Loading ...

Play interactive tourEdit tour

Windows Analysis Report http://tiny.cc/MD40021

Overview

General Information

Sample URL:http://tiny.cc/MD40021
Analysis ID:452632
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish35
Phishing site detected (based on image similarity)
Phishing site detected (based on logo template match)
HTML body contains low number of good links
HTML title does not match URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5596 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://tiny.cc/MD40021' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 1376 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,17644997563398534806,9194951925801083692,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1692 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: http://tiny.cc/MD40021SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domainShow sources
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-zDPzUBIz3ijnMl5gw391Gf6hhLxA4nT4NkUCLj1C8CKhoZYr6p792BU-uVQ462ZF0zvsJWzLKjOQivyG34bHR60i2T/5C6c4BHPApGyth2YcfM76HDHbKSlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizxSlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmSlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://kifot.wancdnapp.page/60d0a7c957c97100e853192f.jsAvira URL Cloud: Label: phishing
Source: https://kifot.wancdnapp.pageAvira URL Cloud: Label: phishing

Phishing:

barindex
Phishing site detected (based on favicon image match)Show sources
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmMatcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish35Show sources
Source: Yara matchFile source: 59239.pages.csv, type: HTML
Source: Yara matchFile source: 40694.pages.csv, type: HTML
Source: Yara matchFile source: 40546.pages.csv, type: HTML
Phishing site detected (based on image similarity)Show sources
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmMatcher: Found strong image similarity, brand: Microsoft image: 40694.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-zDPzUBIz3ijnMl5gw391Gf6hhLxA4nT4NkUCLj1C8CKhoZYr6p792BU-uVQ462ZF0zvsJWzLKjOQivyG34bHR60i2T/5C6c4BHPApGyth2YcfM76HDHbKMatcher: Found strong image similarity, brand: Microsoft image: 59239.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Phishing site detected (based on logo template match)Show sources
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmMatcher: Template: microsoft matched
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-zDPzUBIz3ijnMl5gw391Gf6hhLxA4nT4NkUCLj1C8CKhoZYr6p792BU-uVQ462ZF0zvsJWzLKjOQivyG34bHR60i2T/5C6c4BHPApGyth2YcfM76HDHbKHTTP Parser: Number of links: 0
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-zDPzUBIz3ijnMl5gw391Gf6hhLxA4nT4NkUCLj1C8CKhoZYr6p792BU-uVQ462ZF0zvsJWzLKjOQivyG34bHR60i2T/5C6c4BHPApGyth2YcfM76HDHbKHTTP Parser: Number of links: 0
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmHTTP Parser: Number of links: 0
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmHTTP Parser: Number of links: 0
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-zDPzUBIz3ijnMl5gw391Gf6hhLxA4nT4NkUCLj1C8CKhoZYr6p792BU-uVQ462ZF0zvsJWzLKjOQivyG34bHR60i2T/5C6c4BHPApGyth2YcfM76HDHbKHTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-zDPzUBIz3ijnMl5gw391Gf6hhLxA4nT4NkUCLj1C8CKhoZYr6p792BU-uVQ462ZF0zvsJWzLKjOQivyG34bHR60i2T/5C6c4BHPApGyth2YcfM76HDHbKHTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmHTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmHTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-zDPzUBIz3ijnMl5gw391Gf6hhLxA4nT4NkUCLj1C8CKhoZYr6p792BU-uVQ462ZF0zvsJWzLKjOQivyG34bHR60i2T/5C6c4BHPApGyth2YcfM76HDHbKHTTP Parser: No <meta name="author".. found
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-zDPzUBIz3ijnMl5gw391Gf6hhLxA4nT4NkUCLj1C8CKhoZYr6p792BU-uVQ462ZF0zvsJWzLKjOQivyG34bHR60i2T/5C6c4BHPApGyth2YcfM76HDHbKHTTP Parser: No <meta name="author".. found
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmHTTP Parser: No <meta name="author".. found
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmHTTP Parser: No <meta name="author".. found
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-zDPzUBIz3ijnMl5gw391Gf6hhLxA4nT4NkUCLj1C8CKhoZYr6p792BU-uVQ462ZF0zvsJWzLKjOQivyG34bHR60i2T/5C6c4BHPApGyth2YcfM76HDHbKHTTP Parser: No <meta name="copyright".. found
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-zDPzUBIz3ijnMl5gw391Gf6hhLxA4nT4NkUCLj1C8CKhoZYr6p792BU-uVQ462ZF0zvsJWzLKjOQivyG34bHR60i2T/5C6c4BHPApGyth2YcfM76HDHbKHTTP Parser: No <meta name="copyright".. found
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmHTTP Parser: No <meta name="copyright".. found
Source: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQsRCa4-&!@2HRI4mJ9z5DQoCqPFAb&!@23H6zfSAbLjW0XlxBviOu&!@-AajpwZsuy0g8hEqlh7ebk0VHHOsPFjPnnv5buxgH3aoKpVPqEr2CKkKKtlBs0TZ0TGvTLcVtOyWxQCr2BRn3vLXax46U4Fw-mUxlX4AUEv8GIxnem4blYj5fNOGZIemB8rmX9j8XHZeLgeZivzYDjWr051s6vR7iQXwr09OsrL/nPxN63cXxSkIEmP51ZndkdfIn9ZfhMaTCRo8X7ImlImPeDExUfxoQafyYG089RztXmHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\5596_1865648844\LICENSE.txtJump to behavior
Source: unknownHTTPS traffic detected: 172.67.192.13:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49788 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET /MD40021 HTTP/1.1Host: tiny.ccConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: Ruleset Data.0.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Ruleset Data.0.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: Current Session.0.dr, Favicons.0.drString found in binary or memory: http://tiny.cc/MD40021
Source: History Provider Cache.0.drString found in binary or memory: http://tiny.cc/MD400212
Source: Favicons-journal.0.drString found in binary or memory: http://tiny.cc/MD40021A
Source: Current Session.0.drString found in binary or memory: http://tiny.cc/MD40021LFJqU&/
Source: History-journal.0.drString found in binary or memory: http://tiny.cc/MD40021Sign
Source: History-journal.0.drString found in binary or memory: http://tiny.cc/MD40021w
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=Zw3gG9J6xddfcXddj2Gtbn23YyzTr8GzHXUZ%2BMjtAUaQahsYdh%2BEGbn
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=k2XrXcnuKBLaXcwW1CbZHQ%2B0WFi7KMsDGLkCpOzje1INlqWFdALGTkhrm
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=uHNdT%2BvHDchyuUvmS1vFfX6IFI589T3%2FoKY3sQ01rSh6fyewtejNa4h
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://aadcdn.msauth.net
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://aadcdn.msftauth.net
Source: manifest.json0.0.dr, e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://accounts.google.com
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://ajax.googleapis.com
Source: f4e39fbffe425ae7_0.0.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: manifest.json0.0.dr, e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://apis.google.com
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://cdnjs.cloudflare.com
Source: bb132f5576c1402d_0.0.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js
Source: bb132f5576c1402d_0.0.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.jsaD
Source: ee37a77077c5fd30_0.0.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js
Source: ee37a77077c5fd30_0.0.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.jsaD
Source: e13187fdc75ff951_0.0.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js
Source: e13187fdc75ff951_0.0.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.jsaD
Source: 969092a8a37165da_0.0.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js
Source: 969092a8a37165da_0.0.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.jsaD
Source: e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.0.drString found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/downloads-lorry
Source: e65a748d-e66d-4c71-b93c-a0a1d18618be.tmp.1.dr, e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, 58649cc2-b0be-428d-a918-18e7ca406e7e.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://dns.google
Source: manifest.json0.0.drString found in binary or memory: https://feedback.googleusercontent.com
Source: e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.drString found in binary or memory: https://fonts.googleapis.com;
Source: e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.drString found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.drString found in binary or memory: https://hangouts.google.com/
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://karikappdemo.firebaseapp.com
Source: 7fbb1394cd06f191_0.0.drString found in binary or memory: https://karikappdemo.firebaseapp.com/xzvgxzzxsds/themes/8d57ba8a507315f5d251af5ba3698cdcnbr162428717
Source: 465f0f89abfe6fa9_0.0.drString found in binary or memory: https://karikappdemo.firebaseapp.com/xzvgxzzxsds/themes/ee79dd6db82e6af5cb3e2af7941785fa.js
Source: 7dd3af6e505a5f36_0.0.drString found in binary or memory: https://karikappdemo.firebaseapp.com/xzvgxzzxsds/themes/js/a3107e4d4ae0ea783cd1177c52f1e630162428716
Source: c07d0c9c01ca35a8_0.0.drString found in binary or memory: https://karikappdemo.firebaseapp.com/xzvgxzzxsds/themes/js/c0f5e0dd4f642062f92481ef2bb43819162428716
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://kifot.wancdnapp.page
Source: 2ce00933de7e6816_0.0.drString found in binary or memory: https://kifot.wancdnapp.page/60d0a7c957c97100e853192f.js
Source: 2ce00933de7e6816_0.0.drString found in binary or memory: https://meshulemd53.workers.dev/
Source: bb132f5576c1402d_0.0.drString found in binary or memory: https://meshulemd53.workers.dev/1
Source: 2f4a84266ed3d08e_0.0.drString found in binary or memory: https://meshulemd53.workers.dev/;&gqU&/
Source: c07d0c9c01ca35a8_0.0.drString found in binary or memory: https://meshulemd53.workers.dev/S
Source: 7fbb1394cd06f191_0.0.drString found in binary or memory: https://meshulemd53.workers.dev/a
Source: c85e73864d3f42e2_0.0.drString found in binary or memory: https://meshulemd53.workers.dev/g
Source: 56ca9fece12f6ceb_0.0.drString found in binary or memory: https://meshulemd53.workers.dev/q)zqU&/
Source: e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://ogs.google.com
Source: manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://play.google.com
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://r2---sn-h0jeener.gvt1.com
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Favicons.0.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico
Source: e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://tiny.cc
Source: History-journal.0.dr, Favicons-journal.0.drString found in binary or memory: https://tiny.cc/MD40021
Source: History Provider Cache.0.drString found in binary or memory: https://tiny.cc/MD400212
Source: History-journal.0.dr, History.0.drString found in binary or memory: https://tiny.cc/MD40021Sign
Source: f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://unpkg.com
Source: c85e73864d3f42e2_0.0.drString found in binary or memory: https://unpkg.com/axios
Source: 258c5a4d0e10f186_0.0.dr, 56ca9fece12f6ceb_0.0.drString found in binary or memory: https://unpkg.com/lodash
Source: 2f4a84266ed3d08e_0.0.drString found in binary or memory: https://unpkg.com/vue
Source: 4fd853623da9c0c3_0.0.drString found in binary or memory: https://unpkg.com/vue-router
Source: manifest.json0.0.dr, e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://www.google.com
Source: manifest.json.0.drString found in binary or memory: https://www.google.com/
Source: manifest.json0.0.drString found in binary or memory: https://www.google.com;
Source: e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: e8124b3b-3254-4c2b-8dc5-b802ba8d09ea.tmp.1.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.drString found in binary or memory: https://www.gstatic.com;
Source: Current Session.0.dr, f26911ad-c453-43ee-b7f2-ece82d0778f5.tmp.1.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev
Source: 000003.log0.0.dr, History.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/
Source: History.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev//&Ur
Source: Current Session.0.dr, Favicons-journal.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx
Source: Current Session.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/
Source: History Provider Cache.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/2
Source: Favicons-journal.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/D
Source: History-journal.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/Sign
Source: Current Session.0.dr, Favicons.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/ULIt5WDsXlauCfVOy0r
Source: History.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/ULIt5WDsXlauCfVOy0rSign
Source: History.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/aQDw3RyUQAXSOfKW6uu-&
Source: History-journal.0.dr, Favicons-journal.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#/lBip5oItqTBTGWwgFZjzZOESkB7hlAtPuQs
Source: Current Session.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#ULIt5WDsXlauCfVOy0r
Source: Current Session.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#ULIt5WDsXlauCfVOy0r8
Source: History.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#ULIt5WDsXlauCfVOy0rSign
Source: Favicons.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx#ULIt5WDsXlauCfVOy0rY
Source: History Provider Cache.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizx2
Source: History-journal.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.dev/?bbre=zxosizxSign
Source: Current Session.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.devShttps://yellowappniniaoxz.meshulemd53.workers.dev/
Source: Current Session.0.drString found in binary or memory: https://yellowappniniaoxz.meshulemd53.workers.devThttps://yellowappniniaoxz.meshulemd53.workers.dev/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownHTTPS traffic detected: 172.67.192.13:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49788 version: TLS 1.2
Source: classification engineClassification label: mal80.phis.win@37/198@16/15
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60FA07B8-15DC.pmaJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\70b5a725-c22a-4013-b3ce-98542779910a.tmpJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://tiny.cc/MD40021'
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,17644997563398534806,9194951925801083692,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1692 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,17644997563398534806,9194951925801083692,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1692 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\5596_1865648844\LICENSE.txtJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading3OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferIngress Tool Transfer1SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet