Windows Analysis Report
https://rechrgerte.shop/

Overview

General Information

Sample URL:	https://rechrgerte.shop/
Analysis ID:	1447444
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious javascript

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://rechrgerte.shop/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://rechrgerte.shop/webview/media/nfc.png	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/js/jquery-3.7.0.min.js	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/media/backimg.svg	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/media/logo.png	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/css/main.css	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/css/style.css	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/css/main2.css	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/fonts/weblight.woff2	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/css/animate.css	Avira URL Cloud: Label: phishing

Phishing

AI detected suspicious javascript

Source: https://rechrgerte.shop/webview/

LLM: Score: 8 Reasons: The JavaScript code collects sensitive information such as username, password, phone number, and Android ID, and sends it to a server via an AJAX POST request. This behavior is typical of phishing attacks, where attackers collect personal information from users. The code also disables user interaction with the page during the login process, which is a common tactic to prevent users from interrupting the data collection process. DOM: 0.0.pages.csv

Source: https://rechrgerte.shop/webview/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webview HTTP/1.1Host: rechrgerte.shopConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/ HTTP/1.1Host: rechrgerte.shopConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/css/main.css HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/css/main2.css HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /webview/css/style.css HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/css/animate.css HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/js/jquery-3.7.0.min.js HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/logo.png HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/nfc.png HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/backimg.svg HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rechrgerte.shop/webview/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/fonts/weblight.woff2 HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://rechrgerte.shopsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rechrgerte.shop/webview/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/backimg.svg HTTP/1.1Host: rechrgerte.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/logo.png HTTP/1.1Host: rechrgerte.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/nfc.png HTTP/1.1Host: rechrgerte.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr

Source: global traffic	DNS traffic detected: DNS query: rechrgerte.shop
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeContent-Security-Policy: upgrade-insecure-requests;Date: Fri, 24 May 2024 22:55:37 GMTContent-Length: 315Content-Type: text/html; charset=iso-8859-1Age: 0DDG-Cache-Status: MISS

Source: chromecache_61.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_61.2.dr	String found in binary or memory: https://animate.style/
Source: chromecache_56.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/nickpettit/glide
Source: chromecache_56.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@16/27@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1996,i,1266941809560912181,10319423509314460025,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rechrgerte.shop/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1996,i,1266941809560912181,10319423509314460025,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
186.2.171.38	rechrgerte.shop	Belize	262254	DDOS-GUARDCORPBZ	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
rechrgerte.shop	186.2.171.38	true
www.google.com	142.250.185.132	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://rechrgerte.shop/webview/media/logo.png	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/webview	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/webview/css/main.css	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/webview/js/jquery-3.7.0.min.js	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/webview/	true		unknown
https://rechrgerte.shop/webview/media/backimg.svg	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/webview/media/nfc.png	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/webview/css/style.css	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/webview/css/main2.css	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/webview/fonts/weblight.woff2	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/webview/css/animate.css	false	Avira URL Cloud: phishing	unknown
https://rechrgerte.shop/	true		unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 47	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 48	PNG image data, 250 x 177, 8-bit/color RGBA, non-interlaced	937760DE448F26FF51DB5CE53AB78F95	905A316A06F5F05406F9890F371499BDE76BF681	2140E8257715B4997AA86D16EA9033F7C3B48E9DF0E09062582F4104CD3F789C
Chrome Cache Entry: 49	Web Open Font Format (Version 2), TrueType, length 29284, version 1.0	EB5ADAAC0D814E1E8E5CBD75EFB9DB3E	86437711B342274A5F43BA41870B38EB6205FB97	E3822F2D078338746ADD72D0F2A1B2725DF116B9DAA09C40CF3B970742893713
Chrome Cache Entry: 50	ASCII text, with very long lines (11038)	C1E38B81B0A24A6B47A43BC9771334A7	695976B1A024DE801FE1433AA7DDED6C60124398	EB4A3F5AD74A15E159E3AB7244B51D846F3DFD7BB5EAE106A10A45528C267ADA
Chrome Cache Entry: 51	ASCII text, with no line terminators	8B3BC538C3EF0A60B8D0FBF67A3C34B7	3B10B3523A40A9856B598A2CB4ECB225E7A96AB6	0573B0E49E853DFCDFAB477295DC25FA97AE6E7C617C95AE1F86EEBE4EC9A466
Chrome Cache Entry: 52	SVG Scalable Vector Graphics image	CCD4AA39C19063CB07D06DAA62874FF9	4DEFF38B5875EA55729AA5E002059C9B68AF4763	C917B66B1F26C24730DBD3DE5CFEF604A46CC47B4BE6C0D036A185E188E0BCF6
Chrome Cache Entry: 53	ASCII text, with very long lines (65447)	ED4E85DDC6E188C8490191794776F22E	83B9249BBBCD563EEF7546291D0407F0E70166CE	8F764EFBB2CDB303E3019325D811225EAD27D656F8B40390DE427DB1415DC56A
Chrome Cache Entry: 54	SVG Scalable Vector Graphics image	CCD4AA39C19063CB07D06DAA62874FF9	4DEFF38B5875EA55729AA5E002059C9B68AF4763	C917B66B1F26C24730DBD3DE5CFEF604A46CC47B4BE6C0D036A185E188E0BCF6
Chrome Cache Entry: 55	PNG image data, 250 x 177, 8-bit/color RGBA, non-interlaced	937760DE448F26FF51DB5CE53AB78F95	905A316A06F5F05406F9890F371499BDE76BF681	2140E8257715B4997AA86D16EA9033F7C3B48E9DF0E09062582F4104CD3F789C
Chrome Cache Entry: 56	ASCII text, with very long lines (615), with CRLF line terminators	D486BF35B88329E37C5DE555F50699B4	4EC9498EAFBA4B255BE277CB09EBBB69D9BB2615	DEFDA7CEFCF0F042D11A19B15FCF54C936813B36072883E2F0F6747EE1BFD435
Chrome Cache Entry: 57	PNG image data, 2612 x 2400, 8-bit colormap, non-interlaced	F392111B73A4892FF31A779839A0911D	ABAF20A09D8B95D075DEC838A0DC88319E80A501	D6C9E8AD0DB0155278850F60FCC7ADFF6B036B6F102FAC9362B37AA7D8719F70
Chrome Cache Entry: 58	HTML document, Unicode text, UTF-8 text, with very long lines (1854), with CRLF line terminators	7543A81734BF7DE705A72E0C625B0F25	C8B97D977EEF8E3C4F336B71CFA4717E8F420248	998BCD1D037A3E9AEA743E6ECB8B686F456D964BCD4CF4AF62E4698662333026
Chrome Cache Entry: 59	ASCII text, with CRLF line terminators	843D770AFB4C8A9782E08D5C652E9F63	D6726ACD160922C5B384F4CBD3FB70A273ADDAC8	7DD37C858DF68100EB273A485CA89636EE0E0AE7E0713D82C519137F602E2EC5
Chrome Cache Entry: 60	PNG image data, 2612 x 2400, 8-bit colormap, non-interlaced	F392111B73A4892FF31A779839A0911D	ABAF20A09D8B95D075DEC838A0DC88319E80A501	D6C9E8AD0DB0155278850F60FCC7ADFF6B036B6F102FAC9362B37AA7D8719F70
Chrome Cache Entry: 61	ASCII text	CF2741A3A7EA8427ADE651533A54EF1B	AFCAF144854F4916F4CC4AD17D196BCA1AA66BC8	C1B6F9ED1EFFFF87233740CE612ED3CD3FBD3CB34C0863373D820FDE1B2C8D8F

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://rechrgerte.shop/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://rechrgerte.shop/webview/media/nfc.png	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/js/jquery-3.7.0.min.js	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/media/backimg.svg	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/media/logo.png	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/css/main.css	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/css/style.css	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/css/main2.css	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/fonts/weblight.woff2	Avira URL Cloud: Label: phishing
Source: https://rechrgerte.shop/webview/css/animate.css	Avira URL Cloud: Label: phishing

Phishing

AI detected suspicious javascript

Source: https://rechrgerte.shop/webview/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webview HTTP/1.1Host: rechrgerte.shopConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/ HTTP/1.1Host: rechrgerte.shopConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/css/main.css HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/css/main2.css HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /webview/css/style.css HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/css/animate.css HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/js/jquery-3.7.0.min.js HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/logo.png HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/nfc.png HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/backimg.svg HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rechrgerte.shop/webview/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/fonts/weblight.woff2 HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://rechrgerte.shopsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rechrgerte.shop/webview/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/backimg.svg HTTP/1.1Host: rechrgerte.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/logo.png HTTP/1.1Host: rechrgerte.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /webview/media/nfc.png HTTP/1.1Host: rechrgerte.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: rechrgerte.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rechrgerte.shop/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=oy6sLuiOI3TsRpoovMrr

Source: global traffic	DNS traffic detected: DNS query: rechrgerte.shop
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

Source: chromecache_61.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_61.2.dr	String found in binary or memory: https://animate.style/
Source: chromecache_56.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/nickpettit/glide
Source: chromecache_56.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@16/27@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1996,i,1266941809560912181,10319423509314460025,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rechrgerte.shop/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1996,i,1266941809560912181,10319423509314460025,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1447444
Product:	CloudBasic
Start time:	00:54:37
Start date:	25.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://rechrgerte.shop/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://rechrgerte.shop/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://rechrgerte.shop/