Windows Analysis Report
https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj

Overview

General Information

Sample URL:	https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj
Analysis ID:	1502058
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Phishing site detected (based on logo match)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj?8c17e643600ec20fef4f6911ec4e48e7m0hanxc8=U2FsdGVkX1%2BCd7%2FhtiLMTnMBdpVwMmJ1KSyDrJ7KzEDSzbmdM%2BK6Tvtld6HHT92c1qgm7oreWjv5Cnz%2Fm8DY12gjkyk1dTaxJoP0hcT2jb5uWGaaTFriv%2F0MfsU%2FcnV4I3oFJmdjC0pWwBVCgYQhwAhU5EmscQU4wflljPHYfjZlY9ZaUOFxfmhvl2vlgvh4Go0gQHzNWQR5SgXefEaLV9OkQk9gBk4c44TDZrE1RqypEYZ4og7DiQOLh2FxHuIRSXXLRAxuo%2ByuNsy604Cf7hBMYrxq47spI8x3nSLnF%2FJQqEpgpBvF8P%2Bp3yneKAfoQYC5M0QIHjOcNPa3dnUZ2JohrO6tqas4kBMqWAVYWAdNv4CykAnDac%2FIIvSaKTZ3dd940GO6i1Z1OLWWjQEpl%2F1AfOZ507isTPp4%2FhF13ZhnPsZUFo%2FmTQAFkx4Du%2FjWvM4AtpSo7C0m6YBuWll%2F5M7OqWl8yTimYCbou7r9IJcWLUfo1HhwA2GKeWqF5r6GfC6K2VQ9Eh6TtmRu4MCo484KHNp3OA%2BQ7nTZpwUnGq8roJWW0L6icuBAscTU%2B2jfVDblCZ%2BKKbkWWEE0oDeAzyNwjKk5%2B6azk9AmMtdzygm4HYIq0SsbZ8rVbiC%2FjjlcECR3k3llDILBIFfTfA82Sgs1YrRYzpZ2VIiJyewnPxn82KwYBap26TJ1wElBovKL0dUR9QXIV0fsk39dsnmXkNcV%2BAZ2%2FMV%2B%2F%2FOdxYAUtZAYi5F51VJjktkNUZqhsirAF6%2BQWE8Ckrak3J04%2BqYzHRzRQlgFoLRsyIh20z%2FBvYsWN63W%2B%2BZdWDAGN6BqXEFQc8%2BBAS%2BUDiVk1VDi41E62y%2BoJYZbB7zMptoVuKAAF5p1haL9CvCs2gtnmvmqADEAvebUoDre9%2FOYJfVgU%2Fimz3dJMfrd9EbDrc4ost3U1zl%2F0aYgG%2Fue7fyp3sPmrag1198q7907y0%2FviUforIwJ5B0HMgtH28odoWlFsIwm1oYdMxFpfRKRsVf7JwCLok1OLQ83aqgJzFjoPKaS9PsgriyyzKs6uS8pfHk0Yt3D9hgjzGIAaZe3dI0k9%2BjWH3Ob4%2FsLu95r9UY2Iw12U%2BZtTSXDEf%2BYRLNi7oKlHmf20R2EpT8KMrfo%2BrVpX3w2lj7XQBYNsueqZLK3V9WT1fDkdGSliiKusiZAPix5kv3fP60nlD%2FQ3CKfto8kvPbaCXlteM%2FWrK8h2Xq7TELZUCH4P5Mu2CWRmmuJdewXolo6VkJ3pp4sJc0cJmJMbtmBvNP0qYZCOMiNOe4Z1IyDySDYX2w5n3wxoaoqOHswKQXGdNFjPZsubI3jt12v9JLz%2Bc%2FGk8lJzJseXdIwTzyHni0KoXwdSPh9Urz4V7MM4vFE13g8CyHoJ5MJwX6iN2d5u6jK7NCANH%2BtT3Ec7liokH8m7ITc%2B3eVz7WXu7kJfqae1E6SNbZ%2FhR54i1nX3Wi1fpG5c%2Fp9Vb%2F7OK3UIdy%2FOSfNjEc0C9w69ZbfOh1e0UxrfnN4%2Fzc0iVwTGJmS61vCcUJx7RWZSaLL4qKjSJjPm7uCUoYLUc4Byv4hYveFGk5rDO8QpGE%2B59ETTtv3NhSGRkXfjReivvzOtosmu9Fg3zezCxWgJUU4CjSJuyJoIgcVNRccOdmyN6FciRg05Ysv1F9WZxZ38BNipfm0cilZE%2BKOODTcq3%2FPTS6XMJsFDvy9pnH%2FluGHD01o53arun%2BdjpJGM9OoMmkZpeKCFsQeH9jaX7wP7PdW%2FfZleO6pFcHzBxMHBpD278BscJzry4qQ%2BOZ8XF2xq%2FJlh93fztIIXpl17ZX07U4i%2BwwUmM%2FYAsDwMuejtL6HbNhk48ge5wWNjRECg3HRRXA3eCrYOq%2Fnc7xUmC0MW%2FjRuY201EpVTsC0fB0F0b6Elm4Hf6tBlfSVOUT4wqaGAD8U7k1vZFzPgSGUP7mK5xEF4X869pRd%2BpH4EwrV74iyMT61XAp2jL7R7mWEXgH3MI3FVHuAOLOUkZa5pSxob%2FXuzuAbZjcZ%2BBGjohRyXxHnFTWMsSJl66QMB6vyTtbomo5Q%2FG7pxJZFuDiAaMMNUDWa9tGNZaFjkkVQTKxbUXhODu5oGHoH04aLV4AfNmuO1fx5%2BkdPe%2FWi5WsFIKm5kMI2wvChNbYwixczB9w%3D

LLM: Score: 8 Reasons: The domain'sharefile8.pages.dev' is not a typical domain for a production OneDrive site, and the use of the.dev gTLD is unusual for a legitimate OneDrive login page. The notification message is also suspicious, as it is not a typical warning message for a legitimate OneDrive login page. The design is clean and professional, but the unusual domain and notification message suggest that the site may be a phishing attempt. DOM: 1.0.pages.csv

Phishing site detected (based on favicon image match)

Matcher: Template: onedrive matched with high similarity

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Microsoft OneDrive does not match URL

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49730 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.8:53456 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sharefile8.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sharefile8.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj?8c17e643600ec20fef4f6911ec4e48e7m0hanxc8=U2FsdGVkX1%2BCd7%2FhtiLMTnMBdpVwMmJ1KSyDrJ7KzEDSzbmdM%2BK6Tvtld6HHT92c1qgm7oreWjv5Cnz%2Fm8DY12gjkyk1dTaxJoP0hcT2jb5uWGaaTFriv%2F0MfsU%2FcnV4I3oFJmdjC0pWwBVCgYQhwAhU5EmscQU4wflljPHYfjZlY9ZaUOFxfmhvl2vlgvh4Go0gQHzNWQR5SgXefEaLV9OkQk9gBk4c44TDZrE1RqypEYZ4og7DiQOLh2FxHuIRSXXLRAxuo%2ByuNsy604Cf7hBMYrxq47spI8x3nSLnF%2FJQqEpgpBvF8P%2Bp3yneKAfoQYC5M0QIHjOcNPa3dnUZ2JohrO6tqas4kBMqWAVYWAdNv4CykAnDac%2FIIvSaKTZ3dd940GO6i1Z1OLWWjQEpl%2F1AfOZ507isTPp4%2FhF13ZhnPsZUFo%2FmTQAFkx4Du%2FjWvM4AtpSo7C0m6YBuWll%2F5M7OqWl8yTimYCbou7r9IJcWLUfo1HhwA2GKeWqF5r6GfC6K2VQ9Eh6TtmRu4MCo484KHNp3OA%2BQ7nTZpwUnGq8roJWW0L6icuBAscTU%2B2jfVDblCZ%2BKKbkWWEE0oDeAzyNwjKk5%2B6azk9AmMtdzygm4HYIq0SsbZ8rVbiC%2FjjlcECR3k3llDILBIFfTfA82Sgs1YrRYzpZ2VIiJyewnPxn82KwYBap26TJ1wElBovKL0dUR9QXIV0fsk39dsnmXkNcV%2BAZ2%2FMV%2B%2F%2FOdxYAUtZAYi5F51VJjktkNUZqhsirAF6%2BQWE8Ckrak3J04%2BqYzHRzRQlgFoLRsyIh20z%2FBvYsWN63W%2B%2BZdWDAGN6BqXEFQc8%2BBAS%2BUDiVk1VDi41E62y%2BoJYZbB7zMptoVuKAAF5p1haL9CvCs2gtnmvmqADEAvebUoDre9%2FOYJfVgU%2Fimz3dJMfrd9EbDrc4ost3U1zl%2F0aYgG%2Fue7fyp3sPmrag1198q7907y0%2FviUforIwJ5B0HMgtH28odoWlFsIwm1oYdMxFpfRKRsVf7JwCLok1OLQ83aqgJzFjoPKaS9PsgriyyzKs6uS8pfHk0Yt3D9hgjzGIAaZe3dI0k9%2BjWH3Ob4%2FsLu95r9UY2Iw12U%2BZtTSXDEf%2BYRLNi7oKlHmf20R2EpT8KMrfo%2BrVpX3w2lj7XQBYNsueqZLK3V9WT1fDkdGSliiKusiZAPix5kv3fP60nlD%2FQ3CKfto8kvPbaCXlteM%2FWrK8h2Xq7TELZUCH4P5Mu2CWRmmuJdewXolo6VkJ3pp4sJc0cJmJMbtmBvNP0qYZCOMiNOe4Z1IyDySDYX2w5n3wxoaoqOHswKQXGdNFjPZsubI3jt12v9JLz%2Bc%2FGk8lJzJseXdIwTzyHni0KoXwdSPh9Urz4V7MM4vFE13g8CyHoJ5MJwX6iN2d5u6jK7NCANH%2BtT3Ec7liokH8m7ITc%2B3eVz7WXu7kJfqae1E6SNbZ%2FhR54i1nX3Wi1fpG5c%2Fp9Vb%2F7OK3UIdy%2FOSfNjEc0C9w69ZbfOh1e0UxrfnN4%2Fzc0iVwTGJmS61vCcUJx7RWZSaLL4qKjSJjPm7uCUoYLUc4Byv4hYveFGk5rDO8QpGE%2B59ETTtv3NhSGRkXfjReivvzOtosmu9Fg3zezCxWgJUU4CjSJuyJoIgcVNRccOdmyN6FciRg05Ysv1F9WZxZ38BNipfm0cilZE%2BKOODTcq3%2FPTS6XMJsFDvy9pnH%2FluGHD01o53arun%2BdjpJGM9OoMmkZpeKCFsQeH9jaX7wP7PdW%2FfZleO6pFcHzBxMHBpD278BscJzry4qQ%2BOZ8XF2xq%2FJlh93fztIIXpl17ZX07U4i%2BwwUmM%2FYAsDwMuejtL6HbNhk48ge5wWNjRECg3HRRXA3eCrYOq%2Fnc7xUmC0MW%2FjRuY201EpVTsC0fB0F0b6Elm4Hf6tBlfSVOUT4wqaGAD8U7k1vZFzPgSGUP7mK5xEF4X869pRd%2BpH4EwrV74iyMT61XAp2jL7R7mWEXgH3MI3FVHuAOLOUkZa5pSxob%2FXuzuAbZjcZ%2BBGjohRyXxHnFTWMsSJl66QMB6vyTtbomo5Q%2FG7pxJZFuDiAaMMNUDWa9tGNZaFjkkVQTKxbUXhODu5oGHoH04aLV4AfNmuO1fx5%2BkdPe%2FWi5WsFIKm5kMI2wvChNbYwixczB9w%3D HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-S
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOBK9HUECofCEkAbqDF=2jfjZA9wDmRlYg1TXOXJNITl98qS9siwV6pdy8cw8fSU8meMhDoHo3q0Wbk1NRTITsfyJdv71rAKgx7GjU1BNOfiiUNKNWJ2iHxPYldtdzwOsYPXlYZ5aId3UaBDD4OaPO0ZZpW8vf4Tz0t3vdO1dR7zBRTwMf8AMoFNk8pvuQel106aEmb5Q0X HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: sharefile8.pages.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: chromecache_73.2.dr, chromecache_79.2.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_72.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_72.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_73.2.dr, chromecache_79.2.dr	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: chromecache_73.2.dr, chromecache_79.2.dr	String found in binary or memory: http://www.inkscape.org/)
Source: chromecache_73.2.dr, chromecache_79.2.dr	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: chromecache_83.2.dr, chromecache_69.2.dr	String found in binary or memory: https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain
Source: chromecache_70.2.dr, chromecache_74.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz4dL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz8dL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzAdLw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzMdL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_83.2.dr, chromecache_69.2.dr	String found in binary or memory: https://ipapi.co/json/
Source: chromecache_83.2.dr, chromecache_69.2.dr	String found in binary or memory: https://locate.ipinit.workers.dev/
Source: chromecache_83.2.dr, chromecache_69.2.dr	String found in binary or memory: https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53459
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49730 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/39@12/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1900,i,388128914800657721,16740972578459867677,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1900,i,388128914800657721,16740972578459867677,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
151.101.129.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
104.26.9.44	ipapi.co	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	sharefile8.pages.dev	European Union	13335	CLOUDFLARENETUS	true
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.129.229	true
ipapi.co	104.26.9.44	true
cdnjs.cloudflare.com	104.17.24.14	true
www.google.com	142.250.186.132	true
sharefile8.pages.dev	188.114.96.3	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png	false	Avira URL Cloud: safe	unknown
https://ipapi.co/json/	false	Avira URL Cloud: safe	unknown
https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj	true		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:37:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B83646919E97053E637CBBA71945102E	238E53C858C160CC23D8FE01A9099D425444B481	1524AFBF2886ED93E9A3FE00C76708EBFB86147DE5DF026A4DEF74318CA55947
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:37:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D7FA12724674677091BF3174867664A5	B92F893157BC26E624CC66E1BBD44885E698612D	A67D344FF42896656536E3DD2DE995D5CE3F7DA44C8A1B28F8D46EAAB1FA7D67
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	156C582532598848C26250FB43C955AA	7F0AEED3820297EBA98986B9D7A81E3C6D1E168C	AF5A86B994C119233C31D2C779FFE6CDC3FE5B6B035C8412B2D3631635450C12
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:37:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8F8501C0D7053620757143347CF0E285	34014F43C6EE142188DFF9B80DF6CA0D1B1B8ACB	FE671FF84D0372D081A72B5258909F3FAEF08F514392A0CD2376DEBF78EF4DBD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:37:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6DD9054643494EC5AA4BF6D2F193A5A3	816580E89438941930D54053039EB4D4FA0B3E25	496E7274D701A8D5174ADEC6E6E6A3388E79F2F2BE4EAC3C9404FAE97C001284
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:37:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	944F19FB9E86FAD8BBE1FBF43712EA91	7388DB16DC818F4050F0BC7527E0FA2CB8C199CF	C6AE3A04CEAE5187C89CDAE577DDD342FC9B5FCBC9BF54392F3947ECC91C1AD9
Chrome Cache Entry: 66	ASCII text, with no line terminators	4BFF56273E71FAF88DE7D58A459DA976	DBB96F394980AB9890F3C837BAF7C80F2A6AB6EE	17F73B8D1FDA227F08A320437094999DBEE94D0B9631050B294388B67C0F263F
Chrome Cache Entry: 67	PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced	74EB232B7F745297031432530B14F3D8	7CE33765570544B37FE6EEA9B5C43515A9A2C112	9AC552C9C42DB29135A722F8E7C2D897257115F50432180518B3B63CCF2E6078
Chrome Cache Entry: 68	PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced	74EB232B7F745297031432530B14F3D8	7CE33765570544B37FE6EEA9B5C43515A9A2C112	9AC552C9C42DB29135A722F8E7C2D897257115F50432180518B3B63CCF2E6078
Chrome Cache Entry: 69	ASCII text, with very long lines (65536), with no line terminators	49001821F264BA677B4A388ECA0D6067	770114294781ABF18B05BBC3CD6326D0C620EDFF	D9186BAB0196128534A7E88B00F20BF2707CCED3AD280793FAD1619915BFD6F9
Chrome Cache Entry: 70	HTML document, ASCII text, with very long lines (410)	82F08D1A7DAFF3E8B2FEA920B7BABEE0	5EAC97C104607B9CE5C6A8A0F8564E3BE92592E9	2389B13CC30F7F36F2EEDF3DBD2821ADAE2C3DF716B9F8D0000253BC975FA3A6
Chrome Cache Entry: 71	Web Open Font Format (Version 2), TrueType, length 18596, version 1.0	C83E4437A53D7F849F9D32DF3D6B68F3	FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC	D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
Chrome Cache Entry: 72	troff or preprocessor input, ASCII text, with very long lines (372)	C495654869785BC3DF60216616814AD1	0140952C64E3F2B74EF64E050F2FE86EAB6624C8	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
Chrome Cache Entry: 73	SVG Scalable Vector Graphics image	7CC67EC927B7035D5A23C45A44A00578	847B7852651B9F5E062BEE6945326AACA9FBEF2A	93CACBB2F74C55645024C9823873891B4633146A9F6F61C8BE080D72924FD0B8
Chrome Cache Entry: 74	HTML document, ASCII text, with very long lines (410)	82F08D1A7DAFF3E8B2FEA920B7BABEE0	5EAC97C104607B9CE5C6A8A0F8564E3BE92592E9	2389B13CC30F7F36F2EEDF3DBD2821ADAE2C3DF716B9F8D0000253BC975FA3A6
Chrome Cache Entry: 75	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1324x900, components 3	3E148C616510A44787B65933D6CC9B83	47A20D1F2211BF216C79F3C42E94EDABE6765E1B	5FE991E3985F36C957BC2A0B9A212052210B988B5536059E5FE8544A5104EB19
Chrome Cache Entry: 76	PNG image data, 1000 x 750, 8-bit/color RGBA, non-interlaced	47DBD9795BDEF22771EC0F09C2A80480	54CCC820BDD52D81B55E30B4759C117594A6A324	AE9CC64390A76C779BD0DA29FCFF4DD063438985D6F9C331C3B984534DD5E6CF
Chrome Cache Entry: 77	Web Open Font Format (Version 2), TrueType, length 18588, version 1.0	115C2D84727B41DA5E9B4394887A8C40	44F495A7F32620E51ACCA2E78F7E0615CB305781	AE0E442895406E9922237108496C2CD60F4947649A826463E2DA9860B5C25DD6
Chrome Cache Entry: 78	PNG image data, 1000 x 750, 8-bit/color RGBA, non-interlaced	47DBD9795BDEF22771EC0F09C2A80480	54CCC820BDD52D81B55E30B4759C117594A6A324	AE9CC64390A76C779BD0DA29FCFF4DD063438985D6F9C331C3B984534DD5E6CF
Chrome Cache Entry: 79	SVG Scalable Vector Graphics image	7CC67EC927B7035D5A23C45A44A00578	847B7852651B9F5E062BEE6945326AACA9FBEF2A	93CACBB2F74C55645024C9823873891B4633146A9F6F61C8BE080D72924FD0B8
Chrome Cache Entry: 80	ASCII text	DEF8E201C49023177D0ADA543092F58E	7150AB03437D9DDDCA3202378AA28028976B5E7D	642CD40AC50CF62FC1B631008BF5E09B0B0BA6C8976935721E0E48A009E3FE20
Chrome Cache Entry: 81	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0	8EFF0B8045FD1959E117F85654AE7770	227FEE13CEB7C410B5C0BB8000258B6643CB6255	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
Chrome Cache Entry: 82	JSON data	3849201717DD51D96B654574CCED466A	E24F74FECAB382E723EDA00292AA9EC36DC35EC0	842748142398582957A7231B1D55996C3036ECB3182289C2C0D48A387BB4DBCE
Chrome Cache Entry: 83	ASCII text, with very long lines (65536), with no line terminators	49001821F264BA677B4A388ECA0D6067	770114294781ABF18B05BBC3CD6326D0C620EDFF	D9186BAB0196128534A7E88B00F20BF2707CCED3AD280793FAD1619915BFD6F9
Chrome Cache Entry: 84	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1324x900, components 3	3E148C616510A44787B65933D6CC9B83	47A20D1F2211BF216C79F3C42E94EDABE6765E1B	5FE991E3985F36C957BC2A0B9A212052210B988B5536059E5FE8544A5104EB19

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Phishing site detected (based on favicon image match)

Matcher: Template: onedrive matched with high similarity

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Microsoft OneDrive does not match URL

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49730 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.8:53456 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sharefile8.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sharefile8.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj?8c17e643600ec20fef4f6911ec4e48e7m0hanxc8=U2FsdGVkX1%2BCd7%2FhtiLMTnMBdpVwMmJ1KSyDrJ7KzEDSzbmdM%2BK6Tvtld6HHT92c1qgm7oreWjv5Cnz%2Fm8DY12gjkyk1dTaxJoP0hcT2jb5uWGaaTFriv%2F0MfsU%2FcnV4I3oFJmdjC0pWwBVCgYQhwAhU5EmscQU4wflljPHYfjZlY9ZaUOFxfmhvl2vlgvh4Go0gQHzNWQR5SgXefEaLV9OkQk9gBk4c44TDZrE1RqypEYZ4og7DiQOLh2FxHuIRSXXLRAxuo%2ByuNsy604Cf7hBMYrxq47spI8x3nSLnF%2FJQqEpgpBvF8P%2Bp3yneKAfoQYC5M0QIHjOcNPa3dnUZ2JohrO6tqas4kBMqWAVYWAdNv4CykAnDac%2FIIvSaKTZ3dd940GO6i1Z1OLWWjQEpl%2F1AfOZ507isTPp4%2FhF13ZhnPsZUFo%2FmTQAFkx4Du%2FjWvM4AtpSo7C0m6YBuWll%2F5M7OqWl8yTimYCbou7r9IJcWLUfo1HhwA2GKeWqF5r6GfC6K2VQ9Eh6TtmRu4MCo484KHNp3OA%2BQ7nTZpwUnGq8roJWW0L6icuBAscTU%2B2jfVDblCZ%2BKKbkWWEE0oDeAzyNwjKk5%2B6azk9AmMtdzygm4HYIq0SsbZ8rVbiC%2FjjlcECR3k3llDILBIFfTfA82Sgs1YrRYzpZ2VIiJyewnPxn82KwYBap26TJ1wElBovKL0dUR9QXIV0fsk39dsnmXkNcV%2BAZ2%2FMV%2B%2F%2FOdxYAUtZAYi5F51VJjktkNUZqhsirAF6%2BQWE8Ckrak3J04%2BqYzHRzRQlgFoLRsyIh20z%2FBvYsWN63W%2B%2BZdWDAGN6BqXEFQc8%2BBAS%2BUDiVk1VDi41E62y%2BoJYZbB7zMptoVuKAAF5p1haL9CvCs2gtnmvmqADEAvebUoDre9%2FOYJfVgU%2Fimz3dJMfrd9EbDrc4ost3U1zl%2F0aYgG%2Fue7fyp3sPmrag1198q7907y0%2FviUforIwJ5B0HMgtH28odoWlFsIwm1oYdMxFpfRKRsVf7JwCLok1OLQ83aqgJzFjoPKaS9PsgriyyzKs6uS8pfHk0Yt3D9hgjzGIAaZe3dI0k9%2BjWH3Ob4%2FsLu95r9UY2Iw12U%2BZtTSXDEf%2BYRLNi7oKlHmf20R2EpT8KMrfo%2BrVpX3w2lj7XQBYNsueqZLK3V9WT1fDkdGSliiKusiZAPix5kv3fP60nlD%2FQ3CKfto8kvPbaCXlteM%2FWrK8h2Xq7TELZUCH4P5Mu2CWRmmuJdewXolo6VkJ3pp4sJc0cJmJMbtmBvNP0qYZCOMiNOe4Z1IyDySDYX2w5n3wxoaoqOHswKQXGdNFjPZsubI3jt12v9JLz%2Bc%2FGk8lJzJseXdIwTzyHni0KoXwdSPh9Urz4V7MM4vFE13g8CyHoJ5MJwX6iN2d5u6jK7NCANH%2BtT3Ec7liokH8m7ITc%2B3eVz7WXu7kJfqae1E6SNbZ%2FhR54i1nX3Wi1fpG5c%2Fp9Vb%2F7OK3UIdy%2FOSfNjEc0C9w69ZbfOh1e0UxrfnN4%2Fzc0iVwTGJmS61vCcUJx7RWZSaLL4qKjSJjPm7uCUoYLUc4Byv4hYveFGk5rDO8QpGE%2B59ETTtv3NhSGRkXfjReivvzOtosmu9Fg3zezCxWgJUU4CjSJuyJoIgcVNRccOdmyN6FciRg05Ysv1F9WZxZ38BNipfm0cilZE%2BKOODTcq3%2FPTS6XMJsFDvy9pnH%2FluGHD01o53arun%2BdjpJGM9OoMmkZpeKCFsQeH9jaX7wP7PdW%2FfZleO6pFcHzBxMHBpD278BscJzry4qQ%2BOZ8XF2xq%2FJlh93fztIIXpl17ZX07U4i%2BwwUmM%2FYAsDwMuejtL6HbNhk48ge5wWNjRECg3HRRXA3eCrYOq%2Fnc7xUmC0MW%2FjRuY201EpVTsC0fB0F0b6Elm4Hf6tBlfSVOUT4wqaGAD8U7k1vZFzPgSGUP7mK5xEF4X869pRd%2BpH4EwrV74iyMT61XAp2jL7R7mWEXgH3MI3FVHuAOLOUkZa5pSxob%2FXuzuAbZjcZ%2BBGjohRyXxHnFTWMsSJl66QMB6vyTtbomo5Q%2FG7pxJZFuDiAaMMNUDWa9tGNZaFjkkVQTKxbUXhODu5oGHoH04aLV4AfNmuO1fx5%2BkdPe%2FWi5WsFIKm5kMI2wvChNbYwixczB9w%3D HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-S
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOBK9HUECofCEkAbqDF=2jfjZA9wDmRlYg1TXOXJNITl98qS9siwV6pdy8cw8fSU8meMhDoHo3q0Wbk1NRTITsfyJdv71rAKgx7GjU1BNOfiiUNKNWJ2iHxPYldtdzwOsYPXlYZ5aId3UaBDD4OaPO0ZZpW8vf4Tz0t3vdO1dR7zBRTwMf8AMoFNk8pvuQel106aEmb5Q0X HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: sharefile8.pages.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: chromecache_73.2.dr, chromecache_79.2.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_72.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_72.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_73.2.dr, chromecache_79.2.dr	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: chromecache_73.2.dr, chromecache_79.2.dr	String found in binary or memory: http://www.inkscape.org/)
Source: chromecache_73.2.dr, chromecache_79.2.dr	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: chromecache_83.2.dr, chromecache_69.2.dr	String found in binary or memory: https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain
Source: chromecache_70.2.dr, chromecache_74.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz4dL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz8dL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzAdLw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzMdL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_80.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_83.2.dr, chromecache_69.2.dr	String found in binary or memory: https://ipapi.co/json/
Source: chromecache_83.2.dr, chromecache_69.2.dr	String found in binary or memory: https://locate.ipinit.workers.dev/
Source: chromecache_83.2.dr, chromecache_69.2.dr	String found in binary or memory: https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53459
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49730 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/39@12/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1900,i,388128914800657721,16740972578459867677,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1900,i,388128914800657721,16740972578459867677,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1502058
Product:	CloudBasic
Start time:	00:36:26
Start date:	31.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://sharefile8.pages.dev/qvuv+pyrqwzcz6xaxlnoqwjmehzvhi7wuk+tdmwkgv96kzea82mtrq3s+h+nlysnemgyfcvtuhozuighqob+lce9yippttt6fi1kubdsdbqmwx5kxujjxwu5crv4iqguxis5l5bqjc2sd56vkdj