Edit tour

Windows Analysis Report
http://discordcloness.netlify.app/

Overview

General Information

Sample URL:	http://discordcloness.netlify.app/
Analysis ID:	1637037
Infos:

Detection

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious URL

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2296,i,935487458932724298,1216756386628668962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2344 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://discordcloness.netlify.app/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://discordcloness.netlify.app/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://discordcloness.netlify.app/img/ginto.ttf	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/dontknow.svg	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/dropdown.svg	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/imgright.svg	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/discord.jfif	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/index.css	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/section2.svg	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/section1.svg	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/section3.svg	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/sparklescta.svg	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/flag.png	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/imgleft.svg	Avira URL Cloud: Label: phishing
Source: https://discordcloness.netlify.app/img/decorations.svg	Avira URL Cloud: Label: phishing

Phishing

AI detected suspicious URL

Source: http://discordcloness.netlify.app

Joe Sandbox AI: The URL 'discordcloness.netlify.app' appears to be a potential typosquatting attempt targeting the well-known brand Discord. The primary domain 'discordcloness' includes the word 'discord', which is visually and structurally similar to the legitimate brand name. The addition of 'cloness' suggests an attempt to mimic or replicate the original service, which could confuse users. The use of 'netlify.app' as a hosting platform is not inherently suspicious, but the context of the domain name suggests a possible attempt to deceive users into thinking they are accessing a legitimate Discord-related service. The similarity score is high due to the inclusion of the brand name and the suggestive nature of 'cloness', while the spoofed score reflects the likelihood of user confusion given the structural and contextual elements of the URL.

Source: https://discordcloness.netlify.app/

HTTP Parser: No <meta name="author".. found

Source: https://discordcloness.netlify.app/

HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49745 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.52
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index.css HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/sparklescta.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/imgleft.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/imgright.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/section1.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/section2.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJahywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQjj5M4BCIvlzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/decorations.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/section3.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/sparklescta.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/dontknow.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/imgleft.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/imgright.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/section1.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/section2.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/flag.png HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/dropdown.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/decorations.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/section3.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/ginto.ttf HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveOrigin: https://discordcloness.netlify.appsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://discordcloness.netlify.app/index.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/dontknow.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/flag.png HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/dropdown.svg HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/discord.jfif HTTP/1.1Host: discordcloness.netlify.appConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://discordcloness.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/discord.jfif HTTP/1.1Host: discordcloness.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: chromecache_64.3.dr	String found in binary or memory: <a class="facebook-link" href="https://www.facebook.com/discord/" title="Discord on Facebook"><svg width="24" height="24" viewBox="0 0 24 24" class="socialIcon-38NB2e"><path fill="currentColor" d="M20.875 2H3.09375C2.46875 2 2 2.5 2 3.09375V20.875C2 21.5 2.5 21.9687 3.09375 21.9687H12.6875V14.2188H10.0625V11.1875H12.6562V8.96874C12.6562 6.375 14.2187 4.96875 16.5312 4.96875C17.625 4.96875 18.5937 5.0625 18.875 5.09375V7.78125H17.2812C16.0312 7.78125 15.7812 8.375 15.7812 9.25V11.1875H18.7812L18.4062 14.25H15.8125V22H20.9062C21.5312 22 22 21.5 22 20.9062V3.125C22 2.46875 21.5 2 20.875 2Z"></path></svg></a> equals www.facebook.com (Facebook)
Source: chromecache_64.3.dr	String found in binary or memory: <a class="youtube-ink" href="https://www.youtube.com/discord/" title="Discord on YouTube"><svg width="24" height="24" viewBox="0 0 24 24" class="socialIcon-38NB2e"><path fill-rule="evenodd" clip-rule="evenodd" d="M21.3766 4.10479C22.4093 4.38257 23.2225 5.20102 23.4985 6.24038C24 8.12411 24 12.0545 24 12.0545C24 12.0545 24 15.9848 23.4985 17.8688C23.2225 18.908 22.4093 19.7265 21.3766 20.0044C19.505 20.5091 12 20.5091 12 20.5091C12 20.5091 4.49496 20.5091 2.62336 20.0044C1.59082 19.7265 0.777545 18.908 0.501545 17.8688C0 15.9848 0 12.0545 0 12.0545C0 12.0545 0 8.12411 0.501545 6.24038C0.777545 5.20102 1.59082 4.38257 2.62336 4.10479C4.49496 3.59998 12 3.59998 12 3.59998C12 3.59998 19.505 3.59998 21.3766 4.10479ZM15.8182 12.0546L9.54551 15.623V8.48596L15.8182 12.0546Z" fill="currentColor"></path></svg></a> equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: discordcloness.netlify.app

Source: chromecache_75.3.dr	String found in binary or memory: http://www.abcdinamo.com
Source: chromecache_75.3.dr	String found in binary or memory: http://www.abcdinamo.com/licensing
Source: chromecache_75.3.dr	String found in binary or memory: http://www.abcdinamo.com/licensinghttp://www.abcdinamo.com/licensing
Source: chromecache_75.3.dr	String found in binary or memory: http://www.abcdinamo.comhttp://www.abcdinamo.comhttp://www.sebmclauchlan.comhttp://www.sebmclauchlan
Source: chromecache_75.3.dr	String found in binary or memory: http://www.sebmclauchlan.com
Source: chromecache_64.3.dr	String found in binary or memory: https://discord.com/blog
Source: chromecache_64.3.dr	String found in binary or memory: https://discord.com/download
Source: chromecache_64.3.dr	String found in binary or memory: https://discord.com/jobs
Source: chromecache_64.3.dr	String found in binary or memory: https://discord.com/nitro
Source: chromecache_64.3.dr	String found in binary or memory: https://discord.com/safety
Source: chromecache_64.3.dr	String found in binary or memory: https://metatags.io/
Source: chromecache_64.3.dr	String found in binary or memory: https://metatags.io/assets/meta-tags-16a33a6a8531e519cc0936fbba0ad904e52d35f34a46c97a2c9f6f7dd7d336f
Source: chromecache_64.3.dr	String found in binary or memory: https://support.discord.com/hc/en-us
Source: chromecache_64.3.dr	String found in binary or memory: https://twitter.com/discord
Source: chromecache_64.3.dr	String found in binary or memory: https://www.instagram.com/discord/
Source: chromecache_64.3.dr	String found in binary or memory: https://www.youtube.com/discord/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown

HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49745 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir2928_75368976

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir2928_75368976

Jump to behavior

Source: classification engine

Classification label: mal60.win@22/41@10/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2296,i,935487458932724298,1216756386628668962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2344 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://discordcloness.netlify.app/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2296,i,935487458932724298,1216756386628668962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2344 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://discordcloness.netlify.app/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://discordcloness.netlify.app/img/ginto.ttf	100%	Avira URL Cloud	phishing
https://discordcloness.netlify.app/img/dontknow.svg	100%	Avira URL Cloud	phishing
https://discordcloness.netlify.app/img/dropdown.svg	100%	Avira URL Cloud	phishing
https://discordcloness.netlify.app/img/imgright.svg	100%	Avira URL Cloud	phishing
https://discordcloness.netlify.app/img/discord.jfif	100%	Avira URL Cloud	phishing
https://discordcloness.netlify.app/index.css	100%	Avira URL Cloud	phishing
https://discordcloness.netlify.app/img/section2.svg	100%	Avira URL Cloud	phishing
http://www.abcdinamo.com/licensinghttp://www.abcdinamo.com/licensing	0%	Avira URL Cloud	safe
http://www.sebmclauchlan.com	0%	Avira URL Cloud	safe
https://discordcloness.netlify.app/img/section1.svg	100%	Avira URL Cloud	phishing
http://www.abcdinamo.com/licensing	0%	Avira URL Cloud	safe
https://discordcloness.netlify.app/img/section3.svg	100%	Avira URL Cloud	phishing
https://discordcloness.netlify.app/img/sparklescta.svg	100%	Avira URL Cloud	phishing
http://www.abcdinamo.com	0%	Avira URL Cloud	safe
https://metatags.io/	0%	Avira URL Cloud	safe
https://discordcloness.netlify.app/img/flag.png	100%	Avira URL Cloud	phishing
https://discordcloness.netlify.app/img/imgleft.svg	100%	Avira URL Cloud	phishing
https://metatags.io/assets/meta-tags-16a33a6a8531e519cc0936fbba0ad904e52d35f34a46c97a2c9f6f7dd7d336f	0%	Avira URL Cloud	safe
http://www.abcdinamo.comhttp://www.abcdinamo.comhttp://www.sebmclauchlan.comhttp://www.sebmclauchlan	0%	Avira URL Cloud	safe
https://discordcloness.netlify.app/img/decorations.svg	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
discordcloness.netlify.app	3.125.36.175	true	true		unknown
www.google.com	142.250.185.68	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://discordcloness.netlify.app/img/dropdown.svg	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/img/imgright.svg	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/img/section1.svg	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/index.css	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/img/ginto.ttf	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/img/section2.svg	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/img/discord.jfif	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/img/dontknow.svg	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/img/sparklescta.svg	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/img/section3.svg	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/img/flag.png	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/	false		unknown
https://discordcloness.netlify.app/img/imgleft.svg	false	Avira URL Cloud: phishing	unknown
https://discordcloness.netlify.app/img/decorations.svg	false	Avira URL Cloud: phishing	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://twitter.com/discord	chromecache_64.3.dr	false		high
https://discord.com/jobs	chromecache_64.3.dr	false		high
http://www.abcdinamo.com/licensinghttp://www.abcdinamo.com/licensing	chromecache_75.3.dr	false	Avira URL Cloud: safe	unknown
http://www.sebmclauchlan.com	chromecache_75.3.dr	false	Avira URL Cloud: safe	unknown
https://support.discord.com/hc/en-us	chromecache_64.3.dr	false		high
https://discord.com/nitro	chromecache_64.3.dr	false		high
http://www.abcdinamo.com/licensing	chromecache_75.3.dr	false	Avira URL Cloud: safe	unknown
https://www.instagram.com/discord/	chromecache_64.3.dr	false		high
https://metatags.io/	chromecache_64.3.dr	false	Avira URL Cloud: safe	unknown
https://discord.com/safety	chromecache_64.3.dr	false		high
http://www.abcdinamo.com	chromecache_75.3.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/discord/	chromecache_64.3.dr	false		high
http://www.abcdinamo.comhttp://www.abcdinamo.comhttp://www.sebmclauchlan.comhttp://www.sebmclauchlan	chromecache_75.3.dr	false	Avira URL Cloud: safe	unknown
https://discord.com/download	chromecache_64.3.dr	false		high
https://discord.com/blog	chromecache_64.3.dr	false		high
https://metatags.io/assets/meta-tags-16a33a6a8531e519cc0936fbba0ad904e52d35f34a46c97a2c9f6f7dd7d336f	chromecache_64.3.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
3.125.36.175	discordcloness.netlify.app	United States	16509	AMAZON-02US	true
3.75.10.80	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637037
Start date and time:	2025-03-13 10:24:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://discordcloness.netlify.app/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.win@22/41@10/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.185.206, 142.250.185.78, 142.251.168.84, 142.250.181.227, 142.250.185.174, 172.217.18.110, 142.250.74.206, 216.58.212.174, 142.250.185.142, 142.250.185.131, 142.250.186.78, 172.217.18.99, 142.250.185.110, 23.60.203.209, 52.149.20.212
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://discordcloness.netlify.app/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	12893
Entropy (8bit):	3.9395937754082286
Encrypted:	false
SSDEEP:	192:WSOaTielxLj9EZfWjrUvvZdU3dczEtJlrQ1W28IUBVDkIHT54clW9bW:Wuj9EZcUvv/0y2VjF
MD5:	355CBC27CF9575FF445B7AC73B31C4FA
SHA1:	603A7E5BA7FF70D99A6472D2B050F0C9ED4320B7
SHA-256:	1D1BA7FE6941350F732F40167C375F5D6EB85889AEB420A5C73CA3568780716A
SHA-512:	26660E970068AFEC0EB7983BEE1AA8F1FB52FA1CCD9D5B73AF3B7F48208A602FDFA912E60D9059F3432303F7D854C3810C1DB49AC9486AABF81975608306D809
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="2560" height="626" viewBox="0 0 2560 626" fill="none">..<g clip-path="url(#clip0)">..<path d="M2560 742.024C2281.4 521.424 2152.7 442.024 1922 582.924C1660.1 414.924 1561.1 471.424 1280 646.624C1139.5 509.324 1085.6 452.324 1020.5 538.224C860.2 351.524 772.1 290.424 637.8 453.024C623.243 470.609 603.935 483.636 582.18 490.551C560.424 497.466 537.138 497.977 515.1 492.024C312.9 437.124 118.6 667.024 0 742.024H2560Z" fill="#5865F2"/>..<path d="M2366.4 595.424C2362.4 591.924 2356.2 590.124 2348.8 590.124C2342.52 590.221 2336.29 591.232 2330.3 593.124L2326.3 594.424C2326.42 591.523 2326.08 588.621 2325.3 585.824C2323.1 577.024 2317.3 569.824 2308.6 564.924C2295.6 557.524 2277.3 556.324 2259.8 561.624C2256.38 562.637 2253.03 563.908 2249.8 565.424C2248.3 560.558 2246.22 555.891 2243.6 551.524C2227.9 525.124 2195.3 509.624 2170.9 517.024C2160.5 520.124 2152.7 527.224 2149 536.824C2144.2 549.224 2146.3 564.524 2154.9 578.924C2167.6 600.424 2192 6

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3
Category:	downloaded
Size (bytes):	6753
Entropy (8bit):	7.929092369536118
Encrypted:	false
SSDEEP:	192:alEm10N9EoaLrGtoskAi3PhzzL227di+r/74G:sEas9unkosdi3lLVz4G
MD5:	B5F44A43850547A328140B1E97B283C2
SHA1:	0BBAEB184E63FD0E10B7DF7917F4C4F2C080F2AB
SHA-256:	768F483F01CC2D2BFB286CD05509E8B18E1FA03985625143436D7ED2739F84D5
SHA-512:	8C79371C9FCBA2A09658332E40FB37ED103F4B3FEB95C192CD4B1E4D97322DD2355A21DF05B1F76789A5DB39C2E4DF085868F4F6613FFC34359A01243818F7E5
Malicious:	false
Reputation:	low
URL:	https://discordcloness.netlify.app/img/discord.jfif
Preview:	......JFIF..................................................!.&..+#..&8&+/1555.$;@;4?.451...........4+%(644414454:4114444444444451444444414444444414114444...........".......................................A.....................!1.AQ..."2Baq..Rb.......r.....#3C...c...$S...............................+........................!1Q2Aa.q....B................?...t.e.....d[v0....H...KkX.........j.v)x..#.c'..\|..w...)Z .a.y.=.a2n.3J0....TF..q..5.P.tf'...1.I.?.(..&...@...o.....CTN7.r...7.. j.....@...MN....j\oJ..w........\...0oz.kJ..(GV._.P..2...Ij?9X.WZ2..A=..g.........W.%..d...9...F....(.L..W4g.../......g.,m&m........K.......k...&.c.B..ce._...A.....c'..\|..t<w..........J.8.[{..P.gXL.......v..0...F......&...@1.I.?. 45D.~. j..F.....VM.55....GV..d.!.q.!-Q6..1...........S.uh....w{.kJ.]S&..\|.?...#..!...H.qA..'..p..Ww..Q>-..jJ..Y...~-.?...j.n.....<..\|F..*M.q....G-..Q/...YV..%6....l.5.Q......q..~m......;.E[....u.h.....I...e}.c".0^/4....yFT.C.....Aa[..iu.......Q..4C.[.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 70 x 47, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	288
Entropy (8bit):	6.749080931777931
Encrypted:	false
SSDEEP:	6:6v/lhPmtBC/w9wCvs+G1kfXYBIXNjCVpqBhbl8hUbcnjW3UttQQzyoN73dp:6v/7etBCI9wN71kwORGpwhbuhUkW3Qio
MD5:	E6D6B255259AC878D00819A9555072AD
SHA1:	6BEB12D36ACBAD79743495AEF581891A1FF4F5F5
SHA-256:	21D34772ED80C8BE7AB9E7338498BDFE2F66C77B61542CC48E103FD77ECD7F60
SHA-512:	00E66978BF6CFA61FA12E82995EE3998F536C6D2802C986ECB629B29BD6ABF2E83FC63348C08BDBB8EEEAB68B2D8E4F68C1021DD9DFC8CE5DDA368A583A3FE50
Malicious:	false
Reputation:	low
URL:	https://discordcloness.netlify.app/img/flag.png
Preview:	.PNG........IHDR...F.../.....^......IDATx...5r.1.Gq...cw>....0.} .fw.._..*...k~......J..T=...j]r........A.3....d.k)..SU...V.@.P.....0}`B.,...PS..p`...)%0......0....0....0.\|....`....`.Ir&.HL....0...L.3....9.`..f.D......j`a...ui4...F...w.G.Aq;....@.5R..a..H.../_.\.XH......IEND.B`.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (6593), with CRLF line terminators
Category:	downloaded
Size (bytes):	31777
Entropy (8bit):	4.729995957789301
Encrypted:	false
SSDEEP:	384:u6hMyYqJ/OAAOcJJKU98SCDBofLxh/Zt4L9oHlANMyYqJ/OAAOm:uqx/OAQJJZ9BCdo9PaLaYx/OAi
MD5:	1F9044972E4E3ED4FD12446A44D7AFA4
SHA1:	677797F2400DDDBEEA94CFC68A55C2AD699A52D8
SHA-256:	417501B8B264F7585C1347B963D1A25317DE3493F118BF13FA0AAB67EE03D884
SHA-512:	E9D896D23DFC8E2E873ABC362000CAD165D270B0546F81BC57EE316D4C0645678FCDDD6075176AE3F7DF38BBDF81A21F0F6CE8CFEBFBF8526D949E28E8C155CC
Malicious:	false
Reputation:	low
URL:	https://discordcloness.netlify.app/
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Discord</title>.. <link rel="stylesheet" href="index.css">.. <link rel="shortcut icon" href="img/discord.jfif" type="image/x-icon">.. Primary Meta Tags -->..<title>Discord Clone (by dabscoded)</title>..<meta name="title" content="Discord Clone (by dabscoded)">..<meta name="description" content="..Dabscoded's very own discord clone made with HTML, CSS, JS ....Credit to @ibrocods....">.... Open Graph / Facebook -->..<meta property="og:type" content="website">..<meta property="og:url" content="https://metatags.io/">..<meta property="og:title" content="Discord Clone (by dabscoded)">..<meta property="og:description" content="..Dabscoded's very own discord clone made with HTML, CSS, JS ....Credit to @ibrocods....">..<meta property="og:image" content="https://me

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	12893
Entropy (8bit):	3.9395937754082286
Encrypted:	false
SSDEEP:	192:WSOaTielxLj9EZfWjrUvvZdU3dczEtJlrQ1W28IUBVDkIHT54clW9bW:Wuj9EZcUvv/0y2VjF
MD5:	355CBC27CF9575FF445B7AC73B31C4FA
SHA1:	603A7E5BA7FF70D99A6472D2B050F0C9ED4320B7
SHA-256:	1D1BA7FE6941350F732F40167C375F5D6EB85889AEB420A5C73CA3568780716A
SHA-512:	26660E970068AFEC0EB7983BEE1AA8F1FB52FA1CCD9D5B73AF3B7F48208A602FDFA912E60D9059F3432303F7D854C3810C1DB49AC9486AABF81975608306D809
Malicious:	false
Reputation:	low
URL:	https://discordcloness.netlify.app/img/sparklescta.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="2560" height="626" viewBox="0 0 2560 626" fill="none">..<g clip-path="url(#clip0)">..<path d="M2560 742.024C2281.4 521.424 2152.7 442.024 1922 582.924C1660.1 414.924 1561.1 471.424 1280 646.624C1139.5 509.324 1085.6 452.324 1020.5 538.224C860.2 351.524 772.1 290.424 637.8 453.024C623.243 470.609 603.935 483.636 582.18 490.551C560.424 497.466 537.138 497.977 515.1 492.024C312.9 437.124 118.6 667.024 0 742.024H2560Z" fill="#5865F2"/>..<path d="M2366.4 595.424C2362.4 591.924 2356.2 590.124 2348.8 590.124C2342.52 590.221 2336.29 591.232 2330.3 593.124L2326.3 594.424C2326.42 591.523 2326.08 588.621 2325.3 585.824C2323.1 577.024 2317.3 569.824 2308.6 564.924C2295.6 557.524 2277.3 556.324 2259.8 561.624C2256.38 562.637 2253.03 563.908 2249.8 565.424C2248.3 560.558 2246.22 555.891 2243.6 551.524C2227.9 525.124 2195.3 509.624 2170.9 517.024C2160.5 520.124 2152.7 527.224 2149 536.824C2144.2 549.224 2146.3 564.524 2154.9 578.924C2167.6 600.424 2192 6

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 70 x 47, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	288
Entropy (8bit):	6.749080931777931
Encrypted:	false
SSDEEP:	6:6v/lhPmtBC/w9wCvs+G1kfXYBIXNjCVpqBhbl8hUbcnjW3UttQQzyoN73dp:6v/7etBCI9wN71kwORGpwhbuhUkW3Qio
MD5:	E6D6B255259AC878D00819A9555072AD
SHA1:	6BEB12D36ACBAD79743495AEF581891A1FF4F5F5
SHA-256:	21D34772ED80C8BE7AB9E7338498BDFE2F66C77B61542CC48E103FD77ECD7F60
SHA-512:	00E66978BF6CFA61FA12E82995EE3998F536C6D2802C986ECB629B29BD6ABF2E83FC63348C08BDBB8EEEAB68B2D8E4F68C1021DD9DFC8CE5DDA368A583A3FE50
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...F.../.....^......IDATx...5r.1.Gq...cw>....0.} .fw.._..*...k~......J..T=...j]r........A.3....d.k)..SU...V.@.P.....0}`B.,...PS..p`...)%0......0....0....0.\|....`....`.Ir&.HL....0...L.3....9.`..f.D......j`a...ui4...F...w.G.Aq;....@.5R..a..H.../_.\.XH......IEND.B`.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	136361
Entropy (8bit):	4.118679421213345
Encrypted:	false
SSDEEP:	1536:bYKcHU/sVl/W8ZuPRMGEX//d3mKy1xByTkZ+O7erev+GNy72XVmb45i:Tz6
MD5:	D6E3933E7E225337C6DE07DD7F6488CE
SHA1:	524157C4B4469676C186DCD17CC16EC81358282D
SHA-256:	E4F692D0AABC723292A9608902C9B1CAEBD199D2DB5796B74DD5DC08257A0ADA
SHA-512:	FA3D678AE5B7095A429E3609D7C0E22C28F8B5CB1BB32235ADE6D504DD67E5A0E1ABAE1BB0FBCC7833F94E4959FAA9405EDF6F4CF9C2445161EEFBD83A4E69FB
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="678" height="440" viewBox="0 0 678 440" fill="none">..<g clip-path="url(#clip0)">..<rect x="181" y="40" width="427" height="328" rx="8" fill="#292841"/>..<path fill-rule="evenodd" clip-rule="evenodd" d="M304.887 85C304.576 85 304.341 84.7189 304.395 84.4126L305.001 81H301.596C301.285 81 301.05 80.7198 301.103 80.4138L301.278 79.4138C301.32 79.1746 301.528 79 301.771 79H305.351L306.411 73H303.006C302.695 73 302.46 72.7198 302.513 72.4138L302.688 71.4138C302.73 71.1746 302.938 71 303.181 71H306.761L307.398 67.4126C307.44 67.1739 307.647 67 307.89 67H308.874C309.185 67 309.421 67.2811 309.366 67.5874L308.761 71H314.761L315.397 67.4126C315.44 67.1739 315.647 67 315.89 67H316.874C317.185 67 317.421 67.2811 317.366 67.5874L316.761 71H320.166C320.476 71 320.712 71.2802 320.658 71.5862L320.483 72.5862C320.441 72.8254 320.234 73 319.991 73H316.411L315.351 79H318.756C319.066 79 319.302 79.2802 319.248 79.5862L319.073 80.5862C319.031 80.8254 318.824

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	61800
Entropy (8bit):	4.379175813297291
Encrypted:	false
SSDEEP:	768:mZd8yKheSI9PwN0uq3g0yFVJ7yDO67ttEJ1Lci3eywQiQgL8toOrJa8cePFoW+:AxYbsxtcYiuyZZcf
MD5:	A134F344CF038AFC924CD11BE27965BD
SHA1:	F97DF8B5FA475D1B82B55AC4509F3BBE9DA12E1F
SHA-256:	FCE3351C2732D1B15FC9AA479D69A35B6FA8B09BFD499E93D5FB90DC7DCB7EFC
SHA-512:	D94646EE8946F82AE50690DE2DF11A3CEEAAF8CC54520642439AAD050BF44BC3C82F943AFFC6F03C3F079605E1E1E2F71FC9684E57BD0D8DF7A35103C4A8B925
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="689" height="352" viewBox="0 0 689 352" fill="none">.. <path d="M291.399 351.9H18.0994C6.79941 341.8 -0.100599 330.1 0.999401 319.3C3.2994 296 39.9994 292.6 75.5994 309.4L82.5994 312.9C83.7793 308.614 85.6724 304.557 88.1994 300.9C105.999 274.8 146.199 272.3 172.199 291.4C175.065 293.495 177.742 295.838 180.199 298.4C183.695 293.567 187.683 289.109 192.099 285.1C216.199 263.3 244.799 258.6 255.699 272C265.299 283.8 257.899 306.5 239.699 324.4C239.699 324.4 293.499 325.7 291.399 351.9Z" fill="#404EED"/>.. <path d="M629.4 351.4C607.3 305.8 594.9 251.2 594.9 251.2L593.9 245.9L549.4 251.2V351.4H629.4Z" fill="#2835BD"/>.. <path d="M619.8 351.4C600.4 311.4 589.6 263.5 589.6 263.5L587 250.1L549.7 263.5V351.4H619.8Z" fill="black"/>.. <path d="M626.8 218H610.6V351.46H626.8V218Z" fill="#2835BD"/>.. <path d="M626.8 235.3C624.374 236.405 621.683 236.794 619.044 236.422C616.404 236.05 613.926 234.932 611.9 233.2L610.6 232.1V226.1L626.8 2

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1889
Entropy (8bit):	4.241163022278614
Encrypted:	false
SSDEEP:	48:qqM9cL2QqZP0Cfn5IGv5iKy8UGRFAoPFc9s0efKt0eLFCT:qfcSQY0C5Z5iKycFZFc9Vei/JS
MD5:	EDF35EA4A67F542969F6A2523CC8B97B
SHA1:	00547338BBCE6C1543994AC5B76AA0822D06A5F7
SHA-256:	F6EEC4F42E7B7755122338B0BB698BA505B766C038B44E1F1C215A5B2CD4864C
SHA-512:	BCD53EF4A92AD6605E197D678FC50D12C7006E1337C87188D56B01C0B3CC4E23505E1282A1558407B07CE47D0D0703D129C5349331534054AE930565301EA000
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="531" height="49" viewBox="0 0 531 49" fill="none">..<path d="M527.098 15.0977L530.701 13.5155C530.789 13.4276 530.789 13.3397 530.701 13.3397L527.098 11.7576L525.428 8.06592C525.428 7.97803 525.34 7.97803 525.34 8.06592L523.67 11.6697L520.066 13.3397C519.978 13.3397 519.978 13.4276 520.066 13.5155L523.67 15.0977L525.34 18.7015H525.428L527.098 15.0977Z" fill="#6ADBC6"/>..<path opacity="0.5" d="M303.575 6.4L306.975 4.9V4.7L303.575 3.3L302.075 0H301.875L300.375 3.3L297.075 4.7C296.975 4.8 296.975 4.9 297.075 4.9L300.375 6.4L301.875 9.8H302.075L303.575 6.4Z" fill="#9691FF"/>..<path d="M505.875 43.8621L510.95 41.6367C510.982 41.6007 511 41.5541 511 41.5058C511 41.4575 510.982 41.4109 510.95 41.3749L505.875 39.1495L503.598 34.0443C503.585 34.0304 503.57 34.0192 503.554 34.0116C503.537 34.004 503.518 34 503.5 34C503.482 34 503.463 34.004 503.446 34.0116C503.43 34.0192 503.415 34.0304 503.402 34.0443L501.125 39.0841L496.05 41.3749C496.018 41.4109

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	98884
Entropy (8bit):	4.108677123008804
Encrypted:	false
SSDEEP:	768:kpT0zibVNH4CjyEw2COrjfS25AHli8wpASKnCSB4DX8A7NewQYUIIVz7evq+Cl+4:0BjyHlZuT9KOvMTKcnfpvRzOq
MD5:	A1B6F0CF163CCDE271BCC3B19F5A511B
SHA1:	C10CF1A8163B5774F4813F1E07918DC774D06CE6
SHA-256:	53792A6BA95018A478C9C837E53CEF9440A7A97567D9B73DC82FA98D84494BC8
SHA-512:	E1471982F66B3632FEF218ABB66F7BE22A217BEED8BDED23DD0039658C75453F5BF91C62A6B9B34022AE4F63E767AA2F83B69B8898B919C22B3AEF913D3F8C16
Malicious:	false
Reputation:	low
URL:	https://discordcloness.netlify.app/img/dontknow.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="874" height="530" viewBox="0 0 874 530" fill="none">..<mask id="mask0" mask-type="alpha" maskUnits="userSpaceOnUse" x="637" y="56" width="207" height="401">..<path d="M814.368 56H666.999C650.499 56 637 69.479 637 85.9533V427.047C637 443.521 650.499 457 666.999 457H813.993C830.493 457 843.992 443.521 843.992 427.047V85.9533C844.367 69.479 830.868 56 814.368 56Z" fill="#23272A"/>..</mask>..<g mask="url(#mask0)">..<path d="M835.769 52H625.711V457.43H835.769V52Z" fill="#3442D9"/>..<path d="M698.142 197.574C692.957 180.347 690.254 172.163 699.586 167.098C708.917 162.032 737.172 165.542 750.414 168.66C763.656 171.778 765.603 175.133 756.931 188.064L698.142 197.574Z" fill="#FFF4B3"/>..<path d="M692.143 351.657C690.092 300.644 691.321 258.422 693.054 235.841C684.582 230.323 680.664 225.939 678.983 223.643C678.644 223.17 678.471 222.599 678.49 222.018C678.508 221.437 678.718 220.879 679.086 220.429C692.543 203.698 703.948 189.131 715.939 182.273C72

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3
Category:	dropped
Size (bytes):	6753
Entropy (8bit):	7.929092369536118
Encrypted:	false
SSDEEP:	192:alEm10N9EoaLrGtoskAi3PhzzL227di+r/74G:sEas9unkosdi3lLVz4G
MD5:	B5F44A43850547A328140B1E97B283C2
SHA1:	0BBAEB184E63FD0E10B7DF7917F4C4F2C080F2AB
SHA-256:	768F483F01CC2D2BFB286CD05509E8B18E1FA03985625143436D7ED2739F84D5
SHA-512:	8C79371C9FCBA2A09658332E40FB37ED103F4B3FEB95C192CD4B1E4D97322DD2355A21DF05B1F76789A5DB39C2E4DF085868F4F6613FFC34359A01243818F7E5
Malicious:	false
Reputation:	low
Preview:	......JFIF..................................................!.&..+#..&8&+/1555.$;@;4?.451...........4+%(644414454:4114444444444451444444414444444414114444...........".......................................A.....................!1.AQ..."2Baq..Rb.......r.....#3C...c...$S...............................+........................!1Q2Aa.q....B................?...t.e.....d[v0....H...KkX.........j.v)x..#.c'..\|..w...)Z .a.y.=.a2n.3J0....TF..q..5.P.tf'...1.I.?.(..&...@...o.....CTN7.r...7.. j.....@...MN....j\oJ..w........\...0oz.kJ..(GV._.P..2...Ij?9X.WZ2..A=..g.........W.%..d...9...F....(.L..W4g.../......g.,m&m........K.......k...&.c.B..ce._...A.....c'..\|..t<w..........J.8.[{..P.gXL.......v..0...F......&...@1.I.?. 45D.~. j..F.....VM.55....GV..d.!.q.!-Q6..1...........S.uh....w{.kJ.]S&..\|.?...#..!...H.qA..'..p..Ww..Q>-..jJ..Y...~-.?...j.n.....<..\|F..*M.q....G-..Q/...YV..%6....l.5.Q......q..~m......;.E[....u.h.....I...e}.c".0^/4....yFT.C.....Aa[..iu.......Q..4C.[.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://discordcloness.netlify.app/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Windows Analysis Report
http://discordcloness.netlify.app/