Windows Analysis Report #U00e2_#U00e2_Play _to _Listen.htm

Overview

General Information

Sample Name: #U00e2_#U00e2_Play _to _Listen.htm
Analysis ID: 452435
MD5: 59bcd893624173dbb0ae81eb3019974f
SHA1: 995c8ee3b0810659468fbc216e1d8c0d1f2fa1f6
SHA256: 51cb67fbe8cc07001310c8b8c9c78f9b117f8efb03f31ed41dd2432b38639a8b
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Yara detected HtmlPhish44
Phishing site detected (based on image similarity)
HTML body contains low number of good links
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Submit button contains javascript call

Classification

AV Detection:

barindex
Antivirus detection for URL or domain
Source: https://titko.wancdnapp.page Avira URL Cloud: Label: phishing

Phishing:

barindex
Yara detected HtmlPhish44
Source: Yara match File source: #U00e2_#U00e2_Play _to _Listen.htm, type: SAMPLE
Phishing site detected (based on image similarity)
Source: file:///C:/Users/user/Desktop/%23U00e2_%23U00e2_Play%20_to%20_Listen.htm?bbre=1626976601159#/1626976601159-@!&EfQBIjex4nAvaSN&@!QtCJrXmE3YnhHsy5VU2ow!&@-erika.lontoc@enbridge.com-1626976601159/1626976601159 Matcher: Found strong image similarity, brand: Microsoft image: 17493.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
HTML body contains low number of good links
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: Number of links: 0
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: Number of links: 0
Submit button contains javascript call
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084 HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084 HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084 HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084 HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\4088_1672596030\LICENSE.txt Jump to behavior
Source: unknown HTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.72:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49804 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49805 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49806 version: TLS 1.2

Networking:

barindex
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.16.122.175 104.16.122.175
Source: Joe Sandbox View IP Address: 151.101.1.195 151.101.1.195
Source: Joe Sandbox View IP Address: 151.101.1.195 151.101.1.195
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: unknown DNS traffic detected: queries for: accounts.google.com
Source: 4D1ED785E3365DE6C966A82E99CCE8EA_216A6C169356295AB09C26D4D7D32E06.2.dr String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmA
Source: EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619.2.dr String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1Jg
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=OoKkeU3%2BmVhMJM%2BBBdrcmySbHyEoeycPWzMZ%2FvEzV4Rbwd8dNIUBH
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=pyWl84jQ9GbAN1%2FACl4YZpuAdFkZde1gzydH4iwZgwquKAqAc9pZL9L7z
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=rGdgGtsHnyV9rMKv2I%2F3XUiIeYY3BophwuhClI01RJE%2F%2FYZBX5cuF
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://aadcdn.msauth.net
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://aadcdn.msauthimages.net
Source: bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://account.live.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://account.live.com/
Source: History.0.dr String found in binary or memory: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.
Source: Current Session.0.dr String found in binary or memory: https://account.live.com/password/reset
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, manifest.json0.0.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://accounts.google.com
Source: bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://acctcdn.msauth.net
Source: Network Action Predictor.0.dr String found in binary or memory: https://acctcdn.msauth.net/
Source: 263002cf0fbb71e6_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/accountcorepackage_YD-Y5A3nlj0ms1Ks9fXU6A2.js?v=1
Source: f6ef8939da32ec75_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/bootstrap_3.3.0_B68S-_daR6nLiLVZsh4XiA2.js?v=1
Source: 59f8bbf14d4853fd_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
Source: Favicons.0.dr String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
Source: 4278acc4333443e6_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1
Source: f469a98fdcf53c25_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1
Source: 7e4cea594f77c74d_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1
Source: 7cab34efca253074_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_X7k_NcCIooflIFuKCGNtCw2.js?v=1
Source: 0decd6ee54701714_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://ajax.googleapis.com
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, manifest.json0.0.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://apis.google.com
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://bit.ly
Source: Current Session.0.dr String found in binary or memory: https://bit.ly/39KyDE6
Source: History.0.dr String found in binary or memory: https://bit.ly/39KyDE6Recover
Source: Current Session.0.dr String found in binary or memory: https://bit.ly/39KyDE6k&ZLP&/
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://cdnjs.cloudflare.com
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.0.dr String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/downloads-lorry
Source: d5dd8309-2c52-4367-a472-d42383780cd9.tmp.2.dr, 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, 9209b84d-f87d-4c88-a1ae-740cdded2081.tmp.2.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.dr String found in binary or memory: https://hangouts.google.com/
Source: f6ef8939da32ec75_0.0.dr, 7cab34efca253074_0.0.dr String found in binary or memory: https://live.com/
Source: 0decd6ee54701714_0.0.dr String found in binary or memory: https://live.com//a
Source: f469a98fdcf53c25_0.0.dr String found in binary or memory: https://live.com/Ni
Source: 7e4cea594f77c74d_0.0.dr String found in binary or memory: https://live.com/U
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://manaapdpemtri.firebaseapp.com
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://noem.urll.pw
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://play.google.com
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://r2---sn-h0jeener.gvt1.com
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Favicons.0.dr String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico
Source: Favicons-journal.0.dr String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico4
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://titko.wancdnapp.page
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://unpkg.com
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, manifest.json0.0.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.google.com;
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 5ae6876a-337e-455f-be66-1f92e7a8c57c.tmp.2.dr, 64097c87-b929-47bf-b31f-0f40acc05d47.tmp.2.dr, bbabfc87-a240-4b8d-821f-598845db053a.tmp.2.dr String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown HTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.195:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.72:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49804 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49805 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49806 version: TLS 1.2
Source: classification engine Classification label: mal60.phis.winHTM@39/204@18/15
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60F9B157-FF8.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\8333f579-22a6-49ed-b743-975185d5fad8.tmp Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\#U00e2_#U00e2_Play _to _Listen.htm'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,14482809985186982011,5593868377781062687,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,14482809985186982011,5593868377781062687,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\4088_1672596030\LICENSE.txt Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs