93 a0 50 f7 88 eb d8 ba 29 20 7c 92 ec 17 1e 2e cb 95 dd 72 be 67 80 76 8b f3 06 7e 38 a4 67 9f f8 d3 09 19 89 73 65 5d d7 ee f9 46 15 19 0b 1e ea d1 e6 2e 1e 8b 82 1d 6b 8b 5d 5c 85 4c 63 46 2f d0 2b cd ce c6 1f a0 fb 06 0d b0 e0 7c bc f8 f0 77 0e 3c f0 df bd 45 67 ad 6e 71 6a b6 61 54 c7 d4 db 96 4c ea d9 30 0c 8f 5f dc 3e ff f0 dd cd 9b f7 7f 7f 7b fb ee d5 fb 57 b7 6f fe fe f2 f6 f5 eb db 8f af de fc 29 68 8c 68 3d d7 f8 f5 09 70 29 ce e3 52 0b d2 c3 f7 52 af 81 b2 99 8c d1 18 ef bc b4 9e 2a 3e 61 bc be df e8 8c 6a bc d5 50 0a 21 03 94 ad d1 cf 74 8a b6 33 f6 b9 d1 5e 2a 14 71 86 eb 02 92 5d 0c 87 3e 7c 4e 27 85 a9 f5 a3 a3 9a 75 9b 96 b4 60 f3 22 b1 f8 a9 3b e6 22 10 dd f9 2e 8f 37 c6 f9 79 46 9b 03 b2 98 04 32 1d ee 59 07 7a 24 cb 8b f2 d3 a7 d2 ae eb 85 5c 5c 80 5e fb cd 70 78 67 54 16 4d 10 c8 f9 69 31 5d ce fb 97 84 78 53 12 6e 44 fd 0d ce 98 13 97 5a 53 14 ef f1 9e b4 e7 d7 90 7b 82 14 f6 dc 85 8b 36 d6 c2 1a 75 3a

Source: global traffic	HTTP traffic detected: GET /by2jss HTTP/1.1Host: is.gdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/index.html HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery-3.1.1.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery-3.3.1.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveOrigin: http://buymore.com.ngUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/popper.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveOrigin: http://buymore.com.ngUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/icon.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/logo.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/Crypto/fonts.png HTTP/1.1Host: 0174meldingen.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/confirm.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/full.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/eye-close.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/tada.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://buymore.com.ng/tamask-v2/MT/index.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/logo.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/popper.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/icon.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery-3.1.1.min.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/jquery-3.3.1.js HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/confirm.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/full.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/eye-close.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tamask-v2/MT/Folder/tada.png HTTP/1.1Host: buymore.com.ngConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: is.gd
Source: global traffic	DNS traffic detected: DNS query: buymore.com.ng
Source: global traffic	DNS traffic detected: DNS query: 0174meldingen.online
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_156.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61926
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61926 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49761 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@22/48@10/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2468,i,12268834004386701736,15261720488238249562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://is.gd/by2jss"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2468,i,12268834004386701736,15261720488238249562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1527157
Product:	CloudBasic
Start time:	20:26:22
Start date:	06.10.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://is.gd/by2jss

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://is.gd/by2jss

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://is.gd/by2jss