Windows Analysis Report
https://sharefile8.pages.dev/uycae7qdtivz

Overview

General Information

Sample URL:	https://sharefile8.pages.dev/uycae7qdtivz
Analysis ID:	1502067
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://sharefile8.pages.dev/uycae7qdtivz	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sharefile8.pages.dev/uycae7qdtivz	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://sharefile8.pages.dev/uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B49Ec2RVffl70fCvRno2S%2FT%2BSmQh2CmTVQ1me6IpVVjXolgEwt1R5ttwmZClp8FYxbVaQGh7Lm4W02ZLeecIh0E1rhCEb9SI3WwJ2%2BtCpg%2BeGyG5%2FclSTglokwv%2Bu%2BqNDnICnCcbtyqrvBQGWuH1Hfd6bm9fbEuAkDxLqcq5Mk7%2FOzgiWAVS3%2FlJ%2FmqYpAqSAE4tObtYkq646mpwONs%2F%2BjbVKf3f9tTX83ZgDoz2rNU7rV4x2n2HHtEraVcwjeldFPk0F%2B0og3f2L%2B1ohFDzN39mLTJHMbaLLI3AKWn20Xpz2D%2Fb2jNJlR6tkKh7K3WdSJjUVdD7fkHf%2BBWUuzTS4wJsG3P6b%2Fxp9Oo32we9%2FwYUNjPVxg%2BZOOP%2FnfOKt1z4gFDhFyH78KlQomi0SwF8KQvfScrKLg33ML7hFyUGjdPhiSDW90HwiEIFr%2BLbfmjgoS9oJuv2x1DfaLVde24%2Fw2lN9Uj6E3FhN36kxoBqVLCZwEvhWaZchAJYzZFBCSrACAIF1PKRtuROPwF5Ds%2BuZhpSZQbVmy7co7PxS3I7o4LM5qQq5%2F73%2F8Ov21T7DSc3BGXEA5uzkNtnqG1VWXxLMkIXmHI4SPwcSrReca4JQyKHTZTFmreTYJEpbNyUThaKKo361OYs5nlH1RPWLFfCWMl53XCS0QRm%2Fq93LxlaUuTLZpdsY8kaBIS7BTAm7NN%2FAEXyoLb0S9N3EPxYOxmTgQ0BIJcw1yotviHF4V6q0cCzohiaj9FuOT2teICbzuuOkUIsaAe6QUiEGLSj0zu4KtwZ1ntAsEXKQrIb2Dx23fOBAlP7KFCaRJuYWdAP1FnGOwsCa8DnRPOwRY7i85mYDFHu4tNHfzmJp%2FWi4mxk4fO7y9ZKHHgnEAt2Nw7kaq%2BDmd6ikJwsWuQTwP3kTbKiBP16juJvitJ4znJFzp%2FwPGU%2BLCyuChrb9NGfjT3PZp5MbejggXgIlUGTuemThXHiTvPEN7oR7zyXrScTwtZHQXlHWhCV%2FvC%2FdYY3kQWoXfY0e0g%2BDSXh3kbFjPHx4pZRmIuUa9flskp2vxS5eca%2FOkriL1IoFslxcwxMzEtZHKNy4wWj1jmaLt7U%2B59SEKlHbJQhXjZCtVIcQpZ9cGsAX9KW6DO9jVaeENPoBXagWPsqO2WnbA8XoEnKFsH8iB6%2BDEcT6C5M%2FXSguiqyo8xpcwZh18fbnl%2BahP9Q9J4buxJrqgYaH0F7Ixho4hjKtHtzLRb2q9KMKq5g7zkkLe0IwvtGqvzm%2BnJBKIY%2BZr4sRBrtd%2F7itnRaZLBzOrml6CsLWJVp%2BpLXO9aUV5sxpg%2Fqhst13%2F7tV44mJjfki4YJPIoJr1UV6%2BzupwX%2F2fRwXWsrk6Ch8dvCWRZOyzpQK1ce7RIhCPJrjaEjtAxILYfvB5Do61QlaMpCxh83ZLEN%2FZNcGSih5jbvbbKt4PONdxS27gUl%2BPGHrVhKU3VwOxhno%2FYSFev3nvPvwQIarHL5h3cbP7z1sXDMyVdmgkTBpBw5n0UdpgabJFp3vcfKyh24uQA2Z0SW%2BGMnTK6n8UIQ3BMaN283%2FHy4fYvTSs6pDKA8yEh8hk0TrxR2AsNVCTcWUvzvSY5GWh%2FPlSvm9UYYGhNhd84aSWtRqJyion20Ai4Z1WKHXr9h1p58MnQEp7fbj4tYlbT8M0bCnyvsBi8eLdFHK8PzqemifNEf82Hk2IS9BO%2FmtPgqYZrQ%3D%3D

LLM: Score: 8 Reasons: The domain'sharefile8.pages.dev' is not a typical domain for a production OneDrive site, and the use of the.dev gTLD is unusual for a production environment. Additionally, the notification message suggests that the document is password-protected or encrypted, which is a common phishing tactic. DOM: 1.0.pages.csv

Phishing site detected (based on favicon image match)

Matcher: Template: onedrive matched with high similarity

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Microsoft OneDrive does not match URL

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /uycae7qdtivz HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sharefile8.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sharefile8.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B49Ec2RVffl70fCvRno2S%2FT%2BSmQh2CmTVQ1me6IpVVjXolgEwt1R5ttwmZClp8FYxbVaQGh7Lm4W02ZLeecIh0E1rhCEb9SI3WwJ2%2BtCpg%2BeGyG5%2FclSTglokwv%2Bu%2BqNDnICnCcbtyqrvBQGWuH1Hfd6bm9fbEuAkDxLqcq5Mk7%2FOzgiWAVS3%2FlJ%2FmqYpAqSAE4tObtYkq646mpwONs%2F%2BjbVKf3f9tTX83ZgDoz2rNU7rV4x2n2HHtEraVcwjeldFPk0F%2B0og3f2L%2B1ohFDzN39mLTJHMbaLLI3AKWn20Xpz2D%2Fb2jNJlR6tkKh7K3WdSJjUVdD7fkHf%2BBWUuzTS4wJsG3P6b%2Fxp9Oo32we9%2FwYUNjPVxg%2BZOOP%2FnfOKt1z4gFDhFyH78KlQomi0SwF8KQvfScrKLg33ML7hFyUGjdPhiSDW90HwiEIFr%2BLbfmjgoS9oJuv2x1DfaLVde24%2Fw2lN9Uj6E3FhN36kxoBqVLCZwEvhWaZchAJYzZFBCSrACAIF1PKRtuROPwF5Ds%2BuZhpSZQbVmy7co7PxS3I7o4LM5qQq5%2F73%2F8Ov21T7DSc3BGXEA5uzkNtnqG1VWXxLMkIXmHI4SPwcSrReca4JQyKHTZTFmreTYJEpbNyUThaKKo361OYs5nlH1RPWLFfCWMl53XCS0QRm%2Fq93LxlaUuTLZpdsY8kaBIS7BTAm7NN%2FAEXyoLb0S9N3EPxYOxmTgQ0BIJcw1yotviHF4V6q0cCzohiaj9FuOT2teICbzuuOkUIsaAe6QUiEGLSj0zu4KtwZ1ntAsEXKQrIb2Dx23fOBAlP7KFCaRJuYWdAP1FnGOwsCa8DnRPOwRY7i85mYDFHu4tNHfzmJp%2FWi4mxk4fO7y9ZKHHgnEAt2Nw7kaq%2BDmd6ikJwsWuQTwP3kTbKiBP16juJvitJ4znJFzp%2FwPGU%2BLCyuChrb9NGfjT3PZp5MbejggXgIlUGTuemThXHiTvPEN7oR7zyXrScTwtZHQXlHWhCV%2FvC%2FdYY3kQWoXfY0e0g%2BDSXh3kbFjPHx4pZRmIuUa9flskp2vxS5eca%2FOkriL1IoFslxcwxMzEtZHKNy4wWj1jmaLt7U%2B59SEKlHbJQhXjZCtVIcQpZ9cGsAX9KW6DO9jVaeENPoBXagWPsqO2WnbA8XoEnKFsH8iB6%2BDEcT6C5M%2FXSguiqyo8xpcwZh18fbnl%2BahP9Q9J4buxJrqgYaH0F7Ixho4hjKtHtzLRb2q9KMKq5g7zkkLe0IwvtGqvzm%2BnJBKIY%2BZr4sRBrtd%2F7itnRaZLBzOrml6CsLWJVp%2BpLXO9aUV5sxpg%2Fqhst13%2F7tV44mJjfki4YJPIoJr1UV6%2BzupwX%2F2fRwXWsrk6Ch8dvCWRZOyzpQK1ce7RIhCPJrjaEjtAxILYfvB5Do61QlaMpCxh83ZLEN%2FZNcGSih5jbvbbKt4PONdxS27gUl%2BPGHrVhKU3VwOxhno%2FYSFev3nvPvwQIarHL5h3cbP7z1sXDMyVdmgkTBpBw5n0UdpgabJFp3vcfKyh24uQA2Z0SW%2BGMnTK6n8UIQ3BMaN283%2FHy4fYvTSs6pDKA8yEh8hk0TrxR2AsNVCTcWUvzvSY5GWh%2FPlSvm9UYYGhNhd84aSWtRqJyion20Ai4Z1WKHXr9h1p58MnQEp7fbj4tYlbT8M0bCnyvsBi8eLdFHK8PzqemifNEf82Hk2IS9BO%2FmtPgqYZrQ%3D%3D HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sharefile8.pages.dev/uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B49Ec2RVffl70fCvRno2S%2FT%2BSmQh2CmTVQ1me6IpVVjXolgEwt1R5ttwmZClp8FYxbVaQGh7Lm4W02ZLeecIh0E1rhCEb9SI3WwJ2
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: sharefile8.pages.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_72.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_72.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://www.inkscape.org/)
Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain
Source: chromecache_86.2.dr, chromecache_78.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz4dL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz8dL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzAdLw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzMdL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://ipapi.co/json/
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://locate.ipinit.workers.dev/
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/40@14/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1892,i,6036370957135810089,8913089425095281939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/uycae7qdtivz"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1892,i,6036370957135810089,8913089425095281939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.8.44	unknown	United States	13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.26.9.44	ipapi.co	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	sharefile8.pages.dev	European Union	13335	CLOUDFLARENETUS	true
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.7
192.168.2.4

Contacted Domains

Name	IP	Active
ipapi.co	104.26.9.44	true
cdnjs.cloudflare.com	104.17.24.14	true
www.google.com	142.250.184.228	true
sharefile8.pages.dev	188.114.96.3	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	false	Avira URL Cloud: safe	unknown
https://sharefile8.pages.dev/uycae7qdtivz	true		unknown
https://ipapi.co/json/	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7B2C554AFBE7F38927D37C8DE2607A43	373646C88B92AA0FDD705950295489F6234CED6C	998FB351CCE8E9431E37662F902D2315FA8D379335C8044AE0B7B8AAB2171355
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	05E78E189EFD59D6CA19CCA317496C16	9FDC4B3374CCB2A8479536B92E042196BC416346	FB8309962896EA65643BB15B073FFA28C16BDBB681F72A752108168D56325ADF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F914D9CADF792CAFF732C5DE3CE3108C	A199DA7F1F167DB9BEB10D21E704E2818643945E	D92FBF14A0AA4E1F4ECBA666C2286F1D5F26F98A37B47190CF6E985E9BBE3E0C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E185B679D7E084F4A6CA2D9B50F96E73	D41E61A182E196B109702F9CACB3D2CED49E9072	D995378048701D03A99A4B4ED7DE1CB79DAE7C9ECE01079FE2224CE6A8501C8E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1167D54403CC8D291FD18980D27E5DDC	ED35450807FCD09E8EFE301FFD6521E2479AB81D	BB91C50F68A7C6F115C6AA379A49EB791FDD1196F664FF74B34CC505FDB3E764
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E706D39F76D3E884D8F4722C741030B5	5DF93D6F83B52BDF388F7E23E33D0ED458368480	20C7C77F8CF3A7DFB1C5EEF3278C2A698D87B8811E466A704BE4EA37C0CB2488
Chrome Cache Entry: 67	ASCII text, with no line terminators	4BFF56273E71FAF88DE7D58A459DA976	DBB96F394980AB9890F3C837BAF7C80F2A6AB6EE	17F73B8D1FDA227F08A320437094999DBEE94D0B9631050B294388B67C0F263F
Chrome Cache Entry: 68	PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced	74EB232B7F745297031432530B14F3D8	7CE33765570544B37FE6EEA9B5C43515A9A2C112	9AC552C9C42DB29135A722F8E7C2D897257115F50432180518B3B63CCF2E6078
Chrome Cache Entry: 69	PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced	74EB232B7F745297031432530B14F3D8	7CE33765570544B37FE6EEA9B5C43515A9A2C112	9AC552C9C42DB29135A722F8E7C2D897257115F50432180518B3B63CCF2E6078
Chrome Cache Entry: 70	ASCII text, with very long lines (65536), with no line terminators	49001821F264BA677B4A388ECA0D6067	770114294781ABF18B05BBC3CD6326D0C620EDFF	D9186BAB0196128534A7E88B00F20BF2707CCED3AD280793FAD1619915BFD6F9
Chrome Cache Entry: 71	Web Open Font Format (Version 2), TrueType, length 18596, version 1.0	C83E4437A53D7F849F9D32DF3D6B68F3	FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC	D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
Chrome Cache Entry: 72	troff or preprocessor input, ASCII text, with very long lines (372)	C495654869785BC3DF60216616814AD1	0140952C64E3F2B74EF64E050F2FE86EAB6624C8	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
Chrome Cache Entry: 73	SVG Scalable Vector Graphics image	7CC67EC927B7035D5A23C45A44A00578	847B7852651B9F5E062BEE6945326AACA9FBEF2A	93CACBB2F74C55645024C9823873891B4633146A9F6F61C8BE080D72924FD0B8
Chrome Cache Entry: 74	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1324x900, components 3	3E148C616510A44787B65933D6CC9B83	47A20D1F2211BF216C79F3C42E94EDABE6765E1B	5FE991E3985F36C957BC2A0B9A212052210B988B5536059E5FE8544A5104EB19
Chrome Cache Entry: 75	PNG image data, 1000 x 750, 8-bit/color RGBA, non-interlaced	47DBD9795BDEF22771EC0F09C2A80480	54CCC820BDD52D81B55E30B4759C117594A6A324	AE9CC64390A76C779BD0DA29FCFF4DD063438985D6F9C331C3B984534DD5E6CF
Chrome Cache Entry: 76	Web Open Font Format (Version 2), TrueType, length 18588, version 1.0	115C2D84727B41DA5E9B4394887A8C40	44F495A7F32620E51ACCA2E78F7E0615CB305781	AE0E442895406E9922237108496C2CD60F4947649A826463E2DA9860B5C25DD6
Chrome Cache Entry: 77	PNG image data, 1000 x 750, 8-bit/color RGBA, non-interlaced	47DBD9795BDEF22771EC0F09C2A80480	54CCC820BDD52D81B55E30B4759C117594A6A324	AE9CC64390A76C779BD0DA29FCFF4DD063438985D6F9C331C3B984534DD5E6CF
Chrome Cache Entry: 78	HTML document, ASCII text, with very long lines (410)	82F08D1A7DAFF3E8B2FEA920B7BABEE0	5EAC97C104607B9CE5C6A8A0F8564E3BE92592E9	2389B13CC30F7F36F2EEDF3DBD2821ADAE2C3DF716B9F8D0000253BC975FA3A6
Chrome Cache Entry: 79	JSON data	3849201717DD51D96B654574CCED466A	E24F74FECAB382E723EDA00292AA9EC36DC35EC0	842748142398582957A7231B1D55996C3036ECB3182289C2C0D48A387BB4DBCE
Chrome Cache Entry: 80	SVG Scalable Vector Graphics image	7CC67EC927B7035D5A23C45A44A00578	847B7852651B9F5E062BEE6945326AACA9FBEF2A	93CACBB2F74C55645024C9823873891B4633146A9F6F61C8BE080D72924FD0B8
Chrome Cache Entry: 81	ASCII text	DEF8E201C49023177D0ADA543092F58E	7150AB03437D9DDDCA3202378AA28028976B5E7D	642CD40AC50CF62FC1B631008BF5E09B0B0BA6C8976935721E0E48A009E3FE20
Chrome Cache Entry: 82	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0	8EFF0B8045FD1959E117F85654AE7770	227FEE13CEB7C410B5C0BB8000258B6643CB6255	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
Chrome Cache Entry: 83	JSON data	3849201717DD51D96B654574CCED466A	E24F74FECAB382E723EDA00292AA9EC36DC35EC0	842748142398582957A7231B1D55996C3036ECB3182289C2C0D48A387BB4DBCE
Chrome Cache Entry: 84	ASCII text, with very long lines (65536), with no line terminators	49001821F264BA677B4A388ECA0D6067	770114294781ABF18B05BBC3CD6326D0C620EDFF	D9186BAB0196128534A7E88B00F20BF2707CCED3AD280793FAD1619915BFD6F9
Chrome Cache Entry: 85	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1324x900, components 3	3E148C616510A44787B65933D6CC9B83	47A20D1F2211BF216C79F3C42E94EDABE6765E1B	5FE991E3985F36C957BC2A0B9A212052210B988B5536059E5FE8544A5104EB19
Chrome Cache Entry: 86	HTML document, ASCII text, with very long lines (410)	82F08D1A7DAFF3E8B2FEA920B7BABEE0	5EAC97C104607B9CE5C6A8A0F8564E3BE92592E9	2389B13CC30F7F36F2EEDF3DBD2821ADAE2C3DF716B9F8D0000253BC975FA3A6

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://sharefile8.pages.dev/uycae7qdtivz	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sharefile8.pages.dev/uycae7qdtivz	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Phishing site detected (based on favicon image match)

Matcher: Template: onedrive matched with high similarity

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Microsoft OneDrive does not match URL

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /uycae7qdtivz HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sharefile8.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sharefile8.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B49Ec2RVffl70fCvRno2S%2FT%2BSmQh2CmTVQ1me6IpVVjXolgEwt1R5ttwmZClp8FYxbVaQGh7Lm4W02ZLeecIh0E1rhCEb9SI3WwJ2%2BtCpg%2BeGyG5%2FclSTglokwv%2Bu%2BqNDnICnCcbtyqrvBQGWuH1Hfd6bm9fbEuAkDxLqcq5Mk7%2FOzgiWAVS3%2FlJ%2FmqYpAqSAE4tObtYkq646mpwONs%2F%2BjbVKf3f9tTX83ZgDoz2rNU7rV4x2n2HHtEraVcwjeldFPk0F%2B0og3f2L%2B1ohFDzN39mLTJHMbaLLI3AKWn20Xpz2D%2Fb2jNJlR6tkKh7K3WdSJjUVdD7fkHf%2BBWUuzTS4wJsG3P6b%2Fxp9Oo32we9%2FwYUNjPVxg%2BZOOP%2FnfOKt1z4gFDhFyH78KlQomi0SwF8KQvfScrKLg33ML7hFyUGjdPhiSDW90HwiEIFr%2BLbfmjgoS9oJuv2x1DfaLVde24%2Fw2lN9Uj6E3FhN36kxoBqVLCZwEvhWaZchAJYzZFBCSrACAIF1PKRtuROPwF5Ds%2BuZhpSZQbVmy7co7PxS3I7o4LM5qQq5%2F73%2F8Ov21T7DSc3BGXEA5uzkNtnqG1VWXxLMkIXmHI4SPwcSrReca4JQyKHTZTFmreTYJEpbNyUThaKKo361OYs5nlH1RPWLFfCWMl53XCS0QRm%2Fq93LxlaUuTLZpdsY8kaBIS7BTAm7NN%2FAEXyoLb0S9N3EPxYOxmTgQ0BIJcw1yotviHF4V6q0cCzohiaj9FuOT2teICbzuuOkUIsaAe6QUiEGLSj0zu4KtwZ1ntAsEXKQrIb2Dx23fOBAlP7KFCaRJuYWdAP1FnGOwsCa8DnRPOwRY7i85mYDFHu4tNHfzmJp%2FWi4mxk4fO7y9ZKHHgnEAt2Nw7kaq%2BDmd6ikJwsWuQTwP3kTbKiBP16juJvitJ4znJFzp%2FwPGU%2BLCyuChrb9NGfjT3PZp5MbejggXgIlUGTuemThXHiTvPEN7oR7zyXrScTwtZHQXlHWhCV%2FvC%2FdYY3kQWoXfY0e0g%2BDSXh3kbFjPHx4pZRmIuUa9flskp2vxS5eca%2FOkriL1IoFslxcwxMzEtZHKNy4wWj1jmaLt7U%2B59SEKlHbJQhXjZCtVIcQpZ9cGsAX9KW6DO9jVaeENPoBXagWPsqO2WnbA8XoEnKFsH8iB6%2BDEcT6C5M%2FXSguiqyo8xpcwZh18fbnl%2BahP9Q9J4buxJrqgYaH0F7Ixho4hjKtHtzLRb2q9KMKq5g7zkkLe0IwvtGqvzm%2BnJBKIY%2BZr4sRBrtd%2F7itnRaZLBzOrml6CsLWJVp%2BpLXO9aUV5sxpg%2Fqhst13%2F7tV44mJjfki4YJPIoJr1UV6%2BzupwX%2F2fRwXWsrk6Ch8dvCWRZOyzpQK1ce7RIhCPJrjaEjtAxILYfvB5Do61QlaMpCxh83ZLEN%2FZNcGSih5jbvbbKt4PONdxS27gUl%2BPGHrVhKU3VwOxhno%2FYSFev3nvPvwQIarHL5h3cbP7z1sXDMyVdmgkTBpBw5n0UdpgabJFp3vcfKyh24uQA2Z0SW%2BGMnTK6n8UIQ3BMaN283%2FHy4fYvTSs6pDKA8yEh8hk0TrxR2AsNVCTcWUvzvSY5GWh%2FPlSvm9UYYGhNhd84aSWtRqJyion20Ai4Z1WKHXr9h1p58MnQEp7fbj4tYlbT8M0bCnyvsBi8eLdFHK8PzqemifNEf82Hk2IS9BO%2FmtPgqYZrQ%3D%3D HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sharefile8.pages.dev/uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B49Ec2RVffl70fCvRno2S%2FT%2BSmQh2CmTVQ1me6IpVVjXolgEwt1R5ttwmZClp8FYxbVaQGh7Lm4W02ZLeecIh0E1rhCEb9SI3WwJ2
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: sharefile8.pages.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_72.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_72.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://www.inkscape.org/)
Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain
Source: chromecache_86.2.dr, chromecache_78.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz4dL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz8dL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzAdLw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzMdL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://ipapi.co/json/
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://locate.ipinit.workers.dev/
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/40@14/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1892,i,6036370957135810089,8913089425095281939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/uycae7qdtivz"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1892,i,6036370957135810089,8913089425095281939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1502067
Product:	CloudBasic
Start time:	00:39:09
Start date:	31.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://sharefile8.pages.dev/uycae7qdtivz

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://sharefile8.pages.dev/uycae7qdtivz

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://sharefile8.pages.dev/uycae7qdtivz