Windows Analysis Report
https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/

Overview

General Information

Sample URL:	https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/
Analysis ID:	1522628
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish29

AI detected landing page (webpage, office document or email)

Phishing site or detected (based on various text indicators)

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Yara detected HtmlPhish29

Source: Yara match	File source: 8.11..script.csv, type: HTML
Source: Yara match	File source: 9.12..script.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_96, type: DROPPED
Source: Yara match	File source: dropped/chromecache_117, type: DROPPED

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 2.6	OCR Text: M ETALPACK sri. SHARED A DOCUMENT WITH YOU PDF CLICK HERE TO VIEW YOUR DOCUMENT METALPACK sri. This document has been scanned for viruses by Norton'" AntiVirus Security Standard Software 2024 by
Source: Chrome DOM: 2.7	OCR Text: METALPACK sri. SHARED A DOCUMENT WITH YOU * *Pages 2 PDF CLICK HERE TO VIEW YOUR DOCUMENT METALPACK sri. This document has been scanned for viruses by Norton'V AntiVirus Security Standard Software 2024 by

HTML page contains hidden javascript code

Source: https://app.pipefy.com/public/form/41kuSg4l

HTTP Parser: Base64 decoded: sv=o365_1_one&rand=NmtDeFk=&uid=USER18092024U19091835

Source: https://app.pipefy.com/public/form/41kuSg4l	HTTP Parser: No favicon
Source: https://app.pipefy.com/public/form/41kuSg4l	HTTP Parser: No favicon
Source: https://app.pipefy.com/public/form/41kuSg4l	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:54227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:54232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:54237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:54305 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: fshjjfetalpacksrlfggghhgfgj.taplink.ws
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: mc.yandex.ru
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: taplink.st
Source: global traffic	DNS traffic detected: DNS query: app.pipefy.com
Source: global traffic	DNS traffic detected: DNS query: pipestyle.staticpipefy.com
Source: global traffic	DNS traffic detected: DNS query: pipeui.staticpipefy.com
Source: global traffic	DNS traffic detected: DNS query: assets.staticpipefy.com
Source: global traffic	DNS traffic detected: DNS query: ws-mt1.pusher.com
Source: global traffic	DNS traffic detected: DNS query: sockjs.pusher.com
Source: global traffic	DNS traffic detected: DNS query: js.hcaptcha.com
Source: global traffic	DNS traffic detected: DNS query: api-js.mixpanel.com
Source: global traffic	DNS traffic detected: DNS query: app-location.pipefy.com
Source: global traffic	DNS traffic detected: DNS query: newassets.hcaptcha.com
Source: global traffic	DNS traffic detected: DNS query: api2.hcaptcha.com
Source: global traffic	DNS traffic detected: DNS query: apm.pipefy.com
Source: global traffic	DNS traffic detected: DNS query: dianemccabe.com

Source: unknown	Network traffic detected: HTTP traffic on port 54282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54309
Source: unknown	Network traffic detected: HTTP traffic on port 54287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54307
Source: unknown	Network traffic detected: HTTP traffic on port 54258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54302
Source: unknown	Network traffic detected: HTTP traffic on port 54293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54300
Source: unknown	Network traffic detected: HTTP traffic on port 54241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54303
Source: unknown	Network traffic detected: HTTP traffic on port 54315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54319
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54318
Source: unknown	Network traffic detected: HTTP traffic on port 54259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54312
Source: unknown	Network traffic detected: HTTP traffic on port 54242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54315
Source: unknown	Network traffic detected: HTTP traffic on port 54200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54314
Source: unknown	Network traffic detected: HTTP traffic on port 54316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54320
Source: unknown	Network traffic detected: HTTP traffic on port 54275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54321 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54208
Source: unknown	Network traffic detected: HTTP traffic on port 54264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54323
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54325
Source: unknown	Network traffic detected: HTTP traffic on port 54310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54210
Source: unknown	Network traffic detected: HTTP traffic on port 54270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54299
Source: unknown	Network traffic detected: HTTP traffic on port 54240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54199
Source: unknown	Network traffic detected: HTTP traffic on port 54269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54258
Source: unknown	Network traffic detected: HTTP traffic on port 54244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54255
Source: unknown	Network traffic detected: HTTP traffic on port 54221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54260
Source: unknown	Network traffic detected: HTTP traffic on port 54296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54262
Source: unknown	Network traffic detected: HTTP traffic on port 54273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54271
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54270
Source: unknown	Network traffic detected: HTTP traffic on port 54227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54273
Source: unknown	Network traffic detected: HTTP traffic on port 54255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54279
Source: unknown	Network traffic detected: HTTP traffic on port 54278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54281
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54280
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54287
Source: unknown	Network traffic detected: HTTP traffic on port 54245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54285
Source: unknown	Network traffic detected: HTTP traffic on port 54302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54289
Source: unknown	Network traffic detected: HTTP traffic on port 54208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54288
Source: unknown	Network traffic detected: HTTP traffic on port 54222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54294
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54293
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54291
Source: unknown	Network traffic detected: HTTP traffic on port 54295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54295
Source: unknown	Network traffic detected: HTTP traffic on port 54267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54290
Source: unknown	Network traffic detected: HTTP traffic on port 54307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54214
Source: unknown	Network traffic detected: HTTP traffic on port 54314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54212
Source: unknown	Network traffic detected: HTTP traffic on port 54205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54220
Source: unknown	Network traffic detected: HTTP traffic on port 54277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54225
Source: unknown	Network traffic detected: HTTP traffic on port 54220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54224
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54230
Source: unknown	Network traffic detected: HTTP traffic on port 54272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54237
Source: unknown	Network traffic detected: HTTP traffic on port 54226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54243
Source: unknown	Network traffic detected: HTTP traffic on port 54271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54242
Source: unknown	Network traffic detected: HTTP traffic on port 54294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54240
Source: unknown	Network traffic detected: HTTP traffic on port 54210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54244
Source: unknown	Network traffic detected: HTTP traffic on port 54204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54250
Source: unknown	Network traffic detected: HTTP traffic on port 54299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54251
Source: unknown	Network traffic detected: HTTP traffic on port 54303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54215 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:54227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:54232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:54237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:54305 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@19/46@68/210

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1852,i,15151632708212088530,3997094878592568359,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1852,i,15151632708212088530,3997094878592568359,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/	LLM: Page contains button: 'VIEW DOCUMENT HERE' Source: '0.1.pages.csv'
Source: https://app.pipefy.com/public/form/41kuSg4l	LLM: Page contains button: 'CLICK HERE TO VIEW YOUR DOCUMENT' Source: '2.4.pages.csv'

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.46	unknown	United States	15169	GOOGLEUS	false
130.211.34.183	api-js.mixpanel.com	United States	15169	GOOGLEUS	false
142.250.186.170	unknown	United States	15169	GOOGLEUS	false
142.250.74.206	unknown	United States	15169	GOOGLEUS	false
104.26.2.150	taplink.st	United States	13335	CLOUDFLARENETUS	false
141.148.95.24	apm.pipefy.com	Sweden	43894	ORCL-LON-OPC1GB	false
142.250.185.202	unknown	United States	15169	GOOGLEUS	false
107.178.240.159	unknown	United States	15169	GOOGLEUS	false
93.158.134.119	mc.yandex.ru	Russian Federation	13238	YANDEXRU	false
44.197.17.102	socket-mt1-ingress-1987402783.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
104.19.230.21	js.hcaptcha.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.19.147.54	app.pipefy.com	United States	13335	CLOUDFLARENETUS	false
142.250.74.195	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
216.58.206.67	unknown	United States	15169	GOOGLEUS	false
104.21.46.216	taplink.me	United States	13335	CLOUDFLARENETUS	false
104.16.117.75	pipeui.staticpipefy.com	United States	13335	CLOUDFLARENETUS	false
104.19.229.21	newassets.hcaptcha.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
77.88.21.119	unknown	Russian Federation	13238	YANDEXRU	false
44.217.82.191	ingress-sticky-haproxy-mt1-912d8b7308f82d6c.elb.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
64.233.184.84	unknown	United States	15169	GOOGLEUS	false
217.115.114.114	dianemccabe.com	Ireland	30900	WEBWORLD-AStaWebWorldIrelandIE	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
pipeui.staticpipefy.com	104.16.117.75	true
mc.yandex.ru	93.158.134.119	true
a.nel.cloudflare.com	35.190.80.1	true
api-js.mixpanel.com	130.211.34.183	true
app.pipefy.com	104.19.147.54	true
socket-mt1-ingress-1987402783.us-east-1.elb.amazonaws.com	44.197.17.102	true
taplink.me	104.21.46.216	true
pipestyle.staticpipefy.com	104.16.117.75	true
dianemccabe.com	217.115.114.114	true
taplink.st	104.26.2.150	true
js.hcaptcha.com	104.19.230.21	true
apm.pipefy.com	141.148.95.24	true
www.google.com	142.250.186.36	true
api2.hcaptcha.com	104.19.230.21	true
app-location.pipefy.com	104.19.147.54	true
newassets.hcaptcha.com	104.19.229.21	true
assets.staticpipefy.com	104.16.117.75	true
ingress-sticky-haproxy-mt1-912d8b7308f82d6c.elb.us-east-1.amazonaws.com	44.217.82.191	true
ws-mt1.pusher.com	unknown	unknown
sockjs.pusher.com	unknown	unknown
fshjjfetalpacksrlfggghhgfgj.taplink.ws	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/	true	unknown
https://dianemccabe.com/n/?c3Y9bzM2NV8xX29uZSZyYW5kPU5tdERlRms9JnVpZD1VU0VSMTgwOTIwMjRVMTkwOTE4MzU=N0123N	false	unknown
https://app.pipefy.com/public/form/41kuSg4l	true	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:51:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	9DE703C4F5609362247279A794397104	5B8707764F9845BFF4C99C960BB83BA775ACF4C8	E0823AC5B75919140EB2E9AE9BE646D52180D0B6D48F079CDADD7B75BA66ABFB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:51:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0A7DB24FF3546EB3203B4533883028C6	C3081F26CC69F483CAC48E0435B8AA38F064A4F7	2EA20799B264AC6570351D22E2B2B97DEED492C4A3DB778DB3ADE86CC063683C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4DF9E3F5A86A1AE55B21A9454349F355	0ABC459C81D1FCB9A7DF53A6CD362D92B4A38C76	06D87F3A7DFBD45ECD9AEA4416567FE091F8F1BC8AB21F79DEC0364B54404320
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:51:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	79CA9F07C5834AB3FEE3918033FE8763	9F1749C1C8653D0F8379325DDE3BA42AC67B563C	8F19948FBC3DD670FD865C5AA91C7A038DAF74664E18DC55115721714EAC4BC0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:51:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	474D2539FABF6487D145384A56D2FB28	27A13028A8EDEB183F79EB212E5A8CD1563C1770	FFDC7F306887F09C4050888B78C63080149394EBBC386C16ED332DB3BC9C1618
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:51:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	27F9E3C9F9257C111D304E2F64EF7D53	8E1F84DB2C53BD33C1295F6E73C97040E590FE48	501FC951514903C0C3607120C1B31EC4FFAEA4FCB0EC24D29E0E264C47BB459C
Chrome Cache Entry: 101	ASCII text, with very long lines (64024)	EEA9BCC48AF6022049AC7AC3D123E476	0E1D337DB21F28673F9B9600AAEF4969AB381E26	5068DC0C8CAC19B85816E6F88EA7912CE447692EAE6CF2917D673EAC527C2D22
Chrome Cache Entry: 102	Unicode text, UTF-8 text, with very long lines (5693)	5499435384295E7165D7DAAD7355BEEE	2F025E8308B85A5AC908A791CBAA0A78E4F3150E	0AEBB709F4E17C8617DF1E3A2B57DF7DC2E4D1B2D292C6029408BC0A4C4787A0
Chrome Cache Entry: 104	ASCII text, with very long lines (16680)	31D57BE9B2305D0D8C8CB6CDBBF2AE12	B52E1ED5B23B5ADE16AEB24708287B891B2835B8	63202E42AB7D303F2F19EB1661B4A0897DB9C2435CC154F439B5596430541676
Chrome Cache Entry: 107	Unicode text, UTF-8 text, with very long lines (65533), with no line terminators	EE359F878C71CF7EC79DD220824C8710	EC1637C150AFDBE4B77A93357EE84D8DCF583333	6936A0051F6C21CB3E560F4628619A80B6C6DCF16C0AEEDF45D14B8A4B323EB5
Chrome Cache Entry: 108	PNG image data, 389 x 260, 8-bit/color RGBA, non-interlaced	44431B7D4E90C3B60DD89FBE36DB0CE8	D9B859551C4ED4296D21203843607805F26DD75C	903F9A6A4B2BA9F986D55FDFB37F5A29DB124BD0458F97A388E1A0559C7B8268
Chrome Cache Entry: 109	ASCII text, with no line terminators	75783A03B9CB78E8D5DE45EB4A9A7A1C	F6B9EBE7918A1E0876630CDD377D2FD1D1605235	50499BC837766A35BBE8B02625933747150A611BA5996E532F1EC32E48123CA1
Chrome Cache Entry: 110	Unicode text, UTF-8 text, with very long lines (41625)	F1E1655DC1B6CBDB0354D29980882BB0	F433EF04877CD65555FD9CF56A2A3CD826B00199	9034A1AD067DA69459A1BAAC888CFDD2C9320148F2546CEC38FFD0DD3347CE5F
Chrome Cache Entry: 111	Web Open Font Format (Version 2), TrueType, length 48444, version 1.0	8E433C0592F77BEB6DC527D7B90BE120	D7402416753AE1BB4CBD4B10D33A0C10517838BD	F052EE44C3728DFD23ABA8A4567150BC314D23903026FBB6AD089422C2DF56AF
Chrome Cache Entry: 112	ASCII text, with very long lines (5238), with no line terminators	988F1EEE304299F19631CA4ADA248754	D3D5FADCCC4372D7F72BA01834C580B8C65F9051	DE33C1364C19F40616A47D966C245DED37FA42C18C19FA3DC2E3AA66C9FFCB0E
Chrome Cache Entry: 116	HTML document, ASCII text	1CF0EB7E85EA4D404F9FFA35718A9922	7482D4D2C883CF51113BDD53AAEA37766CA51A37	1383C32837E4FDD35D6F6284F8E94EE8A426C3CD8D0BFEB48639D6532EBD7225
Chrome Cache Entry: 117	ASCII text, with very long lines (65536), with no line terminators	3FF71A8F9FC2E86F2D9ACF408A8746A2	85C0AA581C742C4F24CB636BB77DEF1E56E4639A	88AFD069F199AA777621D3D559B501C3434645246CB928483C38270525349448
Chrome Cache Entry: 119	SVG Scalable Vector Graphics image	BB441D35AC2F847A76529CB0D45AAEF5	83BEBF3E34409A081B990185FCDDF1E846C03160	FE79E92295B76558A0B772B3E150D1EA011740A5F2275CE1B72556287DC4F0C1
Chrome Cache Entry: 120	ASCII text, with very long lines (618), with CRLF line terminators	F9D3C246A4229365207DEF3633DB291D	CFFFC294D2ECE96C6EA1342E9024C1B62B4C5EB0	5391257CF6ACBAF585C7552F4C0F19C15C09FA6E94ACAE3F1DB7256594F50AB6
Chrome Cache Entry: 122	ASCII text, with very long lines (31127)	094F19D55D347CB3C6D5E428E004FE44	110F9F02C5A3D5A0A5BA7D6CB94F7E6C58BC6054	6168DF02EC5B707B4541D75EAAA583508A55C36CDE762E29504D06F369AF91E8
Chrome Cache Entry: 123	HTML document, Unicode text, UTF-8 text, with very long lines (1826)	BA96DE54CFE45BC0CC0842D0BD086C53	A93A44BBBEAF008D6080AB83AE31CCD53CCC1274	3A06E2E322C14C5F3A0A59A65245E2AB01B3658A59A616B9EA85215F92900D1C
Chrome Cache Entry: 125	ASCII text, with very long lines (65536), with no line terminators	8DD53BEEEFF9A5D3ED5EB9688D767CCB	A68D11DF258D70D2D86F1A0C26B1401D251897A8	3BCC7FB927EA4572F98BEC6335EB0A2D542A22024FF16043810EE8C4A2FCDAA0
Chrome Cache Entry: 126	ASCII text, with no line terminators	89BE93E81169A3478F5B92F3C91AF580	C62E2852B394952919463742831CB4C66CCA1C8B	77C5F518D3925E0083F47A20572ADB178B2204D07FAA396A2E3B0AFD803155B9
Chrome Cache Entry: 127	ASCII text	EDB1CA86E5FF4B16EF78F4D4A42EB24A	790A23BE4DF887C0F07AC86D1F51584534DC9142	6D92CF49E785ABAFCC2D4658AB9353ACE723CC85F365C5C8F247177CCE95A696
Chrome Cache Entry: 129	JSON data	F001E96A05A5E57F0BD73E2BB1F4CD8A	582A1ACBF325441D44FE5DDEB1300CEB4D671685	386037A3C67FE88E5AD918F78FCE0C55C6CE14199B6B82E5E0BEFCCEA2820141
Chrome Cache Entry: 130	very short file (no magic)	68B329DA9893E34099C7D8AD5CB9C940	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
Chrome Cache Entry: 131	ASCII text, with very long lines (37130)	E2E7F7259EF5A3B03498EF6FBAFA28AE	1414EBEE92F8D7C75E953FA2F9E0787083D2AA92	9D8F6CA64002402C372EF53B8EC7603CCAC2AF8C1567FF56D3AE8658D6C0C71B
Chrome Cache Entry: 132	ASCII text, with very long lines (15522), with no line terminators	45483080F9111A91D30F05F2941271E7	02F7E993BF7B593BEBDD51076816EE5BF94B74BA	75D9B1BE7330B756864E8C3947BB5EB2E30CBFA4396D0262CCF33991A9331C78
Chrome Cache Entry: 133	RIFF (little-endian) data, Web/P image	E8D4D41056BDD865BF9577857996EE45	500033B229A4B595D6F140DA45A7EC8E5161FA3D	BEBE98B60D4BD218DF9A484DAD74B1A3C453C23199EE7A9FA3D5393AD0D9E319
Chrome Cache Entry: 138	HTML document, Unicode text, UTF-8 text, with very long lines (39933)	92F6F12C84CC92E4F58143EEF4FFE124	BCB87F6A62CCFF2C75568AE74D4E19BC015629EB	96512AAC90CA9AC3BF2E7B0A855AFC46CABC3C1BAD06FAEF0D44C7DB67281ABD
Chrome Cache Entry: 139	ASCII text, with very long lines (56991)	1680419B6708F5D71C06C63A88C229BB	AA2B74A1A4FED444FCBEF50EF3CF56F322E1E178	4012A7FBF01EC91E788E1184A31A810E9F3D518BC35220F1FD4CF4C8C59C0113
Chrome Cache Entry: 140	ASCII text, with very long lines (50896), with no line terminators	3F1B87F97823F1E246326F84936AB328	DC940818E4001A35B299FD17AED0CD7B6DFA774E	4D26A6D3F4CF2F712E5E2B291BFA127AA4CC85C88D1B1E2D34134AE1C45ABF94
Chrome Cache Entry: 141	PNG image data, 218 x 218, 8-bit/color RGBA, non-interlaced	ABF4DDA279EF91D9F679BE54D84BB6F7	3426E5881509CC7A37BBF8D64869330C0B8FC279	3BF5EB68244A5C6A5B43F9D2AD40697637C7CFE2187A87DCBBB72279021EB1C0
Chrome Cache Entry: 143	PNG image data, 32 x 32, 8-bit colormap, non-interlaced	169D658682B59FC86BEDDDB1BDB0C8DA	94A42DE91D76D8EFB19166C8DFF6E7E7F5CB88E8	17BBC4E8F18AF96D43EC18D28C90D3F26CB771EA66576441E5E709B4238BF801
Chrome Cache Entry: 144	ASCII text, with very long lines (900), with no line terminators	1D7C3B16DFAA55C33F2A5B687CD7064E	6045779762562639C35FAC2101400D394869C80E	D90BC1B9D29298776938E62A4D77FB568BE2F5D200DA41049339516277286C8F
Chrome Cache Entry: 145	ASCII text, with very long lines (65521)	B36BB9397467E3F24B0E29183CEA4481	02B0590707BEB83605222D47036A3740736B0D06	D8CF8723B1CB7CE784EEDED69523BDC2D9A1F456E22FFD9C21C5C3E4CC217D65
Chrome Cache Entry: 146	ASCII text	9B9B20951390D0B1224716D83C97CBA1	35AA7575EDE30D369B19FCAB7ACE23753C21A149	41DB675D16990E85CB9E9025A0287B1BB29143FD466509C29FA1A9FE02302AFD
Chrome Cache Entry: 147	HTML document, ASCII text, with very long lines (9127)	DC18942274A48795D55FE1CA899DC889	28E66C27A60B48E651F483A628065646F29512AC	B1FE5182D131CF3C3416FCF4B4FCC95E8FDBFA6FCD2353E2950A6B1C59F49DB7
Chrome Cache Entry: 149	ASCII text, with very long lines (5384), with no line terminators	D99057759AD1DEB2F7F769B968610512	6D47708C2EA230CAC7AC2D4F9DD4A3A60A3824F1	1A2E9D1046B24AB41F7BC22B41F7439E7268A3F13C51DC5516E7DD7AB0738964
Chrome Cache Entry: 150	ASCII text, with very long lines (65491)	EB8C97A5A12F295F159EA001B9BBC8E9	A910E4158054B0D648FACD040862A0C5AF5EEC72	A71BD7E99AA1397F27B789D70000B12C659B3690A0DA7EF5E86E350ECBB2DCCE
Chrome Cache Entry: 151	ASCII text, with very long lines (1572)	D95B0ABA1D3CC78169A43E56F382882B	ACE3DC1930ACD0E13E2FFA2FAD3EFF514D1A322A	B117637A23B5ABD44A477B9242E8ADF76081DBAB300B9FA139E3EB2455862CFD
Chrome Cache Entry: 152	ASCII text, with no line terminators	7F46D9DD3CF42147ED6C82BD0930A9A9	8C50A777A818B98427A3EA674ADE9D9C467DC522	E6A04A4BA424854B7FDEAA135CFC2F75D3B899C1D0B2328E776B0E3D1D20EEE6
Chrome Cache Entry: 153	JSON data	E24923FB65351A8CEBFB5B01BCFF25AE	CDBBF0CD4C948211FD6EF1655D613F4E6909EF74	BB5489C72D63938DEFAED7089FB15041D785CAF9670689BF6798727CC1606A2C
Chrome Cache Entry: 96	ASCII text, with very long lines (65536), with no line terminators	B296B4C75609F7394201AB7706F880E0	E3FD757FF61EC1C23899D001A2020617C3035207	88125934601427FE82D7B1A96227B38F0A683F35FB338D58F15574AECAB63255
Chrome Cache Entry: 98	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 99	ASCII text, with very long lines (3679), with no line terminators	CAEEE3CB357AFC2B0652879931CE7087	B6540DB15A4154BBCB6CBF0B0F5E9066510CCB2A	6D0D6ABA222713BB6986328283769C800CB4BA8E51723F1AA4E22DCFCAE0E770

Phishing

Yara detected HtmlPhish29

Source: Yara match	File source: 8.11..script.csv, type: HTML
Source: Yara match	File source: 9.12..script.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_96, type: DROPPED
Source: Yara match	File source: dropped/chromecache_117, type: DROPPED

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 2.6	OCR Text: M ETALPACK sri. SHARED A DOCUMENT WITH YOU PDF CLICK HERE TO VIEW YOUR DOCUMENT METALPACK sri. This document has been scanned for viruses by Norton'" AntiVirus Security Standard Software 2024 by
Source: Chrome DOM: 2.7	OCR Text: METALPACK sri. SHARED A DOCUMENT WITH YOU * *Pages 2 PDF CLICK HERE TO VIEW YOUR DOCUMENT METALPACK sri. This document has been scanned for viruses by Norton'V AntiVirus Security Standard Software 2024 by

HTML page contains hidden javascript code

Source: https://app.pipefy.com/public/form/41kuSg4l

HTTP Parser: Base64 decoded: sv=o365_1_one&rand=NmtDeFk=&uid=USER18092024U19091835

Source: https://app.pipefy.com/public/form/41kuSg4l	HTTP Parser: No favicon
Source: https://app.pipefy.com/public/form/41kuSg4l	HTTP Parser: No favicon
Source: https://app.pipefy.com/public/form/41kuSg4l	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:54227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:54232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:54237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:54305 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: fshjjfetalpacksrlfggghhgfgj.taplink.ws
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: mc.yandex.ru
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: taplink.st
Source: global traffic	DNS traffic detected: DNS query: app.pipefy.com
Source: global traffic	DNS traffic detected: DNS query: pipestyle.staticpipefy.com
Source: global traffic	DNS traffic detected: DNS query: pipeui.staticpipefy.com
Source: global traffic	DNS traffic detected: DNS query: assets.staticpipefy.com
Source: global traffic	DNS traffic detected: DNS query: ws-mt1.pusher.com
Source: global traffic	DNS traffic detected: DNS query: sockjs.pusher.com
Source: global traffic	DNS traffic detected: DNS query: js.hcaptcha.com
Source: global traffic	DNS traffic detected: DNS query: api-js.mixpanel.com
Source: global traffic	DNS traffic detected: DNS query: app-location.pipefy.com
Source: global traffic	DNS traffic detected: DNS query: newassets.hcaptcha.com
Source: global traffic	DNS traffic detected: DNS query: api2.hcaptcha.com
Source: global traffic	DNS traffic detected: DNS query: apm.pipefy.com
Source: global traffic	DNS traffic detected: DNS query: dianemccabe.com

Source: unknown	Network traffic detected: HTTP traffic on port 54282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54309
Source: unknown	Network traffic detected: HTTP traffic on port 54287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54307
Source: unknown	Network traffic detected: HTTP traffic on port 54258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54302
Source: unknown	Network traffic detected: HTTP traffic on port 54293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54300
Source: unknown	Network traffic detected: HTTP traffic on port 54241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54303
Source: unknown	Network traffic detected: HTTP traffic on port 54315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54319
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54318
Source: unknown	Network traffic detected: HTTP traffic on port 54259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54312
Source: unknown	Network traffic detected: HTTP traffic on port 54242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54315
Source: unknown	Network traffic detected: HTTP traffic on port 54200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54314
Source: unknown	Network traffic detected: HTTP traffic on port 54316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54320
Source: unknown	Network traffic detected: HTTP traffic on port 54275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54321 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54208
Source: unknown	Network traffic detected: HTTP traffic on port 54264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54323
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54325
Source: unknown	Network traffic detected: HTTP traffic on port 54310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54210
Source: unknown	Network traffic detected: HTTP traffic on port 54270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54299
Source: unknown	Network traffic detected: HTTP traffic on port 54240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54199
Source: unknown	Network traffic detected: HTTP traffic on port 54269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54258
Source: unknown	Network traffic detected: HTTP traffic on port 54244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54255
Source: unknown	Network traffic detected: HTTP traffic on port 54221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54260
Source: unknown	Network traffic detected: HTTP traffic on port 54296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54262
Source: unknown	Network traffic detected: HTTP traffic on port 54273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54271
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54270
Source: unknown	Network traffic detected: HTTP traffic on port 54227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54273
Source: unknown	Network traffic detected: HTTP traffic on port 54255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54279
Source: unknown	Network traffic detected: HTTP traffic on port 54278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54281
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54280
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54287
Source: unknown	Network traffic detected: HTTP traffic on port 54245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54285
Source: unknown	Network traffic detected: HTTP traffic on port 54302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54289
Source: unknown	Network traffic detected: HTTP traffic on port 54208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54288
Source: unknown	Network traffic detected: HTTP traffic on port 54222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54294
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54293
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54291
Source: unknown	Network traffic detected: HTTP traffic on port 54295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54295
Source: unknown	Network traffic detected: HTTP traffic on port 54267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54290
Source: unknown	Network traffic detected: HTTP traffic on port 54307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54214
Source: unknown	Network traffic detected: HTTP traffic on port 54314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54212
Source: unknown	Network traffic detected: HTTP traffic on port 54205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54220
Source: unknown	Network traffic detected: HTTP traffic on port 54277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54225
Source: unknown	Network traffic detected: HTTP traffic on port 54220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54224
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54230
Source: unknown	Network traffic detected: HTTP traffic on port 54272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54237
Source: unknown	Network traffic detected: HTTP traffic on port 54226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54243
Source: unknown	Network traffic detected: HTTP traffic on port 54271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54242
Source: unknown	Network traffic detected: HTTP traffic on port 54294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54240
Source: unknown	Network traffic detected: HTTP traffic on port 54210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54244
Source: unknown	Network traffic detected: HTTP traffic on port 54204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54250
Source: unknown	Network traffic detected: HTTP traffic on port 54299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54251
Source: unknown	Network traffic detected: HTTP traffic on port 54303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54215 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:54227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:54232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:54237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:54305 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@19/46@68/210

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1852,i,15151632708212088530,3997094878592568359,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1852,i,15151632708212088530,3997094878592568359,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/	LLM: Page contains button: 'VIEW DOCUMENT HERE' Source: '0.1.pages.csv'
Source: https://app.pipefy.com/public/form/41kuSg4l	LLM: Page contains button: 'CLICK HERE TO VIEW YOUR DOCUMENT' Source: '2.4.pages.csv'

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1522628
Product:	CloudBasic
Start time:	13:50:54
Start date:	30.09.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/