Analysis Report https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx

Overview

General Information

Sample URL: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx
Analysis ID: 433107
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish29
Phishing site detected (based on image similarity)
Phishing site detected (based on logo template match)
HTML body contains low number of good links
HTML title does not match URL

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/PpDUsrjn8IGBCAWytdv3ZxgET4 SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://kifot.wancdnapp.page/60b79dd6cc1251248c7a9396.js Avira URL Cloud: Label: phishing

Phishing:

barindex
Phishing site detected (based on favicon image match)
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish29
Source: Yara match File source: 87249.pages.csv, type: HTML
Source: Yara match File source: 16391.pages.csv, type: HTML
Phishing site detected (based on image similarity)
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj Matcher: Found strong image similarity, brand: Microsoft image: 16391.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM Matcher: Found strong image similarity, brand: Microsoft image: 87249.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Phishing site detected (based on logo template match)
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM Matcher: Template: microsoft matched
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj Matcher: Template: microsoft matched
HTML body contains low number of good links
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM HTTP Parser: Number of links: 0
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM HTTP Parser: Number of links: 0
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj HTTP Parser: Number of links: 0
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj HTTP Parser: Number of links: 0
HTML title does not match URL
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM HTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM HTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj HTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj HTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM HTTP Parser: No <meta name="author".. found
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM HTTP Parser: No <meta name="author".. found
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj HTTP Parser: No <meta name="author".. found
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj HTTP Parser: No <meta name="author".. found
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM HTTP Parser: No <meta name="copyright".. found
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-NNTqXEGoOpLZBx0VxPBM0PZempxYKhXt9GNjeat2JqQejGCnoad5rKb-cQRgQW0nUl3uU9G2fGdbGuEHzSPUNHqUek/i7MyFgsuVbKrQGL4ODnjT8OnMM HTTP Parser: No <meta name="copyright".. found
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj HTTP Parser: No <meta name="copyright".. found
Source: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49834 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud
Source: 5887976EDAA817EEF5159B09F6FCD000_35673150FB44DAA99337A19E2291E035.2.dr String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmA
Source: EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619.2.dr String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1Jg
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v2?s=KIcwLvuEtkXxmvZZjQ7EhUwNuJf9lf40xkHbtScQ8DH9tY76s9Z%2FpPPgk
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v2?s=VsNK66J8TK7%2F7PAsvd06ZMn41TgPnYVphm%2FW0CUu%2BFZ9bKXcUEcIb
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr String found in binary or memory: https://aadcdn.msauth.net
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr String found in binary or memory: https://aadcdn.msftauth.net
Source: manifest.json0.1.dr, 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://accounts.google.com
Source: Network Action Predictor-journal.1.dr String found in binary or memory: https://ajax.aspnetcdn.com/
Source: 094e2d6bf2abec98_0.1.dr String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js
Source: f46ad1d2652b0b43_0.1.dr String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr String found in binary or memory: https://ajax.googleapis.com
Source: 15bbcddad0bfbf89_0.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: 88dc8e2097326454_0.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jsa
Source: 88dc8e2097326454_0.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jsaD
Source: manifest.json0.1.dr, 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://apis.google.com
Source: times.ttf.1.dr, 15bbcddad0bfbf89_0.1.dr, b90ea9ec3c36916c_0.1.dr, 8dc6cc7af937d5e7_0.1.dr String found in binary or memory: https://appdomain.cloud/
Source: c7ac401a91b7fb3b_0.1.dr String found in binary or memory: https://appdomain.cloud/K
Source: 16c3089330ff7ee0_0.1.dr String found in binary or memory: https://appdomain.cloud/N
Source: 753172e1420a85e5_0.1.dr String found in binary or memory: https://appdomain.cloud/j
Source: 2e2f53894c97faa5_0.1.dr String found in binary or memory: https://appdomain.cloud/l.
Source: Network Action Predictor-journal.1.dr String found in binary or memory: https://assets.onestore.ms/
Source: Favicons.1.dr String found in binary or memory: https://bit.ly/2Jmn3lA
Source: History.1.dr String found in binary or memory: https://bit.ly/2Jmn3lAMicrosoft
Source: Favicons.1.dr String found in binary or memory: https://bit.ly/39oebGZ
Source: History.1.dr String found in binary or memory: https://bit.ly/39oebGZMicrosoft
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr String found in binary or memory: https://cdnjs.cloudflare.com
Source: bcba23f2a537c6bf_0.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js
Source: bcba23f2a537c6bf_0.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.jsaD
Source: 48f565ca8f495c25_0.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js
Source: 48f565ca8f495c25_0.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.jsaD
Source: 1090860740f0bc96_0.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js
Source: 1090860740f0bc96_0.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.jsaD
Source: 6ea6b0fd83aa1e1f_0.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js
Source: 6ea6b0fd83aa1e1f_0.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.jsaD
Source: 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: 24bd4fe3-51fa-48ec-af39-3edec79ba4b3.tmp.2.dr, 5d3799c5-1c93-4243-9e1b-c83897e62b27.tmp.2.dr, 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://dns.google
Source: manifest.json0.1.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://fonts.googleapis.com;
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.1.dr String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.1.dr String found in binary or memory: https://hangouts.google.com/
Source: times.ttf.1.dr String found in binary or memory: https://kifot.wancdnapp.page/60b79dd6cc1251248c7a9396.js
Source: Network Action Predictor-journal.1.dr String found in binary or memory: https://login.live.com/
Source: Favicons.1.dr String found in binary or memory: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&amp;mkt=EN-US&amp;vv=1600
Source: History.1.dr String found in binary or memory: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&amp;mkt=EN-US&amp;vv=1600Microsoft
Source: Favicons.1.dr String found in binary or memory: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&amp;mkt=EN-US&amp;vv=1600
Source: History.1.dr String found in binary or memory: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&amp;mkt=EN-US&amp;vv=1600Microsoft
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://play.google.com
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr String found in binary or memory: https://r8---sn-n02xgoxufvg3-2gbl.gvt1.com
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr String found in binary or memory: https://redirector.gvt1.com
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr String found in binary or memory: https://rikapcndbn.web.app
Source: 2e2f53894c97faa5_0.1.dr String found in binary or memory: https://rikapcndbn.web.app/ahygdvxzsa/themes/17034c4caccdac15190faf36c3557a3dnbr1622646221.js
Source: 8dc6cc7af937d5e7_0.1.dr String found in binary or memory: https://rikapcndbn.web.app/ahygdvxzsa/themes/96cf99fc63f83319d09ad083f8a504cb.js
Source: 753172e1420a85e5_0.1.dr String found in binary or memory: https://rikapcndbn.web.app/ahygdvxzsa/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301622646214.js
Source: 753172e1420a85e5_0.1.dr String found in binary or memory: https://rikapcndbn.web.app/ahygdvxzsa/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301622646214.jsaD
Source: 16c3089330ff7ee0_0.1.dr String found in binary or memory: https://rikapcndbn.web.app/ahygdvxzsa/themes/js/c0f5e0dd4f642062f92481ef2bb438191622646215.js
Source: manifest.json.1.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Favicons.1.dr String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico
Source: Favicons-journal.1.dr String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico:x.m
Source: Favicons-journal.1.dr String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.icoy
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://ssl.gstatic.com
Source: Network Action Predictor.1.dr String found in binary or memory: https://statics-marketingsites-eus-ms-com.akamaized.net/
Source: Network Action Predictor-journal.1.dr String found in binary or memory: https://statics-marketingsites-wcus-ms-com.akamaized.net/
Source: messages.json83.1.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr String found in binary or memory: https://unpkg.com
Source: 7df541af6f0604ae_0.1.dr String found in binary or memory: https://unpkg.com/axios
Source: e2a64377b8c73d51_0.1.dr, f07074a526b61413_0.1.dr String found in binary or memory: https://unpkg.com/lodash
Source: f428b9f7917ec10e_0.1.dr String found in binary or memory: https://unpkg.com/vue
Source: c7ac401a91b7fb3b_0.1.dr String found in binary or memory: https://unpkg.com/vue-router
Source: 000003.log4.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud
Source: 000003.log0.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/
Source: History.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud//#
Source: Current Session.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx
Source: Favicons.1.dr, Current Session.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/
Source: History Provider Cache.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/2
Source: Favicons.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/G
Source: Current Session.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/PpDUsrjn8IGBCAWytdv3ZxgET4
Source: History.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/PpDUsrjn8IGBCAWytdv3ZxgET4Sign
Source: History.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/Sign
Source: History.1.dr, History Provider Cache.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXS
Source: History.1.dr, Current Session.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/x0Lh7w4dQKuJ3sfdB8g-&
Source: Favicons.1.dr, Current Session.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#PpDUsrjn8IGBCAWytdv3ZxgET4
Source: Current Session.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#PpDUsrjn8IGBCAWytdv3ZxgET4$&
Source: History.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#PpDUsrjn8IGBCAWytdv3ZxgET4/#
Source: History.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#PpDUsrjn8IGBCAWytdv3ZxgET4Sign
Source: Favicons.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#PpDUsrjn8IGBCAWytdv3ZxgET4c
Source: History Provider Cache.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx2
Source: Favicons-journal.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx:x/
Source: Favicons-journal.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx:x/&
Source: History.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszxSign
Source: Current Session.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszxxgu
Source: Favicons-journal.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszxy
Source: Current Session.1.dr String found in binary or memory: https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/a~$
Source: manifest.json0.1.dr, 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr String found in binary or memory: https://www.google.com/
Source: manifest.json0.1.dr String found in binary or memory: https://www.google.com;
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 2da71a3d-c92b-48c6-b624-67ba1e492584.tmp.2.dr, 667cb605-3081-42ff-8910-4a7fed0a53d7.tmp.2.dr String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.1.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 169.62.254.82:443 -> 192.168.2.3:49834 version: TLS 1.2
Source: classification engine Classification label: mal80.phis.win@41/257@16/11
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60C39BA5-FF0.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\7debad31-2da4-4cd6-9466-de339d4cd5ad.tmp Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1508,3517359519867941500,577792994025438033,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1956 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1508,3517359519867941500,577792994025438033,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1956 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 433107 URL: https://vaqiw9zxozdoxzx.us-... Startdate: 11/06/2021 Architecture: WINDOWS Score: 80 13 vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud 2->13 15 secure.aadcdn.microsoftonline-p.com 2->15 17 3 other IPs or domains 2->17 29 Antivirus detection for URL or domain 2->29 31 Antivirus / Scanner detection for submitted sample 2->31 33 Phishing site detected (based on favicon image match) 2->33 35 3 other signatures 2->35 7 chrome.exe 16 501 2->7         started        signatures3 process4 dnsIp5 19 192.168.2.1 unknown unknown 7->19 21 239.255.255.250 unknown Reserved 7->21 10 chrome.exe 47 7->10         started        process6 dnsIp7 23 vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud 169.62.254.82, 443, 49711, 49712 SOFTLAYERUS United States 10->23 25 googlehosted.l.googleusercontent.com 142.250.180.225, 443, 49743 GOOGLEUS United States 10->25 27 15 other IPs or domains 10->27
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.16.122.175
 unpkg.com United States
13335 CLOUDFLARENETUS false
142.250.180.225
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
151.101.1.195
 rikapcndbn.web.app United States
54113 FASTLYUS false
67.199.248.10
 bit.ly United States
396982 GOOGLE-PRIVATE-CLOUDUS false
169.62.254.82
 vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud United States
36351 SOFTLAYERUS false
104.21.47.62
 kifot.wancdnapp.page United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
152.199.23.37
 cs1100.wpc.omegacdn.net United States
15133 EDGECASTUS false
104.16.19.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private
IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud 169.62.254.82 true
kifot.wancdnapp.page 104.21.47.62 true
cs1100.wpc.omegacdn.net 152.199.23.37 true
cdnjs.cloudflare.com 104.16.19.94 true
bit.ly 67.199.248.10 true
rikapcndbn.web.app 151.101.1.195 true
unpkg.com 104.16.122.175 true
googlehosted.l.googleusercontent.com 142.250.180.225 true
clients2.googleusercontent.com unknown unknown
secure.aadcdn.microsoftonline-p.com unknown unknown
aadcdn.msftauth.net unknown unknown
aadcdn.msauth.net unknown unknown
assets.onestore.ms unknown unknown
ajax.aspnetcdn.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/PpDUsrjn8IGBCAWytdv3ZxgET4 true
  • SlashNext: Fake Login Page type: Phishing & Social Engineering
 unknown
https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx#/qjdgg12br68IWOAkxTFcUxNDjkK6vBXSQ14pglY-&!@ctNM8sAjZgEY5iLDn&!@bwModtqTQyV7pa0@&!-ysuJLX45IcP0KLhIxaQPE5U90CLl1XE3DDln3bffxyMcTU1SyZK8PyfndC0RXZuanMqxQ4unXZabg6dtpeTkxklXIRj1ItG-0SHYRldblkAj3Lq3FEirUZzFzqQo0mGQ4LAdWTMNAq0TWpgNOfeO6jrvgbbfZEa4YxTZTkDPRG/SFrnl6ZCu24tlNocmqA4ydRLNOJODPp218CSkziHWcwZALwBsLu1L1FctqkVigXJkj true
  • SlashNext: Fake Login Page type: Phishing & Social Engineering
 unknown
https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/ true
    		unknown
    https://vaqiw9zxozdoxzx.us-south.cf.appdomain.cloud/?bbre=ozxiaszx true
      		unknown