Windows Analysis Report
https://05kqatnrj9s0snah9.phish.farm/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MG

Overview

General Information

Sample URL: https://05kqatnrj9s0snah9.phish.farm/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0
Analysis ID: 1540474
Infos:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Stores files to the Windows start menu directory

Classification

Source: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09 HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.8:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.8:49749 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: global traffic HTTP traffic detected: GET /XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09?cid=2252932795 HTTP/1.1Host: 05kqatnrj9s0snah9.phish.farmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09 HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://05kqatnrj9s0snah9.phish.farm/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09?cid=2252932795Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f.css HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/application-3ab7c63a41a8761925d45817a71fb79e0ef7208b59de505ac640c8a2a183ec19.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /helpimg/landing_pages/css/dd.css HTTP/1.1Host: s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /packs/js/vendor-69f70dd3792dc7287ac8.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hubfs/241394/html_file/files/img/KB4-logo.png HTTP/1.1Host: cdn2.hubspot.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /QRF01zv.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hubfs/241394/html_file/files/img/KB4-logo.png HTTP/1.1Host: cdn2.hubspot.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /QRF01zv.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f.css HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UTwvl6ZTSLSXNKK&MD=cfB9H+Lu HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UTwvl6ZTSLSXNKK&MD=cfB9H+Lu HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic DNS traffic detected: DNS query: 05kqatnrj9s0snah9.phish.farm
Source: global traffic DNS traffic detected: DNS query: secured-login.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: s3.amazonaws.com
Source: global traffic DNS traffic detected: DNS query: cdn2.hubspot.net
Source: global traffic DNS traffic detected: DNS query: i.imgur.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 18:06:04 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINX-XSS-Protection: 0X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCache-Control: no-cacheContent-Security-Policy: X-Request-Id: 9060390b-f009-4151-b908-4ab5078b665aX-Runtime: 0.010794Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 18:06:04 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINX-XSS-Protection: 0X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCache-Control: no-cacheContent-Security-Policy: X-Request-Id: 679d2f64-548a-4b56-9ce2-48c7f3b9a9e8X-Runtime: 0.010815Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 18:06:04 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINX-XSS-Protection: 0X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCache-Control: no-cacheContent-Security-Policy: X-Request-Id: cb918b06-4545-4584-9ab3-ea4689d73e47X-Runtime: 0.086213Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 18:06:04 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINX-XSS-Protection: 0X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCache-Control: no-cacheContent-Security-Policy: X-Request-Id: 4e91ddeb-f281-4fb4-9598-87fbd7c63896X-Runtime: 0.013148Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 18:06:07 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINX-XSS-Protection: 0X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCache-Control: no-cacheContent-Security-Policy: X-Request-Id: 03b184ad-75c8-49fc-9723-aecd740eb04cX-Runtime: 0.011824Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: chromecache_74.2.dr String found in binary or memory: http://getbootstrap.com)
Source: chromecache_76.2.dr String found in binary or memory: https://cdn2.hubspot.net/hubfs/241394/html_file/files/img/KB4-logo.png
Source: chromecache_76.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css
Source: chromecache_76.2.dr String found in binary or memory: https://fonts.googleapis.com/css2?family=Open
Source: chromecache_69.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI
Source: chromecache_69.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4iaVI
Source: chromecache_69.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4jaVI
Source: chromecache_69.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVI
Source: chromecache_69.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVI
Source: chromecache_69.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVI
Source: chromecache_69.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVI
Source: chromecache_69.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4vaVI
Source: chromecache_69.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5OaVI
Source: chromecache_69.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5caVI
Source: chromecache_74.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_76.2.dr String found in binary or memory: https://i.imgur.com/QRF01zv.png
Source: chromecache_76.2.dr String found in binary or memory: https://s3.amazonaws.com/helpimg/landing_pages/css/dd.css
Source: chromecache_81.2.dr String found in binary or memory: https://secured-login.net/pages/c3955b1c48a/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUR
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.8:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.8:49749 version: TLS 1.2
Source: classification engine Classification label: clean0.win@17/49@20/11
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1848,i,14200194463612556463,7566135678862087948,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://05kqatnrj9s0snah9.phish.farm/XNWovM1FGWG9WUTJhZEI4SDFaYWZZbTVBV2xEempsNGhRL3lkQUt5VUROTER6K2hlam5jK3hja3VFN2F1d2lnekJqVnpvWkZrNDdsMjFIR1NrNWtucTJReUc5ZWl1K09HZjhheHJJV0hrYmZtbjJpSThsdEwrZUZyN0JMMk5SN3lrSXhqaWZ0S3RaOG93b2t5RTd6OU1XZnJKQU05SXNRTGtzaG5xbE52dWMzOFlzaG9nbDFIckFQQy0tV0NacTU3Ymp2MGlpcUtCWS0tWVltL0pBUk43cVRMV2l2Y0tvc3VIUT09?cid=2252932795"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1848,i,14200194463612556463,7566135678862087948,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs