Windows Analysis Report
https://uporniacomnuvidx.z13.web.core.windows.net/index.html

Overview

General Information

Sample URL:	https://uporniacomnuvidx.z13.web.core.windows.net/index.html
Analysis ID:	1431924
Infos:

Detection

TechSupportScam

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected TechSupportScam

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://uporniacomnuvidx.z13.web.core.windows.net/index.html

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_65, type: DROPPED

Source: https://uporniacomnuvidx.z13.web.core.windows.net/index.html

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49763 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.74
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.74
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://uporniacomnuvidx.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://uporniacomnuvidx.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track.js HTTP/1.1Host: d2fuc4clr7gvcn.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /track.gif?h[site_id]=662a060632cb707e4f675f05&h[resource]=https%3A%2F%2Fuporniacomnuvidx.z13.web.core.windows.net%2Findex.html&h[referrer]=&h[title]=Officials_Windows%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BC&h[user_agent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&h[unique]=1&h[unique_hour]=1&h[unique_day]=1&h[unique_month]=1&h[unique_year]=1&h[screenx]=1280&h[browserx]=1280&h[browsery]=907&timestamp=1714087331031 HTTP/1.1Host: track.gaug.esConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track.gif?h[site_id]=662a060632cb707e4f675f05&h[resource]=https%3A%2F%2Fuporniacomnuvidx.z13.web.core.windows.net%2Findex.html&h[referrer]=&h[title]=Officials_Windows%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BC&h[user_agent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&h[unique]=1&h[unique_hour]=1&h[unique_day]=1&h[unique_month]=1&h[unique_year]=1&h[screenx]=1280&h[browserx]=1280&h[browsery]=907&timestamp=1714087331031 HTTP/1.1Host: track.gaug.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://uporniacomnuvidx.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: d2fuc4clr7gvcn.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: track.gaug.es

Source: chromecache_63.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_63.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_65.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Source: chromecache_65.2.dr	String found in binary or memory: https://d2fuc4clr7gvcn.cloudfront.net/track.js
Source: chromecache_65.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins:ital
Source: chromecache_65.2.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiAyp8kv8JHgFVrJJLmE0tCMPI.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiAyp8kv8JHgFVrJJLmE0tMMPKzSQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLFj_Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm111VF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm111VGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm21lVF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm21lVGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm81xVF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm81xVGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmg1hVF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmg1hVGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmr19VF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmr19VGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmv1pVF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmv1pVGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmy15VF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmy15VGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiGyp8kv8JHgFVrJJLucHtA.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiGyp8kv8JHgFVrJJLufntAKPY.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiGyp8kv8JHgFVrLPTucHtA.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiGyp8kv8JHgFVrLPTufntAKPY.woff2)
Source: chromecache_72.2.dr, chromecache_61.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_72.2.dr, chromecache_61.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_72.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_65.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Source: chromecache_65.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
Source: chromecache_65.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
Source: chromecache_65.2.dr	String found in binary or memory: https://track.gaug.es/track.gif

Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49763 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_65, type: DROPPED

Source: classification engine

Classification label: mal56.phis.win@16/48@14/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2024,i,13314379522545086292,8042181613780995042,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://uporniacomnuvidx.z13.web.core.windows.net/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2024,i,13314379522545086292,8042181613780995042,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.10.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
54.156.134.49	track.gaug.es	United States	14618	AMAZON-AESUS	false
65.8.184.5	d2fuc4clr7gvcn.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.217.228	www.google.com	United States	15169	GOOGLEUS	false
54.197.93.113	unknown	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
stackpath.bootstrapcdn.com	104.18.10.207	true
cdnjs.cloudflare.com	104.17.25.14	true
d2fuc4clr7gvcn.cloudfront.net	65.8.184.5	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
www.google.com	142.250.217.228	true
track.gaug.es	54.156.134.49	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true

Contacted URLs

Name	Malicious	Reputation
https://d2fuc4clr7gvcn.cloudfront.net/track.js	false	high
https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css	false	high
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js	false	high
https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0	false	high
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js	false	high
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css	false	high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 58	Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo	E9BCD8FA1AC0DA5231A30C9F2952682B	6082AFF7E3627F6BEA6E44C41E123A3A512355DE	89CA019A76F84336D2903B88D7F45EFF070B359A35FF3C06DA3668212F76FFA1
Chrome Cache Entry: 59	Web Open Font Format (Version 2), TrueType, length 7748, version 1.0	A09F2FCCFEE35B7247B08A1A266F0328	0DA2D17E738F46D2A09E6FB7969DA451719A9820	CD36DE204ACA2D5FA263A731F7C20009B5E3D754BA1F1E03C33E93A48F3E7446
Chrome Cache Entry: 60	Web Open Font Format (Version 2), TrueType, length 66624, version 4.262	DB812D8A70A4E88E888744C1C9A27E89	638C652D623280A58144F93E7B552C66D1667A11	FF82AEED6B9BB6701696C84D1B223D2E682EB78C89117A438CE6CFEA8C498995
Chrome Cache Entry: 61	ASCII text, with very long lines (65326)	816AF0EDDD3B4822C2756227C7E7B7EE	C470239D4C7DB36D56DC3A74A080C62218C6EDC4	5B0FBE5B7AD705F6A937C4998AD02F73D8F0D976FE231B74AEF0EC996990C93A
Chrome Cache Entry: 62	ASCII text, with very long lines (32180)	7F9FB969CE353C5D77707836391EB28D	62C4042E9EBC691A5372D653B424512A561D1670	2051D61446D4DBFFB03727031022A08C84528AB44D203A7669C101E5FBDD5515
Chrome Cache Entry: 63	ASCII text, with very long lines (27303)	4FBD15CB6047AF93373F4F895639C8BF	12D6861075DE8E293265FF6FF03B1F3ADCB44C76	DDD92F10AD162C7449EFF0ACAF40598C05B1111739587EDB75E5326B6697C5D5
Chrome Cache Entry: 64	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.0 (Windows)], baseline, precision 8, 47x46, components 3	5C88379362B7C14EC16A0D285684899D	CC2D1A05F9302534D3BD68E2BB94F4EEA1DA8251	6229FD135EF5BB601E19A8497BF9151D3387363C5B7535C819EC4D48B3D69484
Chrome Cache Entry: 65	HTML document, Unicode text, UTF-8 text, with very long lines (310), with CRLF line terminators	7A9DA30345B69CB18193A677D106CA04	CCB29657254D8D962A4BA326625ADF1D84657562	0603C570086C0E8AB582550AD469A6793C85D73148703BC522CF66FEFB0D3C20
Chrome Cache Entry: 66	PNG image data, 676 x 806, 8-bit/color RGBA, non-interlaced	F4A59B7133EAA0EBDC7490EF0A2B631D	AC21BA5015EA2636190C23316FD6AD2B7F60EEDE	871C88F92463F4D9040140701EC88B1044064B39DE8734CE26A51C0F4A0E905F
Chrome Cache Entry: 67	Web Open Font Format (Version 2), TrueType, length 7824, version 1.0	AF4D371A10271DAFEB343F1EACE762BC	6D11D743BC3CFB169D70BC86450F18351DC1A905	60BF0ABA6526436F3930C58C12047687FBB6BFF4DD180CCE4613458ED3439EA2
Chrome Cache Entry: 68	HTML document, ASCII text, with very long lines (321), with no line terminators	B5073477AD14E7904415315229C78CBE	6AD637E2DBAA6BAF04E1BE5DD16A3D5E27563946	5AD26DA8695821175BD1A4D2F2E9CCCE2957BA3147FD80D54A5C77CAB05CE61E
Chrome Cache Entry: 69	PNG image data, 1846 x 710, 8-bit/color RGBA, non-interlaced	62472FED4D6022FE16CC9B924B6FD223	F754ABA829A52F7C70C7A2508125063B8BBD151F	126E254FB95FF4B003596B0E4577B312D3FB5A7A51EAD127C8549F317474EB3F
Chrome Cache Entry: 70	ASCII text, with very long lines (5152), with no line terminators	25DBE1435EC57843C4AB2CECAFBD04A9	1DAED29EB389B328254978B4A6386C3CB38B0D9C	EC536798BA63ED167F3620C2081486ECF9254E3CF97AEF8052CFC12B2D1BFB84
Chrome Cache Entry: 71	Web Open Font Format (Version 2), TrueType, length 8000, version 1.0	72993DDDF88A63E8F226656F7DE88E57	179F97EC0275F09603A8DB94D4380EB584D81CD5	F4E80D9DFD374D02989B87A27B5ED4CB78FBB177C27F1478E9A8B0AFB7513149
Chrome Cache Entry: 72	ASCII text, with very long lines (59765)	02D223393E00C273EFDCB1ADE8F4F8B1	0CC93B8421D89C24A889642428B363CB831DE78A	79C599DD760CEC0C1621A1AF49D9A2A49DA5D45E1B37D4575BACE0A5E0226582
Chrome Cache Entry: 73	ASCII text, with very long lines (4666), with no line terminators	876B05F6044B21D9E1A1E2C53BA847C3	8938C32F281207D167DE1F51EA6CF60C33CC1B4C	F5342B436E889CA2184C1B322FE2A631412D85B445DECB8F1B6F020329D7178D
Chrome Cache Entry: 74	ASCII text, with CRLF line terminators	8D78510A23D26CA8456663A060C1AB7C	00F1AC87D12DE82D8E4978A3B0637EE8097D4EAA	AC9D36E334AA53D47A22042AE131D2D9D43B4DE48B63DF6B6DA8247B9BAD0AE2
Chrome Cache Entry: 75	ASCII text	DCE36A48BCF330832152E582D29373B8	CD44276B28CF6BE734F61E45644ED6EA0AD08E6E	3F6E8EFB65DFF0486271D787D60BE7D84387C203BEBD36159794E6E2C28C31F3
Chrome Cache Entry: 76	PNG image data, 1846 x 710, 8-bit/color RGBA, non-interlaced	62472FED4D6022FE16CC9B924B6FD223	F754ABA829A52F7C70C7A2508125063B8BBD151F	126E254FB95FF4B003596B0E4577B312D3FB5A7A51EAD127C8549F317474EB3F
Chrome Cache Entry: 77	PNG image data, 676 x 806, 8-bit/color RGBA, non-interlaced	F4A59B7133EAA0EBDC7490EF0A2B631D	AC21BA5015EA2636190C23316FD6AD2B7F60EEDE	871C88F92463F4D9040140701EC88B1044064B39DE8734CE26A51C0F4A0E905F
Chrome Cache Entry: 78	ASCII text, with very long lines (3829), with no line terminators	B7E42972220B534E2E32B38C3876572D	76B4384936878AE8656F3DF843BEB7A3D88FD86B	DF2698E6CF74ED890AFA92DA10051F880DF2CE0B3257B73C5D9AE2F6BEA82D3C
Chrome Cache Entry: 79	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 22.3 (Windows)], baseline, precision 8, 1892x1366, components 3	2FD0395FBE7725084402A01A120D082C	FC8FEA9B6EB281BFC04FCC79C5DA44F8ED440C03	A558138DAF800D731ABBABF296CC78025BBC0FC05A61271E325008B9257AAA16
Chrome Cache Entry: 80	ASCII text, with CRLF line terminators	266ED7D70D0F4DA16E451436E63BBED7	739CB196D6B375DE0B849ED84E66BE0D3592FA24	F3D992A5242DB0A9501E8A54E3956227FB8B85C87D1347ADAD72C23B55E5D046
Chrome Cache Entry: 81	Web Open Font Format (Version 2), TrueType, length 7884, version 1.0	9212F6F9860F9FC6C69B02FEDF6DB8C3	AC6D71B4D5FDD2B3DABC9A06FF6C001E4251DA0B	7D93459D86585BFCDBB7E0376056226ADB25821EE54B96236FE2123E9560929F
Chrome Cache Entry: 82	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 22.3 (Windows)], baseline, precision 8, 1892x1366, components 3	2FD0395FBE7725084402A01A120D082C	FC8FEA9B6EB281BFC04FCC79C5DA44F8ED440C03	A558138DAF800D731ABBABF296CC78025BBC0FC05A61271E325008B9257AAA16
Chrome Cache Entry: 83	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.0 (Windows)], baseline, precision 8, 47x46, components 3	5C88379362B7C14EC16A0D285684899D	CC2D1A05F9302534D3BD68E2BB94F4EEA1DA8251	6229FD135EF5BB601E19A8497BF9151D3387363C5B7535C819EC4D48B3D69484

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://uporniacomnuvidx.z13.web.core.windows.net/index.html

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_65, type: DROPPED

Source: https://uporniacomnuvidx.z13.web.core.windows.net/index.html

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49763 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.74
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.74
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://uporniacomnuvidx.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://uporniacomnuvidx.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track.js HTTP/1.1Host: d2fuc4clr7gvcn.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /track.gif?h[site_id]=662a060632cb707e4f675f05&h[resource]=https%3A%2F%2Fuporniacomnuvidx.z13.web.core.windows.net%2Findex.html&h[referrer]=&h[title]=Officials_Windows%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BC&h[user_agent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&h[unique]=1&h[unique_hour]=1&h[unique_day]=1&h[unique_month]=1&h[unique_year]=1&h[screenx]=1280&h[browserx]=1280&h[browsery]=907&timestamp=1714087331031 HTTP/1.1Host: track.gaug.esConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uporniacomnuvidx.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track.gif?h[site_id]=662a060632cb707e4f675f05&h[resource]=https%3A%2F%2Fuporniacomnuvidx.z13.web.core.windows.net%2Findex.html&h[referrer]=&h[title]=Officials_Windows%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BC&h[user_agent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&h[unique]=1&h[unique_hour]=1&h[unique_day]=1&h[unique_month]=1&h[unique_year]=1&h[screenx]=1280&h[browserx]=1280&h[browsery]=907&timestamp=1714087331031 HTTP/1.1Host: track.gaug.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://uporniacomnuvidx.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: d2fuc4clr7gvcn.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: track.gaug.es

Source: chromecache_63.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_63.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_65.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Source: chromecache_65.2.dr	String found in binary or memory: https://d2fuc4clr7gvcn.cloudfront.net/track.js
Source: chromecache_65.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins:ital
Source: chromecache_65.2.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiAyp8kv8JHgFVrJJLmE0tCMPI.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiAyp8kv8JHgFVrJJLmE0tMMPKzSQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLFj_Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm111VF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm111VGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm21lVF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm21lVGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm81xVF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm81xVGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmg1hVF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmg1hVGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmr19VF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmr19VGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmv1pVF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmv1pVGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmy15VF9eO.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLmy15VGdeOcEg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiGyp8kv8JHgFVrJJLucHtA.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiGyp8kv8JHgFVrJJLufntAKPY.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiGyp8kv8JHgFVrLPTucHtA.woff2)
Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiGyp8kv8JHgFVrLPTufntAKPY.woff2)
Source: chromecache_72.2.dr, chromecache_61.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_72.2.dr, chromecache_61.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_72.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_65.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Source: chromecache_65.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
Source: chromecache_65.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
Source: chromecache_65.2.dr	String found in binary or memory: https://track.gaug.es/track.gif

Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49763 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_65, type: DROPPED

Source: classification engine

Classification label: mal56.phis.win@16/48@14/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2024,i,13314379522545086292,8042181613780995042,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://uporniacomnuvidx.z13.web.core.windows.net/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2024,i,13314379522545086292,8042181613780995042,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1431924
Product:	CloudBasic
Start time:	01:21:18
Start date:	26.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://uporniacomnuvidx.z13.web.core.windows.net/index.html

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://uporniacomnuvidx.z13.web.core.windows.net/index.html

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://uporniacomnuvidx.z13.web.core.windows.net/index.html