Windows Analysis Report
http://shorten.so/fVj82

Overview

General Information

Sample URL:	http://shorten.so/fVj82
Analysis ID:	1592366
Infos:

Detection

Porn Scam

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected Porn Scam

Detected suspicious crossdomain redirect

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://shorten.so/fVj82

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://telexsexy.vercel.app/style.css	Avira URL Cloud: Label: phishing
Source: https://telexsexy.vercel.app/img/profile-1.jpg	Avira URL Cloud: Label: phishing
Source: https://shorten.so/fVj82	Avira URL Cloud: Label: phishing

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: m.dardaktrack.com to ttps://give.wewegombel.beauty/?utm_source=da57dc555e50572d&&ban=fb&j1=1&j5=1&j6=1&s1=224528&s2=2058143&s3=dr_superwin&s5=dr_superwin&click_id=640420
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: m.dardaktrack.com to ttps://give.wewegombel.beauty/?utm_source=da57dc555e50572d&&ban=fb&j1=1&j5=1&j6=1&s1=224528&s2=2058143&s3=dr_superwin&s5=dr_superwin&click_id=640421

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fVj82 HTTP/1.1Host: shorten.soConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: telexsexy.vercel.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /style.css HTTP/1.1Host: telexsexy.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/profile-1.jpg HTTP/1.1Host: telexsexy.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/telegram.css?227 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/tgwallpaper.min.js?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/profile-1.jpg HTTP/1.1Host: telexsexy.vercel.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/tgwallpaper.min.js?3 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap-icons@1.8.1/font/fonts/bootstrap-icons.woff2?524846017b983fc8ded9325d94ed40f3 HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://telexsexy.vercel.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/tgme/pattern.svg?1 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?227Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/tgme/pattern.svg?1 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tracking202/redirect/rtr.php?t202id=5179&c1=DR_SUPERWIN&t202kw=DR_SUPERWIN HTTP/1.1Host: m.dardaktrack.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tracking202/redirect/rtr.php?t202id=5179&c1=DR_SUPERWIN&t202kw=DR_SUPERWIN HTTP/1.1Host: m.dardaktrack.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tracking202subid-legacy=640420; tracking202subid_a_1-legacy=640420; tracking202subid=640420; tracking202subid_a_1=640420

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: shorten.so
Source: global traffic	DNS traffic detected: DNS query: telexsexy.vercel.app
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: telegram.org
Source: global traffic	DNS traffic detected: DNS query: m.dardaktrack.com

Source: chromecache_71.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_71.2.dr	String found in binary or memory: http://getbootstrap.com/customize/?id=92d2ac1b31978642b6b6)
Source: chromecache_73.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap-icons
Source: chromecache_73.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3-UBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3KUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3OUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://gist.github.com/92d2ac1b31978642b6b6
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_73.2.dr	String found in binary or memory: https://m.dardaktrack.com/tracking202/redirect/rtr.php?t202id=5179&c1=DR_SUPERWIN&t202kw=DR_SUPERWIN
Source: chromecache_81.2.dr	String found in binary or memory: https://osx.telegram.org/updates/site/artboard.png)
Source: chromecache_81.2.dr	String found in binary or memory: https://osx.telegram.org/updates/site/artboard_2x.png);
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/css/bootstrap.min.css?3
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/css/telegram.css?227
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/img/apple-touch-icon.png
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/img/favicon-16x16.png
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/img/favicon-32x32.png
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/img/favicon.ico
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/img/website_icon.svg?4
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/js/tgwallpaper.min.js?3

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Spam, unwanted Advertisements and Ransom Demands

Yara detected Porn Scam

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_73, type: DROPPED

Source: classification engine

Classification label: mal64.phis.win@19/34@19/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2020,i,10709465866894563731,12738537951718013317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://shorten.so/fVj82"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2020,i,10709465866894563731,12738537951718013317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
104.21.54.29	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.129.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
216.198.79.1	telexsexy.vercel.app	United States	11696	NBS11696US	false
103.253.213.43	m.dardaktrack.com	Indonesia	58487	RUMAHWEB-AS-IDRumahwebIndonesiaCVID	false
149.154.167.99	telegram.org	United Kingdom	62041	TELEGRAMRU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.29.17.129	unknown	Canada	13768	COGECO-PEER1CA	false

Private

IP
192.168.2.6
192.168.2.5

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.129.229	true
shorten.so	172.67.222.230	true
telexsexy.vercel.app	216.198.79.1	true
telegram.org	149.154.167.99	true
www.google.com	142.250.185.228	true
m.dardaktrack.com	103.253.213.43	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://telegram.org/img/favicon.ico	false		high
https://telexsexy.vercel.app/	false		unknown
https://shorten.so/fVj82	false	Avira URL Cloud: phishing	unknown
https://telegram.org/css/bootstrap.min.css?3	false		high
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/fonts/bootstrap-icons.woff2?524846017b983fc8ded9325d94ed40f3	false		high
https://telexsexy.vercel.app/style.css	false	Avira URL Cloud: phishing	unknown
https://telegram.org/js/tgwallpaper.min.js?3	false		high
https://telegram.org/css/telegram.css?227	false		high
https://m.dardaktrack.com/tracking202/redirect/rtr.php?t202id=5179&c1=DR_SUPERWIN&t202kw=DR_SUPERWIN	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css	false		high
https://telexsexy.vercel.app/img/profile-1.jpg	false	Avira URL Cloud: phishing	unknown
https://telegram.org/img/tgme/pattern.svg?1	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:45:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8EEE0BB1D13AB5B92947FE16DE3ADFD8	DC0CE1396A5BA268596D03F5CB80CFBC73BA3927	3B0497DC748B563085893F7790A6484768D68606D71B35C04540E09E09E20443
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:45:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	DC5342AE92CDE29C469066A8BF98A101	59AD242FD0693DBE96268E14E1C9E284EA0D12AC	89FEC6F955DF06C1A7E833AB11CC572E66F8283DF186A63BB04D0B84AFFE8AA1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	50E74DBDA1045E9A946D8D9EFB7F2B28	FEC90FFAD680F54251E81D9B6CCB40230C91F0E2	2D28076698D5F9F0D0E40D06BD88A6D0AE3C4886D44EEA0B3E19E2CDE1CEC1D7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:45:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	9C4D630285F39201EAE82E0077E3F633	B0AD8B18309DFAC21BBB6537C669BD68E59F678F	8A3EBD93DBBE7438B1843B5E0C546C91CAD64AB4E67C7BF43524DAAA70E5EE86
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:45:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	01ECAABD62D05DDE843E1844AB0A1DD4	681846028B7336270FCD5B7D3370763888437CA2	69C2C443C426DB8CE9ABD817E117D3CF46EA4DC5FE5EBB3405EFAF21C2E0181F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:45:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	122F4CE0395ECF5F26D257907A9D1A0B	ADFDC4CBDD3E5B22CA7DDC454EB781A1C0A70CFE	7102E11CCBD26ED7A8C757B190E2FB443309E217646E5205677BB1DCFF7899F8
Chrome Cache Entry: 66	Web Open Font Format (Version 2), TrueType, length 102536, version 1.0	1ED478A6B265D4B4F5C26BB063203588	1CA5E8C7D2FB8E9D60AD1A1FEB2A46E98C248A3D	C874E14C63DB86C4C5318C77CB557FCE7036645EDC7D690DCC1D23B389631B13
Chrome Cache Entry: 67	ASCII text, with very long lines (2979), with no line terminators	2B89D34702716A8AD2CC3977718F53A3	04406EBD6A9E2CE79DBAC5E5048CFE1384E4574A	2031E418EE10AF8110729B3F327B968462FC0A9D8D1DA095387BB472CCD0DEE6
Chrome Cache Entry: 68	ASCII text	79877FB82DE8CA50845081E3C9A201C5	4F6EA69C0E03431FFA1A097A45453B5B3B246D8B	AF35CC6ABA34E5005DE77099DFA72D4C1A7715D28DDCEC343F48031DC8CB08BC
Chrome Cache Entry: 69	ASCII text	A01E36ED97A0F4E064F9A2AA2B466148	E6A44EA80EEE8AB24C98B1EBA13CBC7FA9317C14	5C892A0A872B30B4DCAD6D5B308C44D1CEB335594B2E330A1EFB1C7B8742A8BC
Chrome Cache Entry: 70	SVG Scalable Vector Graphics image	60A734466163B28F1686AF09C1179739	9A003F3EC7E694A2EFC8DBCF92FD9CE21E6B3BDA	42A283706BCBAE303B45E27D91A99F63ABADDB2779E50509B260F56C47C5E749
Chrome Cache Entry: 71	ASCII text, with very long lines (42164)	C2656E265EF58A9CC9F4B70B15DA5FB9	85C5EBDB89D4574D72688C2650D4B84B9B09770A	F1D083FFAA644C708F11DB29707AA57C19246E6D32643B03FEE3F82C17B224B3
Chrome Cache Entry: 72	ASCII text, with very long lines (2979), with no line terminators	2B89D34702716A8AD2CC3977718F53A3	04406EBD6A9E2CE79DBAC5E5048CFE1384E4574A	2031E418EE10AF8110729B3F327B968462FC0A9D8D1DA095387BB472CCD0DEE6
Chrome Cache Entry: 73	HTML document, ASCII text, with very long lines (2422), with CRLF line terminators	636486FA445EF368762DC29D7131F894	4D22F6EC2C6D2F08890C224CDE5DFFC53F75FC27	DD0C446344A568907E8BB24E3B915D46D39AD7DDC955DA53068C8051525B89E6
Chrome Cache Entry: 74	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	5791D664309E275F4569D2F993C44782	A68F363153614A09F10AE2892C134B9C4B001D4B	4FF54BC38C267DC3A8C95F6ED4590336BAAEC70433EF15D027DDCA608C391E78
Chrome Cache Entry: 75	SVG Scalable Vector Graphics image	D0C22C6A97023D85BA6E644A41C44A5D	4284EFB616C182DA4450C123174CE0E81A322845	118ADD53487C02AAF5B5AB9F69380FA06717DEB10492E14AAA487E3C62806AD4
Chrome Cache Entry: 76	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1080x1071, components 3	1E4E8BF38A736DDBF3B37F725C2C6996	8665BB1F3713FA53ED4F049847781EE46CC02E39	EB1AFA33DE03F6734510282FBE8CF0C0DBAB3C91FCCBFA379C50681D419ADB65
Chrome Cache Entry: 77	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1080x1071, components 3	1E4E8BF38A736DDBF3B37F725C2C6996	8665BB1F3713FA53ED4F049847781EE46CC02E39	EB1AFA33DE03F6734510282FBE8CF0C0DBAB3C91FCCBFA379C50681D419ADB65
Chrome Cache Entry: 78	ASCII text, with very long lines (1572)	F45AAFE2B324E64D63E8B153E9ADBC7D	08832C24600D9AA313A362F46B52A57C3714C78F	5AC24792BD79036AC9072BC246E5FB4FF4F1E34F53781D5699B096E1D033D61F
Chrome Cache Entry: 79	Web Open Font Format (Version 2), TrueType, length 40128, version 1.0	9A01B69183A9604AB3A439E388B30501	8ED1D59003D0DBE6360481017B44665153665FBE	20B535FA80C8189E3B87D1803038389960203A886D502BC2EF1857AFFC2F38D2
Chrome Cache Entry: 80	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	5791D664309E275F4569D2F993C44782	A68F363153614A09F10AE2892C134B9C4B001D4B	4FF54BC38C267DC3A8C95F6ED4590336BAAEC70433EF15D027DDCA608C391E78
Chrome Cache Entry: 81	ASCII text, with very long lines (1267)	B38D5683C07DB3AA434F7DE738AA301F	A2E0B82BF74E02B9B51F9B288AADB680F57B180A	D2BCB4B97CAF9FF71A555D59424C806FA55F33F86F2F1A762C5C661AB84EB843

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://shorten.so/fVj82

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://telexsexy.vercel.app/style.css	Avira URL Cloud: Label: phishing
Source: https://telexsexy.vercel.app/img/profile-1.jpg	Avira URL Cloud: Label: phishing
Source: https://shorten.so/fVj82	Avira URL Cloud: Label: phishing

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: m.dardaktrack.com to ttps://give.wewegombel.beauty/?utm_source=da57dc555e50572d&&ban=fb&j1=1&j5=1&j6=1&s1=224528&s2=2058143&s3=dr_superwin&s5=dr_superwin&click_id=640420
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: m.dardaktrack.com to ttps://give.wewegombel.beauty/?utm_source=da57dc555e50572d&&ban=fb&j1=1&j5=1&j6=1&s1=224528&s2=2058143&s3=dr_superwin&s5=dr_superwin&click_id=640421

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fVj82 HTTP/1.1Host: shorten.soConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: telexsexy.vercel.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /style.css HTTP/1.1Host: telexsexy.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/profile-1.jpg HTTP/1.1Host: telexsexy.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/telegram.css?227 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/tgwallpaper.min.js?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/profile-1.jpg HTTP/1.1Host: telexsexy.vercel.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/tgwallpaper.min.js?3 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap-icons@1.8.1/font/fonts/bootstrap-icons.woff2?524846017b983fc8ded9325d94ed40f3 HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://telexsexy.vercel.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/tgme/pattern.svg?1 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?227Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/tgme/pattern.svg?1 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tracking202/redirect/rtr.php?t202id=5179&c1=DR_SUPERWIN&t202kw=DR_SUPERWIN HTTP/1.1Host: m.dardaktrack.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tracking202/redirect/rtr.php?t202id=5179&c1=DR_SUPERWIN&t202kw=DR_SUPERWIN HTTP/1.1Host: m.dardaktrack.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://telexsexy.vercel.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tracking202subid-legacy=640420; tracking202subid_a_1-legacy=640420; tracking202subid=640420; tracking202subid_a_1=640420

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: shorten.so
Source: global traffic	DNS traffic detected: DNS query: telexsexy.vercel.app
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: telegram.org
Source: global traffic	DNS traffic detected: DNS query: m.dardaktrack.com

Source: chromecache_71.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_71.2.dr	String found in binary or memory: http://getbootstrap.com/customize/?id=92d2ac1b31978642b6b6)
Source: chromecache_73.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap-icons
Source: chromecache_73.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3-UBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3KUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3OUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2)
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://gist.github.com/92d2ac1b31978642b6b6
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_73.2.dr	String found in binary or memory: https://m.dardaktrack.com/tracking202/redirect/rtr.php?t202id=5179&c1=DR_SUPERWIN&t202kw=DR_SUPERWIN
Source: chromecache_81.2.dr	String found in binary or memory: https://osx.telegram.org/updates/site/artboard.png)
Source: chromecache_81.2.dr	String found in binary or memory: https://osx.telegram.org/updates/site/artboard_2x.png);
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/css/bootstrap.min.css?3
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/css/telegram.css?227
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/img/apple-touch-icon.png
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/img/favicon-16x16.png
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/img/favicon-32x32.png
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/img/favicon.ico
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/img/website_icon.svg?4
Source: chromecache_73.2.dr	String found in binary or memory: https://telegram.org/js/tgwallpaper.min.js?3

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Spam, unwanted Advertisements and Ransom Demands

Yara detected Porn Scam

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_73, type: DROPPED

Source: classification engine

Classification label: mal64.phis.win@19/34@19/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2020,i,10709465866894563731,12738537951718013317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://shorten.so/fVj82"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2020,i,10709465866894563731,12738537951718013317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1592366
Product:	CloudBasic
Start time:	01:45:06
Start date:	16.01.2025
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://shorten.so/fVj82

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://shorten.so/fVj82

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://shorten.so/fVj82