Windows Analysis Report
https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20

Overview

General Information

Sample URL:	https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20
Analysis ID:	1466965

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Phishing site detected (based on shot match)

Detected non-DNS traffic on DNS port

HTML page contains hidden URLs or javascript code

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Phishing site detected (based on shot match)

Source: https://italake.com/core/machine?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/goght/0x4AAAAAAAb5PoV5PCK_H5Jt/auto/normal	Matcher: Template: captcha matched

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/fy1hw/0x4AAAAAAAb4A0WSCv_WVh9i/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/fy1hw/0x4AAAAAAAb4A0WSCv_WVh9i/auto/normal

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/fy1hw/0x4AAAAAAAb4A0WSCv_WVh9i/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/fy1hw/0x4AAAAAAAb4A0WSCv_WVh9i/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/goght/0x4AAAAAAAb5PoV5PCK_H5Jt/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/goght/0x4AAAAAAAb5PoV5PCK_H5Jt/auto/normal	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:63096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:63097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:63098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:59988 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	DNS traffic detected: DNS query: italake.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: s2.googleusercontent.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63092
Source: unknown	Network traffic detected: HTTP traffic on port 63107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63091
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63094
Source: unknown	Network traffic detected: HTTP traffic on port 63098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63093
Source: unknown	Network traffic detected: HTTP traffic on port 63094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63096
Source: unknown	Network traffic detected: HTTP traffic on port 59993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63097
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59988
Source: unknown	Network traffic detected: HTTP traffic on port 63085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59990
Source: unknown	Network traffic detected: HTTP traffic on port 63081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59992
Source: unknown	Network traffic detected: HTTP traffic on port 59990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63088
Source: unknown	Network traffic detected: HTTP traffic on port 63112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 59994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63099
Source: unknown	Network traffic detected: HTTP traffic on port 63111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63081
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63082
Source: unknown	Network traffic detected: HTTP traffic on port 63099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63085
Source: unknown	Network traffic detected: HTTP traffic on port 63095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:63096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:63097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:63098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:59988 version: TLS 1.2

Source: classification engine

Classification label: sus21.phis.win@22/15@16/125

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1980,i,888476322353100917,7841454618462719768,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1980,i,888476322353100917,7841454618462719768,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
216.58.212.131	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
216.58.206.36	unknown	United States	15169	GOOGLEUS	false
64.233.166.84	unknown	United States	15169	GOOGLEUS	false
142.250.186.129	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
119.18.54.95	italake.com	India	394695	PUBLIC-DOMAIN-REGISTRYUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.74	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.18

Contacted Domains

Name	IP	Active
italake.com	119.18.54.95	true
challenges.cloudflare.com	104.17.2.184	true
www.google.com	142.250.185.132	true
googlehosted.l.googleusercontent.com	142.250.186.129	true
s2.googleusercontent.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/fy1hw/0x4AAAAAAAb4A0WSCv_WVh9i/auto/normal	false	unknown
https://italake.com/core/machine?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/goght/0x4AAAAAAAb5PoV5PCK_H5Jt/auto/normal	true	unknown

ID:	1466965
Product:	CloudBasic
Start time:	15:50:00
Start date:	03.07.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:50:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	189AF53C3564454A9882BDCA7FF978FD	B542956F5DF70F998987554E20090DAF032E5CA9	D37423DFD737039FCD342B7858101008B2F299A11BC63DC2255BCDA51C14B4EC
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:50:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	8346705F675F79AA4160CA9614A8BD78	8A410B4AAE72E4B29768FD4606B66011BEB9C3E8	B4701C3568D18289F1A0619CA3A8596997529D3F788CBB5F5B1175A4924838C3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	D31D1CA6C59391BB4A4EB9954ED9CD3D	425395D802D9F97C1E759696F17B9E29E8879245	7C247C027EEB41B9EEC4809C1AA7839F2DFCD5A93C5E6AC6E499826E878FE7A8
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:50:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	E21F40C29E81995717B9E7D213D55397	8F803430BF29D367294D4795351AC3C3A7A54403	2C068261B2659E9D575BBFDAAC4B4D7E566AAF1C7308057FF5CF154F044E81EC
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:50:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	801557DEC206A43784095364BB4D4EBA	2B8C54515B6B9F04B3A3D073DBFF28C57D9F0F49	7C304ED8665002E5F91B8A930E45E71C7D38B47A3D286C24F5621371DA223DEF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:50:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	806FBFD99584F48E999C5D9F427FBD1E	C0D7A7CF2A337866764DB020076CA6B8DAAC1A3B	1324735421FD78160C7009686D0677764B38F86E48FA8D1A188D5FE5551FD827
Chrome Cache Entry: 147	PNG image data, 32 x 87, 8-bit/color RGB, non-interlaced	91BF0DCD890C0A727270AC91FA48A949	B97CC887FF26B11842811C1A89F6E73BFC744D43	4392099B23DE92D911B4B891B99FB5B650266F840646FC406B4FDF197B70F5EE
Chrome Cache Entry: 149	PNG image data, 16 x 16, 8-bit colormap, non-interlaced	A52DB5BFA11433E884BFBCD8040A82D6	C05BFBF6AFA51E5DF497E757B19689BE11B706B8	1C0A9202C636F20695258494505EE51E595C7F4D90F0247E6D5E7644A209F448
Chrome Cache Entry: 150	ASCII text, with very long lines (42690)	985094F1486391033426C17505182792	D44FF6BEF2E3D9B2F6DEAA0170458B1AE39350D4	14B108C7F687C327D6AA759FD1D255A981D5D505B241B5B968B674E3BF50B2B9
Chrome Cache Entry: 151	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 153	ASCII text	71D6A57D21337114032CA39B294F3591	ADA1D867672276F16EF4D3B8A46A519FBA8E3D4E	36B2057EB5EEF261A2CBB8C149DCF3A11EDAA15CCD8E3D462EB34999F5FF8F2A
Chrome Cache Entry: 154	Web Open Font Format (Version 2), TrueType, length 128352, version 1.0	53436ACA8627A49F4DEAAA44DC9E3C05	0BC0C675480D94EC7E8609DDA6227F88C5D08D2C	8265F64786397D6B832D1CA0AAFDF149AD84E72759FFFA9F7272E91A0FB015D1
Chrome Cache Entry: 155	PNG image data, 89 x 100, 8-bit/color RGB, non-interlaced	24B81702EF87E49427AB4E9438BC4293	432559B445AF69B257529AD48A575D954A304B99	24C42DCE56067CC495AC510EA8CE1F7F3D9181C24FB2E3183BECA03E0AF5C3E0
Chrome Cache Entry: 157	ASCII text	E5BB6DD1BA1C08ED23C9E4C17165F2E8	2CA9AF377145BCB296D32E3CC5442A4E3D84ECE3	D68DCC3CF41A50D38BABD749BABD0C769C9D406235810D29C5D6EE016B6AF792
Chrome Cache Entry: 158	HTML document, ASCII text	59F6AE7C7F154EC74D418D4ED6FC5B0E	674860108A41AB23BA5F73635749332BD8A46B7E	50E0767F2731DA7DDB56D719DC85A7F830C4A860D8F09D0F25401D3DC7097D7D

Windows Analysis Report
https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20