Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://hotmail-alerts.chelsie15.workers.dev/

Overview

General Information

Sample URL:https://hotmail-alerts.chelsie15.workers.dev/
Analysis ID:1442320
Infos:

Detection

HTMLPhisher
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Yara detected HtmlPhish44
Phishing site detected (based on logo match)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL

Classification

  • System is w10x64
  • chrome.exe (PID: 6100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,9399504368099005157,15426427364656694075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hotmail-alerts.chelsie15.workers.dev/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
dropped/chromecache_73JoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security
    SourceRuleDescriptionAuthorStrings
    0.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      0.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
        No Sigma rule has matched
        No Snort rule has matched

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: https://hotmail-alerts.chelsie15.workers.dev/Avira URL Cloud: detection malicious, Label: phishing
        Source: https://hotmail-alerts.chelsie15.workers.dev/SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
        Source: hotmail-alerts.chelsie15.workers.devSophos S4: Label: illegal phishing domain

        Phishing

        barindex
        Source: https://hotmail-alerts.chelsie15.workers.dev/LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://hotmail-alerts.chelsie15.workers.dev/' is highly suspicious as it does not match the official Microsoft domain and uses a subdomain to mimic a legitimate service. The image shows a login form that closely resembles Microsoft's sign-in page, which is a common tactic used in phishing to deceive users into providing sensitive information. The absence of a captcha and the use of a non-official domain strongly suggest that this is a phishing attempt. DOM: 0.0.pages.csv
        Source: https://chelsie15.workers.devMatcher: Template: microsoft matched with high similarity
        Source: https://hotmail-alerts.chelsie15.workers.dev/Matcher: Template: microsoft matched with high similarity
        Source: Yara matchFile source: 0.0.pages.csv, type: HTML
        Source: Yara matchFile source: 0.1.pages.csv, type: HTML
        Source: Yara matchFile source: dropped/chromecache_73, type: DROPPED
        Source: https://hotmail-alerts.chelsie15.workers.dev/Matcher: Template: microsoft matched
        Source: https://hotmail-alerts.chelsie15.workers.dev/Matcher: Template: microsoft matched
        Source: https://hotmail-alerts.chelsie15.workers.dev/HTTP Parser: Number of links: 0
        Source: https://hotmail-alerts.chelsie15.workers.dev/HTTP Parser: <input type="password" .../> found but no <form action="...
        Source: https://hotmail-alerts.chelsie15.workers.dev/HTTP Parser: Title: Sign in to your account does not match URL
        Source: https://hotmail-alerts.chelsie15.workers.dev/HTTP Parser: <input type="password" .../> found
        Source: https://hotmail-alerts.chelsie15.workers.dev/HTTP Parser: No <meta name="author".. found
        Source: https://hotmail-alerts.chelsie15.workers.dev/HTTP Parser: No <meta name="author".. found
        Source: https://hotmail-alerts.chelsie15.workers.dev/HTTP Parser: No <meta name="copyright".. found
        Source: https://hotmail-alerts.chelsie15.workers.dev/HTTP Parser: No <meta name="copyright".. found
        Source: unknownHTTPS traffic detected: 23.43.45.167:443 -> 192.168.2.4:49755 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.43.45.167:443 -> 192.168.2.4:49760 version: TLS 1.2
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
        Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 23.43.45.167
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: hotmail-alerts.chelsie15.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hotmail-alerts.chelsie15.workers.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://hotmail-alerts.chelsie15.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hotmail-alerts.chelsie15.workers.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hotmail-alerts.chelsie15.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hotmail-alerts.chelsie15.workers.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hotmail-alerts.chelsie15.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hotmail-alerts.chelsie15.workers.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hotmail-alerts.chelsie15.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hotmail-alerts.chelsie15.workers.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hotmail-alerts.chelsie15.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hotmail-alerts.chelsie15.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://hotmail-alerts.chelsie15.workers.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hotmail-alerts.chelsie15.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hotmail-alerts.chelsie15.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
        Source: global trafficDNS traffic detected: DNS query: hotmail-alerts.chelsie15.workers.dev
        Source: global trafficDNS traffic detected: DNS query: code.jquery.com
        Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
        Source: global trafficDNS traffic detected: DNS query: kit.fontawesome.com
        Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
        Source: global trafficDNS traffic detected: DNS query: ka-f.fontawesome.com
        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: chromecache_60.2.drString found in binary or memory: http://jquery.org/license
        Source: chromecache_66.2.drString found in binary or memory: http://opensource.org/licenses/MIT).
        Source: chromecache_60.2.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
        Source: chromecache_60.2.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
        Source: chromecache_60.2.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
        Source: chromecache_60.2.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
        Source: chromecache_60.2.drString found in binary or memory: https://bugs.jquery.com/ticket/12359
        Source: chromecache_60.2.drString found in binary or memory: https://bugs.jquery.com/ticket/13378
        Source: chromecache_60.2.drString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
        Source: chromecache_60.2.drString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
        Source: chromecache_60.2.drString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
        Source: chromecache_60.2.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
        Source: chromecache_60.2.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
        Source: chromecache_60.2.drString found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
        Source: chromecache_60.2.drString found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
        Source: chromecache_71.2.dr, chromecache_61.2.dr, chromecache_77.2.dr, chromecache_68.2.drString found in binary or memory: https://fontawesome.com
        Source: chromecache_71.2.dr, chromecache_61.2.dr, chromecache_77.2.dr, chromecache_68.2.drString found in binary or memory: https://fontawesome.com/license/free
        Source: chromecache_75.2.drString found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6o3ms.woff2
        Source: chromecache_75.2.drString found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rHmsJCQ.wo
        Source: chromecache_75.2.drString found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rXmsJCQ.wo
        Source: chromecache_63.2.dr, chromecache_72.2.drString found in binary or memory: https://getbootstrap.com)
        Source: chromecache_60.2.drString found in binary or memory: https://github.com/eslint/eslint/issues/3229
        Source: chromecache_60.2.drString found in binary or memory: https://github.com/eslint/eslint/issues/6125
        Source: chromecache_60.2.drString found in binary or memory: https://github.com/jquery/jquery/pull/557)
        Source: chromecache_60.2.drString found in binary or memory: https://github.com/jquery/sizzle/pull/225
        Source: chromecache_60.2.drString found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
        Source: chromecache_63.2.dr, chromecache_72.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
        Source: chromecache_72.2.drString found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
        Source: chromecache_60.2.drString found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
        Source: chromecache_60.2.drString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
        Source: chromecache_60.2.drString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
        Source: chromecache_60.2.drString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
        Source: chromecache_60.2.drString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
        Source: chromecache_60.2.drString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
        Source: chromecache_60.2.drString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
        Source: chromecache_60.2.drString found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
        Source: chromecache_60.2.drString found in binary or memory: https://jquery.com/
        Source: chromecache_60.2.drString found in binary or memory: https://jquery.org/license
        Source: chromecache_60.2.drString found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
        Source: chromecache_60.2.drString found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
        Source: chromecache_69.2.drString found in binary or memory: https://ka-f.fontawesome.com
        Source: chromecache_69.2.drString found in binary or memory: https://kit.fontawesome.com
        Source: chromecache_60.2.drString found in binary or memory: https://promisesaplus.com/#point-48
        Source: chromecache_60.2.drString found in binary or memory: https://promisesaplus.com/#point-54
        Source: chromecache_60.2.drString found in binary or memory: https://promisesaplus.com/#point-57
        Source: chromecache_60.2.drString found in binary or memory: https://promisesaplus.com/#point-59
        Source: chromecache_60.2.drString found in binary or memory: https://promisesaplus.com/#point-61
        Source: chromecache_60.2.drString found in binary or memory: https://promisesaplus.com/#point-64
        Source: chromecache_60.2.drString found in binary or memory: https://promisesaplus.com/#point-75
        Source: chromecache_60.2.drString found in binary or memory: https://sizzlejs.com/
        Source: chromecache_60.2.drString found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
        Source: chromecache_60.2.drString found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 23.43.45.167:443 -> 192.168.2.4:49755 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.43.45.167:443 -> 192.168.2.4:49760 version: TLS 1.2
        Source: classification engineClassification label: mal92.phis.win@16/34@20/10
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,9399504368099005157,15426427364656694075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hotmail-alerts.chelsie15.workers.dev/"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,9399504368099005157,15426427364656694075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next
        Source: Window RecorderWindow detected: More than 3 window changes detected
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
        Process Injection
        1
        Process Injection
        OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Encrypted Channel
        Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
        Non-Application Layer Protocol
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
        Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
        Ingress Tool Transfer
        Traffic DuplicationData Destruction
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language