Edit tour

Windows Analysis Report
http://www.realfakedoors.net/

Overview

General Information

Sample URL:	http://www.realfakedoors.net/
Analysis ID:	1596465
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,4681585990127435933,89316503949924062,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.realfakedoors.net/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

HTTP traffic detected: POST /hylfff.php HTTP/1.1Host: vkg.hpdbfezgrqwn.vipConnection: keep-aliveContent-Length: 92sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8;Accept: */*Origin: http://www.realfakedoors.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://www.realfakedoors.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Jan 2025 00:37:57 GMTContent-Type: text/html; charset=utf-8Content-Length: 1862Connection: closeSet-Cookie: X-CDN-WAF-R-C=0001696783; path=/Vary: Accept-EncodingETag: "6486cd02-746"X-Frame-Options: SAMEORIGINServer: nginx

Source: chromecache_222.2.dr	String found in binary or memory: http://12aff.best5689.com/92043302/signup/cs/index.html
Source: chromecache_222.2.dr	String found in binary or memory: http://5887ky.com
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: http://kaiyunty583.net
Source: chromecache_234.2.dr	String found in binary or memory: http://layer.layui.com/
Source: chromecache_172.2.dr, chromecache_276.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_222.2.dr	String found in binary or memory: https://0326018.cc
Source: chromecache_147.2.dr	String found in binary or memory: https://1k4ej4j1lxvjwz.com/
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://33771204.app
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://551002m.cc
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://665339c.com
Source: chromecache_222.2.dr	String found in binary or memory: https://665339c.com/wap/downloadApp?promoCode=e9VJBL
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://789400.cc/
Source: chromecache_222.2.dr	String found in binary or memory: https://99505n.cc
Source: chromecache_222.2.dr	String found in binary or memory: https://a43389.cc/
Source: chromecache_222.2.dr	String found in binary or memory: https://aff.kkcg8.com/sign-up/593325
Source: chromecache_188.2.dr	String found in binary or memory: https://analytics.tiktok.com/i18n/pixel/events.js
Source: chromecache_222.2.dr	String found in binary or memory: https://app.geqianf233.top/s/bet365
Source: chromecache_222.2.dr	String found in binary or memory: https://app.geqianf233.top/s/bwyz
Source: chromecache_222.2.dr	String found in binary or memory: https://app.geqianf233.top/s/tyc
Source: chromecache_222.2.dr	String found in binary or memory: https://appiso-ali.ghgdfdf.com/?cGkxMl90NDA3MQ==&c=101105706293#/
Source: chromecache_222.2.dr	String found in binary or memory: https://cdn.livechatinc.com/tracking.js
Source: chromecache_188.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://e977110.com
Source: chromecache_222.2.dr	String found in binary or memory: https://e977110.com/wap/downloadApp?promoCode=pK8XQc
Source: chromecache_185.2.dr, chromecache_193.2.dr, chromecache_271.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_185.2.dr, chromecache_193.2.dr, chromecache_271.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_185.2.dr, chromecache_193.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_222.2.dr	String found in binary or memory: https://guwu.fun/download
Source: chromecache_173.2.dr	String found in binary or memory: https://j21716.com
Source: chromecache_222.2.dr	String found in binary or memory: https://j21716.com/wap/downloadApp?promoCode=XPMJTR
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://k933005.com
Source: chromecache_222.2.dr	String found in binary or memory: https://lucky298.com/vsgl
Source: chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://lucky298.com/vsglat
Source: chromecache_173.2.dr	String found in binary or memory: https://m399227.com
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com
Source: chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common
Source: chromecache_187.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/images/errors/ico-605.png
Source: chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/js/curl/curl.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.j
Source: chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/main.js
Source: chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/urlencode.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/static/css/gb.validation.min.css
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1737360451690
Source: chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/themes/default/bootstrap/bootstrap.min.css
Source: chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/themes/error.css
Source: chromecache_188.2.dr, chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/msites
Source: chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/msites/images/touchicon.png
Source: chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/common.css?v=1737360451690
Source: chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/lang/zh_CN.css?v=1737360451690
Source: chromecache_187.2.dr, chromecache_273.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/Logo/405/1696591118080.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10004/1719343950451.jpg)
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10006/1719344244164.jpg)
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10008/1719344412734.jpg)
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10010/1719344363451.jpg)
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10047/1719344188380.jpg)
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10048/1719344459903.jpg)
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10049/1719344515771.jpg)
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10050/1719344563012.jpg)
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/all_bg.jpg
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/header/header_bg.jpg
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/header/top_bg.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/icon_marquee.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/1_9.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/3_108.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/code_bg.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_0.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_1.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_2.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_3.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_4.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_5.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_6.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_7.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/download_apple.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/download_bg.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_1.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_3.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_4.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_5.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_fish_42_5.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/hot_game_title.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/hotgame_title_bg.jpg
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_1.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_3.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_4.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_5.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/service_inner_bg.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/service_out_bg.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/services_title.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/services_title_bg.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/themes/style/bootstrap-dialog.min.css
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/themes/style/common.css
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/images/default-banner.jpg
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/images/favicon/favicon_1761.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/bootstrap-dialog.min.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/float.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/gui-base.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/idangerous.swiper.min.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/jquery/jquery.super-marquee.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/layer.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/lazyload.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/moment.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/Comet.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/CometMarathon.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/PopUp.js
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-base.css
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-skin-default.css
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/themes/hb/css/pc.css
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/zh_CN/pubads/images/ads1.png
Source: chromecache_188.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/zh_CN/pubads/images/ads2.png
Source: chromecache_222.2.dr	String found in binary or memory: https://parimatchasia.onelink.me/nec7/949ac8d5?
Source: chromecache_188.2.dr	String found in binary or memory: https://s1.kwai.net/kos/s101/nlav11187/pixel/events.js
Source: chromecache_188.2.dr	String found in binary or memory: https://s1.kwai.net/kos/s101/nlav11187/pixel/events.js?sdkid=
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://service.sdqhwtvbtwdf.com/C.ashx?btag=a_18017b_1722c_&affid=2017190&siteid=18017&adid=1722&c=
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://service.sdqhwtvbtwdf.com/C.ashx?btag=a_18017b_2464c_&affid=2017190&siteid=18017&adid=2464&c=
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://service.sdqhwtvbtwdf.com/C.ashx?btag=a_18017b_2484c_&affid=2017190&siteid=18017&adid=2484&c=
Source: chromecache_222.2.dr	String found in binary or memory: https://wros8.top/vjS2
Source: chromecache_222.2.dr	String found in binary or memory: https://www.4a0kzf.com/Yvj3
Source: chromecache_222.2.dr	String found in binary or memory: https://www.bvty894.com:30122/entry/register?i_code=2270535
Source: chromecache_222.2.dr	String found in binary or memory: https://www.livechat.com/?welcome
Source: chromecache_222.2.dr	String found in binary or memory: https://www.livechat.com/chat-with/15900159/
Source: chromecache_222.2.dr	String found in binary or memory: https://www.ljjapp2.com/?601158
Source: chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	String found in binary or memory: https://www.ray060.com/?601158
Source: chromecache_222.2.dr	String found in binary or memory: https://www.ss52611.com/vip.html?c=88003698540
Source: chromecache_222.2.dr	String found in binary or memory: https://www.xivev6.com:9056/entry/register37012/?i_code=30114312
Source: chromecache_222.2.dr	String found in binary or memory: https://wy-ali.meriksenrusso.com/wx/app/proxy-qrcode.html?url=aHR0cHM6Ly9hcHBpc28tdHkuc291emhhbnp4Lm
Source: chromecache_222.2.dr	String found in binary or memory: https://wy-ali.meriksenrusso.com/wx/app/proxy-qrcode.html?url=aHR0cHM6Ly9hcHBpc28tdHkuenZiempzYi5jb2
Source: chromecache_222.2.dr	String found in binary or memory: https://xj206.cc/

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: classification engine

Classification label: mal56.win@18/265@56/22

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,4681585990127435933,89316503949924062,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.realfakedoors.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,4681585990127435933,89316503949924062,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	5 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	6 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://www.realfakedoors.net/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
http://www.realfakedoors.net/vue.min.js	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/061410/rcenter/common/js/bootstrap/bootstrap.js?v=1737360451690	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/kaiyun.png	100%	Avira URL Cloud	phishing
https://551002m.cc/	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/plugins/jquery.poshytip/jquery.poshytip.js?v=1737360451690	0%	Avira URL Cloud	safe
https://551002m.cc/images/favicon.png	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/061410/rcenter/common/js/bootstrap-dialog/bootstrap-dialog.js?v=1737360451690	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/sansanqiqi.png	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/errors/templateWrap.js?v=1737360451690	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/ClassTool.js?v=1737360451690	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/188jinbaobo.png	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/jquery-2.1.1.js?v=1737360451690	0%	Avira URL Cloud	safe
https://551002m.cc/commonPage/error.html	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/common.css?v=1737360451690	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/components/selectPure.js?v=1737360451690	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/lang/zh_CN.css?v=1737360451690	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/curl/curl/loader/legacy.js?v=1737360451690	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/tychongse.png	100%	Avira URL Cloud	phishing
http://layer.layui.com/	0%	Avira URL Cloud	safe
https://551002m.cc/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion=	100%	Avira URL Cloud	phishing
https://app.geqianf233.top/s/bet365	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
share.n.shifen.com	182.61.244.229	true	false	high
1k4ej4j1lxvjwz.com	122.10.50.210	true	false	high
hcdnwsa120.v5.cdnhwczoy106.cn	90.84.161.16	true	false	high
api.share.n.shifen.com	39.156.68.163	true	false	high
l5-global.gslb.ksyuncdn.com	103.198.200.7	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
vkg.hpdbfezgrqwn.vip	122.10.26.202	true	false	high
www.realfakedoors.net	38.14.93.29	true	false	unknown
www.wshifen.com	103.235.47.188	true	false	high
www.google.com	142.250.184.196	true	false	high
www.sogou.com	43.153.236.147	true	false	high
k1.gslb.ksyuncdn.com	183.61.168.7	true	false	high
551002m.cc	202.181.26.226	true	false	high
push.zhanzhang.baidu.com	unknown	unknown	false	high
collect-v6.51.la	unknown	unknown	false	high
www.baidu.com	unknown	unknown	false	high
p.ssl.qhimg.com	unknown	unknown	false	high
api.share.baidu.com	unknown	unknown	false	high
p3yw7u.innittapp.com	unknown	unknown	false	high
sdk.51.la	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://551002m.cc/images/favicon.png	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/base.css	false		high
http://www.realfakedoors.net/vue.min.js	true	Avira URL Cloud: phishing	unknown
https://551002m.cc/errors/605.html	false		unknown
https://p3yw7u.innittapp.com/ftl/commonPage/themes/hongbao.css	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/urlencode.js	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/themes/default/jquery/plugins/jquery.poshytip/poshytip.css	false		high
https://www.sogou.com/web/index/images/logo_440x140.v.4.png	false		high
https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-skin-default.css	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/main.js	false		high
https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/Comet.js	false		high
https://1k4ej4j1lxvjwz.com/imgs/sansanqiqi.png	false	Avira URL Cloud: phishing	unknown
https://1k4ej4j1lxvjwz.com/popper.min.js	false		high
https://p3yw7u.innittapp.com/ftl/commonPage/js/float.js	false		high
https://551002m.cc/	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/login.css	false		high
https://1k4ej4j1lxvjwz.com/imgs/188jinbaobo.png	false	Avira URL Cloud: phishing	unknown
https://1k4ej4j1lxvjwz.com/quicklink.umd.js	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/errors/templateWrap.js?v=1737360451690	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/js/idangerous.swiper.min.js	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/jquery-2.1.1.js?v=1737360451690	false	Avira URL Cloud: safe	unknown
http://www.realfakedoors.net/	true		unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/plugins/jquery.poshytip/jquery.poshytip.js?v=1737360451690	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/bootstrap/bootstrap.js?v=1737360451690	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/js/jquery/jquery.super-marquee.js	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/ClassTool.js?v=1737360451690	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/css/modalStyles.css	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/js/bootstrap-dialog/bootstrap-dialog.js?v=1737360451690	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/imgs/kaiyun.png	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/themes/style/common.css	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js	false		high
https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/CometMarathon.js	false		high
https://1k4ej4j1lxvjwz.com/imgs/2025shiyunhui.png	false		high
https://p3yw7u.innittapp.com/ftl/commonPage/js/layer.js	false		high
https://1k4ej4j1lxvjwz.com/imgs/tychongse.png	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/themes/base.css	false		high
https://1k4ej4j1lxvjwz.com/imgs/2025fajia.png	false		high
http://sdk.51.la/js-sdk-pro.min.js	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/images/errors/blue-bg.jpg	false		high
https://551002m.cc/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion=	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-layer.css	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/themes/default/font-awesome/font-awesome.css	false		high
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/common.css?v=1737360451690	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/imgs/gf.fc8d6758.png	false		high
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/style.css	false		high
https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-base.css	false		high
https://551002m.cc/commonPage/error.html	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/content.css	false		high
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/lang/zh_CN.css?v=1737360451690	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/themes/default/bootstrap/bootstrap.min.css	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/js/curl/curl/loader/legacy.js?v=1737360451690	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/imgs/2026shijiebei.png	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/components/selectPure.js?v=1737360451690	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/imgs/banner/banner.365.png	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.4a0kzf.com/Yvj3	chromecache_222.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/commonPage/zh_CN/pubads/images/ads2.png	chromecache_188.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_1.png	chromecache_188.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_6.png	chromecache_188.2.dr	false		high
https://appiso-ali.ghgdfdf.com/?cGkxMl90NDA3MQ==&c=101105706293#/	chromecache_222.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/commonPage/images/default-banner.jpg	chromecache_188.2.dr	false		high
https://xj206.cc/	chromecache_222.2.dr	false		high
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.j	chromecache_188.2.dr	false		high
https://789400.cc/	chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	false		high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_185.2.dr, chromecache_193.2.dr	false		high
https://cdn.livechatinc.com/tracking.js	chromecache_222.2.dr	false		high
http://12aff.best5689.com/92043302/signup/cs/index.html	chromecache_222.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_5.png	chromecache_188.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/services_title_bg.png	chromecache_188.2.dr	false		high
https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10048/1719344459903.jpg)	chromecache_188.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_5.png	chromecache_188.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/header/header_bg.jpg	chromecache_188.2.dr	false		high
https://p3yw7u.innittapp.com/fserver	chromecache_187.2.dr, chromecache_273.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_2.png	chromecache_188.2.dr	false		high
https://www.ss52611.com/vip.html?c=88003698540	chromecache_222.2.dr	false		high
https://service.sdqhwtvbtwdf.com/C.ashx?btag=a_18017b_2484c_&affid=2017190&siteid=18017&adid=2484&c=	chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	false		high
https://m399227.com	chromecache_173.2.dr	false		high
http://kaiyunty583.net	chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/icon_marquee.png	chromecache_188.2.dr	false		high
https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10050/1719344563012.jpg)	chromecache_188.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_5.png	chromecache_188.2.dr	false		high
https://wy-ali.meriksenrusso.com/wx/app/proxy-qrcode.html?url=aHR0cHM6Ly9hcHBpc28tdHkuenZiempzYi5jb2	chromecache_222.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/hot_game_title.png	chromecache_188.2.dr	false		high
https://lucky298.com/vsglat	chromecache_226.2.dr, chromecache_173.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_fish_42_5.png	chromecache_188.2.dr	false		high
https://e977110.com/wap/downloadApp?promoCode=pK8XQc	chromecache_222.2.dr	false		high
https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10008/1719344412734.jpg)	chromecache_188.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/download_bg.png	chromecache_188.2.dr	false		high
https://www.ljjapp2.com/?601158	chromecache_222.2.dr	false		high
https://j21716.com	chromecache_173.2.dr	false		high
https://a43389.cc/	chromecache_222.2.dr	false		high
https://wros8.top/vjS2	chromecache_222.2.dr	false		high
https://getbootstrap.com/)	chromecache_185.2.dr, chromecache_193.2.dr, chromecache_271.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_1.png	chromecache_188.2.dr	false		high
http://layer.layui.com/	chromecache_234.2.dr	false	Avira URL Cloud: safe	unknown
http://5887ky.com	chromecache_222.2.dr	false		high
https://app.geqianf233.top/s/bet365	chromecache_222.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_1.png	chromecache_188.2.dr	false		high
https://www.livechat.com/?welcome	chromecache_222.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/hotgame_title_bg.jpg	chromecache_188.2.dr	false		high
https://e977110.com	chromecache_222.2.dr, chromecache_226.2.dr, chromecache_173.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
182.61.201.94	unknown	China	38365	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	false
202.181.26.226	551002m.cc	Hong Kong	55933	CLOUDIE-AS-APCloudieLimitedHK	false
122.10.26.202	vkg.hpdbfezgrqwn.vip	Hong Kong	139817	GIGALINK-AS-APHONGKONGGIGALINKNETWORKLIMITEDHK	false
103.235.47.188	www.wshifen.com	Hong Kong	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	false
103.235.46.96	unknown	Hong Kong	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	false
39.156.68.163	api.share.n.shifen.com	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
122.10.50.210	1k4ej4j1lxvjwz.com	Hong Kong	134548	DXTL-HKDXTLTseungKwanOServiceHK	false
199.91.74.185	unknown	United States	21859	ZNETUS	false
183.61.168.7	k1.gslb.ksyuncdn.com	China	134763	CT-DONGGUAN-IDCCHINANETGuangdongprovincenetworkCN	false
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
90.84.161.16	hcdnwsa120.v5.cdnhwczoy106.cn	France	5511	OPENTRANSITFR	false
199.91.74.209	unknown	United States	21859	ZNETUS	false
103.155.16.134	unknown	unknown	134687	TWIDC-AS-APTWIDCLimitedHK	false
125.89.169.8	unknown	China	58543	CHINATELECOM-GUANGDONG-IDCGuangdongCN	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
182.61.244.229	share.n.shifen.com	China	38365	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	false
103.198.200.7	l5-global.gslb.ksyuncdn.com	China	55720	GIGABIT-MYGigabitHostingSdnBhdMY	false
90.84.161.20	unknown	France	5511	OPENTRANSITFR	false
38.14.93.29	www.realfakedoors.net	United States	174	COGENT-174US	false
43.153.236.147	www.sogou.com	Japan	4249	LILLY-ASUS	false

Private

IP
192.168.2.16
192.168.2.10

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1596465
Start date and time:	2025-01-22 01:35:54 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.realfakedoors.net/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@18/265@56/22
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.78, 108.177.15.84, 142.250.185.174, 142.250.185.238, 216.58.212.170, 172.217.18.106, 142.250.185.234, 142.250.185.74, 172.217.16.138, 142.250.185.138, 142.250.186.170, 172.217.18.10, 142.250.185.106, 172.217.16.202, 216.58.206.42, 172.217.23.106, 142.250.184.234, 142.250.186.106, 142.250.181.234, 142.250.185.170, 199.232.214.172, 142.250.186.142, 172.217.16.206, 142.250.186.67, 142.250.185.206, 13.107.246.45, 184.28.90.27, 4.175.87.197
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://www.realfakedoors.net/

Input	Output
URL: http://www.realfakedoors.net Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 0, "spoofed": 0, "reasoning": "The URL 'http://www.realfakedoors.net' does not appear to be attempting to spoof a well-known brand. The domain name 'realfakedoors' does not closely resemble any globally recognized brand or company. There are no obvious character substitutions or visual similarities to a known brand. The use of the '.net' domain extension is common and does not suggest any deceptive intent. The name 'realfakedoors' could be interpreted as a humorous or creative business name rather than an attempt to confuse users into thinking they are visiting a legitimate brand's website. Therefore, there is no strong evidence of typosquatting in this case."}
URL: http://www.realfakedoors.net
URL: http://www.realfakedoors.net/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a script for submitting links to the Baidu Link Submission platform, which is a legitimate service. While it uses dynamic script loading based on the current protocol, this is a common practice for ensuring compatibility across HTTP and HTTPS environments. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscation. Therefore, the overall risk score is low." }
(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s); })();
URL: https://1k4ej4j1lxvjwz.com/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a simple function that delays the loading of a background image for an element with the class 'box'. This is a common practice for improving page load performance and user experience. The code does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscation. The use of a setTimeout function to delay the background image loading is a legitimate technique and does not raise any security concerns." }
window.onload = function() { // function loadBackgroundImage() { var boxElement = document.querySelector('.box[data-v-5371a066]'); // 1 setTimeout(function() { boxElement.style.backgroundImage = 'url(../imgs/bg.lanse.jpg)'; // URL }, 1000); // 1000 = 1 } // loadBackgroundImage(); }
URL: https://551002m.cc/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be primarily focused on setting up configuration variables and handling language/locale-related settings. While it includes some external domain references, the overall behavior seems to be related to legitimate functionality like analytics or telemetry. There are no clear indicators of high-risk activities like dynamic code execution or data exfiltration. The script may have some outdated practices, but the risk level is relatively low." }
var resRoot = 'https://p3yw7u.innittapp.com/061410/rcenter/msites'; var wsRoot = '/mdcenter/websocket/msite'; var mdRoot = '/mdcenter/msite.comet'; var fltRootPath = 'https://p3yw7u.innittapp.com/ftl/'; var useBase64 = base64List.includes(1761); //iframe try{window.top.language='zh-CN';}catch(ex){window.language='zh-CN';} // try{window.top.timeLanguage='zh-CN';}catch(ex){window.timeLanguage='zh-CN';} // 202172 const commonParameter = { locale: "zh_CN", terminal: "pc", is_native: false, version: "v3055", resolution: "2x", };
URL: https://551002m.cc/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script appears to be a legitimate part of a web application, with some moderate-risk indicators. It makes AJAX requests to fetch data and update the UI, which is common practice. However, it also uses some legacy APIs like `XDomainRequest` and performs aggressive DOM manipulation, which could indicate potential performance or security issues. Overall, the script requires further review to ensure there are no hidden malicious behaviors." }
var activityMessageId = ""; // ID = searchId var redBagTheme = ""; // var readFloat; getFloat(); // function getFloat() { const data = Object.assign({}, commonParameter) $.ajax({ url: "/mobile-api/v5/origin/getFloat.html", type: "POST", dataType: "json", data: data, success: function (res) { if (res.code === "0") { if (res.data.activity) { activityMessageId = res.data.activity.activityId; redBagTheme = res.data.activity.redBagTheme; } sessionStorage["getFloat"] = JSON.stringify(res); if (typeof floatV5Main === "function") floatV5Main(); // } }, error: function (res) { console.log(res); } }).done(function() { readFloat = setInterval(function() { if($('#float-v5').length > 0) { replaceInfo("source-src-float", "src") clearInterval(readFloat) } }, 500) }) } // function canShowLottery() { if (sessionStorage.is_login !== "true") { loginObj.getLoginPopup(); return; } if (!activityMessageId) { $(".hongbao").removeClass('disabled'); $("#tip-msgs").html('!'); $(".hongbao-time-txt").hide(); $(".hongbao-time").hide(); return; } $(".hongbao").addClass('hide_hongbao'); $(".hongbao-msg-tips").hide(); $.ajax({ url: "/activity-api/v5/activityOrigin/countDrawTimes.html", type: "POST", dataType: "JSON", data: Object.assign({}, commonParameter, {activityMessageId: activityMessageId}), success: function (res) { if (res.code === "0") { if (redBagTheme === "redbag02") { $("#hongbao_inner").removeClass(); $("#hongbao_inner").addClass("hongbao_inner02"); $(".redbag02").show(); $("#target01").removeClass("hongbao-time-txt"); $("#target02").removeClass("hongbao-time"); $("#target03").addClass("hongbao-time-txt"); $("#target04").addClass("hongbao-time"); } else { $("#hongbao_inner").removeClass(); $("#hongbao_inner").addClass("hongbao_inner01"); $(".redbag01").show(); $("#target01").addClass("hongbao-time-txt"); $("#target02").addClass("hongbao-time"); $("#target03").removeClass("hongbao-time-txt"); $("#target04").removeClass("hongbao-time"); } $("#hongbao_detail").fadeIn(600); $("#tip-msgs").show(); if (res.data.drawTimes && res.data.drawTimes > 0) { $(".hongbao").removeClass('disabled'); $("#tip-msgs").show(); $("#tip-msgs").html('<span id="ramain-count">' + res.data.drawTimes + '</span>'); $(".hongbao-time-txt").hide(); $(".hongbao-time").hide(); } else if (res.data.drawTimes === 0) { if (res.data.isEnd === "false") { $(".hongbao").addClass('disabled'); $("#tip-msgs").show(); $("#tip-msgs").html('<span id="ramain-count">0</span>'); $("#ramain-count").text(res.data.drawTimes); } else {
URL: https://551002m.cc/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript code appears to be a legitimate function for managing the sign-in button behavior on a website. It checks the user's login status, retrieves activity information from the backend, and adjusts the button's appearance and functionality accordingly. While the code uses some legacy practices like `sessionStorage` and `$.ajax()`, it does not demonstrate any high-risk indicators like dynamic code execution, data exfiltration, or obfuscation. The script's purpose is to provide a seamless sign-in experience for users, which is a common and expected functionality on many websites." }
/** * checkSignSwitch (/,) * * & * : _vr_signSwitch * 2021/1/8 Dear / function checkSignSwitch(showTips) { // var isLogin = sessionStorage.is_login; // var buttons = $("._vr_signSwitch"); if (buttons.length > 0) { /; {:, :}/ if (isLogin === "true") { buttons.attr({ href: "/pcenter-client/pcenter/#/pcenter-client/sign", target: "_blank" }) } else { buttons.attr({ href: "javascript:loginPlayer(this)" }) } $.ajax({ url: "/mobile-api/v5/chess/getActivityMsg.html", type: "get", data: { "function": "sign" }, dataType: 'json', success: function (res) { /open {1:, 0:}/ if (res.data.isSign !== null && res.data.signSwitch.open === 1) { / ; {false:, true \| null: }; / var page = location.pathname; if (res.data.isSign === false && (page === "/index.html" \|\| page === "/")) { // showTips && alert("!!"); } else { // buttons.hide(); // buttons.removeClass("text-warning") /-*/ } buttons.addClass('switchOn') $('._vr_loginSuccess ._vr_signSwitch').css({"display":"inline", "visibility": "visible"}); }else { buttons.removeClass('switchOn') $("._vr_loginSuccess .panel_sign").css("display","none"); } } }); } }
URL: https://551002m.cc/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The provided JavaScript snippet appears to be a part of a larger application that handles the display of a floating banner or advertisement. While the code does not contain any obvious high-risk indicators, it exhibits some moderate-risk behaviors that warrant further review. The script dynamically manipulates the DOM, loads external resources, and interacts with session storage, which could potentially lead to security issues if not implemented properly. Additionally, the use of obfuscated or hardcoded URLs and the lack of transparency around the data being transmitted to external domains raise some concerns. Overall, the script requires closer inspection to ensure that it is not engaging in any malicious activities and that it is following best practices for web security." }
$(function(){ loadStyleString("#float-v5 .float-v5-item .list-item.top_close_btn", "/commonPage/themes/images/hongbao/icon-close-1.png",true,true); }) function floatV5Main() { $('#float-v5 > div').remove(); // const getFloat = JSON.parse(sessionStorage.getFloat); const _activity = getFloat.data.activity; const _customerFloats = getFloat.data.customerFloats; // -; <>null; <> ; if (!!_activity && !!_activity.id) { const isShow = displayInPage(_activity.displayInPages); // , zh_CNvi_VN let imgMap = { // '' '_hover' '7': '/ftl/commonPage/themes/images/hongbao/vi_VN/hongbao_type1_hover.png', '8': '/ftl/commonPage/themes/images/hongbao/vi_VN/hongbao_type2_hover.png', '9': '/ftl/commonPage/themes/images/hongbao/vi_VN/hongbao_type3_hover.png', }; let listItem = _activity.cttFloatPicItemList.map(function (item, index) { let imgWidth = (item.imgWidth \|\| 0) + 'px'; let imgHeight = (item.imgHeight \|\| 0) + 'px'; let imgUrl = item.normalEffect \|\| ''; let imgUrlHover = _activity.mouseInEffect ? item.mouseInEffect : ''; if (Object.keys(imgMap).includes(_activity.templateType)) { // , , imgWidth = 'auto'; imgHeight = 'auto'; if (['zh_CN', 'vi_VN'].includes(_activity.language)) { // , // imgUrl = imgMap[_activity.templateType].replace('vi_VN', _activity.language).replace('_hover', ''); imgUrlHover = imgMap[_activity.templateType].replace('vi_VN', _activity.language); // :'zh_CN/' if (imgUrl.indexOf('zh_CN/') !== -1) imgUrl = imgUrl.replace('zh_CN/', ''); if (imgUrlHover.indexOf('zh_CN/') !== -1) imgUrlHover = imgUrlHover.replace('zh_CN/', ''); } } return `<div class="list-item ${item.imgLinkType}" style="width: ${imgWidth}; height: ${imgHeight}"> <a href="javascript:${item.imgLinkType === 'close_btn' ? '' : 'canShowLottery()'}"> <img source-src-float="${cdnUrl + imgUrl}" alt="" class="img_default"> ${_activity.mouseInEffect ? `<img source-src-float="${cdnUrl + imgUrlHover}" alt="" class="img_hover">` : ''} </a> </div>` }) var floatV5Item = $('<div>', { 'data-fp': _activity.id, class: [ 'float-v5-item', 'redPacket', _activity.location, _activity.interactivity, _activity.hideCloseButton ? 'hideCloseButton' : '', _activity.showEffect ? 'show_effect' : '', _activity.mouseInEffect ? 'mouseInEffect' : '', isShow ? '' : 'hide', ].join(' '), 'data-displayinpages': _activity.displayInPages, 'data-templatetype': _activity.templateType \|\| "0", // 0 style: _style(_activity), }).append(listItem); // <> // if (!!_activity.hideCloseButton) floatV5Item.append('<div class="list-item close_btn top_close_btn"></div>'); if (!!_activity.hideCloseButton && Object.keys(imgMap).includes(_activity.templateType)) floatV5Item.append('<div class="list-item close_btn top_close_btn"></div>'); // $('#
URL: https://551002m.cc/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of the Facebook Pixel, which is a common analytics and tracking tool used by websites. The script dynamically creates a Facebook Pixel script tag and a noscript tag with an image pixel to track page views. While the use of dynamic code execution and external data transmission are present, these are common practices for implementing the Facebook Pixel and are not inherently malicious. The script's behavior is consistent with its apparent purpose, and there are no clear indicators of suspicious or malicious intent." }
var fpixelid = sessionStorage.getItem('fpixelid') \|\| false if(fpixelid){ var script = document.createElement('script'); script.innerHTML = `!function(f,b,e,v,n,t,s) {if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)}; if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0'; n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t,s)}(window, document,'script', 'https://connect.facebook.net/en_US/fbevents.js'); fbq('init', '${fpixelid}'); fbq('track', 'PageView');`; var noscript = document.createElement('noscript'); var img = document.createElement('img'); img.setAttribute('height', '1'); img.setAttribute('width', '1'); img.setAttribute('style', 'display:none'); img.src = `https://www.facebook.com/tr?id=${fpixelid}&ev=PageView&noscript=1`; var head = document.head \|\| document.getElementsByTagName('head')[0]; head.appendChild(script); head.insertBefore(noscript, script); noscript.appendChild(img); }
URL: https://551002m.cc/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The provided JavaScript snippet contains a mix of low-risk and moderate-risk indicators. While it does not exhibit any high-risk behaviors like dynamic code execution or data exfiltration, it has some concerning aspects that warrant further review. The script interacts with external domains, performs aggressive DOM manipulation, and uses legacy APIs like `XDomainRequest`. Additionally, it includes some functionality related to user tracking and analytics, which may raise privacy concerns depending on the context. Overall, the script requires closer inspection to determine the full extent of its behavior and potential impact." }
// var isOpenCaptcha = false; var captchaType = 2; // var timezoneTran = ""; var dateTimeFromat = ""; var userTimeTimerId; var balanceQueryTriggerLimitTimer; var balanceAutoRefreshTimer; var HIDE_BALANCE_COOKIE_KEY = "BALANCE_HIDE"; var REFRESH_BALANCE_TIME = "REFRESH_BALANCE_TIME"; var PAGE_LANGUAGE = "_LANGUAGE"; var importAccount = false; var cdnUrl = 'https://p3yw7u.innittapp.com' var siteId = 1761 var af_web_key = '' var userId; $(function () { openNewPopWindow(); userTime(); changeLoginStatus(); enterLogin(); // balanceRefresh(); dropdownOpen(); maintainCheck(); initMenuEvents();// liveAccordion();// transWebUrlSlide();// delateTip () // handleLocationParam(); // if (typeof floatPicMain === "function") floatPicMain(); // /** * asessionStorage * chrome 89 */ $('a[target][target!="_top"][target!="_self"][target!="_parent"]').attr("rel","opener"); // // // $('a').each(function() { // var currentHref = $(this).attr('href') // var hasQuery = currentHref.includes('?') // var kpixelid_val = sessionStorage.getItem('kpixelid') // var click_id_val = sessionStorage.getItem('click_id') // var pixel_id_val = sessionStorage.getItem('pixel_id') // if(!currentHref.includes('kpixelid') && kpixelid_val) { // if(hasQuery) { // $(this).attr('href', currentHref + '&kpixelid=' + kpixelid_val + '&click_id=' + click_id_val + '&pixel_id=' + pixel_id_val) // } else { // $(this).attr('href', currentHref + '?kpixelid=' + kpixelid_val + '&click_id=' + click_id_val + '&pixel_id=' + pixel_id_val) // } // } // }) $(".lazyload").lazyload(); }); // function delateTip () { $('input[name="username"]').attr('autocomplete','off'); $('input[name="password"]').attr('autocomplete','off'); $('input[name="captcha"]').attr('autocomplete','off'); } var current_language = getCookie(PAGE_LANGUAGE); if(current_language=="zh_CN"){ $(".current_language").addClass("zh-CN"); $(".current_language").text(""); }else if(current_language=="zh_TW"){ $(".current_language").addClass("zh-TW"); $(".current_language").text(""); }else if(current_language=="en_US"){ $(".current_language").addClass("en-US"); $(".current_language").text("English"); }else if(current_language=="ja_JP"){ $(".current_language").addClass("ja-JP"); $(".current_language").text(""); }else if(current_language=="vi_VN"){ $(".current_language").addClass("vi-VN"); $(".current_language").text("Ting Vit"); }else if(current_language=="th_TH"){ $(".current_language").addClass("th-TH"); $(".current_language").text(""); }else if(current_language=="ko_KR"){ $(".current_language").addClass("ko-KR"); $(".current_language").text(""); }else if(current_language=="in_ID"){ $(".current_language").addClass("in-ID"); $(".current_language").text("bahasa Indonesia"); }else if(current_language=="hi_IN"){ $(".current_language").addClass("hi-IN"); $(".current_language").text(""); }else if(current_language=="pt_BR"){ $(".current_language").addClass("pt-BR"); $(".current_language").text("Portugus"); }else if(current_language=="es_MX"){ $(".current_language").addClass("es-MX"); $(".current_language").text("Espaol"); }else if(current_language=="de_DE"){ $(".current_language").addClass("de-DE"); $(".current_lan
URL: https://551002m.cc/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script appears to be a legitimate language switching functionality, but it has some moderate-risk indicators such as using cookies and session storage to store user preferences. Additionally, the script uses the `layer.open()` function, which could potentially be used for dynamic code execution if not properly implemented. Overall, the script requires further review to ensure there are no security vulnerabilities or unintended behaviors." }
/** * PC * title: * skin: * area: * transparent: * updateTime: / function layerLangDialogIndex(title, content, skin, area, btnAlign, transparent, updateTime) { var dialog = layer.open({ type: 1, time: 0, // closeBtn: 0, shadeClose: false, content: content, title: title, move: ".layui-layer-title", btnAlign: 'c', skin: skin, area: area, btn: [' (No)', ' (Yes)'], success: function (layer) { // //$(layer).find('.layui-layer-btn ').html('<a class="layui-layer-btn0 _close"></a>'); // $(layer).addClass("index-modal"); // if(!!transparent){ $(layer).addClass("index-modal-transparent"); } }, btn1:function(){ // // 1.''session 2.cookie 3. window.sessionStorage["selected_language"] = 'zh_CN'; document.cookie = 'switched_language=true'; layer.close(dialog); }, btn2:function(){ // // 1.'en_US' or 'hi_IN'session 2.cookie 3.'en_US' or 'hi_IN'cookie 4. 5. var switchLanguage = '' window.sessionStorage["selected_language"] = switchLanguage; document.cookie = 'switched_language=true'; document.cookie = '_LANGUAGE=' + switchLanguage; layer.close(dialog); window.location.reload(); } }); } /* * * sessionStorage.selected_language: null \|\| language / function langDialog() { var content = '<p class="switch-txt"> </p><p class="switch-txt switch-txt-hi">Do you want to switch language into English</p>' var title = ['', 'background-color: #2D2D2D; color: white']; // 1.switched_languagecookie if (filterSwitchedLanguage('switched_language') == 'false' \|\| filterSwitchedLanguage('switched_language') == null) { var languageLayer = layerLangDialogIndex(title, content, 'switch-language-wrap', ['500px', '230px'], '', false, false); } } /* * switched_languagecookie */ function filterSwitchedLanguage(query) { // cookie const cookies = document.cookie; // cookie cookie var cookiesArray = cookies.split("; "); // 'switched_language' cookie var cookie = cookiesArray.filter(function(el) { return el.toLowerCase().indexOf(query.toLowerCase()) > -1; }) // 'switched_language' cookie var switchedLanguageCookie = cookie.toString().split("="); // switched_languagecookie var cookieValue = switchedLanguageCookie[1]; return cookieValue }
URL: https://551002m.cc/... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript snippet appears to be a login-related functionality that handles various types of captcha mechanisms, including default captcha, word captcha, and slider captcha. While the code does not exhibit any obvious high-risk behaviors, it does have some moderate-risk indicators that warrant further review. The code makes AJAX requests to fetch captcha data, which could potentially lead to data exfiltration if the requests are not properly secured or the response data is not properly validated. Additionally, the code uses dynamic DOM manipulation, which could be a concern if not implemented carefully. Overall, the code requires further review to ensure that it is not being used for any malicious purposes and that it adheres to best practices for web security." }
/** * / var initCaptcha = { defaultCaptcha : '2',// wordCaptcha : '1', // sliderCaptcha : '0', // freshCaptcha : 'freshCaptcha', dalogEnd:'end', captchaDialog: null, dealwithHtml: function () { var html = $("#login-initCaptcha").html(); html = html.replace("demo2", "new-captcha-id"); return html; }, captchaStatus : { init : 'init', fresh : 'fresh', }, /* * PC * @param dialogCloseOrCaptchaChangeCallbackFun * @param checkFinshCallbackFun * @param args / initCaptchaPopup: function (dialogCloseOrCaptchaChangeCallbackFun, checkFinshCallbackFun,args) { var init = true; initCaptcha.getInitParam(initCaptcha.captchaStatus.init, dialogCloseOrCaptchaChangeCallbackFun, null, checkFinshCallbackFun,args); }, /* * PC * @param receiveInitParamFun * @param dialogCloseOrCaptchaChangeCallbackFun * @param reloadCaptchaFun // * @param checkFinshCallbackFun //yong * @param args * @param url //forgetPwd.ftl api */ getInitParam: function (captchaStatus, dialogCloseOrCaptchaChangeCallbackFun, reloadCaptchaFun, checkFinshCallbackFun,args) { var init_data ={}; var url = window.location.pathname.indexOf('forgetPwd.html') > -1 ? "/site/captcha/init.html?type=forgetPassword" : importAccount ? "/site/captcha/init.html?type=importPlayer" : "/site/captcha/init.html" if(typeof(args) == "object"){ init_data["type"]=args["op"]; } $.ajax({ url: url, data: init_data, dataType: 'json', async: false, success: function (data) { // if (typeof (reloadCaptchaFun) == "function") { reloadCaptchaFun(data,dialogCloseOrCaptchaChangeCallbackFun, checkFinshCallbackFun,args); } // if (typeof (captchaStatus) != "undefined" && captchaStatus == initCaptcha.captchaStatus.init) { initCaptcha.receiveInitParamFun(data, dialogCloseOrCaptchaChangeCallbackFun, checkFinshCallbackFun,args); } }, error: function (error) { //TODO console.log(error); // var data = {}; data['captchaType']=initCaptcha.defaultCaptcha; data['op']=initCaptcha.dalogEnd; dialogCloseOrCaptchaChangeCallbackFun(data, checkFinshCallbackFun,args); return undefined; } }); }, // receiveInitParamFun: function (data, dialogCloseOrCaptchaChangeCallbackFun, checkFinshCallbackFun,args) { var isOpenCaptcha = data["isOpenCaptcha"]; if (!isOpenCaptcha && !importAccount) { checkFinshCallbackFun(data,args); return; } var captchaType = data['data']['captchaType']; var temp_data = data['data']['captchaData']; // if (captchaType == initCaptcha.defaultCaptcha) { // data['captchaType']=initCaptcha.defaultCaptcha; data['op']=initCaptcha.freshCaptcha; dialogCloseOrCaptchaChangeCallbackFun(data, checkFinshCallbackFun,args); return; } // if (captchaType == '0' \|\| captchaTy
URL: http://www.realfakedoors.net/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false, "page_classification": "file hosting" }

Source: http://www.realfakedoors.net/vue.min.js	Avira URL Cloud: Label: phishing
Source: https://1k4ej4j1lxvjwz.com/imgs/kaiyun.png	Avira URL Cloud: Label: phishing
Source: https://551002m.cc/	Avira URL Cloud: Label: phishing
Source: https://551002m.cc/images/favicon.png	Avira URL Cloud: Label: phishing
Source: https://1k4ej4j1lxvjwz.com/imgs/sansanqiqi.png	Avira URL Cloud: Label: phishing
Source: https://1k4ej4j1lxvjwz.com/imgs/188jinbaobo.png	Avira URL Cloud: Label: phishing
Source: https://551002m.cc/commonPage/error.html	Avira URL Cloud: Label: phishing
Source: https://1k4ej4j1lxvjwz.com/imgs/tychongse.png	Avira URL Cloud: Label: phishing
Source: https://551002m.cc/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion=	Avira URL Cloud: Label: phishing

Source: http://www.realfakedoors.net/	HTTP Parser: No favicon
Source: http://www.realfakedoors.net/	HTTP Parser: No favicon
Source: http://www.realfakedoors.net/	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Encoding: gzipContent-Length: 232Content-Type: text/javascriptServer: bfeDate: Wed, 22 Jan 2025 00:37:09 GMTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 64 8f 41 6b bc 30 10 47 bf ca ae 07 49 50 27 ff eb 7f 25 48 e9 69 af 85 5e ba 59 4a 1a 47 0d ac 33 32 c6 0a 6d f7 bb 17 2b 3d f5 32 87 07 f3 1e bf 63 b7 50 48 91 49 e9 cf 77 2f 07 b4 46 5d 86 94 a6 af ed cc d7 93 33 ce 5c 7c f5 f1 50 bd fc ab fe bb 57 07 d7 c2 c1 9b 8f ed e2 20 f0 a8 4d 1f 4b b1 6b a4 96 57 b8 71 f0 9b 0d 06 c1 ae 64 db 72 58 46 a4 04 82 1d 8a a0 d4 b1 53 47 84 84 73 52 a2 f7 26 d9 cc 18 3f 45 98 07 2f b8 bb 37 b5 99 a1 8f 5d 56 73 a3 a8 b0 59 23 36 2b 90 02 b7 f8 fc 74 7e e4 71 62 42 4a ea 4f 43 97 92 e7 3f 2f f9 cd 66 85 68 7d fa 05 cd 0e ea 2d 9b 2c e1 7a 38 8f be c7 3a c1 2c c1 d2 fd ae f6 21 ba fe 0e 00 00 ff ff 97 51 90 77 19 01 00 00 Data Ascii: dAk0GIP'%Hi^YJG32m+=2cPHIw/F]3\\|PW MKkWqdrXFSGsR&?E/7]VsY#6+t~qbBJOC?/fh}-,z8:,!Qw
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Encoding: gzipContent-Length: 232Content-Type: text/javascriptServer: bfeDate: Wed, 22 Jan 2025 00:37:10 GMTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 64 8f 41 6b bc 30 10 47 bf ca ae 07 49 50 27 ff eb 7f 25 48 e9 69 af 85 5e ba 59 4a 1a 47 0d ac 33 32 c6 0a 6d f7 bb 17 2b 3d f5 32 87 07 f3 1e bf 63 b7 50 48 91 49 e9 cf 77 2f 07 b4 46 5d 86 94 a6 af ed cc d7 93 33 ce 5c 7c f5 f1 50 bd fc ab fe bb 57 07 d7 c2 c1 9b 8f ed e2 20 f0 a8 4d 1f 4b b1 6b a4 96 57 b8 71 f0 9b 0d 06 c1 ae 64 db 72 58 46 a4 04 82 1d 8a a0 d4 b1 53 47 84 84 73 52 a2 f7 26 d9 cc 18 3f 45 98 07 2f b8 bb 37 b5 99 a1 8f 5d 56 73 a3 a8 b0 59 23 36 2b 90 02 b7 f8 fc 74 7e e4 71 62 42 4a ea 4f 43 97 92 e7 3f 2f f9 cd 66 85 68 7d fa 05 cd 0e ea 2d 9b 2c e1 7a 38 8f be c7 3a c1 2c c1 d2 fd ae f6 21 ba fe 0e 00 00 ff ff 97 51 90 77 19 01 00 00 Data Ascii: dAk0GIP'%Hi^YJG32m+=2cPHIw/F]3\\|PW MKkWqdrXFSGsR&?E/7]VsY#6+t~qbBJOC?/fh}-,z8:,!Qw

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.realfakedoors.net
Source: global traffic	DNS traffic detected: DNS query: www.baidu.com
Source: global traffic	DNS traffic detected: DNS query: vkg.hpdbfezgrqwn.vip
Source: global traffic	DNS traffic detected: DNS query: www.sogou.com
Source: global traffic	DNS traffic detected: DNS query: p.ssl.qhimg.com
Source: global traffic	DNS traffic detected: DNS query: push.zhanzhang.baidu.com
Source: global traffic	DNS traffic detected: DNS query: sdk.51.la
Source: global traffic	DNS traffic detected: DNS query: api.share.baidu.com
Source: global traffic	DNS traffic detected: DNS query: collect-v6.51.la
Source: global traffic	DNS traffic detected: DNS query: 1k4ej4j1lxvjwz.com
Source: global traffic	DNS traffic detected: DNS query: 551002m.cc
Source: global traffic	DNS traffic detected: DNS query: p3yw7u.innittapp.com

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.realfakedoors.net/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Windows Analysis Report
http://www.realfakedoors.net/