Windows Analysis Report
https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4

Overview

General Information

Sample URL:	https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4
Analysis ID:	1502056
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish20

Yara detected HtmlPhish44

Javascript uses Clearbit API to dynamically determine company logos

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4	Avira URL Cloud: detection malicious, Label: phishing
Source: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Phishing

AI detected phishing page

Source: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&dispatch=i9230eij1j27jb3c6hjf116bk5e4hc&id=c2117a23j7cgj55a3g24dkff2c3ia5ak2a9jhjeh95da1

LLM: Score: 8 Reasons: The domain name'seoservicesiox.firebaseapp.com' is unusual and may be a typo or a phishing attempt. The presence of the Norton Secured logo and the sign-in page design suggest that the page is legitimate, but the domain name does not match the legitimate domain associated with Norton. This discrepancy raises suspicions about the legitimacy of the site. DOM: 1.2.pages.csv

Yara detected HtmlPhish20

Source: Yara match

File source: 1.2.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match	File source: dropped/chromecache_75, type: DROPPED
Source: Yara match	File source: dropped/chromecache_68, type: DROPPED

Javascript uses Clearbit API to dynamically determine company logos

Source: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4	HTTP Parser: document.write(unescape('%3c!doctype%20html%3e%0a%3chtml%3e%0a%0a%3chead%3e%0a%20%20%20%20%3cmeta%20http-equiv%3d%22content-type%22%20content%3d%22text%2fhtml%3b%20charset%3dwindows-1252%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22robots%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22googlebot%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3ctitle%3ewebmail%20portal%20login%3c%2ftitle%3e%0a%0a%20%20%20%20%3cstyle%3ehtml%2cbody%2cdiv%2cspan%2capplet%2cobject%2ciframe%2ch1%2ch2%2ch3%2ch4%2ch5%2ch6%2cp%2cblockquote%2cpre%2ca%2cabbr%2cacronym%2caddress%2cbig%2ccite%2ccode%2cdel%2cdfn%2cem%2cimg%2cins%2ckbd%2cq%2cs%2csamp%2csmall%2cstrike%2cstrong%2csub%2csup%2ctt%2cvar%2cb%2cu%2ci%2ccenter%2cdl%2cdt%2cdd%2col%2cul%2cli%2cfieldset%2cform%2clabel%2clegend%2ctable%2ccaption%2ctbody%2ctfoot%2cthead%2ctr%2cth%2ctd%2carticle%2caside%2ccanvas%2cdetails%2cembed%2cfigure%2cfigcaption%2cfooter%2cheader%2chgroup%2cmenu%2cnav%2coutput%2cruby%2csection%2csummary%2ctime%2cmark%2caudio...
Source: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&dispatch=i9230eij1j27jb3c6hjf116bk5e4hc&id=c2117a23j7cgj55a3g24dkff2c3ia5ak2a9jhjeh95da1	HTTP Parser: document.write(unescape('%3c!doctype%20html%3e%0a%3chtml%3e%0a%0a%3chead%3e%0a%20%20%20%20%3cmeta%20http-equiv%3d%22content-type%22%20content%3d%22text%2fhtml%3b%20charset%3dwindows-1252%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22robots%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22googlebot%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3ctitle%3ewebmail%20portal%20login%3c%2ftitle%3e%0a%0a%20%20%20%20%3cstyle%3ehtml%2cbody%2cdiv%2cspan%2capplet%2cobject%2ciframe%2ch1%2ch2%2ch3%2ch4%2ch5%2ch6%2cp%2cblockquote%2cpre%2ca%2cabbr%2cacronym%2caddress%2cbig%2ccite%2ccode%2cdel%2cdfn%2cem%2cimg%2cins%2ckbd%2cq%2cs%2csamp%2csmall%2cstrike%2cstrong%2csub%2csup%2ctt%2cvar%2cb%2cu%2ci%2ccenter%2cdl%2cdt%2cdd%2col%2cul%2cli%2cfieldset%2cform%2clabel%2clegend%2ctable%2ccaption%2ctbody%2ctfoot%2cthead%2ctr%2cth%2ctd%2carticle%2caside%2ccanvas%2cdetails%2cembed%2cfigure%2cfigcaption%2cfooter%2cheader%2chgroup%2cmenu%2cnav%2coutput%2cruby%2csection%2csummary%2ctime%2cmark%2caudio...

Found iframes

HTTP Parser: Iframe src: https://

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body with high number of embedded images detected

HTTP Parser: Total embedded image size: 76190

HTML title does not match URL

HTTP Parser: Title: Webmail Portal Login does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49755 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 34MB

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167

Source: global traffic	HTTP traffic detected: GET /?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4 HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&dispatch=i9230eij1j27jb3c6hjf116bk5e4hc&id=c2117a23j7cgj55a3g24dkff2c3ia5ak2a9jhjeh95da1 HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: seoservicesiox.firebaseapp.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_86.2.dr, chromecache_82.2.dr	String found in binary or memory: http://materializecss.com)
Source: chromecache_84.2.dr, chromecache_77.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_71.2.dr, chromecache_76.2.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_78.2.dr, chromecache_85.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_78.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_78.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_71.2.dr, chromecache_76.2.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_71.2.dr, chromecache_76.2.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_71.2.dr, chromecache_76.2.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_71.2.dr, chromecache_76.2.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_86.2.dr, chromecache_82.2.dr	String found in binary or memory: https://raw.githubusercontent.com/Dogfalo/materialize/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49755 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.win@16/30@20/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1912,i,13088845823997513324,18216191020239714356,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1912,i,13088845823997513324,18216191020239714356,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
199.36.158.100	seoservicesiox.firebaseapp.com	United States	15169	GOOGLEUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
151.101.2.137	unknown	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.74.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
code.jquery.com	151.101.130.137	true
seoservicesiox.firebaseapp.com	199.36.158.100	true
cdnjs.cloudflare.com	104.17.25.14	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
www.google.com	142.250.74.196	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4	true		unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.6.0.min.js	false	URL Reputation: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/axios.min.js	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js	false	URL Reputation: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/materialize.min.js	false	Avira URL Cloud: safe	unknown
https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&dispatch=i9230eij1j27jb3c6hjf116bk5e4hc&id=c2117a23j7cgj55a3g24dkff2c3ia5ak2a9jhjeh95da1	true		unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false	URL Reputation: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 68	HTML document, ASCII text, with very long lines (65536), with no line terminators	F3EDB2940F0AEBE7B8CD0A1A6649C4F7	AD74A3CD3CAC8FC5B597AF6ADCD446A1EF716B4E	E4CCF07F76548379E129443B6B8A9FABF7A258AFF843B4269E8F9506E2FE71FA
Chrome Cache Entry: 69	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 70	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 71	ASCII text, with very long lines (4143)	9BECC40FB1D85D21D0CA38E2F7069511	AE854B04025DB8B7F48FDD6DEDF41E77EAE44394	A9705DFC47C0763380D851AB1801BE6F76019F6B67E40E9B873F8B4A0603F7A9
Chrome Cache Entry: 72	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 73	ASCII text, with very long lines (14271)	70489D9432EF978DB53BEBDA3E9F4C14	F24D0BCC36027BCE45C86ACFBA57B248EDB6A3F9	24B9A49D375465E659DBAECB3FDA81FBF0D3EEDBF138E29CB5229E502D8A4FA1
Chrome Cache Entry: 74	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 75	HTML document, ASCII text, with very long lines (65536), with no line terminators	F3EDB2940F0AEBE7B8CD0A1A6649C4F7	AD74A3CD3CAC8FC5B597AF6ADCD446A1EF716B4E	E4CCF07F76548379E129443B6B8A9FABF7A258AFF843B4269E8F9506E2FE71FA
Chrome Cache Entry: 76	ASCII text, with very long lines (4143)	9BECC40FB1D85D21D0CA38E2F7069511	AE854B04025DB8B7F48FDD6DEDF41E77EAE44394	A9705DFC47C0763380D851AB1801BE6F76019F6B67E40E9B873F8B4A0603F7A9
Chrome Cache Entry: 77	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 78	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 79	ASCII text, with no line terminators	3CCFCCCDE92F1AB15129C0AE6DD7FFCB	5F8E8CEC5CAD6F478161F85CB2A505613D75CDB1	D0C55A62B21B19AB740407CE222EFA8552A691900DB832D2B188D9AC553520B6
Chrome Cache Entry: 80	ASCII text, with very long lines (65449)	FB192338844EFE86EC759A40152FCB8E	E55DF1F7D6C288EE73D439BAB26DD006FFEE7AF3	29296CCACAA9ED35ED168FC51E36F54FD6F8DB9C7786BBF38CC59A27229BA5C2
Chrome Cache Entry: 81	ASCII text, with very long lines (65449)	FB192338844EFE86EC759A40152FCB8E	E55DF1F7D6C288EE73D439BAB26DD006FFEE7AF3	29296CCACAA9ED35ED168FC51E36F54FD6F8DB9C7786BBF38CC59A27229BA5C2
Chrome Cache Entry: 82	ASCII text, with very long lines (65357)	87D84BF8B4CC051C16092D27B1A7D9B3	C8B4C65651921D888CF5F27430DFE2AD190D35BF	53F7070CC4C81C278C72F7A106FD71434E766CF49B26D6EE8B0E1003D7132B3D
Chrome Cache Entry: 83	ASCII text, with very long lines (14271)	70489D9432EF978DB53BEBDA3E9F4C14	F24D0BCC36027BCE45C86ACFBA57B248EDB6A3F9	24B9A49D375465E659DBAECB3FDA81FBF0D3EEDBF138E29CB5229E502D8A4FA1
Chrome Cache Entry: 84	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 85	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 86	ASCII text, with very long lines (65357)	87D84BF8B4CC051C16092D27B1A7D9B3	C8B4C65651921D888CF5F27430DFE2AD190D35BF	53F7070CC4C81C278C72F7A106FD71434E766CF49B26D6EE8B0E1003D7132B3D

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4	Avira URL Cloud: detection malicious, Label: phishing
Source: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Phishing

AI detected phishing page

Yara detected HtmlPhish20

Source: Yara match

File source: 1.2.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match	File source: dropped/chromecache_75, type: DROPPED
Source: Yara match	File source: dropped/chromecache_68, type: DROPPED

Javascript uses Clearbit API to dynamically determine company logos

Source: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4	HTTP Parser: document.write(unescape('%3c!doctype%20html%3e%0a%3chtml%3e%0a%0a%3chead%3e%0a%20%20%20%20%3cmeta%20http-equiv%3d%22content-type%22%20content%3d%22text%2fhtml%3b%20charset%3dwindows-1252%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22robots%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22googlebot%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3ctitle%3ewebmail%20portal%20login%3c%2ftitle%3e%0a%0a%20%20%20%20%3cstyle%3ehtml%2cbody%2cdiv%2cspan%2capplet%2cobject%2ciframe%2ch1%2ch2%2ch3%2ch4%2ch5%2ch6%2cp%2cblockquote%2cpre%2ca%2cabbr%2cacronym%2caddress%2cbig%2ccite%2ccode%2cdel%2cdfn%2cem%2cimg%2cins%2ckbd%2cq%2cs%2csamp%2csmall%2cstrike%2cstrong%2csub%2csup%2ctt%2cvar%2cb%2cu%2ci%2ccenter%2cdl%2cdt%2cdd%2col%2cul%2cli%2cfieldset%2cform%2clabel%2clegend%2ctable%2ccaption%2ctbody%2ctfoot%2cthead%2ctr%2cth%2ctd%2carticle%2caside%2ccanvas%2cdetails%2cembed%2cfigure%2cfigcaption%2cfooter%2cheader%2chgroup%2cmenu%2cnav%2coutput%2cruby%2csection%2csummary%2ctime%2cmark%2caudio...
Source: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&dispatch=i9230eij1j27jb3c6hjf116bk5e4hc&id=c2117a23j7cgj55a3g24dkff2c3ia5ak2a9jhjeh95da1	HTTP Parser: document.write(unescape('%3c!doctype%20html%3e%0a%3chtml%3e%0a%0a%3chead%3e%0a%20%20%20%20%3cmeta%20http-equiv%3d%22content-type%22%20content%3d%22text%2fhtml%3b%20charset%3dwindows-1252%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22robots%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3cmeta%20name%3d%22googlebot%22%20content%3d%22noindex%2c%20nofollow%22%3e%0a%20%20%20%20%3ctitle%3ewebmail%20portal%20login%3c%2ftitle%3e%0a%0a%20%20%20%20%3cstyle%3ehtml%2cbody%2cdiv%2cspan%2capplet%2cobject%2ciframe%2ch1%2ch2%2ch3%2ch4%2ch5%2ch6%2cp%2cblockquote%2cpre%2ca%2cabbr%2cacronym%2caddress%2cbig%2ccite%2ccode%2cdel%2cdfn%2cem%2cimg%2cins%2ckbd%2cq%2cs%2csamp%2csmall%2cstrike%2cstrong%2csub%2csup%2ctt%2cvar%2cb%2cu%2ci%2ccenter%2cdl%2cdt%2cdd%2col%2cul%2cli%2cfieldset%2cform%2clabel%2clegend%2ctable%2ccaption%2ctbody%2ctfoot%2cthead%2ctr%2cth%2ctd%2carticle%2caside%2ccanvas%2cdetails%2cembed%2cfigure%2cfigcaption%2cfooter%2cheader%2chgroup%2cmenu%2cnav%2coutput%2cruby%2csection%2csummary%2ctime%2cmark%2caudio...

Found iframes

HTTP Parser: Iframe src: https://

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body with high number of embedded images detected

HTTP Parser: Total embedded image size: 76190

HTML title does not match URL

HTTP Parser: Title: Webmail Portal Login does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49755 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 34MB

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167

Source: global traffic	HTTP traffic detected: GET /?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4 HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://seoservicesiox.firebaseapp.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://seoservicesiox.firebaseapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&err=tdn8ci80q...%7E311%7E...1bab28021k78dd4g97a557ek2c2e4&dispatch=i9230eij1j27jb3c6hjf116bk5e4hc&id=c2117a23j7cgj55a3g24dkff2c3ia5ak2a9jhjeh95da1 HTTP/1.1Host: seoservicesiox.firebaseapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/materialize/1.0.0/js/materialize.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: seoservicesiox.firebaseapp.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_86.2.dr, chromecache_82.2.dr	String found in binary or memory: http://materializecss.com)
Source: chromecache_84.2.dr, chromecache_77.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_71.2.dr, chromecache_76.2.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_78.2.dr, chromecache_85.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_78.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_78.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_71.2.dr, chromecache_76.2.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_71.2.dr, chromecache_76.2.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_71.2.dr, chromecache_76.2.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_71.2.dr, chromecache_76.2.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_86.2.dr, chromecache_82.2.dr	String found in binary or memory: https://raw.githubusercontent.com/Dogfalo/materialize/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49755 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.win@16/30@20/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1912,i,13088845823997513324,18216191020239714356,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1912,i,13088845823997513324,18216191020239714356,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1502056
Product:	CloudBasic
Start time:	00:35:06
Start date:	31.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://seoservicesiox.firebaseapp.com/?err=tdn8ci80q...~311~...1bab28021k78dd4g97a557ek2c2e4