Windows Analysis Report
https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4

Overview

General Information

Sample URL:	https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4
Analysis ID:	1502057
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Phishing site detected (based on logo match)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4?250ce7e733c083f5bd3aed6f5e1cd90fm0han3a5=U2FsdGVkX19bjMvi2uVZuw2SryJgcgZqiVgZAZpf2IGE74vrL%2Fm1dFiK7zTNqICz%2B2OehonAFJig%2Bx5GYKyDRJSKMG6UeJqbrX3l3MIbRSqXTGQenlpNLjIlj9zwC4c2Lsx7xKZnTogqLos2caTeZ%2FOhoZ7GiAMIvnZyuo9vods3Oh%2B%2BF73U72LfU%2FOefT3iorHrxE8d0CTgPT3VnKwtcT2%2BWXLphHZXUJGZrpdgkPl1r8DHFZeJvm7a0ojfl26jRqMZIDvfMPF4hhNk295%2B8RXdNGPddCgRkyh4NYs%2BxE10736rBZOXSdb7ZAl6zixRjmoTLUjYTkg8k4oo6EtunIBmrv%2FiT8vSluoxtJzs7qu1ZutjHU%2BZYHM7MdkxAX4BOpm3RhTIRLBpn27sjETtzjNfHpAN%2F0Mr9QIgV5giEbWiSTVjg5Sbm0nLq73%2FcdIkMg0u3ML4UQyg8xPuh%2BwiXb54GBs12wrP0Pfhc9XTHPdJwRniQidFf3modkgK0%2FXyEbFa9ePQc3eTxmEJZOBNtaN4Vve1TDgolKyg0aat0W8ijaDzIqoEfuC0cE2wjy3WRcSxOxvI1za%2FCHMthAsJUox%2FDqwp0hLcDDHLYL9TnLEYna8UXbacNOEpRtiW%2FdFoEmYYkTPt14hQEmctqL2y4WlAjBoEW31aDCLWhFKgynimGPi1OXJ6Ekv8Un9xnqHXCHBj3Ad%2BzTBhReoiUhyOU2TnTkDKweZnwaB6PScm6dqHiWYV277NwaAeB%2FS88ixvm1TZ%2Fxr9XTjsTg1rWmkQ4VKtBDCPyBLn00vA6vORCKs6N7SsFLbO8%2FZUlawU%2BrNWslWSfSnc%2BSZ4bfI53EiS8%2BuxytWDBdlVsfDLnXV%2B1dTZhuGBOefEt7IH4yxm4zhts%2F2E3wrIhomL3D8TnXk2QOxMW5UFXQvk2s7mH26qHo10W%2BkEUTAJB1B36%2FK6cSQvkxH%2BzuUXF6XEXgCIzOxgkPS48NOwRK2Jdzd307DzWFInagUz%2F%2B0%2FB9zDvwfm96kJipr1pJs6BO%2BP5dm1Th%2BlXKcLbvWDEWTTJcEiKG6UT%2BsdjDhjCjJkZqauzVmXZe9c6BjduiGqE%2F%2BEQDZMoGBf1bedPa2yVYwBGOJLR35D6meA5LMNBs78Qqsp6msoMm55ZdbfNeUTmzCRITf5EXoyYL1WJSRcQqhOuJdPP1ReIw1gWwLy7S0PI1bNhU1%2F1HJfbno8whYuAzVaRVNZg47VoOVcaUoteIJrrak2PZU0MyxRdqlUBG5hG240dAYsyFt6sF8ib1mVVsBXn3s6zJ6GEBphpNUAEhdBxPySGqh%2B1t%2BnMuSN%2FoDn7eZnpU4bO9Ve

LLM: Score: 8 Reasons: The domain'sharefile8.pages.dev' is not the official domain for OneDrive, which is 'onedrive.com'. The presence of the.dev domain suggests that this could be a development or testing environment, and the login page might not be secure or legitimate. DOM: 1.0.pages.csv

Phishing site detected (based on favicon image match)

Matcher: Template: onedrive matched with high similarity

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Microsoft OneDrive does not match URL

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49752 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.7:51881 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4 HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOBK9HUECofCEkAbqDF=2jfjZA9wDmRlYg1TXOXJNITl98qS9siwV6pdy8cw8fSU8meMhDoHo3q0Wbk1NRTITsfyJdv71rAKgx7GjU1BNOfiiUNKNWJ2iHxPYldtdzwOsYPXlYZ5aId3UaBDD4OaPO0ZZpW8vf4Tz0t3vdO1dR7zBRTwMf8AMoFNk8pvuQel106aEmb5Q0X HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sharefile8.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sharefile8.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4?250ce7e733c083f5bd3aed6f5e1cd90fm0han3a5=U2FsdGVkX19bjMvi2uVZuw2SryJgcgZqiVgZAZpf2IGE74vrL%2Fm1dFiK7zTNqICz%2B2OehonAFJig%2Bx5GYKyDRJSKMG6UeJqbrX3l3MIbRSqXTGQenlpNLjIlj9zwC4c2Lsx7xKZnTogqLos2caTeZ%2FOhoZ7GiAMIvnZyuo9vods3Oh%2B%2BF73U72LfU%2FOefT3iorHrxE8d0CTgPT3VnKwtcT2%2BWXLphHZXUJGZrpdgkPl1r8DHFZeJvm7a0ojfl26jRqMZIDvfMPF4hhNk295%2B8RXdNGPddCgRkyh4NYs%2BxE10736rBZOXSdb7ZAl6zixRjmoTLUjYTkg8k4oo6EtunIBmrv%2FiT8vSluoxtJzs7qu1ZutjHU%2BZYHM7MdkxAX4BOpm3RhTIRLBpn27sjETtzjNfHpAN%2F0Mr9QIgV5giEbWiSTVjg5Sbm0nLq73%2FcdIkMg0u3ML4UQyg8xPuh%2BwiXb54GBs12wrP0Pfhc9XTHPdJwRniQidFf3modkgK0%2FXyEbFa9ePQc3eTxmEJZOBNtaN4Vve1TDgolKyg0aat0W8ijaDzIqoEfuC0cE2wjy3WRcSxOxvI1za%2FCHMthAsJUox%2FDqwp0hLcDDHLYL9TnLEYna8UXbacNOEpRtiW%2FdFoEmYYkTPt14hQEmctqL2y4WlAjBoEW31aDCLWhFKgynimGPi1OXJ6Ekv8Un9xnqHXCHBj3Ad%2BzTBhReoiUhyOU2TnTkDKweZnwaB6PScm6dqHiWYV277NwaAeB%2FS88ixvm1TZ%2Fxr9XTjsTg1rWmkQ4VKtBDCPyBLn00vA6vORCKs6N7SsFLbO8%2FZUlawU%2BrNWslWSfSnc%2BSZ4bfI53EiS8%2BuxytWDBdlVsfDLnXV%2B1dTZhuGBOefEt7IH4yxm4zhts%2F2E3wrIhomL3D8TnXk2QOxMW5UFXQvk2s7mH26qHo10W%2BkEUTAJB1B36%2FK6cSQvkxH%2BzuUXF6XEXgCIzOxgkPS48NOwRK2Jdzd307DzWFInagUz%2F%2B0%2FB9zDvwfm96kJipr1pJs6BO%2BP5dm1Th%2BlXKcLbvWDEWTTJcEiKG6UT%2BsdjDhjCjJkZqauzVmXZe9c6BjduiGqE%2F%2BEQDZMoGBf1bedPa2yVYwBGOJLR35D6meA5LMNBs78Qqsp6msoMm55ZdbfNeUTmzCRITf5EXoyYL1WJSRcQqhOuJdPP1ReIw1gWwLy7S0PI1bNhU1%2F1HJfbno8whYuAzVaRVNZg47VoOVcaUoteIJrrak2PZU0MyxRdqlUBG5hG240dAYsyFt6sF8ib1mVVsBXn3s6zJ6GEBphpNUAEhdBxPySGqh%2B1t%2BnMuSN%2FoDn7eZnpU4bO9Ve HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4?250ce7e733c083f5bd3aed6f5e1cd90fm0han3a5=U2FsdGVkX19bjMvi2uVZuw2SryJgcgZqiVgZAZpf2IGE74vrL%2Fm1dFiK7zTNqICz%2B2OehonAFJig%2Bx5GYKyDRJSKMG6UeJqbrX3l3MIbRSqXTGQenlpNLjIlj9zwC4c2Lsx7xKZnTogqLos2caTeZ%2FOhoZ7GiAMIvnZyuo9vods3Oh%2B%2BF73U72LfU%2FOefT3iorHrxE8d0CTgPT3VnKwtcT2%2BWXLphHZXUJGZrpdgkPl1r8DHFZeJvm7a0ojfl26jRqMZIDvfMPF4hhNk295%2B8RXdNGPddCgRkyh4NYs%2BxE10736rBZOXSdb7ZAl6zixRjmoTLUjYTkg8k4oo6EtunIBmrv%2FiT8vSluoxtJzs7qu1ZutjHU%2BZYHM7MdkxAX4BOpm3RhTIRLBpn27sjETtzjNfHpAN%2F0Mr9QIgV5giEbWiSTVjg5Sbm0nLq73%2FcdIkMg0u3ML4UQyg8xPuh%2BwiXb54GBs12wrP0Pfhc9XTHPdJwRniQidFf3modkgK0%2FXyEbFa9ePQc
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sharefile8.pages.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: chromecache_58.2.dr, chromecache_66.2.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_57.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_57.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_58.2.dr, chromecache_66.2.dr	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: chromecache_58.2.dr, chromecache_66.2.dr	String found in binary or memory: http://www.inkscape.org/)
Source: chromecache_58.2.dr, chromecache_66.2.dr	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: chromecache_55.2.dr, chromecache_70.2.dr	String found in binary or memory: https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain
Source: chromecache_63.2.dr, chromecache_64.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz4dL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz8dL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzAdLw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzMdL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_55.2.dr, chromecache_70.2.dr	String found in binary or memory: https://ipapi.co/json/
Source: chromecache_55.2.dr, chromecache_70.2.dr	String found in binary or memory: https://locate.ipinit.workers.dev/
Source: chromecache_55.2.dr, chromecache_70.2.dr	String found in binary or memory: https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49752 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/34@14/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2544,i,14737729716348011552,16859708203080618622,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2544,i,14737729716348011552,16859708203080618622,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
151.101.129.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
104.26.9.44	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	sharefile8.pages.dev	European Union	13335	CLOUDFLARENETUS	true
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
172.67.69.226	ipapi.co	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.129.229	true
ipapi.co	172.67.69.226	true
cdnjs.cloudflare.com	104.17.24.14	true
www.google.com	142.250.186.132	true
sharefile8.pages.dev	188.114.97.3	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg	false	Avira URL Cloud: safe	unknown
https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4	true		unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png	false	Avira URL Cloud: safe	unknown
https://ipapi.co/json/	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 53	PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced	74EB232B7F745297031432530B14F3D8	7CE33765570544B37FE6EEA9B5C43515A9A2C112	9AC552C9C42DB29135A722F8E7C2D897257115F50432180518B3B63CCF2E6078
Chrome Cache Entry: 54	PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced	74EB232B7F745297031432530B14F3D8	7CE33765570544B37FE6EEA9B5C43515A9A2C112	9AC552C9C42DB29135A722F8E7C2D897257115F50432180518B3B63CCF2E6078
Chrome Cache Entry: 55	ASCII text, with very long lines (65536), with no line terminators	49001821F264BA677B4A388ECA0D6067	770114294781ABF18B05BBC3CD6326D0C620EDFF	D9186BAB0196128534A7E88B00F20BF2707CCED3AD280793FAD1619915BFD6F9
Chrome Cache Entry: 56	Web Open Font Format (Version 2), TrueType, length 18596, version 1.0	C83E4437A53D7F849F9D32DF3D6B68F3	FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC	D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
Chrome Cache Entry: 57	troff or preprocessor input, ASCII text, with very long lines (372)	C495654869785BC3DF60216616814AD1	0140952C64E3F2B74EF64E050F2FE86EAB6624C8	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
Chrome Cache Entry: 58	SVG Scalable Vector Graphics image	7CC67EC927B7035D5A23C45A44A00578	847B7852651B9F5E062BEE6945326AACA9FBEF2A	93CACBB2F74C55645024C9823873891B4633146A9F6F61C8BE080D72924FD0B8
Chrome Cache Entry: 59	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1324x900, components 3	3E148C616510A44787B65933D6CC9B83	47A20D1F2211BF216C79F3C42E94EDABE6765E1B	5FE991E3985F36C957BC2A0B9A212052210B988B5536059E5FE8544A5104EB19
Chrome Cache Entry: 60	PNG image data, 1000 x 750, 8-bit/color RGBA, non-interlaced	47DBD9795BDEF22771EC0F09C2A80480	54CCC820BDD52D81B55E30B4759C117594A6A324	AE9CC64390A76C779BD0DA29FCFF4DD063438985D6F9C331C3B984534DD5E6CF
Chrome Cache Entry: 61	Web Open Font Format (Version 2), TrueType, length 18588, version 1.0	115C2D84727B41DA5E9B4394887A8C40	44F495A7F32620E51ACCA2E78F7E0615CB305781	AE0E442895406E9922237108496C2CD60F4947649A826463E2DA9860B5C25DD6
Chrome Cache Entry: 62	PNG image data, 1000 x 750, 8-bit/color RGBA, non-interlaced	47DBD9795BDEF22771EC0F09C2A80480	54CCC820BDD52D81B55E30B4759C117594A6A324	AE9CC64390A76C779BD0DA29FCFF4DD063438985D6F9C331C3B984534DD5E6CF
Chrome Cache Entry: 63	HTML document, ASCII text, with very long lines (410)	82F08D1A7DAFF3E8B2FEA920B7BABEE0	5EAC97C104607B9CE5C6A8A0F8564E3BE92592E9	2389B13CC30F7F36F2EEDF3DBD2821ADAE2C3DF716B9F8D0000253BC975FA3A6
Chrome Cache Entry: 64	HTML document, ASCII text, with very long lines (410)	82F08D1A7DAFF3E8B2FEA920B7BABEE0	5EAC97C104607B9CE5C6A8A0F8564E3BE92592E9	2389B13CC30F7F36F2EEDF3DBD2821ADAE2C3DF716B9F8D0000253BC975FA3A6
Chrome Cache Entry: 65	JSON data	3849201717DD51D96B654574CCED466A	E24F74FECAB382E723EDA00292AA9EC36DC35EC0	842748142398582957A7231B1D55996C3036ECB3182289C2C0D48A387BB4DBCE
Chrome Cache Entry: 66	SVG Scalable Vector Graphics image	7CC67EC927B7035D5A23C45A44A00578	847B7852651B9F5E062BEE6945326AACA9FBEF2A	93CACBB2F74C55645024C9823873891B4633146A9F6F61C8BE080D72924FD0B8
Chrome Cache Entry: 67	ASCII text	DEF8E201C49023177D0ADA543092F58E	7150AB03437D9DDDCA3202378AA28028976B5E7D	642CD40AC50CF62FC1B631008BF5E09B0B0BA6C8976935721E0E48A009E3FE20
Chrome Cache Entry: 68	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0	8EFF0B8045FD1959E117F85654AE7770	227FEE13CEB7C410B5C0BB8000258B6643CB6255	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
Chrome Cache Entry: 69	JSON data	3849201717DD51D96B654574CCED466A	E24F74FECAB382E723EDA00292AA9EC36DC35EC0	842748142398582957A7231B1D55996C3036ECB3182289C2C0D48A387BB4DBCE
Chrome Cache Entry: 70	ASCII text, with very long lines (65536), with no line terminators	49001821F264BA677B4A388ECA0D6067	770114294781ABF18B05BBC3CD6326D0C620EDFF	D9186BAB0196128534A7E88B00F20BF2707CCED3AD280793FAD1619915BFD6F9
Chrome Cache Entry: 71	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1324x900, components 3	3E148C616510A44787B65933D6CC9B83	47A20D1F2211BF216C79F3C42E94EDABE6765E1B	5FE991E3985F36C957BC2A0B9A212052210B988B5536059E5FE8544A5104EB19
Chrome Cache Entry: 72	ASCII text, with no line terminators	4BFF56273E71FAF88DE7D58A459DA976	DBB96F394980AB9890F3C837BAF7C80F2A6AB6EE	17F73B8D1FDA227F08A320437094999DBEE94D0B9631050B294388B67C0F263F

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Phishing site detected (based on favicon image match)

Matcher: Template: onedrive matched with high similarity

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Microsoft OneDrive does not match URL

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49752 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.7:51881 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4 HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOBK9HUECofCEkAbqDF=2jfjZA9wDmRlYg1TXOXJNITl98qS9siwV6pdy8cw8fSU8meMhDoHo3q0Wbk1NRTITsfyJdv71rAKgx7GjU1BNOfiiUNKNWJ2iHxPYldtdzwOsYPXlYZ5aId3UaBDD4OaPO0ZZpW8vf4Tz0t3vdO1dR7zBRTwMf8AMoFNk8pvuQel106aEmb5Q0X HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sharefile8.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sharefile8.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4?250ce7e733c083f5bd3aed6f5e1cd90fm0han3a5=U2FsdGVkX19bjMvi2uVZuw2SryJgcgZqiVgZAZpf2IGE74vrL%2Fm1dFiK7zTNqICz%2B2OehonAFJig%2Bx5GYKyDRJSKMG6UeJqbrX3l3MIbRSqXTGQenlpNLjIlj9zwC4c2Lsx7xKZnTogqLos2caTeZ%2FOhoZ7GiAMIvnZyuo9vods3Oh%2B%2BF73U72LfU%2FOefT3iorHrxE8d0CTgPT3VnKwtcT2%2BWXLphHZXUJGZrpdgkPl1r8DHFZeJvm7a0ojfl26jRqMZIDvfMPF4hhNk295%2B8RXdNGPddCgRkyh4NYs%2BxE10736rBZOXSdb7ZAl6zixRjmoTLUjYTkg8k4oo6EtunIBmrv%2FiT8vSluoxtJzs7qu1ZutjHU%2BZYHM7MdkxAX4BOpm3RhTIRLBpn27sjETtzjNfHpAN%2F0Mr9QIgV5giEbWiSTVjg5Sbm0nLq73%2FcdIkMg0u3ML4UQyg8xPuh%2BwiXb54GBs12wrP0Pfhc9XTHPdJwRniQidFf3modkgK0%2FXyEbFa9ePQc3eTxmEJZOBNtaN4Vve1TDgolKyg0aat0W8ijaDzIqoEfuC0cE2wjy3WRcSxOxvI1za%2FCHMthAsJUox%2FDqwp0hLcDDHLYL9TnLEYna8UXbacNOEpRtiW%2FdFoEmYYkTPt14hQEmctqL2y4WlAjBoEW31aDCLWhFKgynimGPi1OXJ6Ekv8Un9xnqHXCHBj3Ad%2BzTBhReoiUhyOU2TnTkDKweZnwaB6PScm6dqHiWYV277NwaAeB%2FS88ixvm1TZ%2Fxr9XTjsTg1rWmkQ4VKtBDCPyBLn00vA6vORCKs6N7SsFLbO8%2FZUlawU%2BrNWslWSfSnc%2BSZ4bfI53EiS8%2BuxytWDBdlVsfDLnXV%2B1dTZhuGBOefEt7IH4yxm4zhts%2F2E3wrIhomL3D8TnXk2QOxMW5UFXQvk2s7mH26qHo10W%2BkEUTAJB1B36%2FK6cSQvkxH%2BzuUXF6XEXgCIzOxgkPS48NOwRK2Jdzd307DzWFInagUz%2F%2B0%2FB9zDvwfm96kJipr1pJs6BO%2BP5dm1Th%2BlXKcLbvWDEWTTJcEiKG6UT%2BsdjDhjCjJkZqauzVmXZe9c6BjduiGqE%2F%2BEQDZMoGBf1bedPa2yVYwBGOJLR35D6meA5LMNBs78Qqsp6msoMm55ZdbfNeUTmzCRITf5EXoyYL1WJSRcQqhOuJdPP1ReIw1gWwLy7S0PI1bNhU1%2F1HJfbno8whYuAzVaRVNZg47VoOVcaUoteIJrrak2PZU0MyxRdqlUBG5hG240dAYsyFt6sF8ib1mVVsBXn3s6zJ6GEBphpNUAEhdBxPySGqh%2B1t%2BnMuSN%2FoDn7eZnpU4bO9Ve HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4?250ce7e733c083f5bd3aed6f5e1cd90fm0han3a5=U2FsdGVkX19bjMvi2uVZuw2SryJgcgZqiVgZAZpf2IGE74vrL%2Fm1dFiK7zTNqICz%2B2OehonAFJig%2Bx5GYKyDRJSKMG6UeJqbrX3l3MIbRSqXTGQenlpNLjIlj9zwC4c2Lsx7xKZnTogqLos2caTeZ%2FOhoZ7GiAMIvnZyuo9vods3Oh%2B%2BF73U72LfU%2FOefT3iorHrxE8d0CTgPT3VnKwtcT2%2BWXLphHZXUJGZrpdgkPl1r8DHFZeJvm7a0ojfl26jRqMZIDvfMPF4hhNk295%2B8RXdNGPddCgRkyh4NYs%2BxE10736rBZOXSdb7ZAl6zixRjmoTLUjYTkg8k4oo6EtunIBmrv%2FiT8vSluoxtJzs7qu1ZutjHU%2BZYHM7MdkxAX4BOpm3RhTIRLBpn27sjETtzjNfHpAN%2F0Mr9QIgV5giEbWiSTVjg5Sbm0nLq73%2FcdIkMg0u3ML4UQyg8xPuh%2BwiXb54GBs12wrP0Pfhc9XTHPdJwRniQidFf3modkgK0%2FXyEbFa9ePQc
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sharefile8.pages.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: unknown

Source: chromecache_58.2.dr, chromecache_66.2.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_57.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_57.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_58.2.dr, chromecache_66.2.dr	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: chromecache_58.2.dr, chromecache_66.2.dr	String found in binary or memory: http://www.inkscape.org/)
Source: chromecache_58.2.dr, chromecache_66.2.dr	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: chromecache_55.2.dr, chromecache_70.2.dr	String found in binary or memory: https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain
Source: chromecache_63.2.dr, chromecache_64.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz4dL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz8dL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzAdLw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzMdL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_55.2.dr, chromecache_70.2.dr	String found in binary or memory: https://ipapi.co/json/
Source: chromecache_55.2.dr, chromecache_70.2.dr	String found in binary or memory: https://locate.ipinit.workers.dev/
Source: chromecache_55.2.dr, chromecache_70.2.dr	String found in binary or memory: https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49752 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/34@14/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2544,i,14737729716348011552,16859708203080618622,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2544,i,14737729716348011552,16859708203080618622,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1502057
Product:	CloudBasic
Start time:	00:35:47
Start date:	31.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://sharefile8.pages.dev/8ggvti3i40b3gov9cp9q4nszoiztgizy51cmjyp3nwyoh4nmnlhkxoyylug0b8sedygcrjdgch8onk9iztdncdzygdq3wwznqetq3s7hmzatbw3w58e0l5vxngthc2kldeb+fbuxrfh059ukff4zais0deicf4