Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PDF.shtml

Overview

General Information

Sample Name:PDF.shtml
Analysis ID:756145
MD5:bc087e3bee347cf72d1d098ac0217ad3
SHA1:25ca68af27719867d3ae9ec4af84a7fa481a8800
SHA256:6480bae314fd0166ea5d47f7101269ad891ff2768ab36506c1b899372a74442d
Infos:

Detection

HTMLPhisher
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish45
Phishing site detected (based on image similarity)
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware

Classification

  • System is w10x64
  • chrome.exe (PID: 1380 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 2772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1800,i,6132995491582703289,7961678720532763080,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 6412 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\PDF.shtml MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
PDF.shtmlJoeSecurity_HtmlPhish_45Yara detected HtmlPhish_45Joe Security
    No Sigma rule has matched
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Source: Yara matchFile source: PDF.shtml, type: SAMPLE
    Source: file:///C:/Users/user/Desktop/PDF.shtmlMatcher: Found strong image similarity, brand: Microsoft image: 53672.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: embeddedMatcher: Found strong image similarity, brand: Microsoft image: 03117.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: unknownHTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.5:49730 version: TLS 1.2
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Joe Sandbox ViewIP Address: 13.107.219.60 13.107.219.60
    Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
    Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
    Source: unknownDNS traffic detected: queries for: clients2.google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-admin/host9/admin/js/mj.php?ar=ZGVmYXVsdA== HTTP/1.1Host: cryptosaursnft.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: logincdn.msauth.net
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: unknownHTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.5:49730 version: TLS 1.2
    Source: classification engineClassification label: mal52.phis.winSHTML@33/0@15/11
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1800,i,6132995491582703289,7961678720532763080,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\PDF.shtml
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1800,i,6132995491582703289,7961678720532763080,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath Interception1
    Process Injection
    2
    Masquerading
    OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel
    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Process Injection
    LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
    Non-Application Layer Protocol
    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
    Application Layer Protocol
    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
    Ingress Tool Transfer
    SIM Card SwapCarrier Billing Fraud
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    PDF.shtml0%VirustotalBrowse
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    cryptosaursnft.com0%VirustotalBrowse
    cs1227.wpc.alphacdn.net0%VirustotalBrowse
    part-0032.t-0009.fbs1-t-msedge.net0%VirustotalBrowse
    part-0032.t-0009.t-msedge.net0%VirustotalBrowse
    SourceDetectionScannerLabelLink
    https://cryptosaursnft.com/wp-admin/host9/admin/js/mj.php?ar=ZGVmYXVsdA==0%Avira URL Cloudsafe
    https://cryptosaursnft.com/wp-admin/host9/f12eac5.php0%Avira URL Cloudsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    cryptosaursnft.com
    146.59.209.152
    truefalseunknown
    accounts.google.com
    172.217.168.45
    truefalse
      high
      cdnjs.cloudflare.com
      104.17.25.14
      truefalse
        high
        maxcdn.bootstrapcdn.com
        104.18.10.207
        truefalse
          high
          part-0032.t-0009.t-msedge.net
          13.107.246.60
          truefalseunknown
          www.google.com
          172.217.168.36
          truefalse
            high
            cs1227.wpc.alphacdn.net
            192.229.221.185
            truefalseunknown
            clients.l.google.com
            142.250.203.110
            truefalse
              high
              part-0032.t-0009.fbs1-t-msedge.net
              13.107.219.60
              truefalseunknown
              c.s-microsoft.com
              unknown
              unknownfalse
                high
                clients2.google.com
                unknown
                unknownfalse
                  high
                  code.jquery.com
                  unknown
                  unknownfalse
                    high
                    cdn.jsdelivr.net
                    unknown
                    unknownfalse
                      high
                      assets.onestore.ms
                      unknown
                      unknownfalse
                        unknown
                        i.s-microsoft.com
                        unknown
                        unknownfalse
                          high
                          ajax.aspnetcdn.com
                          unknown
                          unknownfalse
                            high
                            NameMaliciousAntivirus DetectionReputation
                            file:///C:/Users/user/Desktop/PDF.shtmltrue
                              low
                              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                                high
                                https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.cssfalse
                                  high
                                  https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.cssfalse
                                    high
                                    https://cryptosaursnft.com/wp-admin/host9/f12eac5.phpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://cryptosaursnft.com/wp-admin/host9/admin/js/mj.php?ar=ZGVmYXVsdA==false
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0false
                                      high
                                      https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                        high
                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs
                                        IPDomainCountryFlagASNASN NameMalicious
                                        13.107.219.60
                                        part-0032.t-0009.fbs1-t-msedge.netUnited States
                                        8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        104.18.10.207
                                        maxcdn.bootstrapcdn.comUnited States
                                        13335CLOUDFLARENETUSfalse
                                        142.250.203.110
                                        clients.l.google.comUnited States
                                        15169GOOGLEUSfalse
                                        146.59.209.152
                                        cryptosaursnft.comNorway
                                        16276OVHFRfalse
                                        172.217.168.45
                                        accounts.google.comUnited States
                                        15169GOOGLEUSfalse
                                        172.217.168.36
                                        www.google.comUnited States
                                        15169GOOGLEUSfalse
                                        239.255.255.250
                                        unknownReserved
                                        unknownunknownfalse
                                        192.229.221.185
                                        cs1227.wpc.alphacdn.netUnited States
                                        15133EDGECASTUSfalse
                                        104.17.25.14
                                        cdnjs.cloudflare.comUnited States
                                        13335CLOUDFLARENETUSfalse
                                        IP
                                        192.168.2.1
                                        127.0.0.1
                                        Joe Sandbox Version:36.0.0 Rainbow Opal
                                        Analysis ID:756145
                                        Start date and time:2022-11-29 17:40:53 +01:00
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 7m 8s
                                        Hypervisor based Inspection enabled:false
                                        Report type:light
                                        Sample file name:PDF.shtml
                                        Cookbook file name:defaultwindowshtmlcookbook.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:7
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal52.phis.winSHTML@33/0@15/11
                                        EGA Information:Failed
                                        HDC Information:Failed
                                        HCA Information:
                                        • Successful, ratio: 100%
                                        • Number of executed functions: 0
                                        • Number of non-executed functions: 0
                                        Cookbook Comments:
                                        • Found application associated with file extension: .shtml
                                        • Browse: https://privacy.microsoft.com/fr/privacystatement
                                        • Browse: https://privacy.microsoft.com/
                                        • Browse: https://account.microsoft.com/privacy
                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe, WmiPrvSE.exe
                                        • TCP Packets have been reduced to 100
                                        • Excluded IPs from analysis (whitelisted): 172.217.168.67, 34.104.35.123, 104.16.89.20, 104.16.88.20, 104.16.85.20, 104.16.87.20, 104.16.86.20, 69.16.175.10, 69.16.175.42, 23.211.5.92, 152.199.19.160, 80.67.82.225, 80.67.82.226, 23.213.165.249, 23.50.109.91, 80.67.82.235, 80.67.82.211, 80.67.82.242, 23.50.97.161, 172.217.168.35
                                        • Excluded domains from analysis (whitelisted): logincdn.msauth.net, account.microsoft.com, cdn.jsdelivr.net.cdn.cloudflare.net, cds.s5x3j6q5.hwcdn.net, mwf-service.akamaized.net, assets.onestore.ms.edgekey.net, e9412.b.akamaiedge.net, e13678.dscb.akamaiedge.net, clientservices.googleapis.com, i.s-microsoft.com.edgekey.net, a1449.dscg2.akamai.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, a1945.g2.akamai.net, www.microsoft.com-c-3.edgekey.net, mscomajax.vo.msecnd.net, update.googleapis.com, statics-marketingsites-eus-ms-com.akamaized.net, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, global-entry-afdthirdparty-fallback.trafficmanager.net, e10583.dspg.akamaiedge.net, client.wns.windows.com, aadcdnoriginwus2.azureedge.net, cs22.wpc.v0cdn.net, account.microsoft.com.edgekey.net, lgincdnvzeuno.ec.azureedge.net, ctldl.windowsupdate.com, aadcdn.msauth.net, assets.onestore.ms.akadns.net, firstparty-azurefd-prod.trafficmanager.net, lgincdnvzeuno.azureedge.net, c-s.cms.ms.akadns.net, edged
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                        No simulations
                                        No context
                                        No context
                                        No context
                                        No context
                                        No context
                                        No created / dropped files found
                                        File type:HTML document, ASCII text, with very long lines (10057)
                                        Entropy (8bit):3.5343220138175173
                                        TrID:
                                        • HyperText Markup Language (6006/1) 100.00%
                                        File name:PDF.shtml
                                        File size:10839
                                        MD5:bc087e3bee347cf72d1d098ac0217ad3
                                        SHA1:25ca68af27719867d3ae9ec4af84a7fa481a8800
                                        SHA256:6480bae314fd0166ea5d47f7101269ad891ff2768ab36506c1b899372a74442d
                                        SHA512:73f964af24ac8f521808f2583140b1317d5edf1b765549161a56f8802241c2fd7c31d955fd483e275a34784f051f602a168dea7029ff9858f982c41ab2595737
                                        SSDEEP:192:JgP2EXwr87lNYAWUDq2Br+HOeKpGfjk6Pke8kQxPFeGkw3yOS:JgJwr8JNqUDq2BaHOZp8k6Pke8kQxPFO
                                        TLSH:B7225DB87E26FDAF14938485780649BA18EBC244E10D648C75CC1E9CE2ECEF65F9D2C5
                                        File Content Preview:<html> <script> let arrayBuffer = [0xa0,0x8e,0xd0,0x60,0xc4,0xae,0xee,0x56,0x86,0xd4,0xf0,0xde,0xb4,0xae,0x8c,0xd6,0xa0,0xce,0xde,0x70,0x98,0x64,0xd0,0xd8,0xb2,0xae,0xa2,0x56,0x86,0xd4,0xf0,0xd2,0xc4,0x64,0xa4,0x6a,0xa0,0xce,0xde,0x70,0xb4,0x8e,0xd8,0x64,
                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 29, 2022 17:41:49.118489027 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:49.118551970 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:49.118652105 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:49.119158983 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:49.119190931 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:49.119961977 CET49708443192.168.2.5172.217.168.45
                                        Nov 29, 2022 17:41:49.120035887 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:49.120116949 CET49708443192.168.2.5172.217.168.45
                                        Nov 29, 2022 17:41:49.120397091 CET49708443192.168.2.5172.217.168.45
                                        Nov 29, 2022 17:41:49.120446920 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:49.198702097 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:49.200377941 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:49.206417084 CET49708443192.168.2.5172.217.168.45
                                        Nov 29, 2022 17:41:49.206443071 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:49.206734896 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:49.206809044 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:49.207519054 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:49.207638979 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:49.208462000 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:49.208548069 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:49.208878040 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:49.208961964 CET49708443192.168.2.5172.217.168.45
                                        Nov 29, 2022 17:41:50.556967974 CET49708443192.168.2.5172.217.168.45
                                        Nov 29, 2022 17:41:50.557044983 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:50.557391882 CET49708443192.168.2.5172.217.168.45
                                        Nov 29, 2022 17:41:50.557404041 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:50.557441950 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:50.557666063 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:50.557712078 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:50.557841063 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:50.557859898 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:50.558042049 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:50.594125986 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:50.594291925 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:50.594341040 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:50.594374895 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:50.594475985 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:50.596978903 CET49707443192.168.2.5142.250.203.110
                                        Nov 29, 2022 17:41:50.597012997 CET44349707142.250.203.110192.168.2.5
                                        Nov 29, 2022 17:41:50.615520954 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:50.615751028 CET49708443192.168.2.5172.217.168.45
                                        Nov 29, 2022 17:41:50.615792036 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:50.615854025 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:50.616102934 CET49708443192.168.2.5172.217.168.45
                                        Nov 29, 2022 17:41:50.624654055 CET49708443192.168.2.5172.217.168.45
                                        Nov 29, 2022 17:41:50.624706030 CET44349708172.217.168.45192.168.2.5
                                        Nov 29, 2022 17:41:51.635432005 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:51.635497093 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:51.635587931 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:51.635871887 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:51.635888100 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:51.714183092 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:51.714591026 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:51.714648008 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:51.715908051 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:51.716022968 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:51.728634119 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:51.728666067 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:51.728935003 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:51.729218006 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:51.729250908 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:51.832236052 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.749449015 CET49712443192.168.2.5172.217.168.36
                                        Nov 29, 2022 17:41:52.749520063 CET44349712172.217.168.36192.168.2.5
                                        Nov 29, 2022 17:41:52.749634027 CET49712443192.168.2.5172.217.168.36
                                        Nov 29, 2022 17:41:52.749897957 CET49712443192.168.2.5172.217.168.36
                                        Nov 29, 2022 17:41:52.749994040 CET44349712172.217.168.36192.168.2.5
                                        Nov 29, 2022 17:41:52.780231953 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.780273914 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.780405045 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.780426979 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.780519009 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.780529976 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.780610085 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.780621052 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.808851957 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.808877945 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.808969021 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.809010983 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.809034109 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.809040070 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.809057951 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.809103012 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.809123993 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.809153080 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.809159040 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.809175014 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.809189081 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.809241056 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.809256077 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.809274912 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.809319019 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.809357882 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.809417963 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.809433937 CET44349710146.59.209.152192.168.2.5
                                        Nov 29, 2022 17:41:52.809493065 CET49710443192.168.2.5146.59.209.152
                                        Nov 29, 2022 17:41:52.818711042 CET44349712172.217.168.36192.168.2.5
                                        Nov 29, 2022 17:41:52.819118023 CET49712443192.168.2.5172.217.168.36
                                        Nov 29, 2022 17:41:52.819201946 CET44349712172.217.168.36192.168.2.5
                                        Nov 29, 2022 17:41:52.820386887 CET44349712172.217.168.36192.168.2.5
                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 29, 2022 17:41:49.048463106 CET6145253192.168.2.58.8.8.8
                                        Nov 29, 2022 17:41:49.049160004 CET6532353192.168.2.58.8.8.8
                                        Nov 29, 2022 17:41:49.068820953 CET53653238.8.8.8192.168.2.5
                                        Nov 29, 2022 17:41:49.076531887 CET53614528.8.8.8192.168.2.5
                                        Nov 29, 2022 17:41:51.522068024 CET6344653192.168.2.58.8.8.8
                                        Nov 29, 2022 17:41:51.569483042 CET53634468.8.8.8192.168.2.5
                                        Nov 29, 2022 17:41:52.730123997 CET5922053192.168.2.58.8.8.8
                                        Nov 29, 2022 17:41:52.747780085 CET53592208.8.8.8192.168.2.5
                                        Nov 29, 2022 17:41:53.021186113 CET5506853192.168.2.58.8.8.8
                                        Nov 29, 2022 17:41:53.027522087 CET5668253192.168.2.58.8.8.8
                                        Nov 29, 2022 17:41:53.030486107 CET5853253192.168.2.58.8.8.8
                                        Nov 29, 2022 17:41:53.042660952 CET53550688.8.8.8192.168.2.5
                                        Nov 29, 2022 17:41:54.559408903 CET5626353192.168.2.58.8.8.8
                                        Nov 29, 2022 17:41:54.579490900 CET53562638.8.8.8192.168.2.5
                                        Nov 29, 2022 17:42:10.504389048 CET5382353192.168.2.58.8.8.8
                                        Nov 29, 2022 17:42:10.535566092 CET4957953192.168.2.58.8.8.8
                                        Nov 29, 2022 17:42:10.537444115 CET6129353192.168.2.58.8.8.8
                                        Nov 29, 2022 17:42:22.339097977 CET5748253192.168.2.58.8.8.8
                                        Nov 29, 2022 17:42:34.760057926 CET5289253192.168.2.58.8.8.8
                                        Nov 29, 2022 17:42:52.786981106 CET6393853192.168.2.58.8.8.8
                                        Nov 29, 2022 17:42:52.828217030 CET53639388.8.8.8192.168.2.5
                                        Nov 29, 2022 17:43:52.858491898 CET5494053192.168.2.58.8.8.8
                                        Nov 29, 2022 17:43:52.875502110 CET53549408.8.8.8192.168.2.5
                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Nov 29, 2022 17:41:49.048463106 CET192.168.2.58.8.8.80xde24Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:49.049160004 CET192.168.2.58.8.8.80x3911Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:51.522068024 CET192.168.2.58.8.8.80x53f0Standard query (0)cryptosaursnft.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:52.730123997 CET192.168.2.58.8.8.80x9e15Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:53.021186113 CET192.168.2.58.8.8.80x11c1Standard query (0)maxcdn.bootstrapcdn.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:53.027522087 CET192.168.2.58.8.8.80x9a09Standard query (0)cdn.jsdelivr.netA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:53.030486107 CET192.168.2.58.8.8.80xc43dStandard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:54.559408903 CET192.168.2.58.8.8.80x5d07Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:42:10.504389048 CET192.168.2.58.8.8.80xdd5dStandard query (0)ajax.aspnetcdn.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:42:10.535566092 CET192.168.2.58.8.8.80x63b0Standard query (0)c.s-microsoft.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:42:10.537444115 CET192.168.2.58.8.8.80x944aStandard query (0)assets.onestore.msA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:42:22.339097977 CET192.168.2.58.8.8.80x99b6Standard query (0)i.s-microsoft.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:42:34.760057926 CET192.168.2.58.8.8.80xca74Standard query (0)c.s-microsoft.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:42:52.786981106 CET192.168.2.58.8.8.80x1fd4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:43:52.858491898 CET192.168.2.58.8.8.80xedb7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Nov 29, 2022 17:41:49.068820953 CET8.8.8.8192.168.2.50x3911No error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:49.076531887 CET8.8.8.8192.168.2.50xde24No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:41:49.076531887 CET8.8.8.8192.168.2.50xde24No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:51.569483042 CET8.8.8.8192.168.2.50x53f0No error (0)cryptosaursnft.com146.59.209.152A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:52.747780085 CET8.8.8.8192.168.2.50x9e15No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:53.042660952 CET8.8.8.8192.168.2.50x11c1No error (0)maxcdn.bootstrapcdn.com104.18.10.207A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:53.042660952 CET8.8.8.8192.168.2.50x11c1No error (0)maxcdn.bootstrapcdn.com104.18.11.207A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:53.051866055 CET8.8.8.8192.168.2.50x9a09No error (0)cdn.jsdelivr.netcdn.jsdelivr.net.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:41:53.052119970 CET8.8.8.8192.168.2.50xc43dNo error (0)code.jquery.comcds.s5x3j6q5.hwcdn.netCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:41:53.054792881 CET8.8.8.8192.168.2.50x19c8No error (0)cs1227.wpc.alphacdn.net192.229.221.185A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:54.579490900 CET8.8.8.8192.168.2.50x5d07No error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:54.579490900 CET8.8.8.8192.168.2.50x5d07No error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:54.625884056 CET8.8.8.8192.168.2.50x3e0dNo error (0)dual.part-0032.t-0009.t-msedge.netglobal-entry-afdthirdparty-fallback.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:41:54.625884056 CET8.8.8.8192.168.2.50x3e0dNo error (0)dual.part-0032.t-0009.fbs1-t-msedge.netpart-0032.t-0009.fbs1-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:41:54.625884056 CET8.8.8.8192.168.2.50x3e0dNo error (0)part-0032.t-0009.fbs1-t-msedge.net13.107.219.60A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:54.625884056 CET8.8.8.8192.168.2.50x3e0dNo error (0)part-0032.t-0009.fbs1-t-msedge.net13.107.227.60A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:41:55.894411087 CET8.8.8.8192.168.2.50xe76bNo error (0)cs1227.wpc.alphacdn.net192.229.221.185A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:42:05.615586996 CET8.8.8.8192.168.2.50x63e9No error (0)dual.part-0032.t-0009.t-msedge.netpart-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:42:05.615586996 CET8.8.8.8192.168.2.50x63e9No error (0)part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:42:05.615586996 CET8.8.8.8192.168.2.50x63e9No error (0)part-0032.t-0009.t-msedge.net13.107.213.60A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:42:10.524068117 CET8.8.8.8192.168.2.50xdd5dNo error (0)ajax.aspnetcdn.commscomajax.vo.msecnd.netCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:42:10.559360981 CET8.8.8.8192.168.2.50x63b0No error (0)c.s-microsoft.comc-s.cms.ms.akadns.netCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:42:10.569428921 CET8.8.8.8192.168.2.50x944aNo error (0)assets.onestore.msassets.onestore.ms.akadns.netCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:42:22.360572100 CET8.8.8.8192.168.2.50x99b6No error (0)i.s-microsoft.comi.s-microsoft.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:42:34.807306051 CET8.8.8.8192.168.2.50xca74No error (0)c.s-microsoft.comc-s.cms.ms.akadns.netCNAME (Canonical name)IN (0x0001)false
                                        Nov 29, 2022 17:42:52.828217030 CET8.8.8.8192.168.2.50x1fd4No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)false
                                        Nov 29, 2022 17:43:52.875502110 CET8.8.8.8192.168.2.50xedb7No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)false
                                        • accounts.google.com
                                        • clients2.google.com
                                        • cryptosaursnft.com
                                        • maxcdn.bootstrapcdn.com
                                        • logincdn.msauth.net
                                        • https:
                                        • cdnjs.cloudflare.com
                                        • aadcdn.msauth.net

                                        Click to jump to process

                                        Target ID:0
                                        Start time:17:41:46
                                        Start date:29/11/2022
                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                                        Imagebase:0x7ff7d31b0000
                                        File size:2851656 bytes
                                        MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Target ID:1
                                        Start time:17:41:47
                                        Start date:29/11/2022
                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1800,i,6132995491582703289,7961678720532763080,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                                        Imagebase:0x7ff7d31b0000
                                        File size:2851656 bytes
                                        MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Target ID:2
                                        Start time:17:41:48
                                        Start date:29/11/2022
                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\PDF.shtml
                                        Imagebase:0x7ff7d31b0000
                                        File size:2851656 bytes
                                        MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        No disassembly