Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://ap2vxmyqxf.ballyentoe.shop

Overview

General Information

Sample URL:http://ap2vxmyqxf.ballyentoe.shop
Analysis ID:1573943
Infos:

Detection

EvilProxy, HTMLPhisher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Found malware configuration
Yara detected Evil Proxy Phishing kit
Yara detected HtmlPhish10
AI detected suspicious Javascript
HTML page contains obfuscated javascript
HTML body contains low number of good links
HTML title does not match URL
Invalid T&C link found

Classification

  • System is w10x64
  • chrome.exe (PID: 3488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=2400,i,16287466160508059450,6448033229177432017,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ap2vxmyqxf.ballyentoe.shop" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
{"pagemsg": "{\\\"LoginPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"},\\\"PassPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"}}", "semail": "", "urlx": "script.php", "lmode": "b"}
SourceRuleDescriptionAuthorStrings
0.2.id.script.csvJoeSecurity_EvilProxyYara detected Evil Proxy Phishing kitJoe Security
    2.4..script.csvJoeSecurity_EvilProxyYara detected Evil Proxy Phishing kitJoe Security
      2.1.pages.csvJoeSecurity_EvilProxyYara detected Evil Proxy Phishing kitJoe Security
        2.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
          2.2.pages.csvJoeSecurity_EvilProxyYara detected Evil Proxy Phishing kitJoe Security
            Click to see the 7 entries
            No Sigma rule has matched
            No Suricata rule has matched

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: 0.2.id.script.csvMalware Configuration Extractor: Evil Proxy {"pagemsg": "{\\\"LoginPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"},\\\"PassPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"}}", "semail": "", "urlx": "script.php", "lmode": "b"}

            Phishing

            barindex
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'ap2vxmyqxf.ballyentoe.shop' does not match the legitimate domain for Microsoft., The domain 'ballyentoe.shop' is unusual and not associated with Microsoft., The presence of a random subdomain 'ap2vxmyqxf' and the use of '.shop' as a domain extension are suspicious., The URL structure and domain name do not align with Microsoft's typical web presence. DOM: 2.2.pages.csv
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'ap2vxmyqxf.ballyentoe.shop' does not match the legitimate domain for Microsoft., The domain 'ballyentoe.shop' is unrelated to Microsoft and appears suspicious., The use of a random subdomain 'ap2vxmyqxf' and an unusual domain extension '.shop' is indicative of phishing., There is no direct association between the brand 'Microsoft' and the provided URL. DOM: 2.3.pages.csv
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'ap2vxmyqxf.ballyentoe.shop' does not match the legitimate domain for Microsoft., The domain 'ballyentoe.shop' is unusual and not associated with Microsoft., The use of a random subdomain 'ap2vxmyqxf' and a '.shop' TLD is suspicious and not typical for Microsoft., The presence of an input field with an email address suggests potential phishing intent. DOM: 2.4.pages.csv
            Source: Yara matchFile source: 0.2.id.script.csv, type: HTML
            Source: Yara matchFile source: 2.4..script.csv, type: HTML
            Source: Yara matchFile source: 2.1.pages.csv, type: HTML
            Source: Yara matchFile source: 2.2.pages.csv, type: HTML
            Source: Yara matchFile source: 2.4.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.5.pages.csv, type: HTML
            Source: Yara matchFile source: 2.1.pages.csv, type: HTML
            Source: Yara matchFile source: 2.2.pages.csv, type: HTML
            Source: Yara matchFile source: 2.4.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.5.pages.csv, type: HTML
            Source: 0.2.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd8409... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script uses the `eval` function to execute remote or dynamic code, which poses a significant security risk. It also sends user data (potentially including sensitive information like cookies or session identifiers) to external servers, which could lead to data exfiltration. Additionally, the script uses heavily obfuscated code and URLs, making it difficult to analyze and understand its true purpose. These factors, combined with the suspicious nature of the script's behavior, indicate a high risk of malicious intent.
            Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://ap2vxmyqxf.ballyentoe.shop/... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The script uses the `eval` function to execute remote or dynamic code, which poses a significant security risk. It also sends user data to external servers, potentially exfiltrating sensitive information. Additionally, the script is heavily obfuscated, making it difficult to analyze and understand its true purpose. While the script may have some legitimate functionality, the overall risk level is high due to these concerning behaviors.
            Source: https://ap2vxmyqxf.ballyentoe.shop/HTTP Parser: var _0x17d0bb=_0x4400;function _0x4400(_0x33d568,_0x56aee1){var _0x28f930=_0x1e42();return _0x4
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Number of links: 0
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Title: WHFL76V7BROPD7BVFM9J does not match URL
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Invalid link: Terms of use
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Invalid link: Privacy & cookies
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Invalid link: Terms of use
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Invalid link: Privacy & cookies
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Invalid link: Terms of use
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Invalid link: Privacy & cookies
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Invalid link: Terms of use
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Invalid link: Privacy & cookies
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Invalid link: Terms of use
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: Invalid link: Privacy & cookies
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: No <meta name="author".. found
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: No <meta name="author".. found
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: No <meta name="author".. found
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: No <meta name="author".. found
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: No <meta name="author".. found
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: No <meta name="copyright".. found
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: No <meta name="copyright".. found
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: No <meta name="copyright".. found
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: No <meta name="copyright".. found
            Source: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmHTTP Parser: No <meta name="copyright".. found
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /npm/bootstrap@5.3.2/dist/css/bootstrap.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ap2vxmyqxf.ballyentoe.shopsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://ap2vxmyqxf.ballyentoe.shop/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ap2vxmyqxf.ballyentoe.shopsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ap2vxmyqxf.ballyentoe.shop/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://ap2vxmyqxf.ballyentoe.shop/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1
            Source: global trafficHTTP traffic detected: GET /m/1940b9ecd840983c23ca7a7eb7055258.htm HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://ap2vxmyqxf.ballyentoe.shop/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/cxx/H7OXE73FUMSVHCPA2ISIECJX3 HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/sm/6ZA0G7M7C94C2E41T8T5T6IK0 HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/jx/JJM8OPWYCVIBHEFPBLUR44FRO HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/aty/HSQQSC6GGSC0KCAWCAO2OZB9M HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/mxl/mlg.svg?LJGY7BWV58F1VY30U2MZXRYOY HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/mxl/sig_op.svg HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/ecpt/YDZBHJ1Q96FI9YCVZA9MLII1B HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/jx/JJM8OPWYCVIBHEFPBLUR44FRO HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/bxg/JJUOOEWGL7TF1L9H8O71S5W41 HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/mxl/mlg.svg?LJGY7BWV58F1VY30U2MZXRYOY HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/mxl/sig_op.svg HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/aty/HSQQSC6GGSC0KCAWCAO2OZB9M HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://ap2vxmyqxf.ballyentoe.shopSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ap2vxmyqxf.ballyentoe.shop/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /m/ecpt/YDZBHJ1Q96FI9YCVZA9MLII1B HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/ic/1DJSOII8GBS025FLDOQO4X89R HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /m/script.php HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/ic/1DJSOII8GBS025FLDOQO4X89R HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/script.php HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/script.php HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/script.php HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/script.php HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/script.php HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET /m/script.php HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: ap2vxmyqxf.ballyentoe.shop
            Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
            Source: global trafficDNS traffic detected: DNS query: api.ipify.org
            Source: unknownHTTP traffic detected: POST /m/script.php HTTP/1.1Host: ap2vxmyqxf.ballyentoe.shopConnection: keep-aliveContent-Length: 220sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://ap2vxmyqxf.ballyentoe.shopSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ap2vxmyqxf.ballyentoe.shop/m/1940b9ecd840983c23ca7a7eb7055258.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=19bd29c49d1d13556658fea73d8387d4; preload=1; rt=1940b9ecd840983c23ca7a7eb7055258.htm
            Source: chromecache_61.2.drString found in binary or memory: https://acctcdn.msauth.net/images/clear1x1.png
            Source: chromecache_70.2.dr, chromecache_62.2.dr, chromecache_77.2.drString found in binary or memory: https://getbootstrap.com/)
            Source: chromecache_70.2.dr, chromecache_62.2.dr, chromecache_77.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
            Source: chromecache_70.2.dr, chromecache_62.2.drString found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: classification engineClassification label: mal80.phis.win@17/31@16/8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=2400,i,16287466160508059450,6448033229177432017,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ap2vxmyqxf.ballyentoe.shop"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=2400,i,16287466160508059450,6448033229177432017,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            Browser Extensions
            1
            Process Injection
            2
            Masquerading
            OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Process Injection
            LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
            Non-Application Layer Protocol
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
            Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
            Ingress Tool Transfer
            Traffic DuplicationData Destruction
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped