Windows Analysis Report
https://statesborozga.cfd/Proten/

Overview

General Information

Sample URL:	https://statesborozga.cfd/Proten/
Analysis ID:	1427688
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Snort IDS alert for network traffic

Yara detected HtmlPhish10

Yara detected HtmlPhish7

Phishing site detected (based on shot match)

Phishing site or detected (based on various text indicators)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://statesborozga.cfd/Proten/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_78, type: DROPPED

Yara detected HtmlPhish7

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_78, type: DROPPED

Phishing site detected (based on shot match)

Source: https://statesborozga.cfd/Proten/

Matcher: Template: multims matched

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.0

OCR Text: Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook Sign in with Office365 Sign in with Other Mail Select your email provider to view Document CopyRightO 2020

HTML body contains low number of good links

Source: https://statesborozga.cfd/Proten/

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://statesborozga.cfd/Proten/

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: https://statesborozga.cfd/Proten/

HTTP Parser: Title: Share Point Online does not match URL

Source: https://statesborozga.cfd/Proten/

HTTP Parser: <input type="password" .../> found

Source: https://statesborozga.cfd/Proten/

HTTP Parser: No favicon

Source: https://statesborozga.cfd/Proten/

HTTP Parser: No <meta name="author".. found

Source: https://statesborozga.cfd/Proten/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49770 version: TLS 1.2

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2032515 ET CURRENT_EVENTS Generic Multibrand Ajax XHR CredPost Phishing Landing 172.67.137.170:443 -> 192.168.2.4:49735

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Proten/ HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/css/hover.css HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/adobe.jpg HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/outlook1.png HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://statesborozga.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://statesborozga.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://statesborozga.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/office3651.png HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/other1.png HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/outlook1.png HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/adobe.jpg HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/gmail.png HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://statesborozga.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://statesborozga.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/8.jpg HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://statesborozga.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://statesborozga.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://statesborozga.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://statesborozga.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/other1.png HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/office3651.png HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/gmail.png HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/8.jpg HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: statesborozga.cfd

Source: unknown

HTTP traffic detected: POST /report/v4?s=XNBO0AWxeY0lvRO8PAKfVPSrr85CDwEuJf4GPrDq6nJJmOAj2X11IvgYZuKQLs4Zq8w86UdDTsggHHx7V%2BJqNZd5i6zkq9RNbv1weLllln3w%2B9VRmfi%2Fwfa2YTc4zU1AefQFbA%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 432Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 22:28:03 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XNBO0AWxeY0lvRO8PAKfVPSrr85CDwEuJf4GPrDq6nJJmOAj2X11IvgYZuKQLs4Zq8w86UdDTsggHHx7V%2BJqNZd5i6zkq9RNbv1weLllln3w%2B9VRmfi%2Fwfa2YTc4zU1AefQFbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 875fd8914e60453d-ATLalt-svc: h3=":443"; ma=86400

Source: chromecache_68.2.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: chromecache_68.2.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: chromecache_91.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_78.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_78.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_78.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_78.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: chromecache_78.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: chromecache_84.2.dr, chromecache_90.2.dr, chromecache_70.2.dr, chromecache_76.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_84.2.dr, chromecache_90.2.dr, chromecache_70.2.dr, chromecache_76.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: chromecache_86.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v22/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: chromecache_69.2.dr, chromecache_66.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_68.2.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: chromecache_69.2.dr, chromecache_66.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_66.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_73.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: chromecache_73.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: chromecache_78.2.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: chromecache_78.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: chromecache_78.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: chromecache_78.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49770 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@16/48@20/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2072,i,9318174922790436995,11561750414343662516,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://statesborozga.cfd/Proten/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2072,i,9318174922790436995,11561750414343662516,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
172.67.137.170	statesborozga.cfd	United States	13335	CLOUDFLARENETUS	true
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.9.99	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
a.nel.cloudflare.com	35.190.80.1	true
code.jquery.com	151.101.130.137	true
cdnjs.cloudflare.com	104.17.24.14	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
www.google.com	142.250.9.99	true
statesborozga.cfd	172.67.137.170	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
ka-f.fontawesome.com	unknown	unknown
kit.fontawesome.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://statesborozga.cfd/Proten/images/outlook1.png	true	unknown
https://statesborozga.cfd/Proten/	true	unknown
https://statesborozga.cfd/Proten/images/gmail.png	true	unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js	false	high
https://code.jquery.com/jquery-3.1.1.min.js	false	high
https://statesborozga.cfd/favicon.ico	true	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	false	high
https://statesborozga.cfd/Proten/css/hover.css	true	unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false	high
https://a.nel.cloudflare.com/report/v4?s=XNBO0AWxeY0lvRO8PAKfVPSrr85CDwEuJf4GPrDq6nJJmOAj2X11IvgYZuKQLs4Zq8w86UdDTsggHHx7V%2BJqNZd5i6zkq9RNbv1weLllln3w%2B9VRmfi%2Fwfa2YTc4zU1AefQFbA%3D%3D	false	high
https://statesborozga.cfd/Proten/images/adobe.jpg	true	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false	high
https://statesborozga.cfd/Proten/images/office3651.png	true	unknown
https://statesborozga.cfd/Proten/images/8.jpg	true	unknown
https://statesborozga.cfd/Proten/images/other1.png	true	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 64	ASCII text, with very long lines (32030)	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
Chrome Cache Entry: 65	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced	FE22440D79FFA34950F512EF4A718B2A	0E147E59544EE6580D3095353D4420849FA5EB8A	A2F26B68A6C8810C1AEB4048C938F835A86BA83756A7A440F989B967E78F3BA8
Chrome Cache Entry: 66	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 67	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 68	ASCII text	FAC4178C15E5A86139C662DAFC809501	EF1481841399156A880EC31B07DDA9CFAA1ACE39	BB88454962767EB6F2DDB1AABAAF844D8A57DE7E8F848D7F6928F81B54998452
Chrome Cache Entry: 69	ASCII text, with very long lines (65325)	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
Chrome Cache Entry: 70	ASCII text, with very long lines (60130)	A12EC7EBE75A4D59A5DD6B79E2BA2E16	28F5DCC595EE6D4163481EF64170180502C8629B	FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
Chrome Cache Entry: 71	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced	6843A244E12FAB158AA189680B5E7049	0E1C691F87CC4FA35C88344974F2829C40176B70	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
Chrome Cache Entry: 72	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced	C3FC46C5799C76F9107504028F39190F	519096AD3F03410CF9CE3C9B9FCCA6B439D97B23	57898461712A639D119BDF88B7145919DCC8956C7A271D2E4A1084B29EAE6785
Chrome Cache Entry: 73	ASCII text, with very long lines (11461)	AD8F17350E1D4A04420CBB4B0DECAA9F	75F7FC910753DAAA4CDF21E635D19BB360E910A4	C793566A031D49B4E445CC0A876D62A160A6C520D42ACD80F3FDC06323F94FD4
Chrome Cache Entry: 74	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 75	ASCII text, with no line terminators	4C42AB4890733A2B01B1B3269C4855E7	5B68BFE664DCBC629042EA45C23954EEF1A9F698	F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
Chrome Cache Entry: 76	ASCII text, with very long lines (26500)	76F34B71FC9FB641507FF6A822CC07F5	73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4	6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8
Chrome Cache Entry: 77	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced	DCE2F2B0E50CB1DBB0246D152791CB46	D0A69C159304EDC08DB005163E7A0DAF5A1E98A6	ACF087C1757F08B0CFD53D59066544D7EF0BFCC50999E77C5813739CD9DC1479
Chrome Cache Entry: 78	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	6D1D3C4FD92B63CC534BE0EDF3AF18DC	5F5442FEB5BE60239F185E969C45050A7DBADE2A	65ADCB045AEFB4D0028A6AF36EC9D42BBD4DAE9AFF2CF85810BB4A6F44D4B25C
Chrome Cache Entry: 79	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 80	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced	6843A244E12FAB158AA189680B5E7049	0E1C691F87CC4FA35C88344974F2829C40176B70	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
Chrome Cache Entry: 81	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, components 3	BE5274AF7D8BD25B8148A190FF515399	B8D0850FD92EE935287E17988B89E53607808C8C	26C62DBDF527B8DCBF378EA62F129CBBBA3B244730687909BA21ECD729C9D2E6
Chrome Cache Entry: 82	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, components 3	BE5274AF7D8BD25B8148A190FF515399	B8D0850FD92EE935287E17988B89E53607808C8C	26C62DBDF527B8DCBF378EA62F129CBBBA3B244730687909BA21ECD729C9D2E6
Chrome Cache Entry: 83	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, components 3	F17B5B1163EFB6D2D47DE6BAE6D3A9CD	6D6964B34BC44C6D2B106ADE1AE675985B96D012	7829F065E0E10C8466F3D57766E0719421B7B652F6A1082F21B98702F1B28A30
Chrome Cache Entry: 84	ASCII text, with very long lines (60130)	A12EC7EBE75A4D59A5DD6B79E2BA2E16	28F5DCC595EE6D4163481EF64170180502C8629B	FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
Chrome Cache Entry: 85	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, components 3	F17B5B1163EFB6D2D47DE6BAE6D3A9CD	6D6964B34BC44C6D2B106ADE1AE675985B96D012	7829F065E0E10C8466F3D57766E0719421B7B652F6A1082F21B98702F1B28A30
Chrome Cache Entry: 86	ASCII text	7BE6170E0A828586DA13D24BD8B5DF5B	0B0A3446427EE7B5D707435A5910949A0CF4D33D	2BC55CCCEF92CA55D0D6FA4FC66BF1064EC6B35D8BCD2B75EB561DEA0F4BBE72
Chrome Cache Entry: 87	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced	C3FC46C5799C76F9107504028F39190F	519096AD3F03410CF9CE3C9B9FCCA6B439D97B23	57898461712A639D119BDF88B7145919DCC8956C7A271D2E4A1084B29EAE6785
Chrome Cache Entry: 88	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced	DCE2F2B0E50CB1DBB0246D152791CB46	D0A69C159304EDC08DB005163E7A0DAF5A1E98A6	ACF087C1757F08B0CFD53D59066544D7EF0BFCC50999E77C5813739CD9DC1479
Chrome Cache Entry: 89	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced	FE22440D79FFA34950F512EF4A718B2A	0E147E59544EE6580D3095353D4420849FA5EB8A	A2F26B68A6C8810C1AEB4048C938F835A86BA83756A7A440F989B967E78F3BA8
Chrome Cache Entry: 90	ASCII text, with very long lines (26500)	76F34B71FC9FB641507FF6A822CC07F5	73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4	6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8
Chrome Cache Entry: 91	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://statesborozga.cfd/Proten/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_78, type: DROPPED

Yara detected HtmlPhish7

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_78, type: DROPPED

Phishing site detected (based on shot match)

Source: https://statesborozga.cfd/Proten/

Matcher: Template: multims matched

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.0

HTML body contains low number of good links

Source: https://statesborozga.cfd/Proten/

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://statesborozga.cfd/Proten/

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: https://statesborozga.cfd/Proten/

HTTP Parser: Title: Share Point Online does not match URL

Source: https://statesborozga.cfd/Proten/

HTTP Parser: <input type="password" .../> found

Source: https://statesborozga.cfd/Proten/

HTTP Parser: No favicon

Source: https://statesborozga.cfd/Proten/

HTTP Parser: No <meta name="author".. found

Source: https://statesborozga.cfd/Proten/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49770 version: TLS 1.2

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2032515 ET CURRENT_EVENTS Generic Multibrand Ajax XHR CredPost Phishing Landing 172.67.137.170:443 -> 192.168.2.4:49735

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Proten/ HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/css/hover.css HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/adobe.jpg HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/outlook1.png HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://statesborozga.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://statesborozga.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://statesborozga.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/office3651.png HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/other1.png HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/outlook1.png HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/adobe.jpg HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/gmail.png HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://statesborozga.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://statesborozga.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/8.jpg HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://statesborozga.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://statesborozga.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://statesborozga.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://statesborozga.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: statesborozga.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://statesborozga.cfd/Proten/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/other1.png HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/office3651.png HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/gmail.png HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Proten/images/8.jpg HTTP/1.1Host: statesborozga.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: statesborozga.cfd

Source: unknown

Source: global traffic

Source: chromecache_68.2.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: chromecache_68.2.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: chromecache_91.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_78.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_78.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_78.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_78.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: chromecache_78.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: chromecache_84.2.dr, chromecache_90.2.dr, chromecache_70.2.dr, chromecache_76.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_84.2.dr, chromecache_90.2.dr, chromecache_70.2.dr, chromecache_76.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_78.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: chromecache_86.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v22/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: chromecache_69.2.dr, chromecache_66.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_68.2.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: chromecache_69.2.dr, chromecache_66.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_66.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_73.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: chromecache_73.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: chromecache_78.2.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: chromecache_78.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: chromecache_78.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: chromecache_78.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49770 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@16/48@20/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2072,i,9318174922790436995,11561750414343662516,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://statesborozga.cfd/Proten/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2072,i,9318174922790436995,11561750414343662516,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1427688
Product:	CloudBasic
Start time:	00:27:07
Start date:	18.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://statesborozga.cfd/Proten/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://statesborozga.cfd/Proten/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://statesborozga.cfd/Proten/