Windows Analysis Report
https://sharefile8.pages.dev/ogklomz26

Overview

General Information

Sample URL:	https://sharefile8.pages.dev/ogklomz26
Analysis ID:	1502062
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Phishing site detected (based on logo match)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://sharefile8.pages.dev/ogklomz26	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sharefile8.pages.dev/ogklomz26	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://sharefile8.pages.dev/ogklomz26?2eaba4689f21d14a2e6bccb6434200d1m0hap1a5=U2FsdGVkX19NEw4id9VRYJDO9wvz4oBkYTzxp4Jt6MS%2FQUm4v2vihBVZcHPRE89XvzhNoebEZMC0l0al2d4XgGdrZC2xi5a7yLQ7byDqzHnr52r5D3S3%2BfrGaTVc7b9o1t5iM5TUByh798GV6tqNv4TLYWw20WHwL9P1LJqW8WKlgV2AwG0Wl9%2BwuNi7T6s4Z0pVPHLipb1qK7LuVUPvrspvEThV%2FN5UzeihVV%2FlJChjgQ4Aew2IIq2kUVavnK59xHsU97BVOpuHE3KIp8Mcs7sGALFSmW7bEeaoV7xX6cIgj49biVEK65TTow0xF0HLxXqoXrETiaz3UiWt5zR%2BjjO0QfOwu5%2F3DhTkZ9bKh7j0%2BgWrmiOkgEwOeHSYiBecm%2BC3qP8c%2FxhmnEeoohTrROcoK3w7%2F8dtQu6SM8E2Lb9bG3DRcyyJRQusaSU7fu8%2FkeM39HZooQHhb6ibOQBwE6AKdv2bU5Yhp7ye0b1zzvT5VregudbTdCFSwKTBhxTi1JrtTuG659DYUNEFO1vJ2MhUHDoOt0X1Yybn1viDYDWefZ0e5NCNTuwd6z6MtB0ZrCdX4pCJPl2bF%2FLJ9FJg7aOag3g1rt3%2Fezuo4ie%2B%2FwAeFH1fFKVEGG1T2x4k1ABojLa1Ss10n8HGFaKZuBp7l37SBjktGiWh3Y%2Bt9AdQglo0AmGODZjyGqZUIm%2FjNoKFrXylmWGnsmasB%2FRnpBXQ7cdrrekzCmXV%2F5TLG5JqlFkgnJzXsiFFg1uNm0af1B9so81unjszNjv%2F2vAAuuBnjMJ5B0WMcpEq4rDeR6VMJhCCVFHoMKBulVDcBC1Lh3HTz3l39hzFh75QgkUPICIujibnsTsl2XARQjJEvAVFYlePax6J9wq3J%2Brvn8jzPPzxfSX25qMJT5X8S0csuIx3xuOK5KGgIcOplq8HcqWa5dhTMD8FR99ItYhg7G8XxzPVzJlFMYGIyJiBGHFx8g%2FfErJS0WYqB4fEfu6pQXENjT2QZ%2FdKNNSTqVbb%2FkezZ1kb77KRtHDu1kSf52ZHvshwyei%2BG4fgyJh8w7YkBavarSsuDjgTB7mm2Ryk0WQ8cif%2BVvo%2F2OLBRCY1RtZ0Lnj7OHR08MVAEPE0I9x7AcnzoNzca35dvhrdtoejImkTkTM3AiG7g5tbwZYtmS8ZV6fh%2F4PleqBD60tm3%2BN8GwGzgKxNbNa48k4XmRmHabHhAXdCgiLtenPtRU6gT0kCA2WclQ5WOYi1kD6YJ2q3Bs8E7e5VWm1dGJBQfp2nyu%2F2OsxJ4Gz7SvXBHq4pJhR0ONo1la3Amz2YMZRJCIxUbIFuKx4hIKtXuqjL2%2FWhBcGyZIPtIaSkv9aP63NU9DtyFfdMmneCvYWXetMLtaHeQ29t9kcOZDSZdgwJ0noAmgxjdPFbdFy1ueJ4hXUKSUbrrHlKe8pDt%2F%2FJ9j2PMNurysQBUKYgDGxwMThxIi7k%2FkHU%2B9wg%2F33GepWMllVm6Q99EeHqXCOi%2Fnbhpn76hhKcUqt2j17349a5Qqde6RW7zg4yyERtizhORETLewAKk2%2FHdTht6o%2FbtVxpEkZ0WMWQcY3Qe0MTc7zJfsG5kJpyp7SuEteZ83szAT5yeY%2FYWoWF8mMqnPbErSrV%2F17VoDGmbgpTg3m7FSg9%2FNyBK931x1JQK5vJlNGKEjMm8GQmAYU4QYgvDFJHyEzd%2F5NnkwH3uI%2FvnKhVzmtyz4E5kG77eM2JA77qOR5yRcXAYrGsiofPaE8lEpJVpwk%2Fh69STBdFUSQoczp7P%2FrJ2MO6XTXu9cA93j%2Fxw7sE8o2%2B7YhR8s9dW7U7Jmj0TZkDQHZLwvJlXge%2FYsUrUm%2F8OWvuspNAzmHBuQopr%2Bs7zMffP83e6Mkmq72sDQ%3D%3D

LLM: Score: 8 Reasons: The domain'sharefile8.pages.dev' is not a typical domain for a production OneDrive site. The use of a generic top-level domain (gTLD) '.dev' for a production site is suspicious. Additionally, the notification message suggests that the document is password-protected or encrypted, which is not a typical behavior for a legitimate OneDrive site. DOM: 1.0.pages.csv

Phishing site detected (based on favicon image match)

Matcher: Template: onedrive matched with high similarity

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Microsoft OneDrive does not match URL

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.9:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.9:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.9:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.9:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.9:49750 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.9:52876 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140

Source: global traffic	HTTP traffic detected: GET /ogklomz26 HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOBK9HUECofCEkAbqDF=2jfjZA9wDmRlYg1TXOXJNITl98qS9siwV6pdy8cw8fSU8meMhDoHo3q0Wbk1NRTITsfyJdv71rAKgx7GjU1BNOfiiUNKNWJ2iHxPYldtdzwOsYPXlYZ5aId3UaBDD4OaPO0ZZpW8vf4Tz0t3vdO1dR7zBRTwMf8AMoFNk8pvuQel106aEmb5Q0X HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOBK9HUECofCEkAbqDF=2jfjZA9wDmRlYg1TXOXJNITl98qS9siwV6pdy8cw8fSU8meMhDoHo3q0Wbk1NRTITsfyJdv71rAKgx7GjU1BNOfiiUNKNWJ2iHxPYldtdzwOsYPXlYZ5aId3UaBDD4OaPO0ZZpW8vf4Tz0t3vdO1dR7zBRTwMf8AMoFNk8pvuQel106aEmb5Q0X HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sharefile8.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sharefile8.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ogklomz26?2eaba4689f21d14a2e6bccb6434200d1m0hap1a5=U2FsdGVkX19NEw4id9VRYJDO9wvz4oBkYTzxp4Jt6MS%2FQUm4v2vihBVZcHPRE89XvzhNoebEZMC0l0al2d4XgGdrZC2xi5a7yLQ7byDqzHnr52r5D3S3%2BfrGaTVc7b9o1t5iM5TUByh798GV6tqNv4TLYWw20WHwL9P1LJqW8WKlgV2AwG0Wl9%2BwuNi7T6s4Z0pVPHLipb1qK7LuVUPvrspvEThV%2FN5UzeihVV%2FlJChjgQ4Aew2IIq2kUVavnK59xHsU97BVOpuHE3KIp8Mcs7sGALFSmW7bEeaoV7xX6cIgj49biVEK65TTow0xF0HLxXqoXrETiaz3UiWt5zR%2BjjO0QfOwu5%2F3DhTkZ9bKh7j0%2BgWrmiOkgEwOeHSYiBecm%2BC3qP8c%2FxhmnEeoohTrROcoK3w7%2F8dtQu6SM8E2Lb9bG3DRcyyJRQusaSU7fu8%2FkeM39HZooQHhb6ibOQBwE6AKdv2bU5Yhp7ye0b1zzvT5VregudbTdCFSwKTBhxTi1JrtTuG659DYUNEFO1vJ2MhUHDoOt0X1Yybn1viDYDWefZ0e5NCNTuwd6z6MtB0ZrCdX4pCJPl2bF%2FLJ9FJg7aOag3g1rt3%2Fezuo4ie%2B%2FwAeFH1fFKVEGG1T2x4k1ABojLa1Ss10n8HGFaKZuBp7l37SBjktGiWh3Y%2Bt9AdQglo0AmGODZjyGqZUIm%2FjNoKFrXylmWGnsmasB%2FRnpBXQ7cdrrekzCmXV%2F5TLG5JqlFkgnJzXsiFFg1uNm0af1B9so81unjszNjv%2F2vAAuuBnjMJ5B0WMcpEq4rDeR6VMJhCCVFHoMKBulVDcBC1Lh3HTz3l39hzFh75QgkUPICIujibnsTsl2XARQjJEvAVFYlePax6J9wq3J%2Brvn8jzPPzxfSX25qMJT5X8S0csuIx3xuOK5KGgIcOplq8HcqWa5dhTMD8FR99ItYhg7G8XxzPVzJlFMYGIyJiBGHFx8g%2FfErJS0WYqB4fEfu6pQXENjT2QZ%2FdKNNSTqVbb%2FkezZ1kb77KRtHDu1kSf52ZHvshwyei%2BG4fgyJh8w7YkBavarSsuDjgTB7mm2Ryk0WQ8cif%2BVvo%2F2OLBRCY1RtZ0Lnj7OHR08MVAEPE0I9x7AcnzoNzca35dvhrdtoejImkTkTM3AiG7g5tbwZYtmS8ZV6fh%2F4PleqBD60tm3%2BN8GwGzgKxNbNa48k4XmRmHabHhAXdCgiLtenPtRU6gT0kCA2WclQ5WOYi1kD6YJ2q3Bs8E7e5VWm1dGJBQfp2nyu%2F2OsxJ4Gz7SvXBHq4pJhR0ONo1la3Amz2YMZRJCIxUbIFuKx4hIKtXuqjL2%2FWhBcGyZIPtIaSkv9aP63NU9DtyFfdMmneCvYWXetMLtaHeQ29t9kcOZDSZdgwJ0noAmgxjdPFbdFy1ueJ4hXUKSUbrrHlKe8pDt%2F%2FJ9j2PMNurysQBUKYgDGxwMThxIi7k%2FkHU%2B9wg%2F33GepWMllVm6Q99EeHqXCOi%2Fnbhpn76hhKcUqt2j17349a5Qqde6RW7zg4yyERtizhORETLewAKk2%2FHdTht6o%2FbtVxpEkZ0WMWQcY3Qe0MTc7zJfsG5kJpyp7SuEteZ83szAT5yeY%2FYWoWF8mMqnPbErSrV%2F17VoDGmbgpTg3m7FSg9%2FNyBK931x1JQK5vJlNGKEjMm8GQmAYU4QYgvDFJHyEzd%2F5NnkwH3uI%2FvnKhVzmtyz4E5kG77eM2JA77qOR5yRcXAYrGsiofPaE8lEpJVpwk%2Fh69STBdFUSQoczp7P%2FrJ2MO6XTXu9cA93j%2Fxw7sE8o2%2B7YhR8s9dW7U7Jmj0TZkDQHZLwvJlXge%2FYsUrUm%2F8OWvuspNAzmHBuQopr%2Bs7zMffP83e6Mkmq72sDQ%3D%3D HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sharefile8.pages.dev/ogklomz26?2eaba4689f21d14a2e6bccb6434200d1m0hap1a5=U2FsdGVkX19NEw4id9VRYJDO9wvz4oBkYTzxp4Jt6MS%2FQUm4v2vihBVZcHPRE89XvzhNoebEZMC0l0al2d4XgGdrZC2xi5a7yLQ7byDqzHnr52r5D3S3%2BfrGaTVc7b9o1t5iM5TUByh798GV6tqNv4TLYWw20WHwL9P1LJqW8WKlgV2AwG0Wl9%2BwuNi7T6s4Z0pVPHLipb1qK7LuVUPvrspvEThV%2FN5UzeihVV%2FlJChjgQ4Aew2IIq2kUVavnK59xHsU97BVOpuHE3KIp8Mcs7sGALF
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: sharefile8.pages.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: chromecache_71.3.dr, chromecache_77.3.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_70.3.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_70.3.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_71.3.dr, chromecache_77.3.dr	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: chromecache_71.3.dr, chromecache_77.3.dr	String found in binary or memory: http://www.inkscape.org/)
Source: chromecache_71.3.dr, chromecache_77.3.dr	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: chromecache_80.3.dr, chromecache_68.3.dr	String found in binary or memory: https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain
Source: chromecache_74.3.dr, chromecache_82.3.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz4dL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz8dL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzAdLw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzMdL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_80.3.dr, chromecache_68.3.dr	String found in binary or memory: https://ipapi.co/json/
Source: chromecache_80.3.dr, chromecache_68.3.dr	String found in binary or memory: https://locate.ipinit.workers.dev/
Source: chromecache_80.3.dr, chromecache_68.3.dr	String found in binary or memory: https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52882
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.9:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.9:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.9:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.9:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.9:49750 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/37@14/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2192,i,10509728570764178247,10835065189895203871,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/ogklomz26"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2192,i,10509728570764178247,10835065189895203871,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.1.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
216.58.212.164	unknown	United States	15169	GOOGLEUS	false
151.101.129.229	unknown	United States	54113	FASTLYUS	false
104.26.9.44	ipapi.co	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	sharefile8.pages.dev	European Union	13335	CLOUDFLARENETUS	true
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7
192.168.2.9
192.168.2.6

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.1.229	true
ipapi.co	104.26.9.44	true
cdnjs.cloudflare.com	104.17.25.14	true
www.google.com	142.250.184.228	true
sharefile8.pages.dev	188.114.96.3	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
15.164.165.52.in-addr.arpa	unknown	unknown
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	false	Avira URL Cloud: safe	unknown
https://sharefile8.pages.dev/ogklomz26	true		unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png	false	Avira URL Cloud: safe	unknown
https://ipapi.co/json/	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:38:17 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	203FC7B6DF66602D1F0ABBA2127D5654	C610363EB36AD4FB1D49CB4CD0E95E301E1E8173	07B121CCB75F0E930F4657672EA209CE621A2B94DE1ECC2537FF80E4EEC26D00
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:38:17 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	4B5080319B40A08750559E4FA4C36D37	82F977A36AB38FF3AB36254740FBA1A5F440A01A	9AC4C20A96C7E14CE1D8FD99C6CDA0BCFB69766A5B9DA92C829531B9683DA836
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	0DB0F5A5268FEE86958A0C25EC88E45A	C779257CC9B52597AD002594F2C337BE1DABCE0E	63ACB69E734A8B8197CAAE38B75241731EED4578A4D39AB0F510EC9470B8DF9C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:38:17 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	CBCC9B9163A089899804A6DACA5AC8A2	4BD94D1EF874A62A9B1B20A29CC593BE1DE14BC9	CD8B54A1DD1663394D3CA98277095BFBCF8F1DCF9E22C206A7C5F438D193EFFD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:38:17 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	52AE6A049239FDC5CCB50C027E4797E3	9D4A63FCFA3555F45EF5F97469D3722E387BA99C	5947636CE6F4E1E6E6FE746E169F186D0FF40872FE42218E0F45F02ACA25359C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:38:17 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	C0470E6AE9E83DD5ED030AB314C2A2F3	0C3220677314136257B5411706FE570E7525141E	2F307941B71F87B58B30855BF21803BC675EE82171294270542A6C70AC8D0998
Chrome Cache Entry: 66	PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced	74EB232B7F745297031432530B14F3D8	7CE33765570544B37FE6EEA9B5C43515A9A2C112	9AC552C9C42DB29135A722F8E7C2D897257115F50432180518B3B63CCF2E6078
Chrome Cache Entry: 67	PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced	74EB232B7F745297031432530B14F3D8	7CE33765570544B37FE6EEA9B5C43515A9A2C112	9AC552C9C42DB29135A722F8E7C2D897257115F50432180518B3B63CCF2E6078
Chrome Cache Entry: 68	ASCII text, with very long lines (65536), with no line terminators	49001821F264BA677B4A388ECA0D6067	770114294781ABF18B05BBC3CD6326D0C620EDFF	D9186BAB0196128534A7E88B00F20BF2707CCED3AD280793FAD1619915BFD6F9
Chrome Cache Entry: 69	Web Open Font Format (Version 2), TrueType, length 18596, version 1.0	C83E4437A53D7F849F9D32DF3D6B68F3	FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC	D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
Chrome Cache Entry: 70	troff or preprocessor input, ASCII text, with very long lines (372)	C495654869785BC3DF60216616814AD1	0140952C64E3F2B74EF64E050F2FE86EAB6624C8	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
Chrome Cache Entry: 71	SVG Scalable Vector Graphics image	7CC67EC927B7035D5A23C45A44A00578	847B7852651B9F5E062BEE6945326AACA9FBEF2A	93CACBB2F74C55645024C9823873891B4633146A9F6F61C8BE080D72924FD0B8
Chrome Cache Entry: 72	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1324x900, components 3	3E148C616510A44787B65933D6CC9B83	47A20D1F2211BF216C79F3C42E94EDABE6765E1B	5FE991E3985F36C957BC2A0B9A212052210B988B5536059E5FE8544A5104EB19
Chrome Cache Entry: 73	PNG image data, 1000 x 750, 8-bit/color RGBA, non-interlaced	47DBD9795BDEF22771EC0F09C2A80480	54CCC820BDD52D81B55E30B4759C117594A6A324	AE9CC64390A76C779BD0DA29FCFF4DD063438985D6F9C331C3B984534DD5E6CF
Chrome Cache Entry: 74	HTML document, ASCII text, with very long lines (410)	82F08D1A7DAFF3E8B2FEA920B7BABEE0	5EAC97C104607B9CE5C6A8A0F8564E3BE92592E9	2389B13CC30F7F36F2EEDF3DBD2821ADAE2C3DF716B9F8D0000253BC975FA3A6
Chrome Cache Entry: 75	Web Open Font Format (Version 2), TrueType, length 18588, version 1.0	115C2D84727B41DA5E9B4394887A8C40	44F495A7F32620E51ACCA2E78F7E0615CB305781	AE0E442895406E9922237108496C2CD60F4947649A826463E2DA9860B5C25DD6
Chrome Cache Entry: 76	PNG image data, 1000 x 750, 8-bit/color RGBA, non-interlaced	47DBD9795BDEF22771EC0F09C2A80480	54CCC820BDD52D81B55E30B4759C117594A6A324	AE9CC64390A76C779BD0DA29FCFF4DD063438985D6F9C331C3B984534DD5E6CF
Chrome Cache Entry: 77	SVG Scalable Vector Graphics image	7CC67EC927B7035D5A23C45A44A00578	847B7852651B9F5E062BEE6945326AACA9FBEF2A	93CACBB2F74C55645024C9823873891B4633146A9F6F61C8BE080D72924FD0B8
Chrome Cache Entry: 78	ASCII text	DEF8E201C49023177D0ADA543092F58E	7150AB03437D9DDDCA3202378AA28028976B5E7D	642CD40AC50CF62FC1B631008BF5E09B0B0BA6C8976935721E0E48A009E3FE20
Chrome Cache Entry: 79	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0	8EFF0B8045FD1959E117F85654AE7770	227FEE13CEB7C410B5C0BB8000258B6643CB6255	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
Chrome Cache Entry: 80	ASCII text, with very long lines (65536), with no line terminators	49001821F264BA677B4A388ECA0D6067	770114294781ABF18B05BBC3CD6326D0C620EDFF	D9186BAB0196128534A7E88B00F20BF2707CCED3AD280793FAD1619915BFD6F9
Chrome Cache Entry: 81	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1324x900, components 3	3E148C616510A44787B65933D6CC9B83	47A20D1F2211BF216C79F3C42E94EDABE6765E1B	5FE991E3985F36C957BC2A0B9A212052210B988B5536059E5FE8544A5104EB19
Chrome Cache Entry: 82	HTML document, ASCII text, with very long lines (410)	82F08D1A7DAFF3E8B2FEA920B7BABEE0	5EAC97C104607B9CE5C6A8A0F8564E3BE92592E9	2389B13CC30F7F36F2EEDF3DBD2821ADAE2C3DF716B9F8D0000253BC975FA3A6
Chrome Cache Entry: 83	ASCII text, with no line terminators	4BFF56273E71FAF88DE7D58A459DA976	DBB96F394980AB9890F3C837BAF7C80F2A6AB6EE	17F73B8D1FDA227F08A320437094999DBEE94D0B9631050B294388B67C0F263F

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://sharefile8.pages.dev/ogklomz26	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sharefile8.pages.dev/ogklomz26	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Phishing site detected (based on favicon image match)

Matcher: Template: onedrive matched with high similarity

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Microsoft OneDrive does not match URL

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.9:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.9:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.9:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.9:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.9:49750 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.9:52876 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140

Source: global traffic	HTTP traffic detected: GET /ogklomz26 HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOBK9HUECofCEkAbqDF=2jfjZA9wDmRlYg1TXOXJNITl98qS9siwV6pdy8cw8fSU8meMhDoHo3q0Wbk1NRTITsfyJdv71rAKgx7GjU1BNOfiiUNKNWJ2iHxPYldtdzwOsYPXlYZ5aId3UaBDD4OaPO0ZZpW8vf4Tz0t3vdO1dR7zBRTwMf8AMoFNk8pvuQel106aEmb5Q0X HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOBK9HUECofCEkAbqDF=2jfjZA9wDmRlYg1TXOXJNITl98qS9siwV6pdy8cw8fSU8meMhDoHo3q0Wbk1NRTITsfyJdv71rAKgx7GjU1BNOfiiUNKNWJ2iHxPYldtdzwOsYPXlYZ5aId3UaBDD4OaPO0ZZpW8vf4Tz0t3vdO1dR7zBRTwMf8AMoFNk8pvuQel106aEmb5Q0X HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sharefile8.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sharefile8.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ogklomz26?2eaba4689f21d14a2e6bccb6434200d1m0hap1a5=U2FsdGVkX19NEw4id9VRYJDO9wvz4oBkYTzxp4Jt6MS%2FQUm4v2vihBVZcHPRE89XvzhNoebEZMC0l0al2d4XgGdrZC2xi5a7yLQ7byDqzHnr52r5D3S3%2BfrGaTVc7b9o1t5iM5TUByh798GV6tqNv4TLYWw20WHwL9P1LJqW8WKlgV2AwG0Wl9%2BwuNi7T6s4Z0pVPHLipb1qK7LuVUPvrspvEThV%2FN5UzeihVV%2FlJChjgQ4Aew2IIq2kUVavnK59xHsU97BVOpuHE3KIp8Mcs7sGALFSmW7bEeaoV7xX6cIgj49biVEK65TTow0xF0HLxXqoXrETiaz3UiWt5zR%2BjjO0QfOwu5%2F3DhTkZ9bKh7j0%2BgWrmiOkgEwOeHSYiBecm%2BC3qP8c%2FxhmnEeoohTrROcoK3w7%2F8dtQu6SM8E2Lb9bG3DRcyyJRQusaSU7fu8%2FkeM39HZooQHhb6ibOQBwE6AKdv2bU5Yhp7ye0b1zzvT5VregudbTdCFSwKTBhxTi1JrtTuG659DYUNEFO1vJ2MhUHDoOt0X1Yybn1viDYDWefZ0e5NCNTuwd6z6MtB0ZrCdX4pCJPl2bF%2FLJ9FJg7aOag3g1rt3%2Fezuo4ie%2B%2FwAeFH1fFKVEGG1T2x4k1ABojLa1Ss10n8HGFaKZuBp7l37SBjktGiWh3Y%2Bt9AdQglo0AmGODZjyGqZUIm%2FjNoKFrXylmWGnsmasB%2FRnpBXQ7cdrrekzCmXV%2F5TLG5JqlFkgnJzXsiFFg1uNm0af1B9so81unjszNjv%2F2vAAuuBnjMJ5B0WMcpEq4rDeR6VMJhCCVFHoMKBulVDcBC1Lh3HTz3l39hzFh75QgkUPICIujibnsTsl2XARQjJEvAVFYlePax6J9wq3J%2Brvn8jzPPzxfSX25qMJT5X8S0csuIx3xuOK5KGgIcOplq8HcqWa5dhTMD8FR99ItYhg7G8XxzPVzJlFMYGIyJiBGHFx8g%2FfErJS0WYqB4fEfu6pQXENjT2QZ%2FdKNNSTqVbb%2FkezZ1kb77KRtHDu1kSf52ZHvshwyei%2BG4fgyJh8w7YkBavarSsuDjgTB7mm2Ryk0WQ8cif%2BVvo%2F2OLBRCY1RtZ0Lnj7OHR08MVAEPE0I9x7AcnzoNzca35dvhrdtoejImkTkTM3AiG7g5tbwZYtmS8ZV6fh%2F4PleqBD60tm3%2BN8GwGzgKxNbNa48k4XmRmHabHhAXdCgiLtenPtRU6gT0kCA2WclQ5WOYi1kD6YJ2q3Bs8E7e5VWm1dGJBQfp2nyu%2F2OsxJ4Gz7SvXBHq4pJhR0ONo1la3Amz2YMZRJCIxUbIFuKx4hIKtXuqjL2%2FWhBcGyZIPtIaSkv9aP63NU9DtyFfdMmneCvYWXetMLtaHeQ29t9kcOZDSZdgwJ0noAmgxjdPFbdFy1ueJ4hXUKSUbrrHlKe8pDt%2F%2FJ9j2PMNurysQBUKYgDGxwMThxIi7k%2FkHU%2B9wg%2F33GepWMllVm6Q99EeHqXCOi%2Fnbhpn76hhKcUqt2j17349a5Qqde6RW7zg4yyERtizhORETLewAKk2%2FHdTht6o%2FbtVxpEkZ0WMWQcY3Qe0MTc7zJfsG5kJpyp7SuEteZ83szAT5yeY%2FYWoWF8mMqnPbErSrV%2F17VoDGmbgpTg3m7FSg9%2FNyBK931x1JQK5vJlNGKEjMm8GQmAYU4QYgvDFJHyEzd%2F5NnkwH3uI%2FvnKhVzmtyz4E5kG77eM2JA77qOR5yRcXAYrGsiofPaE8lEpJVpwk%2Fh69STBdFUSQoczp7P%2FrJ2MO6XTXu9cA93j%2Fxw7sE8o2%2B7YhR8s9dW7U7Jmj0TZkDQHZLwvJlXge%2FYsUrUm%2F8OWvuspNAzmHBuQopr%2Bs7zMffP83e6Mkmq72sDQ%3D%3D HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sharefile8.pages.dev/ogklomz26?2eaba4689f21d14a2e6bccb6434200d1m0hap1a5=U2FsdGVkX19NEw4id9VRYJDO9wvz4oBkYTzxp4Jt6MS%2FQUm4v2vihBVZcHPRE89XvzhNoebEZMC0l0al2d4XgGdrZC2xi5a7yLQ7byDqzHnr52r5D3S3%2BfrGaTVc7b9o1t5iM5TUByh798GV6tqNv4TLYWw20WHwL9P1LJqW8WKlgV2AwG0Wl9%2BwuNi7T6s4Z0pVPHLipb1qK7LuVUPvrspvEThV%2FN5UzeihVV%2FlJChjgQ4Aew2IIq2kUVavnK59xHsU97BVOpuHE3KIp8Mcs7sGALF
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: sharefile8.pages.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

Source: unknown

Source: chromecache_71.3.dr, chromecache_77.3.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_70.3.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_70.3.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_71.3.dr, chromecache_77.3.dr	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: chromecache_71.3.dr, chromecache_77.3.dr	String found in binary or memory: http://www.inkscape.org/)
Source: chromecache_71.3.dr, chromecache_77.3.dr	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: chromecache_80.3.dr, chromecache_68.3.dr	String found in binary or memory: https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain
Source: chromecache_74.3.dr, chromecache_82.3.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz4dL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz8dL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzAdLw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzMdL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_80.3.dr, chromecache_68.3.dr	String found in binary or memory: https://ipapi.co/json/
Source: chromecache_80.3.dr, chromecache_68.3.dr	String found in binary or memory: https://locate.ipinit.workers.dev/
Source: chromecache_80.3.dr, chromecache_68.3.dr	String found in binary or memory: https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52882
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.9:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.9:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.9:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.9:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.9:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.9:49750 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/37@14/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2192,i,10509728570764178247,10835065189895203871,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/ogklomz26"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2192,i,10509728570764178247,10835065189895203871,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1502062
Product:	CloudBasic
Start time:	00:37:22
Start date:	31.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://sharefile8.pages.dev/ogklomz26

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://sharefile8.pages.dev/ogklomz26

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://sharefile8.pages.dev/ogklomz26