Windows Analysis Report
https://svfs.is/TMPS

Overview

General Information

Sample URL:	https://svfs.is/TMPS
Analysis ID:	1521656
Tags:	openphish
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://svfs.is/TMPS

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://svfs.is/dnkdl/

LLM: Score: 9 Reasons: The brand DHL is a well-known international logistics company., The legitimate domain for DHL is dhl.com., The provided URL 'svfs.is' does not match the legitimate domain name for DHL., The domain 'svfs.is' uses an unusual domain extension (.is) which is not associated with DHL., The URL does not contain any recognizable elements related to DHL., The presence of a tracking number input field is common in phishing attempts targeting logistics companies. DOM: 3.0.pages.csv

Phishing site detected (based on favicon image match)

Source: https://svfs.is	Matcher: Template: dhl matched with high similarity
Source: https://svfs.is/dnkdl/	Matcher: Template: dhl matched with high similarity

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /TMPS HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /TMPS/ HTTP/1.1Host: svfs.isConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dnkdl/ HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://svfs.is/TMPS/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/jquery/dist/jquery.min.js HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/font-awesome/css/font-awesome.min.css HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/core_form.css HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/bundle.css HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/ua-parser-js/dist/ua-parser.min.js HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/angular/angular.min.js HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/core_form.js HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/jquery/dist/jquery.min.js HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/dhl-logo.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/youtube-new.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/facebook-new.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/linkedIn-new.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/instagram-new.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/7f0d3a9b32ad319a9dd1.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/fonts/iconfont-36e40d8b4a0a369beacf.woff HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://svfs.issec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/fonts/default-274a65bae9742377aaf0.woff HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://svfs.issec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/fonts/default-815fcbb4d2c579017011.woff HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://svfs.issec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/fonts/default-5a6dd86f272b304a8b83.woff HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://svfs.issec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/fonts/default-3e828e80f6e985c352eb.woff HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://svfs.issec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/ua-parser-js/dist/ua-parser.min.js HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/angular/angular.min.js HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/core_form.js HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/dhl-logo.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/linkedIn-new.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/facebook-new.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/youtube-new.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/instagram-new.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/7f0d3a9b32ad319a9dd1.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/favicon.ico HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/favicon.ico HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj

Source: global traffic	DNS traffic detected: DNS query: svfs.is
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 23:43:05 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Sun, 12 Mar 2023 17:15:32 GMTETag: "328-5f6b724586ded"Accept-Ranges: bytes
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 23:43:05 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Sun, 12 Mar 2023 17:15:32 GMTETag: "328-5f6b724586ded"Accept-Ranges: bytes
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 23:43:05 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Sun, 12 Mar 2023 17:15:32 GMTETag: "328-5f6b724586ded"Accept-Ranges: bytes
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 23:43:05 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Sun, 12 Mar 2023 17:15:32 GMTETag: "328-5f6b724586ded"Accept-Ranges: bytes
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 23:43:05 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Sun, 12 Mar 2023 17:15:32 GMTETag: "328-5f6b724586ded"Accept-Ranges: bytes

Source: chromecache_80.2.dr, chromecache_76.2.dr	String found in binary or memory: http://angularjs.org
Source: chromecache_80.2.dr, chromecache_76.2.dr	String found in binary or memory: http://errors.angularjs.org/1.6.6/
Source: chromecache_56.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_56.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_69.2.dr, chromecache_77.2.dr	String found in binary or memory: https://github.com/faisalman/ua-parser-js
Source: chromecache_54.2.dr, chromecache_66.2.dr	String found in binary or memory: https://i.imgur.com/lQNIz8H.png
Source: chromecache_58.2.dr, chromecache_73.2.dr, chromecache_52.2.dr, chromecache_75.2.dr, chromecache_62.2.dr, chromecache_63.2.dr, chromecache_74.2.dr, chromecache_57.2.dr	String found in binary or memory: https://sketchapp.com
Source: chromecache_53.2.dr	String found in binary or memory: https://svfs.is/dnkdl/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@16/53@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2296,i,11830406196136506043,15985457101165366253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://svfs.is/TMPS"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2296,i,11830406196136506043,15985457101165366253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
185.112.144.235	svfs.is	Iceland	44925	THE-1984-ASIS	true

Private

IP
192.168.2.4
192.168.2.6

Contacted Domains

Name	IP	Active
svfs.is	185.112.144.235	true
www.google.com	142.250.186.100	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Reputation
https://svfs.is/dnkdl/assets/angular/angular.min.js	true	unknown
https://svfs.is/dnkdl/fonts/default-3e828e80f6e985c352eb.woff	true	unknown
https://svfs.is/dnkdl/fonts/default-5a6dd86f272b304a8b83.woff	true	unknown
https://svfs.is/dnkdl/assets/bundle.css	true	unknown
https://svfs.is/dnkdl/	true	unknown
https://svfs.is/dnkdl/img/youtube-new.svg	true	unknown
https://svfs.is/dnkdl/img/facebook-new.svg	true	unknown
https://svfs.is/dnkdl/img/linkedIn-new.svg	true	unknown
https://svfs.is/dnkdl/img/instagram-new.svg	true	unknown
https://svfs.is/dnkdl/fonts/iconfont-36e40d8b4a0a369beacf.woff	true	unknown
https://svfs.is/dnkdl/img/favicon.ico	true	unknown
https://svfs.is/dnkdl/assets/core_form.js	true	unknown
https://svfs.is/TMPS/	true	unknown
https://svfs.is/dnkdl/assets/ua-parser-js/dist/ua-parser.min.js	true	unknown
https://svfs.is/dnkdl/assets/jquery/dist/jquery.min.js	true	unknown
https://svfs.is/TMPS	true	unknown
https://svfs.is/dnkdl/assets/font-awesome/css/font-awesome.min.css	true	unknown
https://svfs.is/dnkdl/fonts/default-815fcbb4d2c579017011.woff	true	unknown
https://svfs.is/dnkdl/img/dhl-logo.svg	true	unknown
https://svfs.is/dnkdl/fonts/default-274a65bae9742377aaf0.woff	true	unknown
https://svfs.is/dnkdl/img/7f0d3a9b32ad319a9dd1.svg	true	unknown
https://svfs.is/dnkdl/assets/core_form.css	true	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 52	SVG Scalable Vector Graphics image	056511AEB5282ECAAB9FBF10ED2273E5	FC29C2C37C4B4A31AD13E80356371E338AEF5894	F01C2E1870FCD75CECA3B4C42C3110CB0AA4B933B562CF3D2C7DDD20CE03C7EE
Chrome Cache Entry: 53	HTML document, ASCII text, with no line terminators	66922AD98564D638D644A785DD45D7A1	0211EF75297341D76E5DEE533FE463E79D1FF551	5830C5650C16D47F8EFF33628EDD319541553E8B5E40A8CB53B256826D1C1C05
Chrome Cache Entry: 54	ASCII text	1C5FDEE848E9FEE64DF2F5D844AEAC4E	FB216EDAFE7D6C9D2AC5D97F886CA4C6A6E51FA1	2F14AF263BF34F9CCA167FAE70AE4FBE805546F60223E2A3155CD3C48FE61F9B
Chrome Cache Entry: 55	ASCII text, with very long lines (32058)	C9F5AEECA3AD37BF2AA006139B935F0A	1055018C28AB41087EF9CCEFE411606893DABEA2	87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
Chrome Cache Entry: 56	ASCII text, with very long lines (30837)	269550530CC127B6AA5A35925A7DE6CE	512C7D79033E3028A9BE61B540CF1A6870C896F8	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
Chrome Cache Entry: 57	SVG Scalable Vector Graphics image	259D8928A7FD5329B3D7FD80ECA2EA2F	A6337DE5FF5761B39A319CD7EC3F8B10F201D066	43027752F5A04142E6518A4FD8EF54E7E73CFBA7820DA9C03C1AD38835F04FE2
Chrome Cache Entry: 58	SVG Scalable Vector Graphics image	259D8928A7FD5329B3D7FD80ECA2EA2F	A6337DE5FF5761B39A319CD7EC3F8B10F201D066	43027752F5A04142E6518A4FD8EF54E7E73CFBA7820DA9C03C1AD38835F04FE2
Chrome Cache Entry: 59	HTML document, ASCII text	A943672A32297727BAB01C3E76977550	3A667C4B7A457EF6C586CC581D533C128737BF53	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
Chrome Cache Entry: 60	SVG Scalable Vector Graphics image	0C99E91E1784480BEDCFD85B6EC52EC5	CCA8C71B330686FD1CD600D553D03EF85131DECD	8E3ACF992F11D4EA95BED00DA7673DCBD592D92CA8A1610792298B7FA9EF1EE0
Chrome Cache Entry: 61	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	D8106BF3A1D00AB43B01E6E3C92500EB	202B5E8654AB1B28351378293BCA3B9D844CC29B	9ADA5709E264C31B04A05BD85448A9BD5E91925E8D83DF5CEF0762EC97CC283E
Chrome Cache Entry: 62	SVG Scalable Vector Graphics image	376247A0B06E705C758FE04978EA9DF5	90D50C682C2EA23A9D26926C6EB3D849B7B94661	ACD3EAF2B608FB48F9915964C36772B322AD91106508C4490E2A72122DB4D347
Chrome Cache Entry: 63	SVG Scalable Vector Graphics image	056511AEB5282ECAAB9FBF10ED2273E5	FC29C2C37C4B4A31AD13E80356371E338AEF5894	F01C2E1870FCD75CECA3B4C42C3110CB0AA4B933B562CF3D2C7DDD20CE03C7EE
Chrome Cache Entry: 64	ASCII text, with very long lines (32058)	C9F5AEECA3AD37BF2AA006139B935F0A	1055018C28AB41087EF9CCEFE411606893DABEA2	87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
Chrome Cache Entry: 65	HTML document, ASCII text	A943672A32297727BAB01C3E76977550	3A667C4B7A457EF6C586CC581D533C128737BF53	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
Chrome Cache Entry: 66	ASCII text	1C5FDEE848E9FEE64DF2F5D844AEAC4E	FB216EDAFE7D6C9D2AC5D97F886CA4C6A6E51FA1	2F14AF263BF34F9CCA167FAE70AE4FBE805546F60223E2A3155CD3C48FE61F9B
Chrome Cache Entry: 67	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	D8106BF3A1D00AB43B01E6E3C92500EB	202B5E8654AB1B28351378293BCA3B9D844CC29B	9ADA5709E264C31B04A05BD85448A9BD5E91925E8D83DF5CEF0762EC97CC283E
Chrome Cache Entry: 68	ASCII text, with CRLF line terminators	BF5DF87F2F40BF9EE7BC34BC8F1EDD3F	DA15EE2407D8223C5859BFAE9E992627472EEB8B	4009F827B65F5E038592FB90FE9E77F0B50A7E808BF9C8CD1A03782D62DB9A00
Chrome Cache Entry: 69	Unicode text, UTF-8 text, with very long lines (16817)	E0AE48C8EBBE57EDEACB5B02F16D0DF9	0C5A29A88ADD39486162E0C16F23E2E06FC7842E	0FDA30CF243E7650BF3E1666EDDEB4FBBA6B788EDE36753EDA5E2964CC14C896
Chrome Cache Entry: 70	HTML document, ASCII text	A943672A32297727BAB01C3E76977550	3A667C4B7A457EF6C586CC581D533C128737BF53	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
Chrome Cache Entry: 71	ASCII text	47BE5D869C349963511A2697FA1F76EE	9CC8A62AD20F65337E3D36DE63B02489AC8CA62D	9C9F388143B6571FE61C4311205675C7C90AC8DC352E044BB6BAD5611AFD4F01
Chrome Cache Entry: 72	SVG Scalable Vector Graphics image	0C99E91E1784480BEDCFD85B6EC52EC5	CCA8C71B330686FD1CD600D553D03EF85131DECD	8E3ACF992F11D4EA95BED00DA7673DCBD592D92CA8A1610792298B7FA9EF1EE0
Chrome Cache Entry: 73	SVG Scalable Vector Graphics image	376247A0B06E705C758FE04978EA9DF5	90D50C682C2EA23A9D26926C6EB3D849B7B94661	ACD3EAF2B608FB48F9915964C36772B322AD91106508C4490E2A72122DB4D347
Chrome Cache Entry: 74	SVG Scalable Vector Graphics image	43EFFF953A2A3BAF6A2EF0528F55DC07	B510BC0512DA7D96CDF29A0F1E343319095776DE	C32F1A0F5B093B6B2C8F5DF0BF93856359769EE6BBAB40975043CD133711D528
Chrome Cache Entry: 75	SVG Scalable Vector Graphics image	43EFFF953A2A3BAF6A2EF0528F55DC07	B510BC0512DA7D96CDF29A0F1E343319095776DE	C32F1A0F5B093B6B2C8F5DF0BF93856359769EE6BBAB40975043CD133711D528
Chrome Cache Entry: 76	ASCII text, with very long lines (552)	4C619EF91E3FA3F1D4813DB2B2EB738D	C5F77156C6F5397BE71914EB80D8F998EA1279E7	35F73A70CCA067828BE9E0A712B8B48908E1BC4490637C62BD70158F95CD6E27
Chrome Cache Entry: 77	Unicode text, UTF-8 text, with very long lines (16817)	E0AE48C8EBBE57EDEACB5B02F16D0DF9	0C5A29A88ADD39486162E0C16F23E2E06FC7842E	0FDA30CF243E7650BF3E1666EDDEB4FBBA6B788EDE36753EDA5E2964CC14C896
Chrome Cache Entry: 78	SVG Scalable Vector Graphics image	3FECC9DB35D5D2A9E6E71AB4B02D22E5	628BA2F505B480097445AAF08649A08242BD6847	362BCAA42090E36611031BEC6BDAA0600375EF847092CCA195C58D3BAE9B4419
Chrome Cache Entry: 79	HTML document, ASCII text	A943672A32297727BAB01C3E76977550	3A667C4B7A457EF6C586CC581D533C128737BF53	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
Chrome Cache Entry: 80	ASCII text, with very long lines (552)	4C619EF91E3FA3F1D4813DB2B2EB738D	C5F77156C6F5397BE71914EB80D8F998EA1279E7	35F73A70CCA067828BE9E0A712B8B48908E1BC4490637C62BD70158F95CD6E27
Chrome Cache Entry: 81	ASCII text, with no line terminators	841C268288739CF9828DEF74E761DEB6	E44AB09A6DBB26453957362439CABAC6FDD135E8	80F4CAD30556965E423C10AD6EB77A5F6E901CA7BD2C00FA8D381B3D633E7583
Chrome Cache Entry: 82	SVG Scalable Vector Graphics image	3FECC9DB35D5D2A9E6E71AB4B02D22E5	628BA2F505B480097445AAF08649A08242BD6847	362BCAA42090E36611031BEC6BDAA0600375EF847092CCA195C58D3BAE9B4419
Chrome Cache Entry: 83	HTML document, ASCII text	A943672A32297727BAB01C3E76977550	3A667C4B7A457EF6C586CC581D533C128737BF53	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://svfs.is/TMPS

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://svfs.is/dnkdl/

Phishing site detected (based on favicon image match)

Source: https://svfs.is	Matcher: Template: dhl matched with high similarity
Source: https://svfs.is/dnkdl/	Matcher: Template: dhl matched with high similarity

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /TMPS HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /TMPS/ HTTP/1.1Host: svfs.isConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dnkdl/ HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://svfs.is/TMPS/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/jquery/dist/jquery.min.js HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/font-awesome/css/font-awesome.min.css HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/core_form.css HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/bundle.css HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/ua-parser-js/dist/ua-parser.min.js HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/angular/angular.min.js HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/core_form.js HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/jquery/dist/jquery.min.js HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/dhl-logo.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/youtube-new.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/facebook-new.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/linkedIn-new.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/instagram-new.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/7f0d3a9b32ad319a9dd1.svg HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/fonts/iconfont-36e40d8b4a0a369beacf.woff HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://svfs.issec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/fonts/default-274a65bae9742377aaf0.woff HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://svfs.issec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/fonts/default-815fcbb4d2c579017011.woff HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://svfs.issec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/fonts/default-5a6dd86f272b304a8b83.woff HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://svfs.issec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/fonts/default-3e828e80f6e985c352eb.woff HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://svfs.issec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://svfs.is/dnkdl/assets/bundle.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/ua-parser-js/dist/ua-parser.min.js HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/angular/angular.min.js HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/assets/core_form.js HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/dhl-logo.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/linkedIn-new.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/facebook-new.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/youtube-new.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/instagram-new.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/7f0d3a9b32ad319a9dd1.svg HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/favicon.ico HTTP/1.1Host: svfs.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://svfs.is/dnkdl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj
Source: global traffic	HTTP traffic detected: GET /dnkdl/img/favicon.ico HTTP/1.1Host: svfs.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad7seqng53p258uv8fi4n6hdhj

Source: global traffic	DNS traffic detected: DNS query: svfs.is
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 23:43:05 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Sun, 12 Mar 2023 17:15:32 GMTETag: "328-5f6b724586ded"Accept-Ranges: bytes
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 23:43:05 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Sun, 12 Mar 2023 17:15:32 GMTETag: "328-5f6b724586ded"Accept-Ranges: bytes
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 23:43:05 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Sun, 12 Mar 2023 17:15:32 GMTETag: "328-5f6b724586ded"Accept-Ranges: bytes
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 23:43:05 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Sun, 12 Mar 2023 17:15:32 GMTETag: "328-5f6b724586ded"Accept-Ranges: bytes
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 23:43:05 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Sun, 12 Mar 2023 17:15:32 GMTETag: "328-5f6b724586ded"Accept-Ranges: bytes

Source: chromecache_80.2.dr, chromecache_76.2.dr	String found in binary or memory: http://angularjs.org
Source: chromecache_80.2.dr, chromecache_76.2.dr	String found in binary or memory: http://errors.angularjs.org/1.6.6/
Source: chromecache_56.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_56.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_69.2.dr, chromecache_77.2.dr	String found in binary or memory: https://github.com/faisalman/ua-parser-js
Source: chromecache_54.2.dr, chromecache_66.2.dr	String found in binary or memory: https://i.imgur.com/lQNIz8H.png
Source: chromecache_58.2.dr, chromecache_73.2.dr, chromecache_52.2.dr, chromecache_75.2.dr, chromecache_62.2.dr, chromecache_63.2.dr, chromecache_74.2.dr, chromecache_57.2.dr	String found in binary or memory: https://sketchapp.com
Source: chromecache_53.2.dr	String found in binary or memory: https://svfs.is/dnkdl/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@16/53@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2296,i,11830406196136506043,15985457101165366253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://svfs.is/TMPS"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2296,i,11830406196136506043,15985457101165366253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1521656
Product:	CloudBasic
Start time:	01:42:05
Start date:	29.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://svfs.is/TMPS

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://svfs.is/TMPS

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://svfs.is/TMPS