Windows Analysis Report
https://momshi.gq/secure/MailUpdateFresh

Overview

General Information

Sample URL:	https://momshi.gq/secure/MailUpdateFresh
Analysis ID:	635153

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

HTML body contains low number of good links

No HTML title found

Classification

Signatures

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 72168.0.pages.csv, type: HTML

HTML body contains low number of good links

Source: https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b	HTTP Parser: Number of links: 0
Source: https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b	HTTP Parser: Number of links: 0

No HTML title found

Source: https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b	HTTP Parser: HTML title missing
Source: https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b	HTTP Parser: HTML title missing

Source: https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b	HTTP Parser: No <meta name="author".. found
Source: https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b	HTTP Parser: No <meta name="author".. found

Source: https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b	HTTP Parser: No <meta name="copyright".. found
Source: https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 91.209.70.20:443 -> 192.168.2.3:52215 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 56530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63592
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51343
Source: unknown	Network traffic detected: HTTP traffic on port 52215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63592 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59216
Source: unknown	Network traffic detected: HTTP traffic on port 63663 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55666
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56530
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52560
Source: unknown	Network traffic detected: HTTP traffic on port 51343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52560 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63663
Source: unknown	Network traffic detected: HTTP traffic on port 62765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61553
Source: unknown	Network traffic detected: HTTP traffic on port 55666 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61553 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62765

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67

Source: unknown

HTTPS traffic detected: 91.209.70.20:443 -> 192.168.2.3:52215 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Temp\cbcd19aa-87d6-437a-9a5e-32fe4c4d9ce0.tmp

Source: classification engine

Classification label: mal48.phis.win@23/56@6/128

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://momshi.gq/secure/MailUpdateFresh
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,12267277681355210943,5606043116382681651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,12267277681355210943,5606043116382681651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62915755-C0C.pma

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.99	unknown	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.74.202	unknown	United States	15169	GOOGLEUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
216.58.212.142	unknown	United States	15169	GOOGLEUS	false
142.250.186.174	clients.l.google.com	United States	15169	GOOGLEUS	false
104.16.89.20	unknown	United States	13335	CLOUDFLARENETUS	false
74.125.111.134	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.141	accounts.google.com	United States	15169	GOOGLEUS	false
91.209.70.20	momshi.gq	Russian Federation	43317	FISHNET-ASRU	false
142.251.36.99	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
accounts.google.com	142.250.185.141	true
cdnjs.cloudflare.com	104.17.24.14	true
clients.l.google.com	142.250.186.174	true
momshi.gq	91.209.70.20	true
clients2.google.com	unknown	unknown
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b	true		unknown

ID:	635153
Product:	CloudBasic
Start time:	15:56:50
Start date:	27.05.2022
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\4a599cc1-953b-4a36-ac02-943d11ed66b9.tmp	data	63E8F27DCC6773B05C2D2FEB1EBCBB85	4E4E7A1A7BE5B53047ACBB7DD1F47958F97557C6	8D48BB71F19C9097122E97BB1190D2BCB136B29F856DB7F794FCD0D69CB70F75
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\8e446481-1d29-4d86-aa4c-e060d4206052.tmp	ASCII text, with very long lines, with no line terminators	F7FD22772C1A12EA055B169EF587C5C5	35B03CC401372B23449C04A16B87D7B90A567ED2	E7F022C50EFCA3D95E8A59B6E196CBD87F71DCB6E65463CB26713FA75AB422E7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	FA7200D6F80CD1757911C45559E59C0E	89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88	D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\26ae99c0-286c-4659-9e39-ad53e5547473.tmp	ASCII text, with very long lines, with no line terminators	C021202ED978995370C3C94FEAB9BA79	8038B7D55499296515229109D3EFEE29739D655D	5C81B7C13FD4CE90764BA09377F38A71B8906610FE289BE3211880F022108C67
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\2844603e-1a2e-48b5-b0bd-ac93faddd724.tmp	ASCII text, with very long lines, with no line terminators	CAB8BEABE7E66A4015C98A3C77B3698B	C960AAAEA7014E105290C7D0F09BFCA837C8E8CC	75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	2E2110A99AD3AE9721A458C95C64C868	72AE17599EDC0B2DC61C41D946E3E296864F2CBA	BB46BA705D5F6F43F66B07EA5DA4CC7CC0BF8FE635CCC4EBBA30A5D4A54158DE
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	zlib compressed data	05534453BDC0DEBC4429C0C458C8994D	E995247D48BEF49843FBEF3B72EB756E26012C2A	107F51E92C37C4456D4666E557F66F86B9A5D61463390E64196DC9349B4707D4
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	CAB8BEABE7E66A4015C98A3C77B3698B	C960AAAEA7014E105290C7D0F09BFCA837C8E8CC	75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	170A1273A9DE4A0D473ED4CFB36F5CC7	F10E840E402D9CBB37478F834A5763556B50EC5E	B41390DDCD1283C036E4EC89A1E7E05D7313D437041F4A32364EDD4AE956E464
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	5919C2DE92FA7DA77E47311818DFD583	35C5BF739E6D4DB92D11828248A6AF398DF5444D	F0FEEDAE8E6F2F9AA3F844AD5F9EEB5052DF7ABE749423381A94C9943F85AED9
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\ca2e76b2-f365-47c4-ab59-ec5a361ff8c6.tmp	ASCII text, with very long lines, with no line terminators	170A1273A9DE4A0D473ED4CFB36F5CC7	F10E840E402D9CBB37478F834A5763556B50EC5E	B41390DDCD1283C036E4EC89A1E7E05D7313D437041F4A32364EDD4AE956E464
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\d06c6795-bff5-4def-a070-df6cccdf5158.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	5919C2DE92FA7DA77E47311818DFD583	35C5BF739E6D4DB92D11828248A6AF398DF5444D	F0FEEDAE8E6F2F9AA3F844AD5F9EEB5052DF7ABE749423381A94C9943F85AED9
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\d15fca5d-08b6-4733-958e-936bb0e66765.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	41F083E2D567A54B2C75511FFBC522CE	7920BA95D45A6765577697D722BDD792C0FE71FA	97A7F5518E6C7D1F0465B92780947173029A440CA000F7FF5D4197DD05F7FEB9
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\d4c91a90-595d-4694-9ca3-e3917ed623f9.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\daa6b740-7dbd-4c49-b1ae-91bf6291846a.tmp	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	3A0E5D4F452CF99191634D0FFAB744A0	F115BBB898EEFF640D8D19AD44A86C3FCDFFC0AD	B9D528D3AE283039F4700C7E4E790744C58A26353A91B536DD91CBA4F648A35F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines	DBEDF86FA9AFB3A23DBB126674F166D2	5628AFFBCF6F897B9D7FD9C17DEB9AA75036F1CC	C0945DD5FDECAB40C45361BEC068D1996E6AE01196DCE524266D740808F753FE
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)	data	63E8F27DCC6773B05C2D2FEB1EBCBB85	4E4E7A1A7BE5B53047ACBB7DD1F47958F97557C6	8D48BB71F19C9097122E97BB1190D2BCB136B29F856DB7F794FCD0D69CB70F75
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\ef939728-6214-4ae2-b16a-6af67c15b51d.tmp	ASCII text, with very long lines, with no line terminators	2F63541DC254AE51C492ABAC6B435262	887AB595C218143CA55EB689C2172B8617A608BC	19E2BE19E41F7160334D276D707E0EEC60BC70569EC88B589B13EA76CC44792C
C:\Users\alfredo\AppData\Local\Temp\4a26d9d8-492c-499b-a158-bb369318870c.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\bg\messages.json	ASCII text, with very long lines	D7A97183BCBD5FB677AA84D464F0C564	CDBB279B864E2C0A51E0892B8714131802586506	76EFAD74EB8256B942727C42261147EB9CCA48DA284DB3CDCE5DC6A3B4346F02
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\ca\messages.json	ASCII text, with very long lines	58BA5F65ED971591D1F9D81848EE31D0	BDA3C8B74653334FC8F060CAFBCEA58DF0113AB7	CDD91587F5AF2C865776B36A5E9A07B10D21B9D911DE0B814B7A1E94B14AE885
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\cs\messages.json	ASCII text, with very long lines	43161EFFA28A0DBFC67B8F7DBE1B5184	FE0A9235A59B51B7F564F14FF564344927F035B8	3A04421DF5218E8ABD3B0E2AFE11E8338D7BDCBCD1ADB122416944B102BC9696
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\da\messages.json	ASCII text, with very long lines	31264DDBF251A95DE82D0A67FA47DB3A	3A48DC7AF26A153594C7849E1D92AAC31296459B	EDB51898A6C73D0090D6916B7B72EBAC71E964EABB5BA7CD68E21966024F0D23
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\de\messages.json	ASCII text, with very long lines	7639B300B40DDAF95318D2177D3265F9	BF9EFDF073231CB3FCFCA5CCCA25B079ECFC45BD	356A9D4ADFEC484DA824E7A72059B724B1686FC90082F4A4B667630436D593B0
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\el\messages.json	ASCII text, with very long lines	3026E922B17DBEE2674FDAEE960DF584	76602B1E3449F1B67DE42FD31A581B0821BFEFF0	876845B5A061FAB3CF2A1466E01015DC40DF8449F1CB4205F575CEBED8717BAD
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\en\messages.json	ASCII text, with very long lines	DBEDF86FA9AFB3A23DBB126674F166D2	5628AFFBCF6F897B9D7FD9C17DEB9AA75036F1CC	C0945DD5FDECAB40C45361BEC068D1996E6AE01196DCE524266D740808F753FE
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\es\messages.json	ASCII text, with very long lines	3F4B0F56C2839839FC3E3270ED4CB7B6	0D74EA655EAE3990E95BD26F6E1467EDF3EB3478	1912EA5E0A62BBC669DC14AB5A5BD5514B0502C483EE1F27C3F8834384187079
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\es_419\messages.json	ASCII text, with very long lines	1FD5DAF46C4D7C4F571C263EC37B943B	A57EE5EF6861F88005C2230EA3D633A1B4CA105A	BCC2CF06F66E9E3BB4B7887D0EE0AE4A72A6C49F4B2A578A7733B78208984417
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\et\messages.json	ASCII text, with very long lines	0293A7BAE6EEE62C4067A80E262D6A2D	E76B07BD49FFBBFB6841B7335CBE7A9620714402	D06F20D4D68D1DBB89EF7D8E405D9499CB2EB2560217CD5B4A51AB1DD50CAB44
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\fi\messages.json	ASCII text, with very long lines	E5BBE7DBBE75F45BDCD49DB8C797106E	0F069D7D19768180945F0D8B67DC71262FD586A2	BFFB2248B4C66306133FA6ECBB1541F44B3BE22CC8D9A338D690E0B1D0C85532
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with very long lines	658DAD2AF2DC3AC1567D84E8B95F68B0	EE1121215960EC5ED5F7B6BDB8E4680731EBF83D	978BA6D814CF290016833BBAC22DC7C05C2C575B1D6429B9BB14F8C2156BCF29
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\fr\messages.json	ASCII text, with very long lines	1E32A78526E3AC8108E73D384F17450B	BFE2E47D888BA530A27DD1BDE25C46433C2A545C	80F6EE69F1E022812BCCC1DE1CDC53772CDF90F4E93224161B23FA607D45136A
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\hi\messages.json	ASCII text, with very long lines	B739E3B798D3EEB8AFB3E368455A8E97	56E206DD0AC7EB7B179911BE3F7DD78059CBD4F3	BA7A53A1398168719F2ACD58CC5FE06AB0B769ECA896D70E7208B18085B42FFA
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\hr\messages.json	ASCII text, with very long lines	9CF848209FF50DBF68F5292B3421831C	D29880B7B15102469123D8747BF645706CE8595B	EA1744C3CFBAA684A31A00067E8493ED114EFF3E878C797C9C55A7B122D855CD
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\hu\messages.json	ASCII text, with very long lines	4AD92AFDE3408FBBE43B0C3C71677650	3488901077F336A3196F9AE116E36DF1674E1ACA	61258FE04C23AE14FDC99EE846CEA71CC703990CC0F80C3934299646E86C475E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\id\messages.json	ASCII text, with very long lines	9008516AA1D8F8C2B8ECE70B7E4963AD	EA7AD4BE77A80A4B9FB1E59A340010830E494747	89CAB0AF2B53C6ABEB93C8C628DDCBDD286A7A2672FE03440411BB654E3A0675
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\it\messages.json	ASCII text, with very long lines	BB9C32BA62DDA02F9471C64B5F9CF916	9825037D5D9185C58456CDD887C77B10A41D8C84	43A0B113D3773BA78F82BB9E42DDC46F6892D0FBBB351F94A7C105E4A146E9C1
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\ja\messages.json	ASCII text, with very long lines	96C8CBD161D3CE9CB1A46CB2CD0C6583	78BBFCF035B5B620E353C8E520653ADD3F4E7DB8	81D8F1D9F72B3139BC5D9845BCF82990308FB6175D07514D8238B1E6D5D02E8A
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\ko\messages.json	ASCII text, with very long lines	3CAF23A8EA2332D78B725B6C99EC3202	95C3504F55A929449EF2E3AB92014562AACD39AD	BFE72BBC492B9018A599CB6575366696E431E6A38400E4B2ED06EAE3340D3AE5
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\lt\messages.json	ASCII text, with very long lines	41F2D63952202E528DBBB683B480F99C	9DD998542DBE6609299D4A5A25364A32FA7D7865	FF7C083CD1E6134DD8263C634336EB852274BAD1BFAD18762814C42BC65309D8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\manifest.json	ASCII text	6CA25F3EF585B63F01BCDF8635120704	00C063811E31EA5F9A00F175A71EA25E7821F621	49D9DE983F7436BA786E6E04A5A20C10F41687AE06B266B1B6553F696719563D
C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209

Windows Analysis Report
https://momshi.gq/secure/MailUpdateFresh

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://momshi.gq/secure/MailUpdateFresh

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://momshi.gq/secure/MailUpdateFresh