Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://narod.ru//disk/10290564001/sm010%20.pdf.htm

Overview

General Information

Sample URL:http://narod.ru//disk/10290564001/sm010%20.pdf.htm
Analysis ID:1596599
Infos:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish62
HTML title does not match URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2036,i,9201934300400578885,14101567058557113912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://narod.ru//disk/10290564001/sm010%20.pdf.htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.2.pages.csvJoeSecurity_HtmlPhish_62Yara detected HtmlPhish_62Joe Security
    1.0.pages.csvJoeSecurity_HtmlPhish_62Yara detected HtmlPhish_62Joe Security
      1.1.pages.csvJoeSecurity_HtmlPhish_62Yara detected HtmlPhish_62Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        Phishing

        barindex
        Yara detected HtmlPhish62
        Source: Yara matchFile source: 1.2.pages.csv, type: HTML
        Source: Yara matchFile source: 1.0.pages.csv, type: HTML
        Source: Yara matchFile source: 1.1.pages.csv, type: HTML
        Source: https://passport.yandex.ru/auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.ruHTTP Parser: Title: Authorization does not match URL
        Source: https://passport.yandex.ru/auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.ruHTTP Parser: <input type="password" .../> found
        Source: https://passport.yandex.ru/auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.ruHTTP Parser: No <meta name="author".. found
        Source: https://passport.yandex.ru/auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.ruHTTP Parser: No <meta name="author".. found
        Source: https://passport.yandex.ru/auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.ruHTTP Parser: No <meta name="author".. found
        Source: https://passport.yandex.ru/auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.ruHTTP Parser: No <meta name="copyright".. found
        Source: https://passport.yandex.ru/auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.ruHTTP Parser: No <meta name="copyright".. found
        Source: https://passport.yandex.ru/auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.ruHTTP Parser: No <meta name="copyright".. found
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET //disk/10290564001/sm010%20.pdf.htm HTTP/1.1Host: narod.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg8_=GuYzUD23uMKGYpNP; __ddg9_=8.46.123.189; __ddg10_=1737528949; __ddg1_=NOHw4fFchK75FtHieejI
        Source: global trafficHTTP traffic detected: GET /client/narod HTTP/1.1Host: disk.yandex.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.ru HTTP/1.1Host: passport.yandex.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _yasc=ZzLBJ0xWQQ3oP/e44NlHlwewhmr0d394z4IRwCf21CqE5UevWZciHIxFaROheufcdg==; i=wB1KXVIKr+L/Gn5Lm9ZUXU3B2H5I9OB597PcVP1VksxnVlRNBtx/dWpjFvJEEDm1U7CoBpRpMHybP/9xj3JmPNoS4Gc=; yandexuid=8206079511737528952; yashr=1984685901737528952
        Source: global trafficHTTP traffic detected: GET /client/narod HTTP/1.1Host: disk.yandex.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _yasc=ZzLBJ0xWQQ3oP/e44NlHlwewhmr0d394z4IRwCf21CqE5UevWZciHIxFaROheufcdg==; i=wB1KXVIKr+L/Gn5Lm9ZUXU3B2H5I9OB597PcVP1VksxnVlRNBtx/dWpjFvJEEDm1U7CoBpRpMHybP/9xj3JmPNoS4Gc=; yandexuid=8206079511737528952; yashr=1984685901737528952
        Source: global trafficHTTP traffic detected: GET /auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.ru HTTP/1.1Host: passport.yandex.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _yasc=ZzLBJ0xWQQ3oP/e44NlHlwewhmr0d394z4IRwCf21CqE5UevWZciHIxFaROheufcdg==; i=wB1KXVIKr+L/Gn5Lm9ZUXU3B2H5I9OB597PcVP1VksxnVlRNBtx/dWpjFvJEEDm1U7CoBpRpMHybP/9xj3JmPNoS4Gc=; yandexuid=8206079511737528952; yashr=1984685901737528952; uniqueuid=102776661737528953
        Source: global trafficHTTP traffic detected: GET /s3/passport-static/core/v1.190.14/css/react.authv2.cij.css HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://passport.yandex.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /react/17.0.2/react-with-dom-and-polyfills.min.js HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://passport.yandex.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-auth-customs//customs/v1.176.3/passport.auth.customs.css HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/frontend/jslibs/jquery/3.7.1/jquery-3.7.1.min.js HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://passport.yandex.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/frontend/jslibs/jquery/3.7.1/jquery-3.7.1.min.js HTTP/1.1Host: yastatic.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /react/17.0.2/react-with-dom-and-polyfills.min.js HTTP/1.1Host: yastatic.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-static/core/v1.190.14/js/react.authv2.lego.en.js HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://passport.yandex.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-static/core/v1.190.14/js/react.authv2.vendors.en.js HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://passport.yandex.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-static/core/v1.190.14/js/react.authv2.react.en.js HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://passport.yandex.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2 HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://passport.yandex.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /islands/_/g0MeJlAWVRZjlLOLzhOGwwDQzKY.woff HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://passport.yandex.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-auth-customs/customs/_/39e2a75c.jpg HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yastatic.net/s3/passport-auth-customs//customs/v1.176.3/passport.auth.customs.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-static/core/v1.190.14/js/react.authv2.lego.en.js HTTP/1.1Host: yastatic.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2 HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://passport.yandex.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-static/core/v1.190.14/js/react.authv2.vendors.en.js HTTP/1.1Host: yastatic.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-auth-customs/customs/_/39e2a75c.jpg HTTP/1.1Host: yastatic.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-static/core/v1.190.14/i/authv2/fingerprint-icon.svg HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yastatic.net/s3/passport-static/core/v1.190.14/css/react.authv2.cij.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-static/core/v1.190.14/js/react.authv2.react.en.js HTTP/1.1Host: yastatic.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /s3/passport-static/core/v1.190.14/i/authv2/fingerprint-icon.svg HTTP/1.1Host: yastatic.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: passport.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-prefers-color-scheme: lightUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _yasc=ZzLBJ0xWQQ3oP/e44NlHlwewhmr0d394z4IRwCf21CqE5UevWZciHIxFaROheufcdg==; i=wB1KXVIKr+L/Gn5Lm9ZUXU3B2H5I9OB597PcVP1VksxnVlRNBtx/dWpjFvJEEDm1U7CoBpRpMHybP/9xj3JmPNoS4Gc=; yandexuid=8206079511737528952; yashr=1984685901737528952; uniqueuid=102776661737528953
        Source: global trafficHTTP traffic detected: GET /registration-validations/auth/multi_step/start HTTP/1.1Host: passport.yandex.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _yasc=ZzLBJ0xWQQ3oP/e44NlHlwewhmr0d394z4IRwCf21CqE5UevWZciHIxFaROheufcdg==; i=wB1KXVIKr+L/Gn5Lm9ZUXU3B2H5I9OB597PcVP1VksxnVlRNBtx/dWpjFvJEEDm1U7CoBpRpMHybP/9xj3JmPNoS4Gc=; yandexuid=8206079511737528952; yashr=1984685901737528952; uniqueuid=102776661737528953
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: passport.yandex.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=wB1KXVIKr+L/Gn5Lm9ZUXU3B2H5I9OB597PcVP1VksxnVlRNBtx/dWpjFvJEEDm1U7CoBpRpMHybP/9xj3JmPNoS4Gc=; yandexuid=8206079511737528952; yashr=1984685901737528952; uniqueuid=102776661737528953; _yasc=9RzRuZ6AaUDNlEkHRtKwMwqFVts0FkvXhKKE93+Ylx/KBSmaR+ex7+z7FGWxP0FTwuwd
        Source: global trafficHTTP traffic detected: GET /registration-validations/auth/multi_step/start HTTP/1.1Host: passport.yandex.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=wB1KXVIKr+L/Gn5Lm9ZUXU3B2H5I9OB597PcVP1VksxnVlRNBtx/dWpjFvJEEDm1U7CoBpRpMHybP/9xj3JmPNoS4Gc=; yandexuid=8206079511737528952; yashr=1984685901737528952; uniqueuid=102776661737528953; _yasc=9RzRuZ6AaUDNlEkHRtKwMwqFVts0FkvXhKKE93+Ylx/KBSmaR+ex7+z7FGWxP0FTwuwd
        Source: global trafficHTTP traffic detected: GET /registration-validations/auth/multi_step/start HTTP/1.1Host: passport.yandex.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=wB1KXVIKr+L/Gn5Lm9ZUXU3B2H5I9OB597PcVP1VksxnVlRNBtx/dWpjFvJEEDm1U7CoBpRpMHybP/9xj3JmPNoS4Gc=; yandexuid=8206079511737528952; yashr=1984685901737528952; uniqueuid=102776661737528953; _yasc=9RzRuZ6AaUDNlEkHRtKwMwqFVts0FkvXhKKE93+Ylx/KBSmaR+ex7+z7FGWxP0FTwuwd
        Source: global trafficHTTP traffic detected: GET /registration-validations/auth/multi_step/start HTTP/1.1Host: passport.yandex.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=wB1KXVIKr+L/Gn5Lm9ZUXU3B2H5I9OB597PcVP1VksxnVlRNBtx/dWpjFvJEEDm1U7CoBpRpMHybP/9xj3JmPNoS4Gc=; yandexuid=8206079511737528952; yashr=1984685901737528952; uniqueuid=102776661737528953; _yasc=9RzRuZ6AaUDNlEkHRtKwMwqFVts0FkvXhKKE93+Ylx/KBSmaR+ex7+z7FGWxP0FTwuwd
        Source: global trafficHTTP traffic detected: GET //disk/10290564001/sm010%20.pdf.htm HTTP/1.1Host: narod.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /disk/10290564001/sm010%20.pdf.htm HTTP/1.1Host: narod.yandex.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: narod.ru
        Source: global trafficDNS traffic detected: DNS query: narod.yandex.ru
        Source: global trafficDNS traffic detected: DNS query: disk.yandex.ru
        Source: global trafficDNS traffic detected: DNS query: passport.yandex.ru
        Source: global trafficDNS traffic detected: DNS query: yastatic.net
        Source: unknownHTTP traffic detected: POST /registration-validations/auth/multi_step/start HTTP/1.1Host: passport.yandex.ruConnection: keep-aliveContent-Length: 412sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Accept: application/json, text/javascript, */*; q=0.01X-Requested-With: XMLHttpRequestsec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Origin: https://passport.yandex.ruSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://passport.yandex.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _yasc=ZzLBJ0xWQQ3oP/e44NlHlwewhmr0d394z4IRwCf21CqE5UevWZciHIxFaROheufcdg==; i=wB1KXVIKr+L/Gn5Lm9ZUXU3B2H5I9OB597PcVP1VksxnVlRNBtx/dWpjFvJEEDm1U7CoBpRpMHybP/9xj3JmPNoS4Gc=; yandexuid=8206079511737528952; yashr=1984685901737528952; uniqueuid=102776661737528953
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-store, no-cache, must-revalidate, proxy-revalidateConnection: CloseContent-Length: 9975Content-Security-Policy: default-src 'none';style-src 'self' yastatic.net 'unsafe-inline' 'unsafe-eval' s3.mds.yandex.net s3.mdst.yandex.net;script-src 'self' yastatic.net mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com chat.s3.yandex.net api-maps.yandex.ru suggest-maps.yandex.net export.yandex.ru 'unsafe-eval' 'unsafe-inline' 'nonce-618c3b50-635a-4fca-91c8-02a8aee0dda1' https://yastatic.net/s3/frontend/butterfly/latest/butterfly.js;img-src 'self' yastatic.net https://ysa-static.passport.yandex.ru https://ysa-static.passport.yandex.net yandex.st data: mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com api-maps.yandex.ru *.captcha.yandex.net s3.mds.yandex.net s3.mdst.yandex.net avatars.mds.yandex.net avatars.mdst.yandex.net clck.yandex.ru *.maps.yandex.net yapic.yandex.ru img.yandex.ru static-maps.yandex.ru https://video-tub-ru.yandex.net https://img0-tub-ru.yandex.net https://img1-tub-ru.yandex.net https://img2-tub-ru.yandex.net https://img3-tub-ru.yandex.net yango.com blob: mc.webvisor.com mc.webvisor.org https://downloader.disk.yandex.ru;font-src 'self' data: yastatic.net;object-src yastatic.net;media-src *.captcha.yandex.net data: yastatic.net;connect-src mail.yandex.ru 'self' mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com trust.yandex.ru trust.yandex.com suggest-maps.yandex.net mc.webvisor.com mc.webvisor.org yandex.ru api.passport.yandex.ru *.disk.yandex.net;frame-ancestors 'self';frame-src 'self' yandex.st s4.money.yandex.net https://yandex.ru/chat split.yandex.ru yastatic.net yandex.ru sso.passport.yandex.ru sso.ya.ru pass.yandex.ru magic.passport.yandex.ru passport.yandex.ru https://trust.yandex.ru blob: mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com https://yandex.ru/forms https://forms.yandex.ru/;child-src 'self' yandex.st yandex.ru passport.yandex.ru pass.yandex.ru https://trust.yandex.ru blob: mc.yandex.ru;report-uri https://csp.yandex.net/csp?from=passport&project=passport&yandex_login=&yandexuid=8206079511737528952;manifest-src 'self' yastatic.netContent-Type: text/html; charset=utf-8Date: Wed, 22 Jan 2025 06:56:04 GMTETag: W/"26f7-4uItwwrtg0IZrtp29GeOHminTY0"Expires: 0P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"Pragma: no-cacheReferrer-Policy: originStrict-Transport-Security: max-age=315360000; includeSubDomains; preloadSurrogate-Control: no-storeX-Content-Type-Options: nosniffX-D: dX-DNS-Prefetch-Control: offX-Download-Options: noopenX-Frame-Options: SAMEORIGINX-XSS-Protection: 0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-store, no-cache, must-revalidate, proxy-revalidateConnection: CloseContent-Length: 9975Content-Security-Policy: default-src 'none';style-src 'self' yastatic.net 'unsafe-inline' 'unsafe-eval' s3.mds.yandex.net s3.mdst.yandex.net;script-src 'self' yastatic.net mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com chat.s3.yandex.net api-maps.yandex.ru suggest-maps.yandex.net export.yandex.ru 'unsafe-eval' 'unsafe-inline' 'nonce-bcbd6776-51d7-4ba3-b8cf-6a075c3e10b1' https://yastatic.net/s3/frontend/butterfly/latest/butterfly.js;img-src 'self' yastatic.net https://ysa-static.passport.yandex.ru https://ysa-static.passport.yandex.net yandex.st data: mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com api-maps.yandex.ru *.captcha.yandex.net s3.mds.yandex.net s3.mdst.yandex.net avatars.mds.yandex.net avatars.mdst.yandex.net clck.yandex.ru *.maps.yandex.net yapic.yandex.ru img.yandex.ru static-maps.yandex.ru https://video-tub-ru.yandex.net https://img0-tub-ru.yandex.net https://img1-tub-ru.yandex.net https://img2-tub-ru.yandex.net https://img3-tub-ru.yandex.net yango.com blob: mc.webvisor.com mc.webvisor.org https://downloader.disk.yandex.ru;font-src 'self' data: yastatic.net;object-src yastatic.net;media-src *.captcha.yandex.net data: yastatic.net;connect-src mail.yandex.ru 'self' mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com trust.yandex.ru trust.yandex.com suggest-maps.yandex.net mc.webvisor.com mc.webvisor.org yandex.ru api.passport.yandex.ru *.disk.yandex.net;frame-ancestors 'self';frame-src 'self' yandex.st s4.money.yandex.net https://yandex.ru/chat split.yandex.ru yastatic.net yandex.ru sso.passport.yandex.ru sso.ya.ru pass.yandex.ru magic.passport.yandex.ru passport.yandex.ru https://trust.yandex.ru blob: mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com https://yandex.ru/forms https://forms.yandex.ru/;child-src 'self' yandex.st yandex.ru passport.yandex.ru pass.yandex.ru https://trust.yandex.ru blob: mc.yandex.ru;report-uri https://csp.yandex.net/csp?from=passport&project=passport&yandex_login=&yandexuid=8206079511737528952;manifest-src 'self' yastatic.netContent-Type: text/html; charset=utf-8Date: Wed, 22 Jan 2025 06:56:19 GMTETag: W/"26f7-9gXttXfaLQh80+yFoK8Jko/rmWY"Expires: 0P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"Pragma: no-cacheReferrer-Policy: originStrict-Transport-Security: max-age=315360000; includeSubDomains; preloadSurrogate-Control: no-storeX-Content-Type-Options: nosniffX-D: dX-DNS-Prefetch-Control: offX-Download-Options: noopenX-Frame-Options: SAMEORIGINX-XSS-Protection: 0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-store, no-cache, must-revalidate, proxy-revalidateConnection: CloseContent-Length: 9975Content-Security-Policy: default-src 'none';style-src 'self' yastatic.net 'unsafe-inline' 'unsafe-eval' s3.mds.yandex.net s3.mdst.yandex.net;script-src 'self' yastatic.net mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com chat.s3.yandex.net api-maps.yandex.ru suggest-maps.yandex.net export.yandex.ru 'unsafe-eval' 'unsafe-inline' 'nonce-6bda55a9-8713-46cd-aa5b-d185d7e383d2' https://yastatic.net/s3/frontend/butterfly/latest/butterfly.js;img-src 'self' yastatic.net https://ysa-static.passport.yandex.ru https://ysa-static.passport.yandex.net yandex.st data: mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com api-maps.yandex.ru *.captcha.yandex.net s3.mds.yandex.net s3.mdst.yandex.net avatars.mds.yandex.net avatars.mdst.yandex.net clck.yandex.ru *.maps.yandex.net yapic.yandex.ru img.yandex.ru static-maps.yandex.ru https://video-tub-ru.yandex.net https://img0-tub-ru.yandex.net https://img1-tub-ru.yandex.net https://img2-tub-ru.yandex.net https://img3-tub-ru.yandex.net yango.com blob: mc.webvisor.com mc.webvisor.org https://downloader.disk.yandex.ru;font-src 'self' data: yastatic.net;object-src yastatic.net;media-src *.captcha.yandex.net data: yastatic.net;connect-src mail.yandex.ru 'self' mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com trust.yandex.ru trust.yandex.com suggest-maps.yandex.net mc.webvisor.com mc.webvisor.org yandex.ru api.passport.yandex.ru *.disk.yandex.net;frame-ancestors 'self';frame-src 'self' yandex.st s4.money.yandex.net https://yandex.ru/chat split.yandex.ru yastatic.net yandex.ru sso.passport.yandex.ru sso.ya.ru pass.yandex.ru magic.passport.yandex.ru passport.yandex.ru https://trust.yandex.ru blob: mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com https://yandex.ru/forms https://forms.yandex.ru/;child-src 'self' yandex.st yandex.ru passport.yandex.ru pass.yandex.ru https://trust.yandex.ru blob: mc.yandex.ru;report-uri https://csp.yandex.net/csp?from=passport&project=passport&yandex_login=&yandexuid=8206079511737528952;manifest-src 'self' yastatic.netContent-Type: text/html; charset=utf-8Date: Wed, 22 Jan 2025 06:56:28 GMTETag: W/"26f7-xJrw7kWJrPe1KajTXjg2GpVzRNU"Expires: 0P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"Pragma: no-cacheReferrer-Policy: originStrict-Transport-Security: max-age=315360000; includeSubDomains; preloadSurrogate-Control: no-storeX-Content-Type-Options: nosniffX-D: dX-DNS-Prefetch-Control: offX-Download-Options: noopenX-Frame-Options: SAMEORIGINX-XSS-Protection: 0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-store, no-cache, must-revalidate, proxy-revalidateConnection: CloseContent-Length: 9975Content-Security-Policy: default-src 'none';style-src 'self' yastatic.net 'unsafe-inline' 'unsafe-eval' s3.mds.yandex.net s3.mdst.yandex.net;script-src 'self' yastatic.net mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com chat.s3.yandex.net api-maps.yandex.ru suggest-maps.yandex.net export.yandex.ru 'unsafe-eval' 'unsafe-inline' 'nonce-38ce26d2-3237-4d4a-b139-a946c1f3a760' https://yastatic.net/s3/frontend/butterfly/latest/butterfly.js;img-src 'self' yastatic.net https://ysa-static.passport.yandex.ru https://ysa-static.passport.yandex.net yandex.st data: mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com api-maps.yandex.ru *.captcha.yandex.net s3.mds.yandex.net s3.mdst.yandex.net avatars.mds.yandex.net avatars.mdst.yandex.net clck.yandex.ru *.maps.yandex.net yapic.yandex.ru img.yandex.ru static-maps.yandex.ru https://video-tub-ru.yandex.net https://img0-tub-ru.yandex.net https://img1-tub-ru.yandex.net https://img2-tub-ru.yandex.net https://img3-tub-ru.yandex.net yango.com blob: mc.webvisor.com mc.webvisor.org https://downloader.disk.yandex.ru;font-src 'self' data: yastatic.net;object-src yastatic.net;media-src *.captcha.yandex.net data: yastatic.net;connect-src mail.yandex.ru 'self' mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com trust.yandex.ru trust.yandex.com suggest-maps.yandex.net mc.webvisor.com mc.webvisor.org yandex.ru api.passport.yandex.ru *.disk.yandex.net;frame-ancestors 'self';frame-src 'self' yandex.st s4.money.yandex.net https://yandex.ru/chat split.yandex.ru yastatic.net yandex.ru sso.passport.yandex.ru sso.ya.ru pass.yandex.ru magic.passport.yandex.ru passport.yandex.ru https://trust.yandex.ru blob: mc.admetrica.ru mc.yandex.ru mc.admetrica.com mc.yandex.com https://yandex.ru/forms https://forms.yandex.ru/;child-src 'self' yandex.st yandex.ru passport.yandex.ru pass.yandex.ru https://trust.yandex.ru blob: mc.yandex.ru;report-uri https://csp.yandex.net/csp?from=passport&project=passport&yandex_login=&yandexuid=8206079511737528952;manifest-src 'self' yastatic.netContent-Type: text/html; charset=utf-8Date: Wed, 22 Jan 2025 06:56:53 GMTETag: W/"26f7-XJM/6i6K6QOnMC5GX/tASAQ4nd4"Expires: 0P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"Pragma: no-cacheReferrer-Policy: originStrict-Transport-Security: max-age=315360000; includeSubDomains; preloadSurrogate-Control: no-storeX-Content-Type-Options: nosniffX-D: dX-DNS-Prefetch-Control: offX-Download-Options: noopenX-Frame-Options: SAMEORIGINX-XSS-Protection: 0
        Source: chromecache_75.2.dr, chromecache_74.2.drString found in binary or memory: http://feross.org
        Source: chromecache_75.2.dr, chromecache_74.2.drString found in binary or memory: http://jedwatson.github.io/classnames
        Source: chromecache_80.2.dr, chromecache_68.2.drString found in binary or memory: http://rock.mit-license.org
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://docs.meteum.ai/en/pages/eula
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://docs.meteum.ai/en/pages/legal
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://entaksi.com.tr/app_content/licence-agreement
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://entaksi.com.tr/app_content/privacy-policy
        Source: chromecache_80.2.dr, chromecache_68.2.drString found in binary or memory: https://github.com/chrisdickinson/raf
        Source: chromecache_80.2.dr, chromecache_68.2.drString found in binary or memory: https://github.com/zloirock/core-js
        Source: chromecache_77.2.drString found in binary or memory: https://goup.ai/oto/licence-agreement
        Source: chromecache_77.2.drString found in binary or memory: https://goup.ai/oto/privacy-policy
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://goup.ai/privacy-policy
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://goup.ai/temtem/licence-agreement
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://goup.ai/temtem/privacy-policy
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://goup.ai/user-agreement
        Source: chromecache_68.2.drString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
        Source: chromecache_68.2.drString found in binary or memory: https://reactjs.org/link/react-polyfills
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://redirect.appmetrica.yandex.com/serve/386347106450828605?c=passport_bage
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://redirect.appmetrica.yandex.com/serve/458404701881276453?c=passport_bage
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://taksimax.com/licence-agreement
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://taksimax.com/privacy-policy
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://turla.world/documents/privacy-policy
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://turla.world/documents/user-agreement
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://www.bipbiprides.com/license-agreement
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://www.bipbiprides.com/privacy-policy
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://yandex.%tld/legal/confidential/
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://yandex.%tld/legal/rules/
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://yandex.%tld/support/passport/troubleshooting/blocked.html
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://yandex.com/legal/confidential/?lang=en
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://yandex.com/legal/id_privacy_policy/
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://yandex.com/legal/id_termsofuse/
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://yandex.com/legal/tou_deli/?lang=en
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://yandex.com/support/common/browsers-settings/browsers-cookies.html
        Source: chromecache_61.2.dr, chromecache_77.2.drString found in binary or memory: https://yandex.com/support/passport/troubleshooting/blocked.html
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
        Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
        Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
        Source: classification engineClassification label: mal48.phis.win@17/36@18/9
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2036,i,9201934300400578885,14101567058557113912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://narod.ru//disk/10290564001/sm010%20.pdf.htm"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2036,i,9201934300400578885,14101567058557113912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
        Process Injection        		1
        Process Injection        		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
        Ingress Tool Transfer        		Traffic DuplicationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        http://narod.ru//disk/10290564001/sm010%20.pdf.htm0%Avira URL Cloudsafe

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://www.bipbiprides.com/privacy-policy0%Avira URL Cloudsafe
        https://goup.ai/temtem/privacy-policy0%Avira URL Cloudsafe
        https://goup.ai/user-agreement0%Avira URL Cloudsafe
        https://www.bipbiprides.com/license-agreement0%Avira URL Cloudsafe
        https://docs.meteum.ai/en/pages/legal0%Avira URL Cloudsafe
        https://taksimax.com/privacy-policy0%Avira URL Cloudsafe
        https://entaksi.com.tr/app_content/licence-agreement0%Avira URL Cloudsafe
        https://goup.ai/temtem/licence-agreement0%Avira URL Cloudsafe
        https://goup.ai/oto/privacy-policy0%Avira URL Cloudsafe
        https://yandex.%tld/support/passport/troubleshooting/blocked.html0%Avira URL Cloudsafe
        https://yandex.%tld/legal/confidential/0%Avira URL Cloudsafe
        https://yandex.%tld/legal/rules/0%Avira URL Cloudsafe
        http://rock.mit-license.org0%Avira URL Cloudsafe
        https://turla.world/documents/user-agreement0%Avira URL Cloudsafe
        https://turla.world/documents/privacy-policy0%Avira URL Cloudsafe
        https://docs.meteum.ai/en/pages/eula0%Avira URL Cloudsafe
        https://goup.ai/oto/licence-agreement0%Avira URL Cloudsafe
        https://goup.ai/privacy-policy0%Avira URL Cloudsafe
        https://taksimax.com/licence-agreement0%Avira URL Cloudsafe
        https://entaksi.com.tr/app_content/privacy-policy0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        passport.yandex.ru
        		93.158.134.39
        		truefalse
          		high
          disk.yandex.ru
          		87.250.250.50
          		truefalse
            		high
            www.google.com
            		142.250.185.132
            		truefalse
              		high
              narod.ru
              		195.216.243.246
              		truefalse
                		high
                narod.yandex.ru
                		93.158.134.50
                		truefalse
                  		high
                  yastatic.net
                  		178.154.131.217
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://narod.ru//disk/10290564001/sm010%20.pdf.htmfalse
                      		high
                      https://yastatic.net/s3/passport-static/core/v1.190.14/js/react.authv2.vendors.en.jsfalse
                        		high
                        https://yastatic.net/s3/passport-static/core/v1.190.14/js/react.authv2.lego.en.jsfalse
                          		high
                          https://yastatic.net/s3/passport-auth-customs/customs/_/39e2a75c.jpgfalse
                            		high
                            https://yastatic.net/s3/passport-auth-customs//customs/v1.176.3/passport.auth.customs.cssfalse
                              		high
                              https://yastatic.net/s3/passport-static/core/v1.190.14/i/authv2/fingerprint-icon.svgfalse
                                		high
                                https://disk.yandex.ru/client/narodfalse
                                  		high
                                  https://yastatic.net/s3/passport-static/core/v1.190.14/js/react.authv2.react.en.jsfalse
                                    		high
                                    https://yastatic.net/s3/passport-static/core/v1.190.14/css/react.authv2.cij.cssfalse
                                      		high
                                      http://narod.ru//disk/10290564001/sm010%20.pdf.htmfalse
                                        		high
                                        https://passport.yandex.ru/favicon.icofalse
                                          		high
                                          http://narod.yandex.ru/disk/10290564001/sm010%20.pdf.htmfalse
                                            		high
                                            https://passport.yandex.ru/auth?from=cloud&origin=disk_client_web_signin_ru&retpath=https%3A%2F%2Fdisk.yandex.ru%2Fclient%2Fnarod&backpath=https%3A%2F%2Fdisk.yandex.rufalse
                                              		high
                                              https://passport.yandex.ru/registration-validations/auth/multi_step/startfalse
                                                		high
                                                https://yastatic.net/islands/_/g0MeJlAWVRZjlLOLzhOGwwDQzKY.wofffalse
                                                  		high
                                                  https://yastatic.net/s3/frontend/jslibs/jquery/3.7.1/jquery-3.7.1.min.jsfalse
                                                    		high
                                                    https://yastatic.net/react/17.0.2/react-with-dom-and-polyfills.min.jsfalse
                                                      		high
                                                      https://yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2false
                                                        		high
                                                        https://yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2false
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://goup.ai/oto/privacy-policychromecache_77.2.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://taksimax.com/privacy-policychromecache_61.2.dr, chromecache_77.2.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://entaksi.com.tr/app_content/licence-agreementchromecache_61.2.dr, chromecache_77.2.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://github.com/zloirock/core-jschromecache_80.2.dr, chromecache_68.2.drfalse
                                                            		high
                                                            https://www.bipbiprides.com/privacy-policychromecache_61.2.dr, chromecache_77.2.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.bipbiprides.com/license-agreementchromecache_61.2.dr, chromecache_77.2.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://goup.ai/temtem/licence-agreementchromecache_61.2.dr, chromecache_77.2.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://reactjs.org/link/react-polyfillschromecache_68.2.drfalse
                                                              		high
                                                              https://docs.meteum.ai/en/pages/legalchromecache_61.2.dr, chromecache_77.2.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://yandex.com/legal/confidential/?lang=enchromecache_61.2.dr, chromecache_77.2.drfalse
                                                                		high
                                                                https://redirect.appmetrica.yandex.com/serve/386347106450828605?c=passport_bagechromecache_61.2.dr, chromecache_77.2.drfalse
                                                                  		high
                                                                  https://yandex.com/legal/id_termsofuse/chromecache_61.2.dr, chromecache_77.2.drfalse
                                                                    		high
                                                                    https://yandex.com/support/common/browsers-settings/browsers-cookies.htmlchromecache_61.2.dr, chromecache_77.2.drfalse
                                                                      		high
                                                                      https://goup.ai/temtem/privacy-policychromecache_61.2.dr, chromecache_77.2.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://github.com/chrisdickinson/rafchromecache_80.2.dr, chromecache_68.2.drfalse
                                                                        		high
                                                                        https://goup.ai/user-agreementchromecache_61.2.dr, chromecache_77.2.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://yandex.%tld/support/passport/troubleshooting/blocked.htmlchromecache_61.2.dr, chromecache_77.2.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://jedwatson.github.io/classnameschromecache_75.2.dr, chromecache_74.2.drfalse
                                                                          		high
                                                                          https://redirect.appmetrica.yandex.com/serve/458404701881276453?c=passport_bagechromecache_61.2.dr, chromecache_77.2.drfalse
                                                                            		high
                                                                            https://yandex.%tld/legal/confidential/chromecache_61.2.dr, chromecache_77.2.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://docs.meteum.ai/en/pages/eulachromecache_61.2.dr, chromecache_77.2.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://reactjs.org/docs/error-decoder.html?invariant=chromecache_68.2.drfalse
                                                                              		high
                                                                              https://yandex.com/legal/id_privacy_policy/chromecache_61.2.dr, chromecache_77.2.drfalse
                                                                                		high
                                                                                https://yandex.%tld/legal/rules/chromecache_61.2.dr, chromecache_77.2.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://turla.world/documents/user-agreementchromecache_61.2.dr, chromecache_77.2.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://goup.ai/privacy-policychromecache_61.2.dr, chromecache_77.2.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://goup.ai/oto/licence-agreementchromecache_77.2.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://yandex.com/legal/tou_deli/?lang=enchromecache_61.2.dr, chromecache_77.2.drfalse
                                                                                  		high
                                                                                  https://yandex.com/support/passport/troubleshooting/blocked.htmlchromecache_61.2.dr, chromecache_77.2.drfalse
                                                                                    		high
                                                                                    http://rock.mit-license.orgchromecache_80.2.dr, chromecache_68.2.drfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://taksimax.com/licence-agreementchromecache_61.2.dr, chromecache_77.2.drfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://turla.world/documents/privacy-policychromecache_61.2.dr, chromecache_77.2.drfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://feross.orgchromecache_75.2.dr, chromecache_74.2.drfalse
                                                                                      		high
                                                                                      https://entaksi.com.tr/app_content/privacy-policychromecache_61.2.dr, chromecache_77.2.drfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      93.158.134.50
                                                                                      		narod.yandex.ruRussian Federation
                                                                                      		13238YANDEXRUfalse
                                                                                      142.250.185.132
                                                                                      		www.google.comUnited States
                                                                                      		15169GOOGLEUSfalse
                                                                                      178.154.131.217
                                                                                      		yastatic.netRussian Federation
                                                                                      		13238YANDEXRUfalse
                                                                                      178.154.131.215
                                                                                      		unknownRussian Federation
                                                                                      		13238YANDEXRUfalse
                                                                                      239.255.255.250
                                                                                      		unknownReserved
                                                                                      		unknownunknownfalse
                                                                                      87.250.250.50
                                                                                      		disk.yandex.ruRussian Federation
                                                                                      		13238YANDEXRUfalse
                                                                                      93.158.134.39
                                                                                      		passport.yandex.ruRussian Federation
                                                                                      		13238YANDEXRUfalse
                                                                                      195.216.243.246
                                                                                      		narod.ruUnited Kingdom
                                                                                      		57724DDOS-GUARDRUfalse

                                                                                      Private

                                                                                      IP
                                                                                      192.168.2.4

                                                                                      General Information

                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                      Analysis ID:1596599
                                                                                      Start date and time:2025-01-22 07:54:44 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 3m 27s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:browseurl.jbs
                                                                                      Sample URL:http://narod.ru//disk/10290564001/sm010%20.pdf.htm
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Number of analysed new started processes analysed:8
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Detection:MAL
                                                                                      Classification:mal48.phis.win@17/36@18/9
                                                                                      EGA Information:Failed
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 100%
                                                                                      • Number of executed functions: 0
                                                                                      • Number of non-executed functions: 0

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 142.250.181.227, 142.250.185.78, 142.250.110.84, 142.250.186.78, 142.250.184.206, 216.58.206.78, 199.232.210.172, 2.23.77.188, 172.217.18.10, 216.58.206.42, 142.250.185.106, 142.250.186.106, 142.250.185.170, 142.250.185.138, 142.250.181.234, 142.250.186.138, 142.250.185.202, 142.250.185.234, 142.250.185.74, 142.250.186.170, 172.217.16.202, 142.250.184.202, 216.58.206.74, 142.250.184.234, 142.250.186.110, 216.58.206.46, 172.217.23.110, 142.250.186.99, 142.250.184.238, 2.23.242.162, 4.175.87.197, 13.107.246.45
                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                      • VT rate limit hit for: http://narod.ru//disk/10290564001/sm010%20.pdf.htm

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      No simulations