Windows Analysis Report
https://encrypt-na.mailanyone.net/activate?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImtpbWJlcmx5Lm1vcnJpc0BtaGEub2hpby5nb3YiLCJpZCI6OTE5MjEsImFjdGl2YXRpb24iOnRydWUsImF1dGhlbnRpY2F0aW9uIjpmYWxzZSwicmVzZXQiOmZhbHNlLCJwaWQiOiIiLCJsb2dpbm1ldGhvZCI6IiIsInBpZF9jdXN0b21lcl9pZCI6MCwiZXhwIjoxNz

Overview

General Information

Sample URL:	https://encrypt-na.mailanyone.net/activate?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImtpbWJlcmx5Lm1vcnJpc0BtaGEub2hpby5nb3YiLCJpZCI6OTE5MjEsImFjdGl2YXRpb24iOnRydWUsImF1dGhlbnRpY2F0aW9uIj
Analysis ID:	1431786
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found URL in obfuscated visual basic script code

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

HTML body contains low number of good links

Source: https://encrypt-na.mailanyone.net/signup	HTTP Parser: Number of links: 1
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: Number of links: 1

HTML body contains password input but no form action

Source: https://encrypt-na.mailanyone.net/login

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: Title: Email Encryption does not match URL
Source: https://encrypt-na.mailanyone.net/signup	HTTP Parser: Title: Email Encryption does not match URL
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: Title: Email Encryption does not match URL

Source: https://encrypt-na.mailanyone.net/login

HTTP Parser: <input type="password" .../> found

Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/signup	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: No <meta name="author".. found

Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/signup	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49739 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49735 version: TLS 1.2

Found URL in obfuscated visual basic script code

Source: chromecache_93.2.dr

Binary string: http://:mailto:)+k),lj.index,h(m.substr(0,l)),i(k,j[0].replace(d,)),mm.substring(l+j[0].length);returnh(m),a(n.join())}}])}(window,window.angular)}({},function(){returnthis}()); - obfuscation quality: 4

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49739 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: encrypt-na.mailanyone.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714065772960&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: chromecache_93.2.dr	String found in binary or memory: http://angular-ui.github.io/bootstrap/
Source: chromecache_93.2.dr, chromecache_95.2.dr, chromecache_87.2.dr, chromecache_78.2.dr	String found in binary or memory: http://angularjs.org
Source: chromecache_93.2.dr	String found in binary or memory: http://docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html
Source: chromecache_93.2.dr	String found in binary or memory: http://errors.angularjs.org/1.8.2/
Source: chromecache_77.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_77.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_83.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_93.2.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: chromecache_93.2.dr	String found in binary or memory: http://html2canvas.hertzen.com
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/add-inverted-param/
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/define-locale/
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/dst-shifted/
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/js-date/
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/min-max/
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/zone/
Source: chromecache_93.2.dr	String found in binary or memory: http://opensource.org/licenses/mit-license
Source: chromecache_93.2.dr	String found in binary or memory: http://stackoverflow.com/questions/3561493/is-there-a-regexp-escape-function-in-javascript
Source: chromecache_93.2.dr	String found in binary or memory: http://www.ietf.org/rfc/rfc2109.txt
Source: chromecache_93.2.dr	String found in binary or memory: http://www.opensource.org/licenses/MIT
Source: chromecache_80.2.dr, chromecache_95.2.dr, chromecache_87.2.dr, chromecache_78.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWSw
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWT4
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV0
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV4
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV8
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVA
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVI
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVM
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVQ
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVw
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/BiggA94
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/andreasgal/pdf.js
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/danielhusar
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/diegocr
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/dordille/moment-isoduration/blob/master/moment.isoduration.js
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/flamenco
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/fraywing/textAngular/wiki
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/gildas-lormeau/zip.js
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/jamesbrobb
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/juanpgaviria
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/lsdriscoll
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/moment/moment/issues/1423
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/moment/moment/issues/2166
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/moment/moment/issues/2978
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/moment/moment/pull/1871
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/niklasvh/base64-arraybuffer
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/ocombe/ocLazyLoad
Source: chromecache_83.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/woolfg
Source: chromecache_93.2.dr	String found in binary or memory: https://nodejs.org/dist/latest/docs/api/util.html#util_custom_inspect_function_on_objects
Source: chromecache_93.2.dr	String found in binary or memory: https://raw.github.com/danro/jquery-easing/master/LICENSE
Source: chromecache_93.2.dr	String found in binary or memory: https://stackoverflow.com/q/181348
Source: chromecache_93.2.dr	String found in binary or memory: https://tools.ietf.org/html/rfc2822#section-3.3
Source: chromecache_93.2.dr	String found in binary or memory: https://ui-router.github.io
Source: chromecache_93.2.dr	String found in binary or memory: https://ui-router.github.io/blog/uirouter-for-angularjs-umd-bundles

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49735 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@21/58@10/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2016,i,13675016939151334243,8792632575374213456,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://encrypt-na.mailanyone.net/activate?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImtpbWJlcmx5Lm1vcnJpc0BtaGEub2hpby5nb3YiLCJpZCI6OTE5MjEsImFjdGl2YXRpb24iOnRydWUsImF1dGhlbnRpY2F0aW9uIjpmYWxzZSwicmVzZXQiOmZhbHNlLCJwaWQiOiIiLCJsb2dpbm1ldGhvZCI6IiIsInBpZF9jdXN0b21lcl9pZCI6MCwiZXhwIjoxNzE0MDk2MDUzLCJpYXQiOjE3MTQwNTI4NTN9.iJ_xv1cTs-3TNXS5RpqLtZ2PQidggAArhRdVa8qws9k"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2016,i,13675016939151334243,8792632575374213456,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.217.215.104	www.google.com	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true
www.google.com	172.217.215.104	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
encrypt-na.mailanyone.net	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://encrypt-na.mailanyone.net/signup	false	high
https://encrypt-na.mailanyone.net/login	false	high
https://encrypt-na.mailanyone.net/forgot	false	high
https://encrypt-na.mailanyone.net/activate?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImtpbWJlcmx5Lm1vcnJpc0BtaGEub2hpby5nb3YiLCJpZCI6OTE5MjEsImFjdGl2YXRpb24iOnRydWUsImF1dGhlbnRpY2F0aW9uIjpmYWxzZSwicmVzZXQiOmZhbHNlLCJwaWQiOiIiLCJsb2dpbm1ldGhvZCI6IiIsInBpZF9jdXN0b21lcl9pZCI6MCwiZXhwIjoxNzE0MDk2MDUzLCJpYXQiOjE3MTQwNTI4NTN9.iJ_xv1cTs-3TNXS5RpqLtZ2PQidggAArhRdVa8qws9k	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:23:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	628EAA297776A866CD1254463ED1712A	1D2D47501980D709B2E4A48654917457321C20C5	FE0E140811059995C7C575B662933C3EC4E607A684BB06DD39B26D31C0B9FED8
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:23:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F6EFB170463612CB82B141F4D6936FCA	9985752F4427CCC9DBF9F51EDAA2A1B7608D6524	1C2C67AA05A29D2FC14F152F8436AFC833DFA913B6821C1F7C39F1273BB45DC5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1769E3FA0A3B93FE45479D55DFCC6DED	8B695BFF00AB3A3FBCED0C3C80083147534598C7	DFDA22EA18E23323D96A61D94F58A1A9FFA181E06393A8F0E42A439935B4D075
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:23:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D24591558D96214A20CBC731F89EBA66	B23742B6F0B4DE75BFDE4E03750C6AABE0063EED	03D6AC48A86457DC21BEAD283C0B3AFCEAC8F62CD7948424E8F2D79DD1373549
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:23:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	C41926E6EB2B4218B571F1801CD0035A	F11AA29EB249FA396BEB9821860E1CB6204419A9	392ED70D7306453376982692E4D08232E3279DBD34B66D073875485822949DB0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:23:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6AC51F85BFBB936A22D8518CEC8704FE	96C9D84D356A9E9D7F2E1CBD71FBDB27A442E1AA	8F8406B12FF3E2E8476DAB0804D1A3C478472781C74668420F5367D9BBA4A7C1
Chrome Cache Entry: 70	ASCII text, with very long lines (1572)	677BF9F514A3B366D7AE7A8D8DA7E1CC	56054546099FB22BE47273057A04C7A86330507A	6BE755AF024193288462DBEFEE1D1C4F60A253639DF19AE10072D64F28676931
Chrome Cache Entry: 71	HTML document, ASCII text	C49AEEA2E25B72D5B004A022CE535E4F	B1ADE31A978CDA533B87A5CDAFD479ECA6FFF9AF	127BC40697E159B405A5F9AC71AC8427836494EA1CF054595EBD3BC3C1FF8682
Chrome Cache Entry: 72	ASCII text	1F22869EB0DA71F50A3E962CE7D2825A	E0340D0993C7B61024A2F88DAAA49FB5232DFA20	3C7E7C82FB8C7FBD00627000D4BE791A5336A4128007221DAEA4F47B03E108AC
Chrome Cache Entry: 73	ASCII text	1F22869EB0DA71F50A3E962CE7D2825A	E0340D0993C7B61024A2F88DAAA49FB5232DFA20	3C7E7C82FB8C7FBD00627000D4BE791A5336A4128007221DAEA4F47B03E108AC
Chrome Cache Entry: 74	ASCII text	90FE04C6390D90C25F49A855F134B564	F978536A49A86341EF2E0EED9C67DA28CFB18E6F	0D0B966DD8D2E85BB7AD4DB3FC5991E7D21679082F01CED4E1EC96ADF02FE222
Chrome Cache Entry: 75	ASCII text, with no line terminators	A877A647A879462679DA03754943FD5A	CCE3B10EE7BD1A1D816CA74CE4120F21813D0424	A1AF9AA47AF5C99C184EF9FEDD22067ED9E6CD6EEC35B17F8563574961407310
Chrome Cache Entry: 76	ASCII text	6C6D393CA02A75677DD01BB58AA8D244	2093543E21F1C6C5E2C352080E7FCA48C4409BAE	45CEDA7A4FBA2015F29886784B5129FFB42F38B56B8B839E7A9D843B3434E74C
Chrome Cache Entry: 77	ASCII text, with very long lines (30837)	269550530CC127B6AA5A35925A7DE6CE	512C7D79033E3028A9BE61B540CF1A6870C896F8	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
Chrome Cache Entry: 78	HTML document, ASCII text	0BCE86838C5984D117AAE244FE2B0FEA	B47EB7B4CF5B44DC7CD5DAC84387671C64E84911	6FDC2133C536C317AF871A8CE8ED3862B0118CFDBC98930511F28A60ACCDA183
Chrome Cache Entry: 79	PNG image data, 344 x 87, 8-bit/color RGBA, non-interlaced	AA3BA8E5A45FE59C574C5573DA6A3EEF	125A320AE6E94F2D41A77AD396F0E800C8042096	04FFE9C158D704E8D85272D00D5BF509349C2096E6D2797E5C2C237B7D4F9E4E
Chrome Cache Entry: 80	HTML document, ASCII text	0BCE86838C5984D117AAE244FE2B0FEA	B47EB7B4CF5B44DC7CD5DAC84387671C64E84911	6FDC2133C536C317AF871A8CE8ED3862B0118CFDBC98930511F28A60ACCDA183
Chrome Cache Entry: 81	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced	DA835553B1040B39615FEA6ABAC959E1	020B6C67A68842DEC6A6FDCF5703A4E457CC71AA	9FD6BDA4A063EF8BABDBA142F313DBEDB49609D5830F740F03F91503AF129772
Chrome Cache Entry: 82	exported SGML document, ASCII text	B5D6BF06ECA842C6BD659FB021F75E65	05653497E29FF0D978D8764571133677B3903340	CE8C72FC43D7E0133756DF8A02214C2CCFF92E4010948F2484BD55E0CF105397
Chrome Cache Entry: 83	ASCII text, with very long lines (65371)	286F310D560734036B2BC20208CFBC3F	C65F0DED230CC84E720B851104647F663DBC2E0D	3214A7E117B535B40A33D41C185257F7E6C7F6E1022E917FDB9719E73B620FD5
Chrome Cache Entry: 84	HTML document, ASCII text	91C9C20A2FAE7EFB3C86E1E0FFEC30CF	EFB3FF9B7D148AA3B55FF477281248E5502D192A	39432D79FCD57349F7616AE94023970910523226F3525BDFC05CE54A1F784445
Chrome Cache Entry: 85	HTML document, ASCII text	C49AEEA2E25B72D5B004A022CE535E4F	B1ADE31A978CDA533B87A5CDAFD479ECA6FFF9AF	127BC40697E159B405A5F9AC71AC8427836494EA1CF054595EBD3BC3C1FF8682
Chrome Cache Entry: 86	HTML document, ASCII text	91C9C20A2FAE7EFB3C86E1E0FFEC30CF	EFB3FF9B7D148AA3B55FF477281248E5502D192A	39432D79FCD57349F7616AE94023970910523226F3525BDFC05CE54A1F784445
Chrome Cache Entry: 87	HTML document, ASCII text	0BCE86838C5984D117AAE244FE2B0FEA	B47EB7B4CF5B44DC7CD5DAC84387671C64E84911	6FDC2133C536C317AF871A8CE8ED3862B0118CFDBC98930511F28A60ACCDA183
Chrome Cache Entry: 88	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0	015C126A3520C9A8F6A27979D0266E96	2ACF956561D44434A6D84204670CF849D3215D5F	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
Chrome Cache Entry: 89	ASCII text, with very long lines (32052)	4A85F8BB115A59720A6B64510666FD71	C1E713FA8071F88BA97166B666B51FEC8C463E5C	DF1315BD631D7CDC97E868203223D4D18C05C8A2373B531B8613364144D1E9EA
Chrome Cache Entry: 90	ASCII text, with no line terminators	BE5990ECB2B98BF2940E8BD8CEF74C64	2D9C1ACC54388378E513B96149F3A4D2610E133D	6428D881D7C5BEB5EB3AEAB9788AFEF1F44CA91B98C40605AF532356CA4575F5
Chrome Cache Entry: 91	ASCII text	90FE04C6390D90C25F49A855F134B564	F978536A49A86341EF2E0EED9C67DA28CFB18E6F	0D0B966DD8D2E85BB7AD4DB3FC5991E7D21679082F01CED4E1EC96ADF02FE222
Chrome Cache Entry: 92	ASCII text	6C6D393CA02A75677DD01BB58AA8D244	2093543E21F1C6C5E2C352080E7FCA48C4409BAE	45CEDA7A4FBA2015F29886784B5129FFB42F38B56B8B839E7A9D843B3434E74C
Chrome Cache Entry: 93	ASCII text, with very long lines (65447)	B42A7927793D4DE1249ECBDF8971DD5D	241ABBB16483D7B690F9F1D0541A14FA7E28728C	E6D3AD0CC0075B998D20BA78BFFA42FE49CD4D728A073A389F4ED0E9D819C8B9
Chrome Cache Entry: 94	exported SGML document, ASCII text	B5D6BF06ECA842C6BD659FB021F75E65	05653497E29FF0D978D8764571133677B3903340	CE8C72FC43D7E0133756DF8A02214C2CCFF92E4010948F2484BD55E0CF105397
Chrome Cache Entry: 95	HTML document, ASCII text	0BCE86838C5984D117AAE244FE2B0FEA	B47EB7B4CF5B44DC7CD5DAC84387671C64E84911	6FDC2133C536C317AF871A8CE8ED3862B0118CFDBC98930511F28A60ACCDA183
Chrome Cache Entry: 96	ASCII text, with no line terminators	3F2D9EAA1E5E89B2513EEEE37D162892	8B1FBE3BAC3ABC93F4928400D30442D39CF69A4D	BBBF0C50DA75529193A32A957DA639B813D74FD1E615E1AFC1FCD95EB8D5EB53
Chrome Cache Entry: 97	PNG image data, 344 x 87, 8-bit/color RGBA, non-interlaced	AA3BA8E5A45FE59C574C5573DA6A3EEF	125A320AE6E94F2D41A77AD396F0E800C8042096	04FFE9C158D704E8D85272D00D5BF509349C2096E6D2797E5C2C237B7D4F9E4E
Chrome Cache Entry: 98	ASCII text, with no line terminators	06AA439B035FCDBE8F203FBA8C10123E	5D03B2308BBB02E0447F4878343CD800C1C7394A	F2F945A08BABC2C804A27730A0FC637BC84552383F21A8787AC7911AD8499610
Chrome Cache Entry: 99	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced	DA835553B1040B39615FEA6ABAC959E1	020B6C67A68842DEC6A6FDCF5703A4E457CC71AA	9FD6BDA4A063EF8BABDBA142F313DBEDB49609D5830F740F03F91503AF129772

HTML body contains low number of good links

Source: https://encrypt-na.mailanyone.net/signup	HTTP Parser: Number of links: 1
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: Number of links: 1

HTML body contains password input but no form action

Source: https://encrypt-na.mailanyone.net/login

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: Title: Email Encryption does not match URL
Source: https://encrypt-na.mailanyone.net/signup	HTTP Parser: Title: Email Encryption does not match URL
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: Title: Email Encryption does not match URL

Source: https://encrypt-na.mailanyone.net/login

HTTP Parser: <input type="password" .../> found

Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/signup	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: No <meta name="author".. found
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: No <meta name="author".. found

Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/login	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/signup	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: No <meta name="copyright".. found
Source: https://encrypt-na.mailanyone.net/forgot	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49739 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49735 version: TLS 1.2

Found URL in obfuscated visual basic script code

Source: chromecache_93.2.dr

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49739 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: global traffic	DNS traffic detected: DNS query: encrypt-na.mailanyone.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

Source: chromecache_93.2.dr	String found in binary or memory: http://angular-ui.github.io/bootstrap/
Source: chromecache_93.2.dr, chromecache_95.2.dr, chromecache_87.2.dr, chromecache_78.2.dr	String found in binary or memory: http://angularjs.org
Source: chromecache_93.2.dr	String found in binary or memory: http://docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html
Source: chromecache_93.2.dr	String found in binary or memory: http://errors.angularjs.org/1.8.2/
Source: chromecache_77.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_77.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_83.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_93.2.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: chromecache_93.2.dr	String found in binary or memory: http://html2canvas.hertzen.com
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/add-inverted-param/
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/define-locale/
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/dst-shifted/
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/js-date/
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/min-max/
Source: chromecache_93.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/zone/
Source: chromecache_93.2.dr	String found in binary or memory: http://opensource.org/licenses/mit-license
Source: chromecache_93.2.dr	String found in binary or memory: http://stackoverflow.com/questions/3561493/is-there-a-regexp-escape-function-in-javascript
Source: chromecache_93.2.dr	String found in binary or memory: http://www.ietf.org/rfc/rfc2109.txt
Source: chromecache_93.2.dr	String found in binary or memory: http://www.opensource.org/licenses/MIT
Source: chromecache_80.2.dr, chromecache_95.2.dr, chromecache_87.2.dr, chromecache_78.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWSw
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWT4
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV0
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV4
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV8
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVA
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVI
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVM
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVQ
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVw
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/BiggA94
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/andreasgal/pdf.js
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/danielhusar
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/diegocr
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/dordille/moment-isoduration/blob/master/moment.isoduration.js
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/flamenco
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/fraywing/textAngular/wiki
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/gildas-lormeau/zip.js
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/jamesbrobb
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/juanpgaviria
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/lsdriscoll
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/moment/moment/issues/1423
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/moment/moment/issues/2166
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/moment/moment/issues/2978
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/moment/moment/pull/1871
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/niklasvh/base64-arraybuffer
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/ocombe/ocLazyLoad
Source: chromecache_83.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_93.2.dr	String found in binary or memory: https://github.com/woolfg
Source: chromecache_93.2.dr	String found in binary or memory: https://nodejs.org/dist/latest/docs/api/util.html#util_custom_inspect_function_on_objects
Source: chromecache_93.2.dr	String found in binary or memory: https://raw.github.com/danro/jquery-easing/master/LICENSE
Source: chromecache_93.2.dr	String found in binary or memory: https://stackoverflow.com/q/181348
Source: chromecache_93.2.dr	String found in binary or memory: https://tools.ietf.org/html/rfc2822#section-3.3
Source: chromecache_93.2.dr	String found in binary or memory: https://ui-router.github.io
Source: chromecache_93.2.dr	String found in binary or memory: https://ui-router.github.io/blog/uirouter-for-angularjs-umd-bundles

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49735 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@21/58@10/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2016,i,13675016939151334243,8792632575374213456,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://encrypt-na.mailanyone.net/activate?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImtpbWJlcmx5Lm1vcnJpc0BtaGEub2hpby5nb3YiLCJpZCI6OTE5MjEsImFjdGl2YXRpb24iOnRydWUsImF1dGhlbnRpY2F0aW9uIjpmYWxzZSwicmVzZXQiOmZhbHNlLCJwaWQiOiIiLCJsb2dpbm1ldGhvZCI6IiIsInBpZF9jdXN0b21lcl9pZCI6MCwiZXhwIjoxNzE0MDk2MDUzLCJpYXQiOjE3MTQwNTI4NTN9.iJ_xv1cTs-3TNXS5RpqLtZ2PQidggAArhRdVa8qws9k"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2016,i,13675016939151334243,8792632575374213456,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1431786
Product:	CloudBasic
Start time:	19:22:19
Start date:	25.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs