Edit tour
Windows
Analysis Report
https://us-west-2.protection.sophos.com/?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnR
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Detected suspicious crossdomain redirect
HTTP GET or POST without a user agent
Stores files to the Windows start menu directory
Classification
- System is w10x64_ra
- chrome.exe (PID: 6632 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 1184 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2240 --fi eld-trial- handle=198 0,i,243576 4324751911 138,180271 4051244552 6587,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- chrome.exe (PID: 5900 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://us-we st-2.prote ction.soph os.com/?d= xfinity.co m&u=aHR0cH M6Ly9jbXAu Y3dzLnhmaW 5pdHkuY29t L3V0aWxpdH kvdHJhY2tp bmcvdHJhY2 tpbmcvQ2xp Y2tlZFVybD 90YXJnZXRJ ZD1mZTNkZD E3MS1hMDc1 LTRjM2MtYW E5NS03OWE1 ZGZhODJjYT hfbWlwXzEz MiZzZXJ2ZX JJZD1jM3Bv JnRlbXBsYX RlSWQ9NzAy OWUzMDctOT MwNC00NWQ5 LWJjZDEtNG ZlNjk4ZTdl NDQ1JnRhcm dldFVybD1o dHRwczovL2 J1c2luZXNz LmNvbWNhc3 QuY29tL2Fj Y291bnQvYm lsbD9DSUQ9 RU1DLVRSLU JpbGxSZWFk eS1WaWV3U3 RhdGVtZW50 &i=NTljNTk 1ZmQ4Zjg2M GMxNzM4NDB hZGNi&t=Nm V1QzV1bkZJ bUtHbkJnVj FOenp2L2Ny enBsK0NuV3 BCbnBNa0hV MGpTYz0=&h =41698bb3f 89e4e30953 996822e5ff f5b&s=AVNP UEhUT0NFTk NSWVBUSVYv IpZHvF0h0c hKAgPasAV- CzwOwWHUeJ DSnsmZZPBR Z5hzqPY8-K 6m2owVEfzR eGk" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |