Play interactive tourEdit tour

Windows Analysis Report
https://u50430826.ct.sendgrid.net/ls/click?upn=u001.ti8ieZl2nrno9-2FHO6mcOPlNj6bCOJj0Ry4ZoAvHo7MRwQrg1VJTS2EcW6CwZ1UBz02AKUneHxnBTh056U-2FtbO1spU5WbeLMuaksZRbYXitF8p-2FYpvSNQYJ7Jmi-2FFNJNCKtlzT7SWIq0x-2BvACymLs4JXSf3CffvYfb47kT9ZdjGM-3D7Fiq_jwEsnDw4GmrvhJ1keAQUZlF8n8WRn-2Bb6GYZTmhnJgbhBW97RUmpNnG-2F

Overview

General Information

Sample URL:	https://u50430826.ct.sendgrid.net/ls/click?upn=u001.ti8ieZl2nrno9-2FHO6mcOPlNj6bCOJj0Ry4ZoAvHo7MRwQrg1VJTS2EcW6CwZ1UBz02AKUneHxnBTh056U-2FtbO1spU5WbeLMuaksZRbYXitF8p-2FYpvSNQYJ7Jmi-2FFNJNCKtlzT7SWIq0x
Analysis ID:	1640654
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Creates files inside the system directory

Deletes files inside the Windows folder

Detected suspicious crossdomain redirect

Classification

×

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://webgen.dillings-continental.pro/favicon.ico

Avira URL Cloud: Label: phishing

Phishing

HTML page is missing a favicon

Source: https://webgen.dillings-continental.pro/webgen123/mail.jsp?account=N0123Ntccredentialing@derickdermatology.com

HTTP Parser: No favicon

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 167.89.123.122:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.89.123.122:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.89.123.122:443 -> 192.168.2.17:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.94.130:443 -> 192.168.2.17:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.94.130:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.206.36:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.136.78:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.206.36:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.17:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.17:49760 version: TLS 1.2

Networking

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: u50430826.ct.sendgrid.net to https://webgen.dillings-continental.pro/webgen123/mail.jsp?account=n0123ntccredentialing@derickdermatology.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: u50430826.ct.sendgrid.net to https://webgen.dillings-continental.pro/webgen123/mail.jsp?account=n0123ntccredentialing@derickdermatology.com

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.ti8ieZl2nrno9-2FHO6mcOPlNj6bCOJj0Ry4ZoAvHo7MRwQrg1VJTS2EcW6CwZ1UBz02AKUneHxnBTh056U-2FtbO1spU5WbeLMuaksZRbYXitF8p-2FYpvSNQYJ7Jmi-2FFNJNCKtlzT7SWIq0x-2BvACymLs4JXSf3CffvYfb47kT9ZdjGM-3D7Fiq_jwEsnDw4GmrvhJ1keAQUZlF8n8WRn-2Bb6GYZTmhnJgbhBW97RUmpNnG-2FbRP82MDgBOWq6nR1z2RvtqnhmiUcyU-2FS-2FM0Sy2BV-2B5wInRl1tbVzfNqjK2TrYG8ZDuCDHnnHGvWPIBiaoHTCSBWtYS-2F3sMe3XOXMop3nXdKxV1-2Fth0SFRhujEy7lk8Nt3dgsDkgODnuAmnrAji3nhD1xeOQ7LaDsmN3d7xk3OnN3k6uOEuqzb5j2tkE9YUHeS-2Bp-2F-2FjLHQItg059XnBNN1OWZAjAQQsQFZstpVtv9DkxVg27nNSbrc27jQRPjqADikXomDs0u9nqjjrv3j3FqzF4-2B2CtxHtTYn8gc6v2A0sl8G-2B3fbbw2oXJ9gostlmcoP5xl5KslIZF3fgHSnmLLseF5dXSfqpAzatAWVwDEVvxpDsO-2Bx9OvvK8x5UkGLqmPrwjUTMFZ1Gxe9eTN-2FDXI6qycqufXfOffYmiR6cbYY4ziWxp-2BvvNphWFfWEBFsyrIVvw7TFuzIuKR3AyTz4S62GaHdmBzxg5K4C0THNlgxgfKyrIB38Av2VEJaaIn8lKq5wfFCQ35bwxRBGlruMdDsZMUScgqNXgiDwWe27odFmqjeEDhLMdYoR6iXDzifDQor5nWOJZ9-2FjI3tOXy7nHx9ki7KJZF5-2Bf9jfOuCCbEwndKQ-2F34ls-2Bo8vHb3lpPrJcROEFO3ayAbf-2BCWoLBAJe5mmqmGUJEu72Wf6roc2RumR2g4aWRFP36lK6TryH0-2BHIXwxkz-2FidzjbrtSMJkpiEE1Ps4UYBUXhoa0uMmH3FhRXTj9EAFMxlydbeOdiJmqr4Irv2PXCXSK4Y40EX-2B4Fs848VbXr0KHAHxMK3nc3KontyHsb-2FzHGDcKLKu2F51XHe302f6CLETD HTTP/1.1Host: u50430826.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webgen123/mail.jsp?account=N0123Ntccredentialing@derickdermatology.com HTTP/1.1Host: webgen.dillings-continental.proConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: webgen.dillings-continental.proConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webgen.dillings-continental.pro/webgen123/mail.jsp?account=N0123Ntccredentialing@derickdermatology.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: webgen.dillings-continental.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webgen123/mail.jsp?account=N0123Ntccredentialing@derickdermatology.com HTTP/1.1Host: webgen.dillings-continental.proConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=49B92CC100B80B7533D37F446ED7EED0
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.ti8ieZl2nrno9-2FHO6mcOPlNj6bCOJj0Ry4ZoAvHo7MRwQrg1VJTS2EcW6CwZ1UBz02AKUneHxnBTh056U-2FtbO1spU5WbeLMuaksZRbYXitF8p-2FYpvSNQYJ7Jmi-2FFNJNCKtlzT7SWIq0x-2BvACymLs4JXSf3CffvYfb47kT9ZdjGM-3D7Fiq_jwEsnDw4GmrvhJ1keAQUZlF8n8WRn-2Bb6GYZTmhnJgbhBW97RUmpNnG-2FbRP82MDgBOWq6nR1z2RvtqnhmiUcyU-2FS-2FM0Sy2BV-2B5wInRl1tbVzfNqjK2TrYG8ZDuCDHnnHGvWPIBiaoHTCSBWtYS-2F3sMe3XOXMop3nXdKxV1-2Fth0SFRhujEy7lk8Nt3dgsDkgODnuAmnrAji3nhD1xeOQ7LaDsmN3d7xk3OnN3k6uOEuqzb5j2tkE9YUHeS-2Bp-2F-2FjLHQItg059XnBNN1OWZAjAQQsQFZstpVtv9DkxVg27nNSbrc27jQRPjqADikXomDs0u9nqjjrv3j3FqzF4-2B2CtxHtTYn8gc6v2A0sl8G-2B3fbbw2oXJ9gostlmcoP5xl5KslIZF3fgHSnmLLseF5dXSfqpAzatAWVwDEVvxpDsO-2Bx9OvvK8x5UkGLqmPrwjUTMFZ1Gxe9eTN-2FDXI6qycqufXfOffYmiR6cbYY4ziWxp-2BvvNphWFfWEBFsyrIVvw7TFuzIuKR3AyTz4S62GaHdmBzxg5K4C0THNlgxgfKyrIB38Av2VEJaaIn8lKq5wfFCQ35bwxRBGlruMdDsZMUScgqNXgiDwWe27odFmqjeEDhLMdYoR6iXDzifDQor5nWOJZ9-2FjI3tOXy7nHx9ki7KJZF5-2Bf9jfOuCCbEwndKQ-2F34ls-2Bo8vHb3lpPrJcROEFO3ayAbf-2BCWoLBAJe5mmqmGUJEu72Wf6roc2RumR2g4aWRFP36lK6TryH0-2BHIXwxkz-2FidzjbrtSMJkpiEE1Ps4UYBUXhoa0uMmH3FhRXTj9EAFMxlydbeOdiJmqr4Irv2PXCXSK4Y40EX-2B4Fs848VbXr0KHAHxMK3nc3KontyHsb-2FzHGDcKLKu2F51XHe302f6CLETD HTTP/1.1Host: u50430826.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webgen123/mail.jsp?account=N0123Ntccredentialing@derickdermatology.com HTTP/1.1Host: webgen.dillings-continental.proConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=49B92CC100B80B7533D37F446ED7EED0
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: u50430826.ct.sendgrid.net
Source: global traffic	DNS traffic detected: DNS query: webgen.dillings-continental.pro
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /report/v4?s=OQBo6hXSYh9e9Db72ihknWub21%2BgAURTwZy2zo5yEt3aDgRi2N4LQjiu8SI1Vb0PIuE%2F5ORAkRCSIp9mqmmf%2BBbFlR22KV2BZivUZ7W5mwkg%2Btl9I3MHAYJF77fNXKI3BsTIC8IOveOePAXTrrsOICgk HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 472Content-Type: application/reports+jsonOrigin: https://webgen.dillings-continental.proUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

URLs found in memory or binary data

Source: chromecache_70.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_67.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_67.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_67.1.dr, chromecache_70.1.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_67.1.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_67.1.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_67.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_70.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_70.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_70.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_70.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_70.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_67.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_67.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_67.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_67.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_67.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_70.1.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_70.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_70.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 167.89.123.122:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.89.123.122:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.89.123.122:443 -> 192.168.2.17:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.94.130:443 -> 192.168.2.17:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.94.130:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.206.36:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.136.78:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.206.36:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.17:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.17:49760 version: TLS 1.2

System Summary

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6964_1325958641

Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6964_1325958641

Jump to behavior

Classification label

Source: classification engine

Classification label: mal48.win@32/21@33/9

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1996,i,4975852862916216101,16774958629576337253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u50430826.ct.sendgrid.net/ls/click?upn=u001.ti8ieZl2nrno9-2FHO6mcOPlNj6bCOJj0Ry4ZoAvHo7MRwQrg1VJTS2EcW6CwZ1UBz02AKUneHxnBTh056U-2FtbO1spU5WbeLMuaksZRbYXitF8p-2FYpvSNQYJ7Jmi-2FFNJNCKtlzT7SWIq0x-2BvACymLs4JXSf3CffvYfb47kT9ZdjGM-3D7Fiq_jwEsnDw4GmrvhJ1keAQUZlF8n8WRn-2Bb6GYZTmhnJgbhBW97RUmpNnG-2FbRP82MDgBOWq6nR1z2RvtqnhmiUcyU-2FS-2FM0Sy2BV-2B5wInRl1tbVzfNqjK2TrYG8ZDuCDHnnHGvWPIBiaoHTCSBWtYS-2F3sMe3XOXMop3nXdKxV1-2Fth0SFRhujEy7lk8Nt3dgsDkgODnuAmnrAji3nhD1xeOQ7LaDsmN3d7xk3OnN3k6uOEuqzb5j2tkE9YUHeS-2Bp-2F-2FjLHQItg059XnBNN1OWZAjAQQsQFZstpVtv9DkxVg27nNSbrc27jQRPjqADikXomDs0u9nqjjrv3j3FqzF4-2B2CtxHtTYn8gc6v2A0sl8G-2B3fbbw2oXJ9gostlmcoP5xl5KslIZF3fgHSnmLLseF5dXSfqpAzatAWVwDEVvxpDsO-2Bx9OvvK8x5UkGLqmPrwjUTMFZ1Gxe9eTN-2FDXI6qycqufXfOffYmiR6cbYY4ziWxp-2BvvNphWFfWEBFsyrIVvw7TFuzIuKR3AyTz4S62GaHdmBzxg5K4C0THNlgxgfKyrIB38Av2VEJaaIn8lKq5wfFCQ35bwxRBGlruMdDsZMUScgqNXgiDwWe27odFmqjeEDhLMdYoR6iXDzifDQor5nWOJZ9-2FjI3tOXy7nHx9ki7KJZF5-2Bf9jfOuCCbEwndKQ-2F34ls-2Bo8vHb3lpPrJcROEFO3ayAbf-2BCWoLBAJe5mmqmGUJEu72Wf6roc2RumR2g4aWRFP36lK6TryH0-2BHIXwxkz-2FidzjbrtSMJkpiEE1Ps4UYBUXhoa0uMmH3FhRXTj9EAFMxlydbeOdiJmqr4Irv2PXCXSK4Y40EX-2B4Fs848VbXr0KHAHxMK3nc3KontyHsb-2FzHGDcKLKu2F51XHe302f6CLETD"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1996,i,4975852862916216101,16774958629576337253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.