Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://casey.marquette@cybertrustnetwork.com/

Overview

General Information

Sample URL:http://casey.marquette@cybertrustnetwork.com/
Analysis ID:1540388

Detection

Score:23
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Javascript uses Clearbit API to dynamically determine company logos
Form action URLs do not match main URL
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory
URL contains potential PII (phishing indication)

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 6100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1812,i,7697090070898574876,17635712910274736600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 7240 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5688 --field-trial-handle=1812,i,7697090070898574876,17635712910274736600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 6228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://casey.marquette@cybertrustnetwork.com/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://cybertrustnetwork.com/HTTP Parser: self.__next_f.push([1,"9:[\"$\",\"div\",null,{\"children\":[\"$\",\"$l1e\",null,{\"currentdbuser\":null,\"totaljobpostings\":29748,\"dailyjobpostings\":854,\"randomjobpostings\":[{\"id\":\"p1ydy6vvpslhfipjniagb\",\"redirect_job_url\":null,\"direct_job_url\":\"https://sjobs.brassring.com/tgnewui/search/home/homewithpreload?pagetype=jobdetails\u0026partnerid=25633\u0026siteid=5439\u0026jobid=2126429\",\"description\":\"$1f\",\"created_date\":\"$d2024-10-22t00:00:00.000z\",\"last_checked_date\":\"$d2024-10-22t00:00:00.000z\",\"country\":\"united states\",\"region\":\"ct\",\"city\":\"hartford\",\"zip_code\":\"06183\",\"company_name\":\"infosys ltd\",\"title\":\"azure ad security lead\",\"job_hash\":\"272deb9911a6efac5c4dd8eeca16e546\",\"jobcompanyname\":\"infosys\",\"joblocation\":\"richardson, tx, united states\",\"joblocationtype\":\"in office\",\"jobtitle\":\"azure ad security lead\",\"jobsalary\":\"not specified\",\"jobtype\":\"not specified\",\"joboverview\":\"infosys is seeking an azure ad security lead. in...
Source: https://appleid.apple.com/auth/authorize?access_type=offline&client_id=com.cybertrustnetwork.clerk&redirect_uri=https%3A%2F%2Fclerk.cybertrustnetwork.com%2Fv1%2Foauth_callback&response_mode=form_post&response_type=code&scope=name%20email&state=c8mifsjzc1fcnu3lc94j56mumfyl0wc6ybisxjyjHTTP Parser: Form action: https://clerk.cybertrustnetwork.com/v1/oauth_callback apple cybertrustnetwork
Source: https://appleid.apple.com/auth/authorize?access_type=offline&client_id=com.cybertrustnetwork.clerk&redirect_uri=https%3A%2F%2Fclerk.cybertrustnetwork.com%2Fv1%2Foauth_callback&response_mode=form_post&response_type=code&scope=name%20email&state=c8mifsjzc1fcnu3lc94j56mumfyl0wc6ybisxjyjHTTP Parser: Number of links: 0
Source: https://casey.marquette@cybertrustnetwork.com/HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://casey.marquette@cybertrustnetwork.com/HTTP Parser: Base64 decoded: {"version":3,"sources":["webpack://./../../.yarn/__virtual__/@termly-react-components-virtual-d20d8fbfab/0/cache/@termly-react-components-npm-3.6.3-4f5cb71732-eba2e81f60.zip/node_modules/@termly/react-components/src/components/Button/styles.module.sass"],...
Source: https://appleid.apple.com/auth/authorize?access_type=offline&client_id=com.cybertrustnetwork.clerk&redirect_uri=https%3A%2F%2Fclerk.cybertrustnetwork.com%2Fv1%2Foauth_callback&response_mode=form_post&response_type=code&scope=name%20email&state=c8mifsjzc1fcnu3lc94j56mumfyl0wc6ybisxjyjHTTP Parser: Title: Sign in to AppleAccount does not match URL
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: http://casey.marquette@cybertrustnetwork.com/Sample URL: PII: casey.marquette@cybertrustnetwork.com
Source: https://casey.marquette@cybertrustnetwork.com/HTTP Parser: <input type="password" .../> found
Source: https://appleid.apple.com/auth/authorize?access_type=offline&client_id=com.cybertrustnetwork.clerk&redirect_uri=https%3A%2F%2Fclerk.cybertrustnetwork.com%2Fv1%2Foauth_callback&response_mode=form_post&response_type=code&scope=name%20email&state=c8mifsjzc1fcnu3lc94j56mumfyl0wc6ybisxjyjHTTP Parser: <input type="password" .../> found
Source: https://appleid.apple.com/auth/authorize?access_type=offline&client_id=com.cybertrustnetwork.clerk&redirect_uri=https%3A%2F%2Fclerk.cybertrustnetwork.com%2Fv1%2Foauth_callback&response_mode=form_post&response_type=code&scope=name%20email&state=c8mifsjzc1fcnu3lc94j56mumfyl0wc6ybisxjyjHTTP Parser: No <meta name="author".. found
Source: https://casey.marquette@cybertrustnetwork.com/HTTP Parser: No <meta name="copyright".. found
Source: https://casey.marquette@cybertrustnetwork.com/HTTP Parser: No <meta name="copyright".. found
Source: https://casey.marquette@cybertrustnetwork.com/HTTP Parser: No <meta name="copyright".. found
Source: https://appleid.apple.com/auth/authorize?access_type=offline&client_id=com.cybertrustnetwork.clerk&redirect_uri=https%3A%2F%2Fclerk.cybertrustnetwork.com%2Fv1%2Foauth_callback&response_mode=form_post&response_type=code&scope=name%20email&state=c8mifsjzc1fcnu3lc94j56mumfyl0wc6ybisxjyjHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49852 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.17:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49900 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.150:443 -> 192.168.2.17:49904 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: global trafficDNS traffic detected: DNS query: cybertrustnetwork.com
Source: global trafficDNS traffic detected: DNS query: app.termly.io
Source: global trafficDNS traffic detected: DNS query: affiliates.cybertrustnetwork.com
Source: global trafficDNS traffic detected: DNS query: clerk.cybertrustnetwork.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: snap.licdn.com
Source: global trafficDNS traffic detected: DNS query: assets.apollo.io
Source: global trafficDNS traffic detected: DNS query: aplo-evnt.com
Source: global trafficDNS traffic detected: DNS query: px.ads.linkedin.com
Source: global trafficDNS traffic detected: DNS query: www.linkedin.com
Source: global trafficDNS traffic detected: DNS query: img.clerk.com
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49852 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.17:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49900 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.150:443 -> 192.168.2.17:49904 version: TLS 1.2
Source: classification engineClassification label: sus23.phis.win@24/6@60/347
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1812,i,7697090070898574876,17635712910274736600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://casey.marquette@cybertrustnetwork.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5688 --field-trial-handle=1812,i,7697090070898574876,17635712910274736600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1812,i,7697090070898574876,17635712910274736600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5688 --field-trial-handle=1812,i,7697090070898574876,17635712910274736600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
3
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
worker.clerkprod-cloudflare.net
104.18.0.101
truefalse
    unknown
    assets.apollo.io
    172.67.2.155
    truefalse
      unknown
      challenges.cloudflare.com
      104.18.94.41
      truefalse
        unknown
        cybertrustnetwork.com
        34.228.48.36
        truefalse
          unknown
          app.termly.io
          104.18.31.234
          truefalse
            unknown
            www.google.com
            142.250.186.68
            truefalse
              unknown
              aplo-evnt.com
              34.107.133.146
              truefalse
                unknown
                domains.rewardful.com
                161.35.235.194
                truefalse
                  unknown
                  affiliates.cybertrustnetwork.com
                  unknown
                  unknownfalse
                    unknown
                    snap.licdn.com
                    unknown
                    unknownfalse
                      unknown
                      www.linkedin.com
                      unknown
                      unknownfalse
                        unknown
                        img.clerk.com
                        unknown
                        unknownfalse
                          unknown
                          clerk.cybertrustnetwork.com
                          unknown
                          unknownfalse
                            unknown
                            px.ads.linkedin.com
                            unknown
                            unknownfalse
                              unknown
                              NameMaliciousAntivirus DetectionReputation
                              https://casey.marquette@cybertrustnetwork.com/false
                                unknown
                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs
                                IPDomainCountryFlagASNASN NameMalicious
                                142.250.186.68
                                www.google.comUnited States
                                15169GOOGLEUSfalse
                                17.32.194.37
                                unknownUnited States
                                714APPLE-ENGINEERINGUSfalse
                                142.250.74.206
                                unknownUnited States
                                15169GOOGLEUSfalse
                                142.250.186.174
                                unknownUnited States
                                15169GOOGLEUSfalse
                                142.250.185.200
                                unknownUnited States
                                15169GOOGLEUSfalse
                                104.18.94.41
                                challenges.cloudflare.comUnited States
                                13335CLOUDFLARENETUSfalse
                                172.217.23.106
                                unknownUnited States
                                15169GOOGLEUSfalse
                                104.18.0.101
                                worker.clerkprod-cloudflare.netUnited States
                                13335CLOUDFLARENETUSfalse
                                104.18.1.101
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                54.144.220.28
                                unknownUnited States
                                14618AMAZON-AESUSfalse
                                172.67.2.155
                                assets.apollo.ioUnited States
                                13335CLOUDFLARENETUSfalse
                                161.35.235.194
                                domains.rewardful.comUnited States
                                14061DIGITALOCEAN-ASNUSfalse
                                142.250.184.200
                                unknownUnited States
                                15169GOOGLEUSfalse
                                88.221.110.136
                                unknownEuropean Union
                                20940AKAMAI-ASN1EUfalse
                                104.18.41.41
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                1.1.1.1
                                unknownAustralia
                                13335CLOUDFLARENETUSfalse
                                104.18.31.234
                                app.termly.ioUnited States
                                13335CLOUDFLARENETUSfalse
                                108.177.15.84
                                unknownUnited States
                                15169GOOGLEUSfalse
                                172.217.16.206
                                unknownUnited States
                                15169GOOGLEUSfalse
                                142.250.186.163
                                unknownUnited States
                                15169GOOGLEUSfalse
                                2.16.164.10
                                unknownEuropean Union
                                20940AKAMAI-ASN1EUfalse
                                104.18.23.132
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                104.18.95.41
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                104.20.40.213
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                13.107.42.14
                                unknownUnited States
                                8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                216.58.206.46
                                unknownUnited States
                                15169GOOGLEUSfalse
                                142.250.185.170
                                unknownUnited States
                                15169GOOGLEUSfalse
                                239.255.255.250
                                unknownReserved
                                unknownunknownfalse
                                104.18.30.234
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                23.215.17.144
                                unknownUnited States
                                20940AKAMAI-ASN1EUfalse
                                34.107.133.146
                                aplo-evnt.comUnited States
                                15169GOOGLEUSfalse
                                104.18.22.132
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                2.23.196.201
                                unknownEuropean Union
                                1273CWVodafoneGroupPLCEUfalse
                                172.217.16.195
                                unknownUnited States
                                15169GOOGLEUSfalse
                                104.20.39.213
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                34.228.48.36
                                cybertrustnetwork.comUnited States
                                14618AMAZON-AESUSfalse
                                IP
                                192.168.2.17
                                192.168.2.18
                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1540388
                                Start date and time:2024-10-23 17:59:13 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                Sample URL:http://casey.marquette@cybertrustnetwork.com/
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:21
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • EGA enabled
                                Analysis Mode:stream
                                Analysis stop reason:Timeout
                                Detection:SUS
                                Classification:sus23.phis.win@24/6@60/347
                                • Exclude process from analysis (whitelisted): TextInputHost.exe
                                • Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.186.174, 108.177.15.84, 34.104.35.123, 142.250.185.200, 142.250.184.200
                                • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, www.googletagmanager.com, clientservices.googleapis.com, clients.l.google.com
                                • Not all processes where analyzed, report is missing behavior information
                                • VT rate limit hit for: http://casey.marquette@cybertrustnetwork.com/
                                InputOutput
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Revolutionizing Cybersecurity Through Trusted Connections",
                                  "prominent_button_name": "unknown",
                                  "text_input_field_labels": "unknown",
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": true,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "Cybertrust Network"
                                  ]
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Revolutionizing Cybersecurity Through Trusted Connections",
                                  "prominent_button_name": "Sign up",
                                  "text_input_field_labels": "unknown",
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": true,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Create your account",
                                  "prominent_button_name": "unknown",
                                  "text_input_field_labels": [
                                    "First name",
                                    "Last name",
                                    "Username",
                                    "Email address",
                                    "Phone number",
                                    "Password"
                                  ],
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": false,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "Cybertrust Network"
                                  ]
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "Cybertrust Network"
                                  ]
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: gpt-4o
                                ```json{  "legit_domain": "cybertrustnetwork.com",  "classification": "unknown",  "reasons": [    "The brand 'Cybertrust Network' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'.",    "The URL 'cybertrustnetwork.com' matches the brand name exactly, which is a positive indicator for legitimacy.",    "There are no obvious misspellings or suspicious elements in the URL.",    "The domain uses a common '.com' extension, which is typical for legitimate businesses.",    "The presence of input fields for personal information is common for both legitimate and phishing sites, so it does not provide a definitive indication of phishing."  ],  "riskscore": 3}
                                URL: cybertrustnetwork.com
                                            Brands: Cybertrust Network
                                            Input Fields: First name, Last name, Username, Email address, Phone number, Password
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Create your account",
                                  "prominent_button_name": "unknown",
                                  "text_input_field_labels": [
                                    "First name",
                                    "Last name",
                                    "Username",
                                    "Email address",
                                    "Phone number",
                                    "Password"
                                  ],
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": false,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "Cybertrust Network"
                                  ]
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: gpt-4o
                                ```json{  "legit_domain": "cybertrustnetwork.com",  "classification": "unknown",  "reasons": [    "The brand 'Cybertrust Network' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'.",    "The URL 'cybertrustnetwork.com' matches the brand name exactly, which is a positive indicator for legitimacy.",    "There are no obvious misspellings or suspicious elements in the URL.",    "The domain extension '.com' is standard and not unusual.",    "The presence of input fields such as 'First name', 'Last name', 'Username', 'Email address', 'Phone number', and 'Password' is typical for many legitimate sites, but also common in phishing sites."  ],  "riskscore": 3}
                                URL: cybertrustnetwork.com
                                            Brands: Cybertrust Network
                                            Input Fields: First name, Last name, Username, Email address, Phone number, Password
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Create your account",
                                  "prominent_button_name": "Continue",
                                  "text_input_field_labels": [
                                    "First name",
                                    "Last name",
                                    "Username",
                                    "Email address",
                                    "Phone number",
                                    "Password"
                                  ],
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": false,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "Cybertrust Network"
                                  ]
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: gpt-4o
                                ```json{  "legit_domain": "cybertrustnetwork.com",  "classification": "unknown",  "reasons": [    "The brand 'Cybertrust Network' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'.",    "The URL 'cybertrustnetwork.com' matches the brand name exactly, which is a positive indicator for legitimacy.",    "There are no obvious misspellings or suspicious elements in the URL.",    "The domain extension '.com' is common and not inherently suspicious.",    "The presence of input fields such as 'First name', 'Last name', 'Username', 'Email address', 'Phone number', and 'Password' is typical for many legitimate sites, but also common in phishing sites."  ],  "riskscore": 3}
                                URL: cybertrustnetwork.com
                                            Brands: Cybertrust Network
                                            Input Fields: First name, Last name, Username, Email address, Phone number, Password
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Create your account",
                                  "prominent_button_name": "Continue",
                                  "text_input_field_labels": [
                                    "First name",
                                    "Last name",
                                    "Username",
                                    "Email address",
                                    "Phone number",
                                    "Password"
                                  ],
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": false,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "Cybertrust Network"
                                  ]
                                }
                                URL: https://appleid.apple.com/auth/authorize?access_type=offline&client_id=com.cybertrustnetwork.clerk&redirect_uri=https%3A%2F%2Fclerk.cybertrustnetwork.com%2Fv1%2Foauth_callback&response_mode=form_post&response_type=code&scope=name%20email&state=c8mifsjzc1f Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Use your Apple Account to sign in to CyberTrust Network.",
                                  "prominent_button_name": "unknown",
                                  "text_input_field_labels": [
                                    "Email or Phone Number"
                                  ],
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": false,
                                  "has_visible_qrcode": false
                                }
                                URL: https://appleid.apple.com/auth/authorize?access_type=offline&client_id=com.cybertrustnetwork.clerk&redirect_uri=https%3A%2F%2Fclerk.cybertrustnetwork.com%2Fv1%2Foauth_callback&response_mode=form_post&response_type=code&scope=name%20email&state=c8mifsjzc1f Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "Apple"
                                  ]
                                }
                                URL: https://appleid.apple.com/auth/authorize?access_type=offline&client_id=com.cybertrustnetwork.clerk&redirect_uri=https%3A%2F%2Fclerk.cybertrustnetwork.com%2Fv1%2Foauth_callback&response_mode=form_post&response_type=code&scope=name%20email&state=c8mifsjzc1f Model: gpt-4o
                                ```json{  "legit_domain": "apple.com",  "classification": "wellknown",  "reasons": [    "The URL 'appleid.apple.com' is a subdomain of 'apple.com', which is the legitimate domain for Apple.",    "Apple is a well-known brand with a strong online presence.",    "The URL structure is consistent with Apple's legitimate services, as 'appleid.apple.com' is used for managing Apple IDs.",    "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions."  ],  "riskscore": 1}
                                URL: appleid.apple.com
                                            Brands: Apple
                                            Input Fields: Email or Phone Number
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Revolutionizing Cybersecurity Through Trusted Connections",
                                  "prominent_button_name": "unknown",
                                  "text_input_field_labels": "unknown",
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": true,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Revolutionizing Cybersecurity Through Trusted Connections",
                                  "prominent_button_name": "Sign up",
                                  "text_input_field_labels": "unknown",
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": false,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "Cybertrust Network"
                                  ]
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "Cybertrust Network"
                                  ]
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Join the forefront of cybersecurity with CyberTrust Network (CTN)  where professional networking meets innovation. Delve into an exclusive realm crafted for the IT & cybersecurity community, providing insights that drive opportunities and guide your career with unparalleled clarity. CyberTrust Network is your key to trusted connections and pioneering features, all designed to cater to the unique demands of the cybersecurity landscape.",
                                  "prominent_button_name": "Sign up",
                                  "text_input_field_labels": "unknown",
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": false,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "CyberTrust Network"
                                  ]
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "Ask a CISO Anything",
                                  "prominent_button_name": "Sign up",
                                  "text_input_field_labels": "unknown",
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": false,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "CyberTrust Network"
                                  ]
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "contains_trigger_text": true,
                                  "trigger_text": "peer review and information sharing platform for IT and cybersecurity professionals",
                                  "prominent_button_name": "Sign in",
                                  "text_input_field_labels": "unknown",
                                  "pdf_icon_visible": false,
                                  "has_visible_captcha": false,
                                  "has_urgent_text": false,
                                  "has_visible_qrcode": false
                                }
                                URL: https://casey.marquette@cybertrustnetwork.com/ Model: claude-3-haiku-20240307
                                ```json
                                {
                                  "brands": [
                                    "Cybertrust Network"
                                  ]
                                }
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 14:59:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):3.9860580202983877
                                Encrypted:false
                                SSDEEP:
                                MD5:CD96B3F0E032709A5B3B4F6517A2F42C
                                SHA1:3AA5D532485A3A1D77B142A6D3FED010198DD9CA
                                SHA-256:2C9533E1BF2CC1ACE034E9798CA8561AFE00B1746695A0B658B824C285FCC1E3
                                SHA-512:5E05C1F37A611EBAE17A00F87D73A7C7041300029F0360F8F35D7CEAA1443D138E5DB34A21C23DA2E440255A51298C1A80C10CF8B0EA2FC89092CB91BB4BBC48
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.....j..d%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWYn.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYu.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWYu.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWYu............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWYw............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............th.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 14:59:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2679
                                Entropy (8bit):4.000948919580082
                                Encrypted:false
                                SSDEEP:
                                MD5:ACB2BF8CD4B90024677D95916D89CE91
                                SHA1:5A3D373B4B71C977331087A16862E9213D566703
                                SHA-256:173AB007FA2D5676DF4888A5C4A6F0BC6ECAE386EAB8B6CD14BB60BAE41055C9
                                SHA-512:9239CD5071BCFAF3575B8E66AF2B89A34F59AFBA051CFB9EF4841C044A64433EEF646770DCDDB94C0E42D210CFB7BF8069B6976A8D40C609AAEC3E78FAFD6ACE
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....U9..d%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWYn.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYu.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWYu.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWYu............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWYw............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............th.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2693
                                Entropy (8bit):4.012528686785422
                                Encrypted:false
                                SSDEEP:
                                MD5:CF87EB88028C0E3E372DF46AF3CACCDB
                                SHA1:5CEAEB62E19795A8ECDC2FC8544707D3B10EFB5D
                                SHA-256:71C2BC7698901C8AE82E93B39D0BC636966C091FC6F0E6E64598A84602A50D5C
                                SHA-512:A9404CAA6DC20C04BC6E8D7AD6BC4A173A5A3AAF523256D9E12970EADB5A4B1AD489978026DD151D498230506836B556D711E4F883CCB6170DDF11D785E38F52
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWYn.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYu.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWYu.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWYu............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............th.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 14:59:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2681
                                Entropy (8bit):3.996983108068757
                                Encrypted:false
                                SSDEEP:
                                MD5:E6B230B4EC3DCF59CC58E35CB1C6F1D1
                                SHA1:D7AB72DD931800094B5577E893847F16AC3676DE
                                SHA-256:F53800CE4AC10C1741D165B1FBA06D61E9EC3BBFC655538ED8CC7EB72E6E2223
                                SHA-512:60FCF6ED34AE69CB7E884BBFEED845ABE0557EBB3C3A239FF623C4B23BE0C1810F85DB47306106D44429E89CF820E43CE8F1ECE90B530A6DCB0A7790762F0952
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.....#..d%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWYn.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYu.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWYu.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWYu............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWYw............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............th.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 14:59:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2681
                                Entropy (8bit):3.9873443064934446
                                Encrypted:false
                                SSDEEP:
                                MD5:6498DD1F4F25D14D3EFA593680FC42EA
                                SHA1:B3C54AFEBBFC14FC69F7A31AC8A2A0C4EDA0D7E6
                                SHA-256:D4735241EF4E6C13973C37CB897854D1FFF1FF9A13DBFF38A2FFC54B2D8B7A66
                                SHA-512:5A9183DE7868141FDE1D9ABA5A5CE84715767BB1FB51414E657D8B79676D5BC5EDC47107E9CCDCA344C17367B5E74151B72C2D91E68CECFCD26CED30AAC13A2F
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,........d%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWYn.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYu.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWYu.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWYu............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWYw............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............th.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 14:59:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2683
                                Entropy (8bit):4.00004365813659
                                Encrypted:false
                                SSDEEP:
                                MD5:727CB1765400FAE2AD1858FD5BB263C6
                                SHA1:FDF5CE251F2DC2D86254C2F19B98C93F00F3BD27
                                SHA-256:6FCC907516224E3480DFA6007E77AE59623C5333203E752A0F6539AAF768F3FC
                                SHA-512:62E7BDA4D6A612C698968A79FAB9A92133040E5D4B51F6AD4AEFB8AC7C02E76D2A2EFB64F736A3834350CF636F1ADF04148A0421A713C350B28EFEFEB2401709
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,........d%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWYn.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYu.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWYu.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWYu............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWYw............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............th.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                No static file info