Windows Analysis Report
https://track.enterprisetechsol.com/z.z?l=aHR0cHM6Ly9yZXNvdXJjZS5pdGJ1c2luZXNzdG9kYXkuY29tL3doaXRlcGFwZXJzLzQ0ODAzLU1pY3Jvc29mdC1DUEwtUTItUE1HLUFCTS1HZXItMS1sYW5kaW5nLnBocD9lPWJvbnVjY2VsbGkuZGFyaW9AZGVtZS1ncm91cC5jb20=&r=14547470367&d=12037165&p=1&t=h&h=fb97401a549b1167a78f6002a0aef94d

Overview

General Information

Sample URL:	https://track.enterprisetechsol.com/z.z?l=aHR0cHM6Ly9yZXNvdXJjZS5pdGJ1c2luZXNzdG9kYXkuY29tL3doaXRlcGFwZXJzLzQ0ODAzLU1pY3Jvc29mdC1DUEwtUTItUE1HLUFCTS1HZXItMS1sYW5kaW5nLnBocD9lPWJvbnVjY2VsbGkuZGFyaW9AZG
Analysis ID:	1429053

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Suspicious form URL found

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: https://track.enterprisetechsol.com/z.z?l=aHR0cHM6Ly9yZXNvdXJjZS5pdGJ1c2luZXNzdG9kYXkuY29tL3doaXRlcGFwZXJzLzQ0ODAzLU1pY3Jvc29mdC1DUEwtUTItUE1HLUFCTS1HZXItMS1sYW5kaW5nLnBocD9lPWJvbnVjY2VsbGkuZGFyaW9AZGVtZS1ncm91cC5jb20=&r=14547470367&d=12037165&p=1&t=h&h=fb97401a549b1167a78f6002a0aef94d

Virustotal: Detection: 8%

Perma Link

Phishing

Phishing site detected (based on image similarity)

Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php

Matcher: Found strong image similarity, brand: MICROSOFT

HTML body contains low number of good links

Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php

HTTP Parser: Number of links: 1

HTML title does not match URL

Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php

HTTP Parser: Title: 3 Tipps fr umfassende Datensicherheit does not match URL

Suspicious form URL found

Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php	HTTP Parser: Form action: 44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-sendemail.php?e=
Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php	HTTP Parser: Form action: 44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-sendemail.php?e=

Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php?e=bonuccelli.dario@deme-group.com	HTTP Parser: No favicon
Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php?e=bonuccelli.dario@deme-group.com	HTTP Parser: No favicon
Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php?e=bonuccelli.dario@deme-group.com	HTTP Parser: No favicon
Source: https://recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdvpRAUAAAAAJkr4psZnXC4TeOEVPwP_bEQrP24&co=aHR0cHM6Ly9yZXNvdXJjZS5pdGJ1c2luZXNzdG9kYXkuY29tOjQ0Mw..&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=c1kcp3ltxtdr	HTTP Parser: No favicon
Source: https://recaptcha.net/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LdvpRAUAAAAAJkr4psZnXC4TeOEVPwP_bEQrP24	HTTP Parser: No favicon
Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php?e=bonuccelli.dario@deme-group.com	HTTP Parser: No favicon
Source: https://recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdvpRAUAAAAAJkr4psZnXC4TeOEVPwP_bEQrP24&co=aHR0cHM6Ly9yZXNvdXJjZS5pdGJ1c2luZXNzdG9kYXkuY29tOjQ0Mw..&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=c1kcp3ltxtdr	HTTP Parser: No favicon
Source: https://recaptcha.net/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LdvpRAUAAAAAJkr4psZnXC4TeOEVPwP_bEQrP24	HTTP Parser: No favicon
Source: https://recaptcha.net/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LdvpRAUAAAAAJkr4psZnXC4TeOEVPwP_bEQrP24	HTTP Parser: No favicon
Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php	HTTP Parser: No favicon
Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php	HTTP Parser: No favicon

Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php	HTTP Parser: No <meta name="author".. found
Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php	HTTP Parser: No <meta name="author".. found

Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php	HTTP Parser: No <meta name="copyright".. found
Source: https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49782 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: track.enterprisetechsol.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49782 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@16/30@44/287

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://track.enterprisetechsol.com/z.z?l=aHR0cHM6Ly9yZXNvdXJjZS5pdGJ1c2luZXNzdG9kYXkuY29tL3doaXRlcGFwZXJzLzQ0ODAzLU1pY3Jvc29mdC1DUEwtUTItUE1HLUFCTS1HZXItMS1sYW5kaW5nLnBocD9lPWJvbnVjY2VsbGkuZGFyaW9AZGVtZS1ncm91cC5jb20=&r=14547470367&d=12037165&p=1&t=h&h=fb97401a549b1167a78f6002a0aef94d
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1916,i,11691883683311807744,2046475922477848970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1916,i,11691883683311807744,2046475922477848970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
92.204.129.232	resource.itbusinesstoday.com	Germany	398108	GO-DADDY-COM-LLCUS	false
64.233.176.95	unknown	United States	15169	GOOGLEUS	false
44.217.248.49	weblb-1628727853.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
64.233.176.99	unknown	United States	15169	GOOGLEUS	false
64.233.176.97	unknown	United States	15169	GOOGLEUS	false
64.233.177.138	unknown	United States	15169	GOOGLEUS	false
64.233.176.156	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
142.251.15.94	unknown	United States	15169	GOOGLEUS	false
142.250.9.94	recaptcha.net	United States	15169	GOOGLEUS	false
64.233.185.84	unknown	United States	15169	GOOGLEUS	false
74.125.136.147	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
74.125.136.102	unknown	United States	15169	GOOGLEUS	false
64.233.185.138	unknown	United States	15169	GOOGLEUS	false
50.23.252.98	lead.truepixl.com	United States	36351	SOFTLAYERUS	false
74.125.136.94	unknown	United States	15169	GOOGLEUS	false
142.250.105.94	unknown	United States	15169	GOOGLEUS	false
142.250.105.101	analytics.google.com	United States	15169	GOOGLEUS	false
104.248.15.35	jngo.net	United States	14061	DIGITALOCEAN-ASNUS	false
104.26.15.182	admin.bitninja.io	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.177.103	unknown	United States	15169	GOOGLEUS	false
64.233.185.94	unknown	United States	15169	GOOGLEUS	false
172.67.74.40	unknown	United States	13335	CLOUDFLARENETUS	false
108.177.122.94	unknown	United States	15169	GOOGLEUS	false
74.125.136.154	unknown	United States	15169	GOOGLEUS	false
142.251.15.138	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
admin.bitninja.io	104.26.15.182	true
a.nel.cloudflare.com	35.190.80.1	true
jngo.net	104.248.15.35	true
weblb-1628727853.us-east-1.elb.amazonaws.com	44.217.248.49	true
resource.itbusinesstoday.com	92.204.129.232	true
www.google.com	74.125.136.147	true
analytics.google.com	142.250.105.101	true
recaptcha.net	142.250.9.94	true
lead.truepixl.com	50.23.252.98	true
stats.g.doubleclick.net	64.233.176.156	true
track.enterprisetechsol.com	unknown	unknown
api.anteriad.com	unknown	unknown
cdn4me.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php	true	unknown
https://recaptcha.net/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LdvpRAUAAAAAJkr4psZnXC4TeOEVPwP_bEQrP24	false	unknown
https://resource.itbusinesstoday.com/whitepapers/44803-Microsoft-CPL-Q2-PMG-ABM-Ger-1-landing.php?e=bonuccelli.dario@deme-group.com	false	unknown
about:blank	false	low
https://recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdvpRAUAAAAAJkr4psZnXC4TeOEVPwP_bEQrP24&co=aHR0cHM6Ly9yZXNvdXJjZS5pdGJ1c2luZXNzdG9kYXkuY29tOjQ0Mw..&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=c1kcp3ltxtdr	false	unknown

ID:	1429053
Product:	CloudBasic
Start time:	12:43:08
Start date:	20.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Apr 20 09:43:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	87257E93E936B67C02B8CF9E817FFA65	8E130C63B5BE8A39D743D765937A498D6691EB26	BBF7254B490B389990C4677E26E1EFCC387BEAF7FB15C50993C71FD71A6EF325
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Apr 20 09:43:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	14444B18A8D4AFC3A209DE53D7C759A4	9FCA8BB95A39D27191BDA835F98C4856307F7B19	4504D7497335CC839F3325E81CB88147DE86FF5B671E4DBCF425CFEB24CC8463
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	EE0728CE3CD0B271589C19C2D71E91E5	26C30F5709744A231C879D97808CE13B035FDBC9	4055D0BCAA11383BAD19A95958152416AE40093BD83C0C012DB620B13D199097
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Apr 20 09:43:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D6EBFB0B2E50AA963F4BB97FF2F803A9	96DB884EAB3882FBB0326D49EDA7C6499D43DEB7	A43A4E54C523DE5957A9E698EA159FDDB99E44AACC6C3416536ADD843EA479D7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Apr 20 09:43:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	080E3AA6165E438529F1C6E5AFD4DD71	CA3B221A134413F3569204D6AC22BD0D64DF3968	FD7C56A0B819D5C35B0BE99F79E63A9D2855EA9A4DE4A5D456B196C6C028D1C6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Apr 20 09:43:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4688C583660F4B89BFB1E7414E29FE6B	FB68F73F8C02C6C46F894CE25E97F5CA8B844DC0	A1BA99F5247CF21AD720A7899B8CD634640F3353D27EC5B7E9A498CE3DF57E6F
Chrome Cache Entry: 102	ASCII text, with very long lines (554)	E9CCB3DBDE79BA5FFDF9CAD4B32D59FD	3A8CD67ADC7C885BDF683F1E7F491E6A4A50679F	8F2C6777C7CCC01AB67290FA8ACD5A4C4866BE64129F39DFAEB9197DFA15E137
Chrome Cache Entry: 103	ASCII text, with very long lines (56398), with no line terminators	EB4BC511F79F7A1573B45F5775B3A99B	D910FB51AD7316AA54F055079374574698E74B35	7859A62E04B0ACB06516EB12454DE6673883ECFAEAED6C254659BCA7CD59C050
Chrome Cache Entry: 104	ASCII text, with very long lines (2343)	575B5480531DA4D14E7453E2016FE0BC	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
Chrome Cache Entry: 105	PNG image data, 150 x 68, 8-bit/color RGBA, non-interlaced	0230F4D216727DF1CD6606F1DB8A9A58	DDFD4DDF26D37B9EBD410C9FAC3914F545B0A47A	EB98A94A1E1A6ED8A25448D6770315B145C86E56E1D7D1E46A480EF96736DE6E
Chrome Cache Entry: 106	ASCII text, with no line terminators	333E5385E0781E3905DE8BA2A55F326D	2A0379643E9BF6CC0A17DA46C6866BC2CB6E635F	6420409C6809CD674E4FA02D41B963A4B54B5FFCD64FF388A9F201732A46CF56
Chrome Cache Entry: 107	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 108	HTML document, ASCII text	B54D0452E2FDB8C0D91C455D1C5495F9	DDD85730B9CB4CB9905B1D7E7643F595D2F33CB8	F4138D99EC6E17514BB87CEEAD1C1D2A204219C970864FC85BFF00949EE18082
Chrome Cache Entry: 109	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3	6056A34D6ABB17D6FF75C76EED57B77C	E43437F317FD20E8B0EBB5A4277E4EA6A22A86B1	97E4718419C4C7E19D518E64AC5EB2FB1FEC5D6BACF589A868FDF5518464E2B9
Chrome Cache Entry: 110	ASCII text, with very long lines (4179)	D1AAE9B3BD09CA80F6EE167648A63215	7EF94FFFF2688FBFEB27DDC6E237D0695E4FD0B5	D76BD81C375F4E85E5ADA41A8FD7A44DF9B2DAC5336BE3201D8396579A8E3BCA
Chrome Cache Entry: 111	HTML document, Unicode text, UTF-8 text, with very long lines (357)	DEAD34D6447ABF4F37FE908CFD7FF88B	FB05719A3863695366EC46617FE95EB1666F0844	05072B2835B70FEB00EED5ED53114560C6279092FECFEBD194D88F8437FC6F94
Chrome Cache Entry: 112	ASCII text, with no line terminators	AFB69DF47958EB78B4E941270772BD6A	D9FE9A625E906FF25C1F165E7872B1D9C731E78E	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
Chrome Cache Entry: 113	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	88E0F42C9FA4F94AA8BCD54D1685C180	5AD9D47A49B82718BAA3BE88550A0B3350270C42	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
Chrome Cache Entry: 80	PNG image data, 282 x 60, 8-bit/color RGBA, non-interlaced	5A2AD757C9EF4E1758ED071895459F44	AF3598606FA19353D7F238018C6F3F2759F1AE7B	4CEED0B8AC97029D4E636C9D861F17B821279C19D6E84236AACA54EBA241EE79
Chrome Cache Entry: 81	ASCII text, with no line terminators	701C50FE2F9D8CFCA61542DEE7684552	952A04F81A291E11F5D4ECD7364A3840412BA65E	9FC5DFC54DE18E9C98733BBEA6EBDCBC1F01C0B23F985556F24684EE96DC0582
Chrome Cache Entry: 82	ASCII text, with very long lines (17614)	A0B566C1BA416A3899181051B4E22648	6E24D55D8094A8E96BBCDB2C8B2BAEC42AD59128	4564D3DE8C55A639CC6A4DEAB39BEFEED839C5292AED8A9730636CDDA0573214
Chrome Cache Entry: 84	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 85	ASCII text, with very long lines (5955)	A9A041524A0198C12A4FEB5DC7C2F56F	70C5A87AB3D8C89C50972B05C311A7B3257CFA03	29F4007353F0F0CB380C11713CAEC3E0487B9EA7B774C84550B8BE4E4B8A4287
Chrome Cache Entry: 87	PNG image data, 412 x 540, 8-bit/color RGBA, non-interlaced	6833C23B1564529821F93EBD2CB70F66	4D90768EA5195D3C5351B6BEDC6ADDB1AF5D113C	F7E96D6EFF86194333D9542C58AAFAF53D20A280D106957C49E571521B0A167B
Chrome Cache Entry: 89	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	07BF314AAB04047B9E9A959EE6F63DA3	17BEF6602672E2FD9956381E01356245144003E5	55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
Chrome Cache Entry: 90	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3	367CA6BC5AC41F7D09C3FFF82E81BA87	5BD1F00C92BDC05D447D84607D14CBC4590CF105	9BA160B878534F4DBCE6FFC55660273B83D17FFB8CEE8B4AEEDB66E32F729FA0
Chrome Cache Entry: 91	Web Open Font Format (Version 2), TrueType, length 15340, version 1.0	19B7A0ADFDD4F808B53AF7E2CE2AD4E5	81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA	C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
Chrome Cache Entry: 92	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0	285467176F7FE6BB6A9C6873B3DAD2CC	EA04E4FF5142DDD69307C183DEF721A160E0A64E	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
Chrome Cache Entry: 93	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	0F2A4639B8A4CB30C76E8333C00D30A6	57E273A270BB864970D747C74B3F0A7C8E515B13	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
Chrome Cache Entry: 95	ASCII text, with very long lines (1532), with no line terminators	E42D5F70CE6E10B57193160CFE4B1B8D	F1AF5ABA42FAFCD104F01FD750BB5D95B453D741	7BC6157BEE235C8D1156CAECF1DC01E534C0D6FB06967A28C8165A2173A47588

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs