Windows Analysis Report
https://solve-page.github.io/remove

Overview

General Information

Sample URL: https://solve-page.github.io/remove
Analysis ID: 1446162
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing site detected (based on favicon image match)
Stores files to the Windows start menu directory

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://solve-page.github.io/remove Avira URL Cloud: detection malicious, Label: phishing
Source: https://solve-page.github.io/remove SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://solve-page.github.io/remove/index-user.css Avira URL Cloud: Label: phishing

Phishing
barindex
Phishing site detected (based on favicon image match)
Source: https://solve-page.github.io/remove/ Matcher: Template: facebook matched with high similarity
Source: https://detailed-video-29b30.web.app/detailed%20video.mp4 HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /remove HTTP/1.1Host: solve-page.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /remove/ HTTP/1.1Host: solve-page.github.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /remove/index-user.css HTTP/1.1Host: solve-page.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://solve-page.github.io/remove/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /remove/AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAZdXOiyYVzpPmFc6T5dXOiz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQEAEmFo5b5hYO+GYWTv/mFk7/5hZO/+YWTv/mFg74ZhaOW+AQEAEAAAAAAAAAAAAAAAAAAAAAAAAAACWWjwRmFg7wphZO/+YWTv/oWhN/7uRff+ufWb/mFk7/5hZO/+YWTv/mFg7wpZaPBEAAAAAAAAAAAAAAACAQEAEmFg7wphZO/+YWTv/mFk7/7SGcP//////2sS5/5hZO/+YWTv/mFk7/5hZO/+YWDvCgEBABAAAAAAAAAAAmFo5b5hZO/+YWTv/mFk7/5hZO/+0hnD//////9rEuf+YWTv/mFk7/5hZO/+YWTv/mFk7/5haOW8AAAAA/wAAAZhYO+GYWTv/mFk7/5hZO/+YWTv/tIZw///////axLn/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWDvh/wAAAZdXOiyYWTv/mFk7/5hZO/+YWTv/mFk7/7SGcP//////2sS5/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5dXOiyYVzpPmFk7/5hZO/+YWTv/mFk7/6x6Yv/Nr6D//////+fY0f+6kX3/qnZd/5hZO/+YWTv/mFk7/5hZO/+YVzpPmFc6T5hZO/+YWTv/mFk7/5hZO//VvLD//////////////////////9G1qP+YWTv/mFk7/5hZO/+YWTv/mFc6T5dXOiyYWTv/mFk7/5hZO/+YWTv/tYhz/9fAtP//////7ODb/8iomP+1iHL/mFk7/5hZO/+YWTv/mFk7/5dXOiz/AAABmFg74ZhZO/+YWTv/mFk7/5hZO/+0hnD//////9rEuv+YWTv/mFk7/5hZO/+YWTv/mFk7/5hYO+H/AAABAAAAAJhaOW+YWTv/mFk7/5hZO/+YWTv/rnxk///////x6eX/xKGQ/7CAav+YWTv/mFk7/5hZO/+YWjlvAAAAAAAAAACAQEAEmFg7wphZO/+YWTv/mFk7/5haPP/i0Mj////////////TuKz/mFk7/5hZO/+YWDvCgEBABAAAAAAAAAAAAAAAAJZaPBGYWDvCmFk7/5hZO/+YWTv/mVo8/7CAaf+6kHz/qnZd/5hZO/+YWDvCllo8EQAAAAAAAAAAAAAAAAAAAAAAAAAAgEBABJhaOW+YWDvhmFk7/5hZO/+YWTv/mFk7/5hYO+GYWjlvgEBABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAZdXOiyYVzpPmFc6T5dXOiz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAACAAAABAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZZjMFm1g7PZdZOnOYWTqVl1k6p5dZOqeYWTqVl1k6c5tYOz2ZZjMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZWTkol1k7mJhZO++YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO++XWTuYmVk5KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPYEAQmFg6mZhZO/yYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv8mFg6mY9gQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmFg7NJhYO+GYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFg74ZhYOzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJhZO0WZWTv0mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/vpeE/97KwP/eysD/3srA/6x6Yv+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mVk79JhZO0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVVzo1mVk79JhZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO//Qs6b/////////////////tol0/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mVk79JVXOjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn2BAEJhYO+GYWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/9Czpv////////////////+2iXT/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFk7/5hZO/+YWTv/mFg74Z9gQBAAAAAAAAAA
Source: global traffic HTTP traffic detected: GET /wikipedia/commons/6/6c/Facebook_Logo_2023.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://solve-page.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /wikipedia/commons/6/6c/Facebook_Logo_2023.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /detailed%20video.mp4 HTTP/1.1Host: detailed-video-29b30.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /detailed%20video.mp4 HTTP/1.1Host: detailed-video-29b30.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://detailed-video-29b30.web.app/detailed%20video.mp4Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global traffic DNS traffic detected: DNS query: solve-page.github.io
Source: global traffic DNS traffic detected: DNS query: cdn.glitch.global
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: upload.wikimedia.org
Source: global traffic DNS traffic detected: DNS query: detailed-video-29b30.web.app
Source: chromecache_77.2.dr String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: chromecache_79.2.dr String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=935729
Source: chromecache_79.2.dr String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=999088
Source: chromecache_79.2.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=195016)
Source: chromecache_79.2.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=201297)
Source: chromecache_79.2.dr String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=190655)
Source: chromecache_84.2.dr String found in binary or memory: https://cdn.glitch.global/38680663-fd6c-4cfc-921a-6d69fd66649d/images-removebg-preview.png?v=1704368
Source: chromecache_84.2.dr String found in binary or memory: https://cdn.glitch.global/cbf8be26-0413-4201-9418-b298e829656a/download%20(1).jfif?v=1698098011376
Source: chromecache_84.2.dr String found in binary or memory: https://detailed-video-29b30.web.app/detailed%20video.mp4
Source: chromecache_79.2.dr String found in binary or memory: https://github.com/jensimmons/cssremedy/issues/14#issuecomment-634934210)
Source: chromecache_79.2.dr String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/14)
Source: chromecache_79.2.dr String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/4)
Source: chromecache_79.2.dr String found in binary or memory: https://github.com/mozilla/gecko-dev/blob/2f9eacd9d3d995c937b4251a5557d95d494c9be1/layout/style/res/
Source: chromecache_79.2.dr String found in binary or memory: https://github.com/tailwindcss/tailwindcss/pull/116)
Source: chromecache_79.2.dr String found in binary or memory: https://github.com/tailwindlabs/tailwindcss/issues/3300)
Source: chromecache_84.2.dr String found in binary or memory: https://submit-form.com/q3iZxmmCh
Source: chromecache_79.2.dr String found in binary or memory: https://tailwindcss.com
Source: chromecache_84.2.dr String found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/6/6c/Facebook_Logo_2023.png
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: classification engine Classification label: mal64.phis.win@19/39@14/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2388,i,1911422598299977246,9961358223997480364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://solve-page.github.io/remove"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4216 --field-trial-handle=2388,i,1911422598299977246,9961358223997480364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2388,i,1911422598299977246,9961358223997480364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4216 --field-trial-handle=2388,i,1911422598299977246,9961358223997480364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1446162 URL: https://solve-page.github.i... Startdate: 23/05/2024 Architecture: WINDOWS Score: 64 28 Antivirus detection for URL or domain 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Phishing site detected (based on favicon image match) 2->32 6 chrome.exe 9 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 16 192.168.2.4 unknown unknown 6->16 18 192.168.2.5, 443, 49269, 49703 unknown unknown 6->18 20 239.255.255.250 unknown Reserved 6->20 11 chrome.exe 6->11         started        14 chrome.exe 6->14         started        process5 dnsIp6 22 upload.wikimedia.org 185.15.59.240, 443, 49725, 49727 WIKIMEDIAUS Netherlands 11->22 24 www.google.com 142.250.185.132, 443, 49720, 49739 GOOGLEUS United States 11->24 26 3 other IPs or domains 11->26
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.185.132
 www.google.com United States
15169 GOOGLEUS false
185.199.109.153
 solve-page.github.io Netherlands
54113 FASTLYUS false
199.36.158.100
 detailed-video-29b30.web.app United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
185.15.59.240
 upload.wikimedia.org Netherlands
14907 WIKIMEDIAUS false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name IP Active
www.google.com 142.250.185.132 true
solve-page.github.io 185.199.109.153 true
upload.wikimedia.org 185.15.59.240 true
detailed-video-29b30.web.app 199.36.158.100 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
windowsupdatebg.s.llnwi.net 87.248.202.1 true
cdn.glitch.global unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://detailed-video-29b30.web.app/detailed%20video.mp4 false
    		unknown
    https://upload.wikimedia.org/wikipedia/commons/6/6c/Facebook_Logo_2023.png false
    • Avira URL Cloud: safe
    		 unknown
    https://solve-page.github.io/remove/index-user.css false
    • Avira URL Cloud: phishing
    		 unknown
    https://solve-page.github.io/remove/ true
      		unknown
      https://solve-page.github.io/remove true
        		unknown