Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s

Overview

General Information

Sample URL:https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s
Analysis ID:756170
Infos:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Misleading page title found
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Queries the volume information (name, serial number etc) of a device
Yara signature match
Found iframes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
No HTML title found
Detected potential crypto function
HTML body contains low number of good links

Classification

  • System is w10x64
  • cmd.exe (PID: 6032 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s" > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 6012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 5988 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • chrome.exe (PID: 5132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\index.html@url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 2288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1616,i,5292400896411780733,13825633785752334259,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
29025.1.pages.csvSUSP_obfuscated_JS_obfuscatorioDetects JS obfuscation done by the js obfuscator (often malicious)@imp0rtp3
  • 0x497d8:$c8: while(!![])
  • 0xb1f4c:$c8: while(!![])
  • 0x497f9:$d1: parseInt(_0xc8185d(0x1ee))/0x1+parseInt(_0xc8185d(0x1f9))/0x2*(-parseInt(_0xc8185d(0x207))/0x3)+parseInt(_0xc8185d(0x206))/0x4+-parseInt(_0xc8185d(0x1ef))/0x5*(parseInt(_0xc8185d(0x1fe))/0x6)+-
  • 0x49818:$d1: parseInt(_0xc8185d(0x1f9))/0x2*(-parseInt(_0xc8185d(0x207))/0x3)+parseInt(_0xc8185d(0x206))/0x4+-parseInt(_0xc8185d(0x1ef))/0x5*(parseInt(_0xc8185d(0x1fe))/0x6)+-parseInt(_0xc8185d(0x1fa))/0x7*(
  • 0x49839:$d1: parseInt(_0xc8185d(0x207))/0x3)+parseInt(_0xc8185d(0x206))/0x4+-parseInt(_0xc8185d(0x1ef))/0x5*(parseInt(_0xc8185d(0x1fe))/0x6)+-parseInt(_0xc8185d(0x1fa))/0x7*(parseInt(_0xc8185d(0x200))/0x8)+-
  • 0x49859:$d1: parseInt(_0xc8185d(0x206))/0x4+-parseInt(_0xc8185d(0x1ef))/0x5*(parseInt(_0xc8185d(0x1fe))/0x6)+-parseInt(_0xc8185d(0x1fa))/0x7*(parseInt(_0xc8185d(0x200))/0x8)+-parseInt(_0xc8185d(0x201))/0x9*(-
  • 0x49879:$d1: parseInt(_0xc8185d(0x1ef))/0x5*(parseInt(_0xc8185d(0x1fe))/0x6)+-parseInt(_0xc8185d(0x1fa))/0x7*(parseInt(_0xc8185d(0x200))/0x8)+-parseInt(_0xc8185d(0x201))/0x9*(-parseInt(_0xc8185d(0x1fb))/0xa)+
  • 0xb1f6a:$d1: parseInt(_0x5d57ec(0x1d9))/0x1+parseInt(_0x5d57ec(0x1c7))/0x2*(-parseInt(_0x5d57ec(0x1f1))/0x3)+-parseInt(_0x5d57ec(0x1dd))/0x4*(parseInt(_0x5d57ec(0x1cb))/0x5)+parseInt(_0x5d57ec(0x1ca))/0x6*(-
  • 0xb1f89:$d1: parseInt(_0x5d57ec(0x1c7))/0x2*(-parseInt(_0x5d57ec(0x1f1))/0x3)+-parseInt(_0x5d57ec(0x1dd))/0x4*(parseInt(_0x5d57ec(0x1cb))/0x5)+parseInt(_0x5d57ec(0x1ca))/0x6*(-parseInt(_0x5d57ec(0x1da))/0x7)+
  • 0xb1faa:$d1: parseInt(_0x5d57ec(0x1f1))/0x3)+-parseInt(_0x5d57ec(0x1dd))/0x4*(parseInt(_0x5d57ec(0x1cb))/0x5)+parseInt(_0x5d57ec(0x1ca))/0x6*(-parseInt(_0x5d57ec(0x1da))/0x7)+parseInt(_0x5d57ec(0x1fd))/0x8*(-
  • 0xb1fcb:$d1: parseInt(_0x5d57ec(0x1dd))/0x4*(parseInt(_0x5d57ec(0x1cb))/0x5)+parseInt(_0x5d57ec(0x1ca))/0x6*(-parseInt(_0x5d57ec(0x1da))/0x7)+parseInt(_0x5d57ec(0x1fd))/0x8*(-parseInt(_0x5d57ec(0x1d1))/0x9)+-
  • 0xb1feb:$d1: parseInt(_0x5d57ec(0x1cb))/0x5)+parseInt(_0x5d57ec(0x1ca))/0x6*(-parseInt(_0x5d57ec(0x1da))/0x7)+parseInt(_0x5d57ec(0x1fd))/0x8*(-parseInt(_0x5d57ec(0x1d1))/0x9)+-parseInt(_0x5d57ec(0x1e1))/0xa+-
  • 0xb200b:$d1: parseInt(_0x5d57ec(0x1ca))/0x6*(-parseInt(_0x5d57ec(0x1da))/0x7)+parseInt(_0x5d57ec(0x1fd))/0x8*(-parseInt(_0x5d57ec(0x1d1))/0x9)+-parseInt(_0x5d57ec(0x1e1))/0xa+-parseInt(_0x5d57ec(0x1c6))/0xb*(-
29025.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    No Sigma rule has matched
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1sSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

    Phishing

    barindex
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#Page Title: Microsoft | Login
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#Page Title: Microsoft | Login
    Source: Yara matchFile source: 29025.1.pages.csv, type: HTML
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#HTTP Parser: Iframe src: https://honapalestine.com
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#HTTP Parser: Iframe src: https://honapalestine.com
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#HTTP Parser: HTML title missing
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#HTTP Parser: HTML title missing
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#HTTP Parser: Number of links: 0
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#HTTP Parser: Number of links: 0
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#HTTP Parser: No <meta name="author".. found
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#HTTP Parser: No <meta name="author".. found
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#HTTP Parser: No <meta name="copyright".. found
    Source: https://holly-lavender-rattlesnake.glitch.me/vild.html#HTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: unknownHTTPS traffic detected: 192.185.138.191:443 -> 192.168.2.3:49703 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 139.162.167.121:443 -> 192.168.2.3:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 139.162.167.121:443 -> 192.168.2.3:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.219.60:443 -> 192.168.2.3:49746 version: TLS 1.2
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 18:04:56 GMTContent-Length: 3672Connection: closeCache-Control: max-age=0
    Source: wget.exe, 00000002.00000002.238077693.0000000002BED000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.237700765.0000000002BE6000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.237761279.0000000002BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
    Source: wget.exe, 00000002.00000002.238077693.0000000002BED000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.237700765.0000000002BE6000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.237761279.0000000002BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: wget.exe, 00000002.00000003.237761279.0000000002BE9000.00000004.00000800.00020000.00000000.sdmp, cmdline.out.0.drString found in binary or memory: https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvd
    Source: index.html@url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s.2.drString found in binary or memory: https://holly-lavender-rattlesnake.glitch.me/vild.html#
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
    Source: unknownDNS traffic detected: queries for: b6dj2ueylkg.juraganrc.com
    Source: global trafficHTTP traffic detected: GET /?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: b6dj2ueylkg.juraganrc.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /vild.html HTTP/1.1Host: holly-lavender-rattlesnake.glitch.meConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://holly-lavender-rattlesnake.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://holly-lavender-rattlesnake.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/index.php?/ HTTP/1.1Host: honapalestine.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://holly-lavender-rattlesnake.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/assets/e189e3b3/css/bootstrap.css HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/css/site.css HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/assets/493c98da/jquery.js HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/assets/df38217b/yii.js HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/assets/e189e3b3/js/bootstrap.js HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/logo-en.png HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/listenlive.png HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/icons.png HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/css/FrutigerLTArabic-55Roman.ttf HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://honapalestine.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://honapalestine.com/1/frontend/web/css/site.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/playstore.png HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/appstore.png HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/bg.jpg HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/searchenglishbgar.png HTTP/1.1Host: honapalestine.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://honapalestine.com/1/frontend/web/index.php?/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: holly-lavender-rattlesnake.glitch.meConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://holly-lavender-rattlesnake.glitch.me/vild.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/listenlive.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: honapalestine.com
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/logo-en.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: honapalestine.com
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/icons.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: honapalestine.com
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/playstore.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: honapalestine.com
    Source: global trafficHTTP traffic detected: GET /1/frontend/web/images/appstore.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: honapalestine.com
    Source: global trafficHTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.net
    Source: unknownHTTPS traffic detected: 192.185.138.191:443 -> 192.168.2.3:49703 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 139.162.167.121:443 -> 192.168.2.3:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 139.162.167.121:443 -> 192.168.2.3:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.219.60:443 -> 192.168.2.3:49746 version: TLS 1.2
    Source: 29025.1.pages.csv, type: HTMLMatched rule: SUSP_obfuscated_JS_obfuscatorio date = 2021-08-25, author = @imp0rtp3, description = Detects JS obfuscation done by the js obfuscator (often malicious), score = , reference = https://obfuscator.io
    Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_02BE0080
    Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
    Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s" > cmdline.out 2>&1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s"
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\index.html@url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s.html
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1616,i,5292400896411780733,13825633785752334259,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1616,i,5292400896411780733,13825633785752334259,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6012:120:WilError_01
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
    Source: classification engineClassification label: mal72.phis.win@30/2@8/10
    Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://b6dj2ueylkg.juraganrc.com/?url=ahr0chm6ly9ob2xses1syxzlbmrlci1yyxr0bgvzbmfrzs5nbgl0y2gubwuvdmlszc5odg1s" > cmdline.out 2>&1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://b6dj2ueylkg.juraganrc.com/?url=ahr0chm6ly9ob2xses1syxzlbmrlci1yyxr0bgvzbmfrzs5nbgl0y2gubwuvdmlszc5odg1s"
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://b6dj2ueylkg.juraganrc.com/?url=ahr0chm6ly9ob2xses1syxzlbmrlci1yyxr0bgvzbmfrzs5nbgl0y2gubwuvdmlszc5odg1s"
    Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformation
    Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    1
    Drive-by Compromise
    1
    Command and Scripting Interpreter
    Path Interception1
    Process Injection
    3
    Masquerading
    OS Credential Dumping12
    System Information Discovery
    Remote Services1
    Archive Collected Data
    Exfiltration Over Other Network Medium11
    Encrypted Channel
    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Process Injection
    LSASS Memory1
    Remote System Discovery
    Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
    Non-Application Layer Protocol
    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
    Application Layer Protocol
    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
    Ingress Tool Transfer
    SIM Card SwapCarrier Billing Fraud
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s0%VirustotalBrowse
    https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s0%Avira URL Cloudsafe
    https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s100%SlashNextCredential Stealing type: Phishing & Social Engineering
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://holly-lavender-rattlesnake.glitch.me/vild.html#100%SlashNextCredential Stealing type: Phishing & Social Engineering
    https://honapalestine.com/1/frontend/web/css/FrutigerLTArabic-55Roman.ttf0%Avira URL Cloudsafe
    https://honapalestine.com/0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/images/playstore.png0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/images/icons.png0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/index.php?/2%VirustotalBrowse
    https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvd0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/images/appstore.png0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/assets/e189e3b3/js/bootstrap.js0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/images/listenlive.png0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/css/site.css0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/images/searchenglishbgar.png0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/assets/df38217b/yii.js0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/assets/493c98da/jquery.js0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/images/logo-en.png0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/images/bg.jpg0%Avira URL Cloudsafe
    https://honapalestine.com/1/frontend/web/assets/e189e3b3/css/bootstrap.css0%Avira URL Cloudsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    accounts.google.com
    172.217.168.45
    truefalse
      high
      holly-lavender-rattlesnake.glitch.me
      44.199.49.219
      truefalse
        high
        honapalestine.com
        139.162.167.121
        truefalse
          unknown
          b6dj2ueylkg.juraganrc.com
          192.185.138.191
          truefalse
            unknown
            www.google.com
            172.217.168.36
            truefalse
              high
              clients.l.google.com
              142.250.203.110
              truefalse
                high
                part-0032.t-0009.fbs1-t-msedge.net
                13.107.219.60
                truefalse
                  unknown
                  clients2.google.com
                  unknown
                  unknownfalse
                    high
                    NameMaliciousAntivirus DetectionReputation
                    https://holly-lavender-rattlesnake.glitch.me/vild.html#false
                    • SlashNext: Credential Stealing type: Phishing & Social Engineering
                    high
                    https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1strue
                      unknown
                      https://honapalestine.com/1/frontend/web/index.php?/falseunknown
                      https://holly-lavender-rattlesnake.glitch.me/favicon.icofalse
                        high
                        https://honapalestine.com/1/frontend/web/css/FrutigerLTArabic-55Roman.ttffalse
                        • Avira URL Cloud: safe
                        unknown
                        https://honapalestine.com/1/frontend/web/images/icons.pngfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://honapalestine.com/false
                        • Avira URL Cloud: safe
                        unknown
                        https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                          high
                          https://honapalestine.com/1/frontend/web/images/playstore.pngfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                            high
                            https://honapalestine.com/1/frontend/web/images/appstore.pngfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://honapalestine.com/1/frontend/web/assets/e189e3b3/js/bootstrap.jsfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://holly-lavender-rattlesnake.glitch.me/vild.htmlfalse
                              high
                              https://honapalestine.com/1/frontend/web/index.php?/falseunknown
                              https://honapalestine.com/1/frontend/web/images/listenlive.pngfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://honapalestine.com/1/frontend/web/css/site.cssfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://honapalestine.com/1/frontend/web/assets/df38217b/yii.jsfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://honapalestine.com/1/frontend/web/images/searchenglishbgar.pngfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://honapalestine.com/1/frontend/web/assets/493c98da/jquery.jsfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://honapalestine.com/1/frontend/web/images/logo-en.pngfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://honapalestine.com/1/frontend/web/images/bg.jpgfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://honapalestine.com/1/frontend/web/assets/e189e3b3/css/bootstrap.cssfalse
                              • Avira URL Cloud: safe
                              unknown
                              NameSourceMaliciousAntivirus DetectionReputation
                              https://holly-lavender-rattlesnake.glitch.me/vild.html#index.html@url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s.2.drfalse
                              • SlashNext: Credential Stealing type: Phishing & Social Engineering
                              high
                              https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdwget.exe, 00000002.00000003.237761279.0000000002BE9000.00000004.00000800.00020000.00000000.sdmp, cmdline.out.0.drfalse
                              • Avira URL Cloud: safe
                              unknown
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              13.107.219.60
                              part-0032.t-0009.fbs1-t-msedge.netUnited States
                              8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                              142.250.203.110
                              clients.l.google.comUnited States
                              15169GOOGLEUSfalse
                              139.162.167.121
                              honapalestine.comNetherlands
                              63949LINODE-APLinodeLLCUSfalse
                              44.199.49.219
                              holly-lavender-rattlesnake.glitch.meUnited States
                              14618AMAZON-AESUSfalse
                              172.217.168.45
                              accounts.google.comUnited States
                              15169GOOGLEUSfalse
                              192.185.138.191
                              b6dj2ueylkg.juraganrc.comUnited States
                              46606UNIFIEDLAYER-AS-1USfalse
                              172.217.168.36
                              www.google.comUnited States
                              15169GOOGLEUSfalse
                              239.255.255.250
                              unknownReserved
                              unknownunknownfalse
                              IP
                              192.168.2.1
                              127.0.0.1
                              Joe Sandbox Version:36.0.0 Rainbow Opal
                              Analysis ID:756170
                              Start date and time:2022-11-29 19:03:59 +01:00
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 4m 41s
                              Hypervisor based Inspection enabled:false
                              Report type:light
                              Cookbook file name:urldownload.jbs
                              Sample URL:https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s
                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                              Number of analysed new started processes analysed:16
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal72.phis.win@30/2@8/10
                              EGA Information:Failed
                              HDC Information:Failed
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 0
                              • Number of non-executed functions: 0
                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                              • TCP Packets have been reduced to 100
                              • Excluded IPs from analysis (whitelisted): 172.217.168.67, 34.104.35.123, 216.58.215.234, 172.217.168.74, 142.250.203.106, 172.217.168.10
                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, update.googleapis.com, clientservices.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, global-entry-afdthirdparty-fallback.trafficmanager.net
                              • Execution Graph export aborted for target wget.exe, PID 5988 because there are no executed function
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtWriteVirtualMemory calls found.
                              No simulations
                              No context
                              No context
                              No context
                              No context
                              No context
                              Process:C:\Windows\SysWOW64\cmd.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:modified
                              Size (bytes):793
                              Entropy (8bit):5.549472422410998
                              Encrypted:false
                              SSDEEP:12:HFL27Rjjg1rRT1De5RhKkk1DbBKj9B27RjjgMvCrfiBKj9B27RjjgD8:9ORferJxePgJ1pW9BORfz6jEW9BORff
                              MD5:03186240F0270BA8CCC373860E489805
                              SHA1:6960D9433CEDFE2B3977D8BD451C927A2199E16C
                              SHA-256:AE86B4EA6F9CF6366E3337D79ED12A9D7BEA0BD9C38067500F5223AF1CECAF44
                              SHA-512:03B62CE1693AD364054984E955BF9DF506BE9517CF78FEC22242F49783EB2269A3475FF880ADA2B648FA6AE30B1C60027740FF732DD444B899AC7AB13A89E4FB
                              Malicious:false
                              Reputation:low
                              Preview:--2022-11-29 19:04:46-- https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s..Resolving b6dj2ueylkg.juraganrc.com (b6dj2ueylkg.juraganrc.com)... 192.185.138.191..Connecting to b6dj2ueylkg.juraganrc.com (b6dj2ueylkg.juraganrc.com)|192.185.138.191|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: unspecified [text/html]..Saving to: 'C:/Users/user/Desktop/download/index.html@url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s'.... 0K 56.9K=0.007s....2022-11-29 19:04:47 (56.9 KB/s) - 'C:/Users/user/Desktop/download/index.html@url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s' saved [392]....
                              Process:C:\Windows\SysWOW64\wget.exe
                              File Type:HTML document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):392
                              Entropy (8bit):5.101991386762123
                              Encrypted:false
                              SSDEEP:6:vW4QW3tSUOj8yrUi4ePORzQZgwEABm2E3PORzQZgwuGbxBHRWVMwdwoRXfGb:OPgkTIyrUipORUZdc9ORUZqG9OMl0Gb
                              MD5:848A7C7C382B42DD1206F4979DE6C2E1
                              SHA1:78F46B14C6909877657AA18AAFDF2681965E0AC1
                              SHA-256:37E7C3DF45AB788C21033FB290A17EFBA5C439CCA4E01F1B0A787967AA1FC491
                              SHA-512:AFD4805012E8B1431D005408E4A7751D4DC59350F74B48D3DB57D336DE4A731881C9BE25EAC62E03B63E760405EED52808765A438F8ED4BAC52548E1DBF74870
                              Malicious:false
                              Reputation:low
                              Preview:..<!DOCTYPE html>..<html>..<head>.. <title>Loading.......</title>..</head>..<meta HTTP-Equiv='refresh' content='0; URL=https://holly-lavender-rattlesnake.glitch.me/vild.html#'>..<script type='text/javascript'>..loc = 'https://holly-lavender-rattlesnake.glitch.me/vild.html#'..self.location.replace(loc);..window.location = loc;..</script>........<body onload="Fired()">....</body>..</html>
                              No static file info
                              TimestampSource PortDest PortSource IPDest IP
                              Nov 29, 2022 19:04:48.526634932 CET49703443192.168.2.3192.185.138.191
                              Nov 29, 2022 19:04:48.526681900 CET44349703192.185.138.191192.168.2.3
                              Nov 29, 2022 19:04:48.526793003 CET49703443192.168.2.3192.185.138.191
                              Nov 29, 2022 19:04:48.529531956 CET49703443192.168.2.3192.185.138.191
                              Nov 29, 2022 19:04:48.529563904 CET44349703192.185.138.191192.168.2.3
                              Nov 29, 2022 19:04:48.801815987 CET44349703192.185.138.191192.168.2.3
                              Nov 29, 2022 19:04:48.802047968 CET49703443192.168.2.3192.185.138.191
                              Nov 29, 2022 19:04:48.806216955 CET49703443192.168.2.3192.185.138.191
                              Nov 29, 2022 19:04:48.806251049 CET44349703192.185.138.191192.168.2.3
                              Nov 29, 2022 19:04:48.807008982 CET44349703192.185.138.191192.168.2.3
                              Nov 29, 2022 19:04:48.809533119 CET49703443192.168.2.3192.185.138.191
                              Nov 29, 2022 19:04:48.809571028 CET44349703192.185.138.191192.168.2.3
                              Nov 29, 2022 19:04:49.070445061 CET44349703192.185.138.191192.168.2.3
                              Nov 29, 2022 19:04:49.070576906 CET44349703192.185.138.191192.168.2.3
                              Nov 29, 2022 19:04:49.070683002 CET49703443192.168.2.3192.185.138.191
                              Nov 29, 2022 19:04:49.353719950 CET49703443192.168.2.3192.185.138.191
                              Nov 29, 2022 19:04:53.489209890 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:53.489234924 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:53.489310980 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:53.490328074 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:53.490351915 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:53.490845919 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.490919113 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.490988016 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.491210938 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.491234064 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.494088888 CET49707443192.168.2.3172.217.168.45
                              Nov 29, 2022 19:04:53.494132996 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.494204044 CET49707443192.168.2.3172.217.168.45
                              Nov 29, 2022 19:04:53.494549990 CET49707443192.168.2.3172.217.168.45
                              Nov 29, 2022 19:04:53.494580030 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.627681017 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.628238916 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.628318071 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.629087925 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.629179955 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.630342960 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.630393028 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.630527973 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.673816919 CET49707443192.168.2.3172.217.168.45
                              Nov 29, 2022 19:04:53.673877954 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.678003073 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.678102970 CET49707443192.168.2.3172.217.168.45
                              Nov 29, 2022 19:04:53.903798103 CET49707443192.168.2.3172.217.168.45
                              Nov 29, 2022 19:04:53.903861046 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.903980017 CET49707443192.168.2.3172.217.168.45
                              Nov 29, 2022 19:04:53.903996944 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.904203892 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.904273987 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.904310942 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.904351950 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.904366016 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.904644012 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.941519976 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.941620111 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.941679955 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.941788912 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.941862106 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.947391033 CET49706443192.168.2.3142.250.203.110
                              Nov 29, 2022 19:04:53.947439909 CET44349706142.250.203.110192.168.2.3
                              Nov 29, 2022 19:04:53.960284948 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.960395098 CET49707443192.168.2.3172.217.168.45
                              Nov 29, 2022 19:04:53.960426092 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.960661888 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:53.960736036 CET49707443192.168.2.3172.217.168.45
                              Nov 29, 2022 19:04:53.962016106 CET49707443192.168.2.3172.217.168.45
                              Nov 29, 2022 19:04:53.962044001 CET44349707172.217.168.45192.168.2.3
                              Nov 29, 2022 19:04:54.012840986 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.013361931 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.013425112 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.015105963 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.015279055 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.019273043 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.019309044 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.019433022 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.019473076 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.019490004 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.107942104 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.107981920 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.207972050 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.362062931 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.362123966 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.362142086 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.362178087 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.362194061 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.362206936 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.362303019 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.362303019 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.362303019 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.362303019 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.362303972 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.362364054 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.362406969 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.362456083 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.362456083 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.362521887 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.362539053 CET4434970544.199.49.219192.168.2.3
                              Nov 29, 2022 19:04:54.362592936 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.362615108 CET49705443192.168.2.344.199.49.219
                              Nov 29, 2022 19:04:54.362628937 CET4434970544.199.49.219192.168.2.3
                              TimestampSource PortDest PortSource IPDest IP
                              Nov 29, 2022 19:04:48.389060020 CET5784053192.168.2.38.8.8.8
                              Nov 29, 2022 19:04:48.513338089 CET53578408.8.8.8192.168.2.3
                              Nov 29, 2022 19:04:53.459043980 CET5238753192.168.2.38.8.8.8
                              Nov 29, 2022 19:04:53.460686922 CET5692453192.168.2.38.8.8.8
                              Nov 29, 2022 19:04:53.461493969 CET6062553192.168.2.38.8.8.8
                              Nov 29, 2022 19:04:53.485054016 CET53523878.8.8.8192.168.2.3
                              Nov 29, 2022 19:04:53.488692045 CET53569248.8.8.8192.168.2.3
                              Nov 29, 2022 19:04:53.488954067 CET53606258.8.8.8192.168.2.3
                              Nov 29, 2022 19:04:54.949067116 CET5295553192.168.2.38.8.8.8
                              Nov 29, 2022 19:04:55.149802923 CET53529558.8.8.8192.168.2.3
                              Nov 29, 2022 19:04:56.629014015 CET5563853192.168.2.38.8.8.8
                              Nov 29, 2022 19:04:56.646708012 CET53556388.8.8.8192.168.2.3
                              Nov 29, 2022 19:04:57.853391886 CET6532053192.168.2.38.8.8.8
                              Nov 29, 2022 19:04:58.239686012 CET53653208.8.8.8192.168.2.3
                              Nov 29, 2022 19:05:56.679845095 CET5362353192.168.2.38.8.8.8
                              Nov 29, 2022 19:05:56.699873924 CET53536238.8.8.8192.168.2.3
                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Nov 29, 2022 19:04:48.389060020 CET192.168.2.38.8.8.80xbb75Standard query (0)b6dj2ueylkg.juraganrc.comA (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:53.459043980 CET192.168.2.38.8.8.80x3fddStandard query (0)holly-lavender-rattlesnake.glitch.meA (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:53.460686922 CET192.168.2.38.8.8.80xe2Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:53.461493969 CET192.168.2.38.8.8.80x7497Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:54.949067116 CET192.168.2.38.8.8.80xe743Standard query (0)honapalestine.comA (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:56.629014015 CET192.168.2.38.8.8.80x4d99Standard query (0)www.google.comA (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:57.853391886 CET192.168.2.38.8.8.80xb355Standard query (0)honapalestine.comA (IP address)IN (0x0001)false
                              Nov 29, 2022 19:05:56.679845095 CET192.168.2.38.8.8.80xfdcbStandard query (0)www.google.comA (IP address)IN (0x0001)false
                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Nov 29, 2022 19:04:48.513338089 CET8.8.8.8192.168.2.30xbb75No error (0)b6dj2ueylkg.juraganrc.com192.185.138.191A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:53.485054016 CET8.8.8.8192.168.2.30x3fddNo error (0)holly-lavender-rattlesnake.glitch.me44.199.49.219A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:53.485054016 CET8.8.8.8192.168.2.30x3fddNo error (0)holly-lavender-rattlesnake.glitch.me44.196.165.201A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:53.485054016 CET8.8.8.8192.168.2.30x3fddNo error (0)holly-lavender-rattlesnake.glitch.me54.209.182.143A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:53.485054016 CET8.8.8.8192.168.2.30x3fddNo error (0)holly-lavender-rattlesnake.glitch.me52.4.141.177A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:53.488692045 CET8.8.8.8192.168.2.30xe2No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                              Nov 29, 2022 19:04:53.488692045 CET8.8.8.8192.168.2.30xe2No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:53.488954067 CET8.8.8.8192.168.2.30x7497No error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:55.109987974 CET8.8.8.8192.168.2.30x388fNo error (0)dual.part-0032.t-0009.t-msedge.netglobal-entry-afdthirdparty-fallback.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                              Nov 29, 2022 19:04:55.109987974 CET8.8.8.8192.168.2.30x388fNo error (0)dual.part-0032.t-0009.fbs1-t-msedge.netpart-0032.t-0009.fbs1-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                              Nov 29, 2022 19:04:55.109987974 CET8.8.8.8192.168.2.30x388fNo error (0)part-0032.t-0009.fbs1-t-msedge.net13.107.219.60A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:55.109987974 CET8.8.8.8192.168.2.30x388fNo error (0)part-0032.t-0009.fbs1-t-msedge.net13.107.227.60A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:55.149802923 CET8.8.8.8192.168.2.30xe743No error (0)honapalestine.com139.162.167.121A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:56.646708012 CET8.8.8.8192.168.2.30x4d99No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:58.239686012 CET8.8.8.8192.168.2.30xb355No error (0)honapalestine.com139.162.167.121A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:59.261404991 CET8.8.8.8192.168.2.30xc690No error (0)dual.part-0032.t-0009.t-msedge.netglobal-entry-afdthirdparty-fallback.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                              Nov 29, 2022 19:04:59.261404991 CET8.8.8.8192.168.2.30xc690No error (0)dual.part-0032.t-0009.fbs1-t-msedge.netpart-0032.t-0009.fbs1-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                              Nov 29, 2022 19:04:59.261404991 CET8.8.8.8192.168.2.30xc690No error (0)part-0032.t-0009.fbs1-t-msedge.net13.107.219.60A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:04:59.261404991 CET8.8.8.8192.168.2.30xc690No error (0)part-0032.t-0009.fbs1-t-msedge.net13.107.227.60A (IP address)IN (0x0001)false
                              Nov 29, 2022 19:05:56.699873924 CET8.8.8.8192.168.2.30xfdcbNo error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)false
                              • b6dj2ueylkg.juraganrc.com
                              • accounts.google.com
                              • clients2.google.com
                              • holly-lavender-rattlesnake.glitch.me
                              • https:
                                • aadcdn.msauth.net
                                • honapalestine.com

                              Click to jump to process

                              Target ID:0
                              Start time:19:04:46
                              Start date:29/11/2022
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s" > cmdline.out 2>&1
                              Imagebase:0xb0000
                              File size:232960 bytes
                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low

                              Target ID:1
                              Start time:19:04:46
                              Start date:29/11/2022
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff745070000
                              File size:625664 bytes
                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low

                              Target ID:2
                              Start time:19:04:46
                              Start date:29/11/2022
                              Path:C:\Windows\SysWOW64\wget.exe
                              Wow64 process (32bit):true
                              Commandline:wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s"
                              Imagebase:0x400000
                              File size:3895184 bytes
                              MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low

                              Target ID:3
                              Start time:19:04:49
                              Start date:29/11/2022
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\index.html@url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1s.html
                              Imagebase:0x7ff614650000
                              File size:2851656 bytes
                              MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low

                              Target ID:4
                              Start time:19:04:50
                              Start date:29/11/2022
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1616,i,5292400896411780733,13825633785752334259,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff614650000
                              File size:2851656 bytes
                              MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low

                              No disassembly