Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://sites.google.com/view/wiubriu38/home

Overview

General Information

Sample URL:https://sites.google.com/view/wiubriu38/home
Analysis ID:1637656
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains obfuscated script src

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3475768706281129083,13271071048141220805,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sites.google.com/view/wiubriu38/home" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
2.22..script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    3.31..script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      2.6.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        3.7.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          3.9.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            AI detected phishing page
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueJoe Sandbox AI: Score: 9 Reasons: The brand 'Outlook' is a well-known email service provided by Microsoft., The legitimate domain for Outlook is 'outlook.com'., The provided URL 'ny.feiya-yarn.com' does not match the legitimate domain for Outlook., The domain 'feiya-yarn.com' does not have any known association with Microsoft or Outlook., The presence of input fields for 'Email, phone, or Skype' suggests an attempt to collect sensitive information, which is common in phishing sites., The URL structure with 'ny' as a subdomain and 'feiya-yarn.com' as the main domain is suspicious and unrelated to Outlook. DOM: 3.7.pages.csv
            Yara detected HtmlPhish54
            Source: Yara matchFile source: 2.22..script.csv, type: HTML
            Source: Yara matchFile source: 3.31..script.csv, type: HTML
            Source: Yara matchFile source: 2.6.pages.csv, type: HTML
            Source: Yara matchFile source: 3.7.pages.csv, type: HTML
            Source: Yara matchFile source: 3.9.pages.csv, type: HTML
            AI detected landing page (webpage, office document or email)
            Source: https://sites.google.com/view/wiubriu38/homeJoe Sandbox AI: Page contains button: 'CLICK HERE TO PLAY VOICEMAIL MESSAGE' Source: '0.0.pages.csv'
            AI detected suspicious Javascript
            Source: 3.79.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution through the use of the `Function` constructor and the ability to modify the `sRandomBlob` property, which could potentially be used for data exfiltration or other malicious purposes. The script is also heavily obfuscated, making it difficult to analyze and understand its true intent. These factors contribute to a high-risk assessment.
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: Number of links: 1
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9QHTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: <input type="password" .../> found
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9QHTTP Parser: No favicon
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: No favicon
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: No favicon
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: No favicon
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://ny.feiya-yarn.com/?ucawxp1d3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZTAzZDZiMDgtOWM5NS0xZGNlLTdjOGUtNmIxMWYzZTlhOTdjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODc3NDg4NDMxNzk4MTkwMC4yODNlYThlMC1hNmYwLTQ2ODEtOGFjZC0xOWY1ZmNiOWE1ZjUmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdZRDVBTWZCR0ZwTHJ5X0ZiTGM1cGJTSExXU01KQjVWbUp0SXE4UXFwSWpuSlhXWkxBUWJqdENHRUlqTkIwaTktN3pWdXZjYzcxSGV6OG9Q&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: chrome.exeMemory has grown: Private usage: 18MB later: 31MB
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
            Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.64
            Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.64
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/pkix-certLast-Modified: Wed, 01 May 2024 21:14:13 GMTETag: "6632b0a5-509"Content-Disposition: attachment; filename="R10.der"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1245Cache-Control: max-age=3600Expires: Thu, 13 Mar 2025 19:47:10 GMTDate: Thu, 13 Mar 2025 18:47:10 GMTConnection: keep-aliveData Raw: 1f 8b 08 00 00 00 00 00 00 00 33 68 62 65 35 68 62 7a bb 80 99 89 91 89 49 c0 7b 45 d0 e4 ef b3 f4 17 15 b3 79 af 60 e9 2d bd 60 c0 cb c6 a9 d5 e6 d1 f6 9d 97 91 91 9b 95 c1 c0 df 90 db 80 93 8d 39 94 85 4d 98 29 34 d8 50 d3 40 1d c4 e1 12 56 f0 cc 2b 49 2d ca 4b 2d 51 08 4e 4d 2e 2d ca 2c a9 54 08 4a 2d 4e 4d 2c 4a ce 50 70 2f ca 2f 2d 30 14 35 10 06 29 65 16 e6 f1 0c 0e 72 57 08 ca cf 2f 51 88 30 34 90 13 e7 35 32 31 30 36 34 36 00 83 28 20 d7 1c c8 35 32 32 36 b5 34 b5 8c 02 32 51 2c 14 33 10 81 58 c8 eb 93 5a a2 5e ac e0 9a 97 5c 54 59 50 62 c8 63 c0 05 31 9d 39 c8 d0 c0 a0 89 51 09 d9 e1 8c ac 0c cc 4d 8c fc 0c 40 71 2e a6 26 46 46 86 f3 e1 4f 9f 1d 09 11 7a bb c5 fd df 49 f5 88 32 b7 00 8d 1e 59 bb 8e fb ac 73 af 6e 95 d0 dc 7b 77 6b d4 fe 5f df ce 2d de b7 9e 41 d1 3b 29 2a ca 86 51 ff 68 04 f3 b7 ce ff 7d 82 ce af 0f 6e 7d 20 c2 3e ad 3f 5f fe fa f3 5d 8d 96 9c a5 a9 db 0f ad 97 88 36 57 d3 78 be f8 0b bb 76 ae d4 ff d5 11 7b a6 ae 73 f8 ff f2 74 f8 91 ad d1 f5 15 bc 12 89 7b c4 9f 87 1c db ed 39 f1 6c 9e c4 c5 86 d6 77 cb 52 cd f6 94 bc da 13 e0 f3 ea 8f e2 67 0b b1 c9 53 76 6d b8 9c 6d c1 76 56 4c a8 ea 54 50 e9 89 b5 65 9b 0e cd 89 9d e1 1a 93 9f 58 7d 4c f7 9d 8d 70 50 1b e3 cd f0 67 16 32 f7 7b b7 ca 4f 9a 38 eb b9 97 cc 19 d7 15 45 a1 1f 36 3c 5b cc fe e6 ef 72 e9 b4 79 f6 1e dd 85 2d 85 11 27 ad 7e bd 8f fb 14 ed a2 6d 53 f2 bc 7f 93 fb 41 f6 ac b3 b3 b6 f3 4e fb 2e d4 a8 16 18 c2 f5 26 f1 db f7 af 8f 3e 75 9d 98 ca db cb c4 cc c8 c0 b8 b8 f1 87 41 e3 57 03 3e 60 b8 c9 f2 33 32 fe 67 61 01 26 81 36 03 59 10 5f 95 05 14 d0 1c da 6c 8c ac ac ec cc 4c 70 16 a3 81 10 48 5a 18 a4 9c c3 80 0d 48 31 31 32 40 b4 f0 b1 88 b1 88 ec de 73 d8 7d e9 93 3d 2b 8f 1d 5e 52 c4 23 d0 bb c8 f4 e1 89 17 06 f2 20 69 65 16 09 03 b1 06 91 ca 2d 91 cf aa b7 3d 7d c2 58 dc c0 d1 71 42 2a e2 db cb d9 79 06 46 30 f3 19 19 59 d4 0c 54 0c 94 60 7c 03 a6 36 b1 8c 92 92 02 2b 7d fd 0a 43 bd 4c bd 9c 54 60 74 eb e5 17 a5 eb 83 13 93 ac 02 0b 30 de 0d 38 d8 d8 d2 1b 79 18 99 18 c1 89 51 56 9e 45 c1 40 ce 40 66 81 d4 02 09 64 dd c9 c8 ba 51 53 35 73 13 d0 17 93 36 3e 77 34 7f 5d 39 b7 f1 d9 d9 47 aa 0f ad 14 5e 4e 70 99 ba b8 31 e6 fc e1 d8 bf 7b 17 14 5c dd 38 4d 43 89 fb d2 27 8d f3 3c cf af 3c 73 ee 51 51 92 3d e8 34 e9 22 e7 fa f9 de 5f 4e 14 f8 2b 88 6d 8c ba cb f8 4d fe 87 7c 62 b6 88 fa 86 a2 de e4 75 ef 1e 9d f3 3e 6f 7e 77 f7 e2 2b 67 9f af 0d 58 bb 77 ff e3 37 76 49 66 05 33 0d 97 bf e8 bd fb 2a e9 91 d0 ba af 73 ae d8 ea f0 ac ba 30 Data Ascii: 3hbe5hbzI{Ey`-`9M)4P@V+I-K-QNM.-
            Source: global trafficHTTP traffic detected: GET /js/client.js?onload=gapiLoaded HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=ffPU7E3PUX5R3fSsj--elu4J9tEkdgnOhx2Bo5ZetcogVr-eQsDVdWiJZqWREmn36aqVNwbcR1uu63QmQAV4Ys1py9aZeFhIc73dSyGO9mn8Y27MSq_eW_5k2SIKyelTiI44g2jkmrmLYMA2edlDHPJhL4-WeKAMf0-0zCZ32gkVJzZ64ctTaw4iruwt1vD79A
            Source: global trafficHTTP traffic detected: GET /PepDLLcJuG82h42L98L2Tvye4eCCHRwl0U1OO5yTu7IaXrRpVUvjz7wNPrQKqi91Cd6y83_qDkRLfnkFtn-yHANusqPXlVmRbXWrzxoNvHxXqvejnjHZPuZV3-T6wAPaRQ=w1280 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.lb.en.z-CF99wuLeU.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8yJLmK2FeQzRT4hxPn9_NEJo9eCg/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=ffPU7E3PUX5R3fSsj--elu4J9tEkdgnOhx2Bo5ZetcogVr-eQsDVdWiJZqWREmn36aqVNwbcR1uu63QmQAV4Ys1py9aZeFhIc73dSyGO9mn8Y27MSq_eW_5k2SIKyelTiI44g2jkmrmLYMA2edlDHPJhL4-WeKAMf0-0zCZ32gkVJzZ64ctTaw4iruwt1vD79A
            Source: global trafficHTTP traffic detected: GET /PepDLLcJuG82h42L98L2Tvye4eCCHRwl0U1OO5yTu7IaXrRpVUvjz7wNPrQKqi91Cd6y83_qDkRLfnkFtn-yHANusqPXlVmRbXWrzxoNvHxXqvejnjHZPuZV3-T6wAPaRQ=w1280 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=sXwnjS9CgqILgO_9BV6KxKS1ozb8RNV0-4WGbQP_cjIEkLrCrMyufy8vmovaBPvkR4p3Oe-5R87eWXFEQfk62UZn0iDPZ1ksgcMKY4UHt7WigkolIbQOH-a5kzv55pHJNre_TEa0KyOKO9w5mfylueU_gBmjuIMNfcdO463PKNuAcKo42PgShFU-hYI_8bpUWPOTIDL3cQ
            Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=voRC0DNMelyNARnpCredCA2Im7_u07Ps23jx4z7UM0PDhORBEP_gfHY66ExHimpPXOrZeX6OlE58xPtml8ZGc0CE1zAIjlmDDNXtOgWDj-IFpjP7WtpQ9ycG3lrFQuU5DBm0vz7sAsbzzQTWVUNJ3DQXmFeWZ8hPpOxwkm3BVUwpI7zRGdYdEKdKqp6npI-j6mnFnkv32w
            Source: global trafficHTTP traffic detected: GET /url?q=https%3A%2F%2Fny.feiya-yarn.com%2F%3Fbjimdvzp&sa=D&sntz=1&usg=AOvVaw3EbWLvntQQfhs2PrrpVKOt HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=voRC0DNMelyNARnpCredCA2Im7_u07Ps23jx4z7UM0PDhORBEP_gfHY66ExHimpPXOrZeX6OlE58xPtml8ZGc0CE1zAIjlmDDNXtOgWDj-IFpjP7WtpQ9ycG3lrFQuU5DBm0vz7sAsbzzQTWVUNJ3DQXmFeWZ8hPpOxwkm3BVUwpI7zRGdYdEKdKqp6npI-j6mnFnkv32w
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: r10.i.lencr.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://ny.feiya-yarn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficDNS traffic detected: DNS query: csp.withgoogle.com
            Source: global trafficDNS traffic detected: DNS query: apis.google.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: lh3.googleusercontent.com
            Source: global trafficDNS traffic detected: DNS query: play.google.com
            Source: global trafficDNS traffic detected: DNS query: ny.feiya-yarn.com
            Source: global trafficDNS traffic detected: DNS query: r10.i.lencr.org
            Source: global trafficDNS traffic detected: DNS query: google.com
            Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
            Source: global trafficDNS traffic detected: DNS query: outlook.office365.com
            Source: global trafficDNS traffic detected: DNS query: r4.res.office365.com
            Source: unknownHTTP traffic detected: POST /csp/proto/6b8ce7c01e3dacd3d2c7a8cd322ff979 HTTP/1.1Host: csp.withgoogle.comConnection: keep-aliveContent-Length: 56sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: https://sites.google.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
            Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6260_1669735589
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6260_1669735589
            Source: classification engineClassification label: mal64.phis.win@25/0@28/260
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3475768706281129083,13271071048141220805,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sites.google.com/view/wiubriu38/home"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3475768706281129083,13271071048141220805,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: Window RecorderWindow detected: More than 3 window changes detected

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Drive-by Compromise            		Windows Management Instrumentation2
            Browser Extensions            		1
            Process Injection            		1
            Masquerading            		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Extra Window Memory Injection            		1
            Process Injection            		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            File Deletion            		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Extra Window Memory Injection            		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
            Ingress Tool Transfer            		Traffic DuplicationData Destruction

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            https://sites.google.com/view/wiubriu38/home0%Avira URL Cloudsafe

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://apis.google.com/js/client.js?onload=gapiLoaded0%Avira URL Cloudsafe
            https://lh3.googleusercontent.com/PepDLLcJuG82h42L98L2Tvye4eCCHRwl0U1OO5yTu7IaXrRpVUvjz7wNPrQKqi91Cd6y83_qDkRLfnkFtn-yHANusqPXlVmRbXWrzxoNvHxXqvejnjHZPuZV3-T6wAPaRQ=w12800%Avira URL Cloudsafe
            https://outlook.office365.com/owa/prefetch.aspx0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            e192961.dscx.akamaiedge.net
            		2.19.122.16
            		truefalse
              		high
              ny.feiya-yarn.com
              		147.45.177.55
              		truefalse
                		high
                e40491.dscg.akamaiedge.net
                		95.101.182.48
                		truefalse
                  		high
                  google.com
                  		142.250.74.206
                  		truefalse
                    		high
                    e329293.dscd.akamaiedge.net
                    		92.123.12.9
                    		truefalse
                      		high
                      csp.withgoogle.com
                      		216.58.212.177
                      		truefalse
                        		high
                        plus.l.google.com
                        		142.250.184.206
                        		truefalse
                          		high
                          play.google.com
                          		142.250.186.142
                          		truefalse
                            		high
                            www.google.com
                            		142.250.184.228
                            		truefalse
                              		high
                              FRA-efz.ms-acdc.office.com
                              		52.98.253.66
                              		truefalse
                                		high
                                googlehosted.l.googleusercontent.com
                                		142.250.186.97
                                		truefalse
                                  		high
                                  s-part-0032.t-0009.t-msedge.net
                                  		13.107.246.60
                                  		truefalse
                                    		high
                                    r4.res.office365.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      aadcdn.msftauth.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        lh3.googleusercontent.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          apis.google.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            r10.i.lencr.org
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              outlook.office365.com
                                              		unknown
                                              		unknownfalse
                                                		high

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                https://csp.withgoogle.com/csp/proto/6b8ce7c01e3dacd3d2c7a8cd322ff979false
                                                  		high
                                                  https://play.google.com/log?format=json&hasfast=true&authuser=0false
                                                    		high
                                                    http://r10.i.lencr.org/false
                                                      		high
                                                      https://outlook.office365.com/owa/prefetch.aspxfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://apis.google.com/js/client.js?onload=gapiLoadedfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://lh3.googleusercontent.com/PepDLLcJuG82h42L98L2Tvye4eCCHRwl0U1OO5yTu7IaXrRpVUvjz7wNPrQKqi91Cd6y83_qDkRLfnkFtn-yHANusqPXlVmRbXWrzxoNvHxXqvejnjHZPuZV3-T6wAPaRQ=w1280false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.google.com/url?q=https%3A%2F%2Fny.feiya-yarn.com%2F%3Fbjimdvzp&sa=D&sntz=1&usg=AOvVaw3EbWLvntQQfhs2PrrpVKOtfalse
                                                        		unknown
                                                        https://google.com/domainreliability/uploadfalse
                                                          		high

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          142.250.186.46
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.185.99
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.185.206
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          216.58.206.74
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          95.101.182.48
                                                          		e40491.dscg.akamaiedge.netEuropean Union
                                                          		20940AKAMAI-ASN1EUfalse
                                                          142.250.74.206
                                                          		google.comUnited States
                                                          		15169GOOGLEUSfalse
                                                          13.107.246.60
                                                          		s-part-0032.t-0009.t-msedge.netUnited States
                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                          147.45.177.55
                                                          		ny.feiya-yarn.comRussian Federation
                                                          		2895FREE-NET-ASFREEnetEUfalse
                                                          142.250.185.142
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.184.228
                                                          		www.google.comUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.184.206
                                                          		plus.l.google.comUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.186.97
                                                          		googlehosted.l.googleusercontent.comUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.186.138
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.184.195
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.110.84
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          2.19.122.16
                                                          		e192961.dscx.akamaiedge.netEuropean Union
                                                          		16625AKAMAI-ASUSfalse
                                                          20.190.160.3
                                                          		unknownUnited States
                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                          1.1.1.1
                                                          		unknownAustralia
                                                          		13335CLOUDFLARENETUSfalse
                                                          216.58.212.177
                                                          		csp.withgoogle.comUnited States
                                                          		15169GOOGLEUSfalse
                                                          216.58.206.67
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          172.217.18.3
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          52.98.253.66
                                                          		FRA-efz.ms-acdc.office.comUnited States
                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                          142.250.185.110
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.186.129
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.185.174
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.185.131
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.186.142
                                                          		play.google.comUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.186.42
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse

                                                          Private

                                                          IP
                                                          192.168.2.17
                                                          192.168.2.16

                                                          General Information

                                                          Joe Sandbox version:42.0.0 Malachite
                                                          Analysis ID:1637656
                                                          Start date and time:2025-03-13 19:45:34 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                          Sample URL:https://sites.google.com/view/wiubriu38/home
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:15
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • EGA enabled
                                                          Analysis Mode:stream
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal64.phis.win@25/0@28/260

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): svchost.exe
                                                          • Excluded IPs from analysis (whitelisted): 142.250.184.206, 216.58.206.67, 142.250.185.206, 142.250.110.84
                                                          • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                          • VT rate limit hit for: https://sites.google.com/view/wiubriu38/home

                                                          Created / dropped Files

                                                          No created / dropped files found

                                                          Static File Info

                                                          No static file info