Windows Analysis Report
https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68

Overview

General Information

Sample URL:	https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68
Analysis ID:	1431752
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://policy.app.cookieinformation.com/cookiesharingiframe.html	HTTP Parser: No favicon
Source: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68	HTTP Parser: No favicon
Source: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68/thumbs	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49760 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /s/3542495a6cd3d7a4aafad5878d671fdee68 HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/runtime~JOTTACLOUD-index.98f9bd25.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/css/webapp.eaa2773d.css HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/theme-base.7eb0dc3a.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/jotta-grpc-web.b87f4a9d.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/npm-google-protobuf.c3c5e8c7.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uc.js HTTP/1.1Host: policy.app.cookieinformation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/npm-sentry.c675f161.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/npm-framer-motion.af380232.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/container_FDVOG8VX.js HTTP/1.1Host: a.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookie-data/jottacloud.com/cabl.json HTTP/1.1Host: policy.app.cookieinformation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.jottacloud.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4f0a08/jottacloud.com/en.js HTTP/1.1Host: policy.app.cookieinformation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookiesharingiframe.html HTTP/1.1Host: policy.app.cookieinformation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/jottacloud/manifest.webmanifest HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookie-data/jottacloud.com/cabl.json HTTP/1.1Host: policy.app.cookieinformation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/vendors.0de7db0d.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/webapp.26b5d2fd.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/JOTTACLOUD-index.ffe4e009.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /max/640/16QnpXsV5n4K5WEgLEga1kQ.png HTTP/1.1Host: miro.medium.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/resize:fit:640/16QnpXsV5n4K5WEgLEga1kQ.png HTTP/1.1Host: miro.medium.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/resize:fit:640/16QnpXsV5n4K5WEgLEga1kQ.png HTTP/1.1Host: miro.medium.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/locale-en.069cdc79.chunk.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/2261.61f7fd45.chunk.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1
Source: global traffic	HTTP traffic detected: GET /webapp_static/css/PublicFiles.6c2dd39d.chunk.css HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /webapp_static/jottacloud/favicon.ico HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /api/status HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/npm-swiper.5e1e53e5.chunk.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /api/7/envelope/?sentry_key=6b7861b074be4432b07abf1556a435d1&sentry_version=7&sentry_client=sentry.javascript.react%2F7.94.1 HTTP/1.1Host: sn.jotta.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/PublicFiles.7551f10a.chunk.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /api/status HTTP/1.1Host: www.jottacloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /webapp_static/jottacloud/favicon.ico HTTP/1.1Host: www.jottacloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /no.jotta.openapi.config.v2.ConfigService/GetConfig HTTP/1.1Host: api.jotta.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/consent HTTP/1.1Host: consent.app.cookieinformation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /no.jotta.openapi.sharing.v2.PublicSharingService/LookupShare HTTP/1.1Host: api.jotta.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Ouw643MCOSNyNVY&MD=2EKvBKgO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Ouw643MCOSNyNVY&MD=2EKvBKgO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_117.1.dr, chromecache_103.1.dr

String found in binary or memory: {"metadata":{"last_updated":"2024-04-21T18:03:43.674Z","autoblocking_enabled":false},"cookies":[{"name":"JOTTA_BROWSER","domain":"id.jottacloud.com","category":"cookie_cat_necessary"},{"name":"access_token","domain":"jottacloud.com","category":"cookie_cat_necessary"},{"name":"refresh_token","domain":"jottacloud.com","category":"cookie_cat_necessary"},{"name":"_pk_sesxxx","domain":".jottacloud.com","category":"cookie_cat_necessary"},{"name":"_pk_idxxx","domain":".jottacloud.com","category":"cookie_cat_necessary"},{"name":"browserId","domain":".jottacloud.com","category":"cookie_cat_necessary"},{"name":"accept_language","domain":"www.jottacloud.com","category":"cookie_cat_necessary"},{"name":"timezoneOffset","domain":".jottacloud.com","category":"cookie_cat_necessary"},{"name":"accept_language","domain":"jottacloud.com","category":"cookie_cat_necessary"},{"name":"lang","domain":".www.jottacloud.com","category":"cookie_cat_necessary"},{"name":"_pk_sesxxx","domain":".jottacloud.com","category":"cookie_cat_statistic"},{"name":"_pk_idxxx","domain":".jottacloud.com","category":"cookie_cat_statistic"},{"name":"_pk_testcookiexxx","domain":".jottacloud.com","category":"cookie_cat_statistic"},{"name":"fr","domain":".facebook.com","category":"cookie_cat_marketing"},{"name":"__cflb","domain":"api2.hcaptcha.com","category":"cookie_cat_marketing"},{"name":"A55L6WVklqnmELB1Omho","domain":"jottacloud.com","category":"cookie_cat_unclassified"},{"name":"kf25deHbhkSyas6WYblc","domain":"www.jottacloud.com","category":"cookie_cat_unclassified"},{"name":"uiExfKEDf6VEuekzlNGX","domain":"www.jottacloud.com","category":"cookie_cat_unclassified"},{"name":"tYMY0T3z9kuxV2Lo9x18","domain":"jottacloud.com","category":"cookie_cat_unclassified"},{"name":"RWK5lx72Pel95nyx4QUo","domain":"jottacloud.com","category":"cookie_cat_unclassified"},{"name":"AVouF2xDGWFcdm9RM05p","domain":"www.jottacloud.com","category":"cookie_cat_unclassified"},{"name":"hmt_id","domain":"api.hcaptcha.com","category":"cookie_cat_unclassified"},{"name":"fq1eKpr6qshtfZ7Z8riX","domain":"jottacloud.com","category":"cookie_cat_unclassified"},{"name":"DY9cuSw5nnmDcgXiEIN2","domain":"www.jottacloud.com","category":"cookie_cat_unclassified"},{"name":"FXLSehksuMvjzIYkWoPB","domain":"www.jottacloud.com","category":"cookie_cat_unclassified"},{"name":"HrOhLS7xEm2V4xwI113Z","domain":"www.jottacloud.com","category":"cookie_cat_unclassified"},{"name":"3m3iXHEiDUxDemVqhdiJ","domain":"www.jottacloud.com","category":"cookie_cat_unclassified"},{"name":"rUCM14cN2E1YftEJESkS","domain":"jottacloud.com","category":"cookie_cat_unclassified"},{"name":"kncWENElynaEqUOT37bM","domain":"jottacloud.com","category":"cookie_cat_unclassified"},{"name":"JB3q4D0cfzyNKcpaYSsP","domain":"www.jottacloud.com","category":"cookie_cat_unclassified"},{"name":"3aAndVPTiWeupXxWtzgu","domain":"jottacloud.com","category":"cookie_cat_unclassified"},{"name":"7BbKKKj1vDCrXwI55KBV","domain":"jottacloud.com","category":"cookie_cat_unclassified"},{"name":"g

Source: global traffic	DNS traffic detected: DNS query: www.jottacloud.com
Source: global traffic	DNS traffic detected: DNS query: a.jottacloud.com
Source: global traffic	DNS traffic detected: DNS query: policy.app.cookieinformation.com
Source: global traffic	DNS traffic detected: DNS query: miro.medium.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sn.jotta.cloud
Source: global traffic	DNS traffic detected: DNS query: api.jotta.cloud
Source: global traffic	DNS traffic detected: DNS query: consent.app.cookieinformation.com

Source: unknown

HTTP traffic detected: POST /js/?action_name=Jottacloud&idsite=1&rec=1&r=622057&h=18&m=12&s=41&url=https%3A%2F%2Fwww.jottacloud.com%2Fs%2F3542495a6cd3d7a4aafad5878d671fdee68&_id=7d25297dbabf0d06&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=XUR0SG&pf_net=693&pf_srv=429&pf_tfr=1&pf_dm1=12&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D HTTP/1.1Host: a.jottacloud.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=utf-8Accept: */*Origin: https://www.jottacloud.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Content-Length: 150Content-Security-Policy: default-src 'none'Content-Type: text/html; charset=utf-8Date: Thu, 25 Apr 2024 16:12:51 GMTX-Content-Type-Options: nosniffX-Powered-By: ExpressConnection: close

Source: chromecache_116.1.dr	String found in binary or memory: https://10.244.63.148/js/container_FDVOG8VX_preview.js
Source: chromecache_107.1.dr	String found in binary or memory: https://a.jottacloud.com/js/container_FDVOG8VX.js
Source: chromecache_107.1.dr	String found in binary or memory: https://api.jotta.cloud
Source: chromecache_116.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: chromecache_116.1.dr	String found in binary or memory: https://developer.matomo.org/api-reference/tracking-javascript
Source: chromecache_116.1.dr	String found in binary or memory: https://developer.matomo.org/guides/tracking-javascript-guide#multiple-piwik-trackers
Source: chromecache_102.1.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Roboto:wght
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_116.1.dr	String found in binary or memory: https://github.com/matomo-org/matomo/blob/master/js/piwik.js
Source: chromecache_116.1.dr	String found in binary or memory: https://github.com/matomo-org/tag-manager/blob/master/js/piwik.js
Source: chromecache_116.1.dr	String found in binary or memory: https://github.com/salesforce/secure-filters/blob/master/LICENSE.txt
Source: chromecache_116.1.dr	String found in binary or memory: https://github.com/salesforce/secure-filters/blob/master/lib/secure-filters.js
Source: chromecache_91.1.dr	String found in binary or memory: https://lea.verou.me
Source: chromecache_116.1.dr	String found in binary or memory: https://matomo.org
Source: chromecache_116.1.dr	String found in binary or memory: https://matomo.org/free-software/bsd/
Source: chromecache_91.1.dr	String found in binary or memory: https://opensource.org/licenses/MIT
Source: chromecache_116.1.dr	String found in binary or memory: https://piwik.org
Source: chromecache_116.1.dr	String found in binary or memory: https://piwik.org/free-software/bsd/
Source: chromecache_107.1.dr	String found in binary or memory: https://policy.app.cookieinformation.com/uc.js
Source: chromecache_97.1.dr	String found in binary or memory: https://tools.google.com/dlpage/gaoptout
Source: chromecache_91.1.dr	String found in binary or memory: https://www.npmjs.com/package/hash-wasm)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49760 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@15/71@30/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1288,i,9005195846985915439,14573579907242159260,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1288,i,9005195846985915439,14573579907242159260,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
152.195.19.97	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
185.179.129.37	www.jottacloud.com	Norway	206667	JOTTA-ASNO	false
185.179.129.39	a.jottacloud.com	Norway	206667	JOTTA-ASNO	false
108.177.122.106	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
162.159.152.4	miro.medium.com	United States	13335	CLOUDFLARENETUS	false
185.179.129.31	sn.jotta.cloud	Norway	206667	JOTTA-ASNO	false
185.179.128.40	api.jotta.cloud	Norway	206667	JOTTA-ASNO	false
20.76.133.196	consent.app.cookieinformation.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
sn.jotta.cloud	185.179.129.31	true
www.jottacloud.com	185.179.129.37	true
api.jotta.cloud	185.179.128.40	true
sni1gl.wpc.omegacdn.net	152.195.19.97	true
www.google.com	108.177.122.106	true
a.jottacloud.com	185.179.129.39	true
consent.app.cookieinformation.com	20.76.133.196	true
miro.medium.com	162.159.152.4	true
policy.app.cookieinformation.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.jottacloud.com/webapp_static/js/vendors.0de7db0d.js	false		high
https://www.jottacloud.com/webapp_static/css/PublicFiles.6c2dd39d.chunk.css	false		high
https://api.jotta.cloud/no.jotta.openapi.sharing.v2.PublicSharingService/LookupShare	false	Avira URL Cloud: safe	unknown
https://a.jottacloud.com/js/container_FDVOG8VX.js	false		high
https://policy.app.cookieinformation.com/cookiesharingiframe.html	false		unknown
https://sn.jotta.cloud/api/7/envelope/?sentry_key=6b7861b074be4432b07abf1556a435d1&sentry_version=7&sentry_client=sentry.javascript.react%2F7.94.1	false	Avira URL Cloud: safe	unknown
https://a.jottacloud.com/js/?action_name=Jottacloud&idsite=1&rec=1&r=499272&h=18&m=12&s=48&url=https%3A%2F%2Fwww.jottacloud.com%2Fs%2F3542495a6cd3d7a4aafad5878d671fdee68%2Fthumbs&_id=7d25297dbabf0d06&_idn=0&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=YjXcYM&uadata=%7B%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117%22%7D%5D%2C%22platform%22%3A%22Windows%22%7D	false		high
https://www.jottacloud.com/webapp_static/js/runtime~JOTTACLOUD-index.98f9bd25.js	false		high
https://www.jottacloud.com/webapp_static/js/JOTTACLOUD-index.ffe4e009.js	false		high
https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68	false		high
https://a.jottacloud.com/js/?action_name=Jottacloud&idsite=1&rec=1&r=008840&h=18&m=12&s=46&url=https%3A%2F%2Fwww.jottacloud.com%2Fs%2F3542495a6cd3d7a4aafad5878d671fdee68&_id=7d25297dbabf0d06&_idn=0&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pf_net=693&pf_srv=429&pf_tfr=1&pf_dm1=12&pf_dm2=6205&pf_onl=1&pv_id=gLZtRm&uadata=%7B%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117%22%7D%5D%2C%22platform%22%3A%22Windows%22%7D	false		high
https://www.jottacloud.com/webapp_static/js/npm-swiper.5e1e53e5.chunk.js	false		high
https://www.jottacloud.com/webapp_static/js/npm-sentry.c675f161.js	false		high
https://www.jottacloud.com/webapp_static/js/theme-base.7eb0dc3a.js	false		high
https://www.jottacloud.com/webapp_static/js/locale-en.069cdc79.chunk.js	false		high
https://policy.app.cookieinformation.com/4f0a08/jottacloud.com/en.js	false	Avira URL Cloud: safe	unknown
https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68/thumbs	false		high
https://www.jottacloud.com/api/status	false		high
https://api.jotta.cloud/no.jotta.openapi.config.v2.ConfigService/GetConfig	false	Avira URL Cloud: safe	unknown
https://policy.app.cookieinformation.com/cookie-data/jottacloud.com/cabl.json	false	Avira URL Cloud: safe	unknown
https://www.jottacloud.com/webapp_static/css/webapp.eaa2773d.css	false		high
https://www.jottacloud.com/webapp_static/js/webapp.26b5d2fd.js	false		high
https://miro.medium.com/v2/resize:fit:640/1*6QnpXsV5n4K5WEgLEga1kQ.png	false		high
https://www.jottacloud.com/webapp_static/js/PublicFiles.7551f10a.chunk.js	false		high
https://consent.app.cookieinformation.com/api/consent	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://miro.medium.com/max/640/1*6QnpXsV5n4K5WEgLEga1kQ.png	false		high
https://www.jottacloud.com/webapp_static/jottacloud/favicon.ico	false		high
https://www.jottacloud.com/webapp_static/js/jotta-grpc-web.b87f4a9d.js	false		high
https://www.jottacloud.com/webapp_static/js/2261.61f7fd45.chunk.js	false		high
https://a.jottacloud.com/js/?action_name=Jottacloud&idsite=1&rec=1&r=622057&h=18&m=12&s=41&url=https%3A%2F%2Fwww.jottacloud.com%2Fs%2F3542495a6cd3d7a4aafad5878d671fdee68&_id=7d25297dbabf0d06&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=XUR0SG&pf_net=693&pf_srv=429&pf_tfr=1&pf_dm1=12&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D	false		high
https://www.jottacloud.com/webapp_static/js/npm-framer-motion.af380232.js	false		high
https://www.jottacloud.com/webapp_static/js/npm-google-protobuf.c3c5e8c7.js	false		high
https://www.jottacloud.com/webapp_static/jottacloud/manifest.webmanifest	false		high
https://policy.app.cookieinformation.com/uc.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 15:12:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A9EE6BCFCED8EC46314F05F85A61E2B1	FFB55677F338FAC8FB0CEDA1C43F22AAE0836F7B	C5A1A1E426306953F4CDCBF5151E5D4D15DB39BA3F2A224475D969CAB0680E54
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 15:12:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	738D2E245A2A7321876F1B37873D9C64	AFF413338E1E8AA15BDABB1708D08B604F242EAA	087FBABDCCE1D399C0D4B4FFA6D6096F8C0091A765C66EB07C65A4606835B144
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	90D0D90AC005CF45992B04D698D37B54	7A53D0F36219DF7AD58A36B01E90A9BDC2B60A91	564BDEA32C9134E1D273B4861ADC3E42BC16C975071048C64D36FFBDC4940298
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 15:12:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FDB171D08EC724C5C2BF2BA1E52C5C20	6A91F1855FBF93F07157AC8627107252F8033591	9E8F0EAB20BF09FC811E401C2F0DF60BD06A8E5523DC42FB4A6F1ADE626D3F24
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 15:12:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8830CAC3103380FF95B2E50D5581D370	C7071CC053976CA1BA71796E398453EFA8232F1A	9868BA8F2F3D6466D57097DE410F88F30BBE50D6266CC5DFC7F87563206B10F9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 15:12:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2EFCEAE4F9A68ACDB73DD2AD967AA129	F59168EDAA57CE22AFC0E1362C8004875E90AA87	1558500AC077135E96DA4711C0312A53C5AC7026E36F56B81D347F75B4D3F525
Chrome Cache Entry: 100	HTML document, ASCII text, with very long lines (8796), with no line terminators	C6A90A566CB06FC9B3FFFA496E50874C	9D7CE1C5F576474F88B79399158E3881D24461F0	C05407572F3A85559E74489F5AFBFF7E49AB8E7B4C47A1BEB1F5A4826E96BF44
Chrome Cache Entry: 101	Unicode text, UTF-8 text, with very long lines (40549), with no line terminators	9B66424CF366864EB27FD86BE06CA08B	5E62746D771F37863706D43ADD10ED6BCA4B7FF3	45CC7D60437A9144CB85B2071E4F472A86BE8C58B1DE2E01FB51A808AAB579DF
Chrome Cache Entry: 102	ASCII text, with very long lines (65352)	CD0BD313BA7B4EA26EEF2A81D281010E	1B1472536703E5B10CACCA83FFE5E36C2E67F596	8AAB2C13D56FDC127D52FB24D84E126FFB2F1E3FB0066652E0608219ADB8132C
Chrome Cache Entry: 103	JSON data	65BBA91358BC78255784D50C6DE97CB3	4A2A0345318DACF99323AED94130A34A97A8C5D4	75B7CCAEA73A3C1D4BCE144A842BB2915C17DD66C3F103E2720992C9C3CB8DCF
Chrome Cache Entry: 104	JSON data	52075233FDB8A600B076D197F84CC417	59FA4C14C79622A093B96DBC384085BF36857EBB	CB54DAAA82D5FF826634A6E4751DE253101841D07BA84ABB43A90862A319454C
Chrome Cache Entry: 105	Unicode text, UTF-8 text, with very long lines (65456), with no line terminators	9C8B67C9801F3CA808CE36928827D5C8	5E913179AC1C9C72CBEE50F496BDE1DE1533D33D	A4E10817DB051E3B2A2995B25910F9ED81A11BC7B05F1335354875B287E40016
Chrome Cache Entry: 106	ASCII text	82E85B357E743609100B88349BA6C33B	D439A1B5FD7EC55BE0FF71B000F4E9E7239D301E	0D157A65C6DFE59CE72477BC3CCAA739DE878C5C96FDC472A1255B6694CE8C9A
Chrome Cache Entry: 107	HTML document, ASCII text, with very long lines (857)	EED9026BB717D25459ED9671FDFE25D0	72119AB8BD26DBEFA250D29F1084848134169A0F	975D2CC9B81B1BA238C40C54B0FD67C6617E6E5CEC4FA71C175784305CA9F49E
Chrome Cache Entry: 108	Web Open Font Format (Version 2), TrueType, length 15860, version 1.0	E9F5AAF547F165386CD313B995DDDD8E	ACDEF5603C2387B0E5BFFD744B679A24A8BC1968	F5AEBDFEA35D1E7656EF4ACC5DB1F243209755AE3300943EF8FC6280F363C860
Chrome Cache Entry: 109	HTML document, ASCII text	175F17658434A1778A3B28E0F7C3E7E5	13E84E68D8D1B4E6D576D473D69C505C1EF452D7	D927F93FAAEE6C445206C0794628C3098D33DEF7EA5EF1B10C1B1C30848F2E8B
Chrome Cache Entry: 110	Web Open Font Format (Version 2), TrueType, length 15744, version 1.0	15D9F621C3BD1599F0169DCF0BD5E63E	7CA9C5967F3BB8BFFEAB24B639B49C1E7D03FA52	F6734F8177112C0839B961F96D813FCB189D81B60E96C33278C1983B6F419615
Chrome Cache Entry: 111	ASCII text, with very long lines (65536), with no line terminators	727BE654B9E403C46A6E8461A15F0C31	1F936549BA5CD541348E7A73FEEB0FE76A99DFF7	E5F61BA3FC40FD6479BA7935F38B5B22740BA2512ACCC0F3DE980481FDF3894C
Chrome Cache Entry: 112	PNG image data, 320 x 132, 8-bit/color RGBA, non-interlaced	FB05D8D6B20A137E26ABBBB397935343	45CBA22706760C28F0573070530CAE7317C7B5F4	CF97C1C62FA69EC6266D56A01EF57A5DF1D715A1ACCB6B3D2ADA7AE444561599
Chrome Cache Entry: 113	JSON data	5B4D3297DEA978CF0EA859545E236839	E1DBBA2F515A3760D710C1FC0C2F83A477EE01D2	1B4013ADE85D7B42EAF46BFACAC5C14A540CA0605626DC7ABE0407D85C7A4023
Chrome Cache Entry: 114	ASCII text	A1B623B480C10860325CEC82F031FF4A	9EE81458C3EF11577DAA3B7BC34E693BB5D36D89	31D196AFC7BF97B61BE0A9881F623B3B8A7B56D4B0C08C6B78C37CE92D7827B2
Chrome Cache Entry: 115	ASCII text, with very long lines (65536), with no line terminators	8DE96FD86D8C160AEA774F082D5F7CFA	A7F13F0D368B917318469E956200EEFBE519F367	0F9CA70A7855A3BF9F9EDB694CFCFD96E5D8D70E85A5DD952909CA953573B82E
Chrome Cache Entry: 116	ASCII text, with very long lines (1601)	E37D22AF5214486617B5C1B8133FC836	496EEA1E824B8E74D3FACF38C144B894D7C7B62D	B8EA113C9234DDF9C7E0CF80F147A573D41AC1A02097A0D2873C05C12191871F
Chrome Cache Entry: 117	JSON data	65BBA91358BC78255784D50C6DE97CB3	4A2A0345318DACF99323AED94130A34A97A8C5D4	75B7CCAEA73A3C1D4BCE144A842BB2915C17DD66C3F103E2720992C9C3CB8DCF
Chrome Cache Entry: 83	ASCII text, with very long lines (18738)	82E0BC18D30AB58709C26FC1038994B6	454724C47A885E01A0B24F233B400AB104E16C9A	153459E1771C1628544AC1ADF0373E3BA3D2352F1AD20641C1C5D02B6EC0688D
Chrome Cache Entry: 84	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	9917A99BD40FDCE58BBA7EF98D8633B2	381C593DBB31FA1ED5183809A14F60802107DD42	8BB7616478E8737B9969394D0AA8D1D2040EDEBB6EC48BC60DEA64B6E46803BE
Chrome Cache Entry: 85	ASCII text, with very long lines (65536), with no line terminators	F3BBC56D2D353D1C65AAEAF40B61FB7D	55FF92CAF4B0FF19AD5C60FBD40249069B9A8DBF	39CB635BA41940F63F1B48D9016EF26CDE859517B3F6B32037AC9FB0DE49FEC3
Chrome Cache Entry: 86	JSON data	5B4D3297DEA978CF0EA859545E236839	E1DBBA2F515A3760D710C1FC0C2F83A477EE01D2	1B4013ADE85D7B42EAF46BFACAC5C14A540CA0605626DC7ABE0407D85C7A4023
Chrome Cache Entry: 87	Unicode text, UTF-8 text, with very long lines (54018)	54AC3441FDCDF76F2822450B1D499397	55902F96418BD787D5192DD9DC9E6E6509629303	49BC466CD34C306E496E382E7DC94E76803FF132DDD6EC5DCF6B34C1CC2EDDFE
Chrome Cache Entry: 88	ASCII text, with very long lines (5371)	16BC2E761CB8E42CA1A6ACA542691CD5	266077F912A4E2A41B2619DF60E2DCDE28B8F6FF	0B3B7520D6CD4BCD95A341A7E3F55B23E8B16CD47C6572017D1E58B3D55E81A7
Chrome Cache Entry: 89	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	9917A99BD40FDCE58BBA7EF98D8633B2	381C593DBB31FA1ED5183809A14F60802107DD42	8BB7616478E8737B9969394D0AA8D1D2040EDEBB6EC48BC60DEA64B6E46803BE
Chrome Cache Entry: 90	ASCII text, with very long lines (65536), with no line terminators	75F79E96180983C041E2A52872003E91	73FA328FEDF0430994B8D3AB5607D50D14CB41C0	918D51E0781CF1CE82856FC12E345ECADC7BB067955363BC3725DDBC52698DA5
Chrome Cache Entry: 91	ASCII text, with very long lines (49244)	20E71BC510144B0A99684AF1D855C9D0	D82D63DC728C6CCDBD33746E98B943945BC0F602	0E9608F5401A5AB05854DE996BEA5416605CE888AD65E4F837EF113F9AB89C13
Chrome Cache Entry: 92	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators	763AD858F8D1DA9643DD036B2B7B34EF	7B44E4DDB089CDD89D8DFC8096FF3B54CEADB82A	D22D5139B39F6446928D715827EFEE579F256F8D685D29511CD4A3B5114196F7
Chrome Cache Entry: 93	ASCII text, with very long lines (64402)	F50CAC4599187BE2AEB84DB38CCF3BD3	80FCAC3F89D98A72DA61B03EB11FE3425FB1AFCE	24602E2F20FEE9364BD889FBBA1DA81A3E172AD5136D7B83778F8698DDB949E7
Chrome Cache Entry: 94	Web Open Font Format (Version 2), TrueType, length 15920, version 1.0	3A44E06EB954B96AA043227F3534189D	23CEF6993DDB2B2979E8E7647FC3763694E2BA7D	B019538234514166EC7665359D097403358F8A4C991901983922FB4D56989F1E
Chrome Cache Entry: 95	ASCII text, with very long lines (5412)	E2B7A1B1106981EF9F6AC07B00E28B00	F9378A052A6424B3019269242DE02BAA9AEEB0CE	12155177349A2A738FEC0CE29CB3F627C37FA99BBFCA74137399149D72508EA6
Chrome Cache Entry: 96	ASCII text, with very long lines (65536), with no line terminators	D047965855A41D9A743271EF6C507395	37CA10CB778DEED893B9CAD017EA3522CE6F3A42	26431755B6557A83D5FC83ED7A9F7A803BE7B6FE9E4723F16C82DD81694D080E
Chrome Cache Entry: 97	HTML document, ASCII text, with very long lines (65522)	1CEA4C021F7DBFFF0BF851D7B2EDA864	4BC70851FE2A13442597C6F9FE3C62EE52D04DDF	71BACBF9B3BAA263F9122EABF4D92EE8CF0C2223EF364EE079B4D757099F77F4
Chrome Cache Entry: 98	PNG image data, 320 x 132, 8-bit/color RGBA, non-interlaced	FB05D8D6B20A137E26ABBBB397935343	45CBA22706760C28F0573070530CAE7317C7B5F4	CF97C1C62FA69EC6266D56A01EF57A5DF1D715A1ACCB6B3D2ADA7AE444561599
Chrome Cache Entry: 99	ASCII text	48BE14D383C80BEE3C0F34215FD5C467	BEE0863DE9AC198217B469A5CA74E3979E5A5214	694ADC42B1E12C4EDC69F43C2AAAFEA20E28D55D4EE73C3505CD1BF8B90E3452

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://policy.app.cookieinformation.com/cookiesharingiframe.html	HTTP Parser: No favicon
Source: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68	HTTP Parser: No favicon
Source: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68/thumbs	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49760 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /s/3542495a6cd3d7a4aafad5878d671fdee68 HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/runtime~JOTTACLOUD-index.98f9bd25.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/css/webapp.eaa2773d.css HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/theme-base.7eb0dc3a.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/jotta-grpc-web.b87f4a9d.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/npm-google-protobuf.c3c5e8c7.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uc.js HTTP/1.1Host: policy.app.cookieinformation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/npm-sentry.c675f161.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/npm-framer-motion.af380232.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/container_FDVOG8VX.js HTTP/1.1Host: a.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookie-data/jottacloud.com/cabl.json HTTP/1.1Host: policy.app.cookieinformation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.jottacloud.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4f0a08/jottacloud.com/en.js HTTP/1.1Host: policy.app.cookieinformation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookiesharingiframe.html HTTP/1.1Host: policy.app.cookieinformation.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/jottacloud/manifest.webmanifest HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookie-data/jottacloud.com/cabl.json HTTP/1.1Host: policy.app.cookieinformation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/vendors.0de7db0d.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/webapp.26b5d2fd.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/JOTTACLOUD-index.ffe4e009.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /max/640/16QnpXsV5n4K5WEgLEga1kQ.png HTTP/1.1Host: miro.medium.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/resize:fit:640/16QnpXsV5n4K5WEgLEga1kQ.png HTTP/1.1Host: miro.medium.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/resize:fit:640/16QnpXsV5n4K5WEgLEga1kQ.png HTTP/1.1Host: miro.medium.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/locale-en.069cdc79.chunk.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/2261.61f7fd45.chunk.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1
Source: global traffic	HTTP traffic detected: GET /webapp_static/css/PublicFiles.6c2dd39d.chunk.css HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /webapp_static/jottacloud/favicon.ico HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /api/status HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/npm-swiper.5e1e53e5.chunk.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /api/7/envelope/?sentry_key=6b7861b074be4432b07abf1556a435d1&sentry_version=7&sentry_client=sentry.javascript.react%2F7.94.1 HTTP/1.1Host: sn.jotta.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webapp_static/js/PublicFiles.7551f10a.chunk.js HTTP/1.1Host: www.jottacloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /api/status HTTP/1.1Host: www.jottacloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /webapp_static/jottacloud/favicon.ico HTTP/1.1Host: www.jottacloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _pk_id.1.a04b=7d25297dbabf0d06.1714061562.; _pk_ses.1.a04b=1; lang=en
Source: global traffic	HTTP traffic detected: GET /no.jotta.openapi.config.v2.ConfigService/GetConfig HTTP/1.1Host: api.jotta.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/consent HTTP/1.1Host: consent.app.cookieinformation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /no.jotta.openapi.sharing.v2.PublicSharingService/LookupShare HTTP/1.1Host: api.jotta.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Ouw643MCOSNyNVY&MD=2EKvBKgO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Ouw643MCOSNyNVY&MD=2EKvBKgO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_117.1.dr, chromecache_103.1.dr

Source: global traffic	DNS traffic detected: DNS query: www.jottacloud.com
Source: global traffic	DNS traffic detected: DNS query: a.jottacloud.com
Source: global traffic	DNS traffic detected: DNS query: policy.app.cookieinformation.com
Source: global traffic	DNS traffic detected: DNS query: miro.medium.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sn.jotta.cloud
Source: global traffic	DNS traffic detected: DNS query: api.jotta.cloud
Source: global traffic	DNS traffic detected: DNS query: consent.app.cookieinformation.com

Source: unknown

Source: global traffic

Source: chromecache_116.1.dr	String found in binary or memory: https://10.244.63.148/js/container_FDVOG8VX_preview.js
Source: chromecache_107.1.dr	String found in binary or memory: https://a.jottacloud.com/js/container_FDVOG8VX.js
Source: chromecache_107.1.dr	String found in binary or memory: https://api.jotta.cloud
Source: chromecache_116.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: chromecache_116.1.dr	String found in binary or memory: https://developer.matomo.org/api-reference/tracking-javascript
Source: chromecache_116.1.dr	String found in binary or memory: https://developer.matomo.org/guides/tracking-javascript-guide#multiple-piwik-trackers
Source: chromecache_102.1.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Roboto:wght
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_114.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_114.1.dr, chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_116.1.dr	String found in binary or memory: https://github.com/matomo-org/matomo/blob/master/js/piwik.js
Source: chromecache_116.1.dr	String found in binary or memory: https://github.com/matomo-org/tag-manager/blob/master/js/piwik.js
Source: chromecache_116.1.dr	String found in binary or memory: https://github.com/salesforce/secure-filters/blob/master/LICENSE.txt
Source: chromecache_116.1.dr	String found in binary or memory: https://github.com/salesforce/secure-filters/blob/master/lib/secure-filters.js
Source: chromecache_91.1.dr	String found in binary or memory: https://lea.verou.me
Source: chromecache_116.1.dr	String found in binary or memory: https://matomo.org
Source: chromecache_116.1.dr	String found in binary or memory: https://matomo.org/free-software/bsd/
Source: chromecache_91.1.dr	String found in binary or memory: https://opensource.org/licenses/MIT
Source: chromecache_116.1.dr	String found in binary or memory: https://piwik.org
Source: chromecache_116.1.dr	String found in binary or memory: https://piwik.org/free-software/bsd/
Source: chromecache_107.1.dr	String found in binary or memory: https://policy.app.cookieinformation.com/uc.js
Source: chromecache_97.1.dr	String found in binary or memory: https://tools.google.com/dlpage/gaoptout
Source: chromecache_91.1.dr	String found in binary or memory: https://www.npmjs.com/package/hash-wasm)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49760 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@15/71@30/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1288,i,9005195846985915439,14573579907242159260,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1288,i,9005195846985915439,14573579907242159260,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1431752
Product:	CloudBasic
Start time:	18:12:14
Start date:	25.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68