Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg

Overview

General Information

Sample URL:https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg
Analysis ID:756228
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Phishing site detected (based on logo template match)
Phishing site detected (based on image similarity)
HTML body contains low number of good links
No HTML title found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4856 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5784 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1828,i,2187161938276056667,2480233056043708616,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 4440 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
22653.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Phishing site detected (based on favicon image match)
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371Matcher: Template: microsoft matched with high similarity
    Yara detected HtmlPhish10
    Source: Yara matchFile source: 22653.0.pages.csv, type: HTML
    Phishing site detected (based on logo template match)
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371Matcher: Template: microsoft matched
    Phishing site detected (based on image similarity)
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371HTTP Parser: Number of links: 0
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371HTTP Parser: Number of links: 0
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371HTTP Parser: HTML title missing
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371HTTP Parser: HTML title missing
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371HTTP Parser: No <meta name="author".. found
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371HTTP Parser: No <meta name="author".. found
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371HTTP Parser: No <meta name="copyright".. found
    Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371HTTP Parser: No <meta name="copyright".. found
    Source: unknownHTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.4:49728 version: TLS 1.2
    Source: unknownDNS traffic detected: queries for: accounts.google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg HTTP/1.1Host: cialistabspharmacy.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg== HTTP/1.1Host: cialistabspharmacy.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=cf72920363d7b55e4607305c1c276c2e
    Source: global trafficHTTP traffic detected: GET /16.000/Converged_v21033_egJPTAx_byK-yF_CMCKFeg2.css HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371 HTTP/1.1Host: cialistabspharmacy.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg==Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=cf72920363d7b55e4607305c1c276c2e
    Source: global trafficHTTP traffic detected: GET /16.000.29039.9/images/favicon.ico HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /16.000.29039.9/images/favicon.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: logincdn.msauth.net
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: unknownHTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.4:49728 version: TLS 1.2
    Source: classification engineClassification label: mal64.phis.win@23/0@9/9
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1828,i,2187161938276056667,2480233056043708616,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1828,i,2187161938276056667,2480233056043708616,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next
    Source: Window RecorderWindow detected: More than 3 window changes detected

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath Interception1
    Process Injection    		1
    Process Injection    		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
    Non-Application Layer Protocol    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
    Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
    Ingress Tool Transfer    		SIM Card SwapCarrier Billing Fraud

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg0%Avira URL Cloudsafe

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg==0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    accounts.google.com
    		172.217.168.45
    		truefalse
      		high
      cdnjs.cloudflare.com
      		104.17.25.14
      		truefalse
        		high
        www.google.com
        		172.217.168.68
        		truefalse
          		high
          cs1227.wpc.alphacdn.net
          		192.229.221.185
          		truefalse
            		unknown
            clients.l.google.com
            		142.250.203.110
            		truefalse
              		high
              cialistabspharmacy.com
              		184.168.106.3
              		truefalse
                		unknown
                clients2.google.com
                		unknown
                		unknownfalse
                  		high
                  secure.aadcdn.microsoftonline-p.com
                  		unknown
                  		unknownfalse
                    		unknown
                    cdn.jsdelivr.net
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371true
                        		unknown
                        https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                          		high
                          https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAgfalse
                            		unknown
                            https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg==false
                            • Avira URL Cloud: safe
                            		unknown
                            https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.jsfalse
                              		high
                              https://cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/axios.min.jsfalse
                                		high
                                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                  		high
                                  https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371true
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.250.203.110
                                    		clients.l.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    172.217.168.68
                                    		www.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    172.217.168.45
                                    		accounts.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    239.255.255.250
                                    		unknownReserved
                                    		unknownunknownfalse
                                    184.168.106.3
                                    		cialistabspharmacy.comUnited States
                                    		26496AS-26496-GO-DADDY-COM-LLCUSfalse
                                    192.229.221.185
                                    		cs1227.wpc.alphacdn.netUnited States
                                    		15133EDGECASTUSfalse
                                    104.17.25.14
                                    		cdnjs.cloudflare.comUnited States
                                    		13335CLOUDFLARENETUSfalse

                                    Private

                                    IP
                                    192.168.2.1
                                    127.0.0.1

                                    General Information

                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                    Analysis ID:756228
                                    Start date and time:2022-11-29 20:58:49 +01:00
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 3m 52s
                                    Hypervisor based Inspection enabled:false
                                    Report type:light
                                    Cookbook file name:browseurl.jbs
                                    Sample URL:https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:3
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal64.phis.win@23/0@9/9
                                    EGA Information:Failed
                                    HDC Information:Failed
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 0
                                    • Number of non-executed functions: 0

                                    Warnings

                                    • Excluded IPs from analysis (whitelisted): 172.217.168.67, 34.104.35.123, 104.16.86.20, 104.16.88.20, 104.16.85.20, 104.16.87.20, 104.16.89.20, 96.16.150.76, 172.217.168.42, 172.217.168.74, 142.250.203.106, 216.58.215.234, 172.217.168.10
                                    • TCP Packets have been reduced to 100
                                    • Excluded domains from analysis (whitelisted): logincdn.msauth.net, cdn.jsdelivr.net.cdn.cloudflare.net, edgedl.me.gvt1.com, content-autofill.googleapis.com, lgincdn.trafficmanager.net, secure.aadcdn.microsoftonline-p.com.edgekey.net, lgincdnvzeuno.ec.azureedge.net, e13761.dscg.akamaiedge.net, clientservices.googleapis.com, lgincdnvzeuno.azureedge.net
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    No created / dropped files found

                                    Static File Info

                                    No static file info

                                    Network Behavior

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Nov 29, 2022 20:59:41.843067884 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:41.843147039 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:41.843231916 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:41.843532085 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:41.843596935 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:41.843672991 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:41.844242096 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:41.844266891 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:41.844451904 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:41.844485044 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:41.971976042 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:41.978758097 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:42.012360096 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:42.021476030 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:42.031418085 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:42.031439066 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:42.031645060 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:42.031696081 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:42.033921957 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:42.034025908 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:42.034800053 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:42.034902096 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:42.037800074 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:42.037888050 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:43.503597975 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:43.503678083 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:43.503997087 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:43.504014969 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:43.504060030 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:43.504308939 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:43.504370928 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:43.504736900 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:43.504766941 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:43.504792929 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:43.558389902 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:43.558428049 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:43.580784082 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:43.580909967 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:43.580946922 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:43.581175089 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:43.581249952 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:43.589349031 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:43.589380980 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:43.689444065 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:43.872733116 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:43.872801065 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:43.872932911 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:43.877302885 CET49699443192.168.2.4172.217.168.45
                                    Nov 29, 2022 20:59:43.877342939 CET44349699172.217.168.45192.168.2.4
                                    Nov 29, 2022 20:59:43.885545015 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:43.885608912 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:44.111474991 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:44.111622095 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:44.111756086 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:44.112951994 CET49700443192.168.2.4142.250.203.110
                                    Nov 29, 2022 20:59:44.112987041 CET44349700142.250.203.110192.168.2.4
                                    Nov 29, 2022 20:59:44.676935911 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:44.707285881 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:44.707348108 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:44.710585117 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:44.710758924 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:44.717650890 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:44.717689037 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:44.717832088 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:44.717868090 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:44.718086958 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:44.789486885 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:44.789530993 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:44.889523983 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:45.192882061 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:45.193026066 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:45.193119049 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:45.201554060 CET49702443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:45.201606035 CET44349702184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:45.205714941 CET49704443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:45.205792904 CET44349704184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:45.205930948 CET49704443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:45.206311941 CET49704443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:45.206342936 CET44349704184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:45.304317951 CET49705443192.168.2.4172.217.168.68
                                    Nov 29, 2022 20:59:45.304384947 CET44349705172.217.168.68192.168.2.4
                                    Nov 29, 2022 20:59:45.304517031 CET49705443192.168.2.4172.217.168.68
                                    Nov 29, 2022 20:59:45.312937021 CET49705443192.168.2.4172.217.168.68
                                    Nov 29, 2022 20:59:45.312997103 CET44349705172.217.168.68192.168.2.4
                                    Nov 29, 2022 20:59:45.382834911 CET44349705172.217.168.68192.168.2.4
                                    Nov 29, 2022 20:59:45.383321047 CET49705443192.168.2.4172.217.168.68
                                    Nov 29, 2022 20:59:45.383385897 CET44349705172.217.168.68192.168.2.4
                                    Nov 29, 2022 20:59:45.385241032 CET44349705172.217.168.68192.168.2.4
                                    Nov 29, 2022 20:59:45.385445118 CET49705443192.168.2.4172.217.168.68
                                    Nov 29, 2022 20:59:45.387926102 CET49705443192.168.2.4172.217.168.68
                                    Nov 29, 2022 20:59:45.387974024 CET44349705172.217.168.68192.168.2.4
                                    Nov 29, 2022 20:59:45.388104916 CET44349705172.217.168.68192.168.2.4
                                    Nov 29, 2022 20:59:45.559623003 CET49705443192.168.2.4172.217.168.68
                                    Nov 29, 2022 20:59:45.559678078 CET44349705172.217.168.68192.168.2.4
                                    Nov 29, 2022 20:59:45.730473042 CET44349704184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:45.757577896 CET49705443192.168.2.4172.217.168.68
                                    Nov 29, 2022 20:59:45.758435011 CET49704443192.168.2.4184.168.106.3
                                    Nov 29, 2022 20:59:45.758495092 CET44349704184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:45.759740114 CET44349704184.168.106.3192.168.2.4
                                    Nov 29, 2022 20:59:45.767420053 CET49704443192.168.2.4184.168.106.3

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Nov 29, 2022 20:59:41.770828009 CET5856553192.168.2.48.8.8.8
                                    Nov 29, 2022 20:59:41.773571968 CET5223953192.168.2.48.8.8.8
                                    Nov 29, 2022 20:59:41.790349960 CET53585658.8.8.8192.168.2.4
                                    Nov 29, 2022 20:59:41.801201105 CET53522398.8.8.8192.168.2.4
                                    Nov 29, 2022 20:59:41.949896097 CET6100753192.168.2.48.8.8.8
                                    Nov 29, 2022 20:59:41.970788956 CET53610078.8.8.8192.168.2.4
                                    Nov 29, 2022 20:59:45.236793041 CET5557053192.168.2.48.8.8.8
                                    Nov 29, 2022 20:59:45.256650925 CET53555708.8.8.8192.168.2.4
                                    Nov 29, 2022 20:59:45.281066895 CET6490653192.168.2.48.8.8.8
                                    Nov 29, 2022 20:59:45.300988913 CET53649068.8.8.8192.168.2.4
                                    Nov 29, 2022 20:59:46.876437902 CET6108853192.168.2.48.8.8.8
                                    Nov 29, 2022 20:59:46.879719973 CET5872953192.168.2.48.8.8.8
                                    Nov 29, 2022 20:59:46.901210070 CET53587298.8.8.8192.168.2.4
                                    Nov 29, 2022 20:59:47.639122963 CET5602253192.168.2.48.8.8.8
                                    Nov 29, 2022 20:59:52.022222042 CET5452153192.168.2.48.8.8.8

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Nov 29, 2022 20:59:41.770828009 CET192.168.2.48.8.8.80xc313Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:41.773571968 CET192.168.2.48.8.8.80x62f7Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:41.949896097 CET192.168.2.48.8.8.80x992eStandard query (0)cialistabspharmacy.comA (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:45.236793041 CET192.168.2.48.8.8.80x2ff1Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:45.281066895 CET192.168.2.48.8.8.80x5ad6Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:46.876437902 CET192.168.2.48.8.8.80x173bStandard query (0)cdn.jsdelivr.netA (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:46.879719973 CET192.168.2.48.8.8.80x471eStandard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:47.639122963 CET192.168.2.48.8.8.80xa5eaStandard query (0)secure.aadcdn.microsoftonline-p.comA (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:52.022222042 CET192.168.2.48.8.8.80xa8c0Standard query (0)secure.aadcdn.microsoftonline-p.comA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Nov 29, 2022 20:59:41.790349960 CET8.8.8.8192.168.2.40xc313No error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:41.801201105 CET8.8.8.8192.168.2.40x62f7No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                    Nov 29, 2022 20:59:41.801201105 CET8.8.8.8192.168.2.40x62f7No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:41.970788956 CET8.8.8.8192.168.2.40x992eNo error (0)cialistabspharmacy.com184.168.106.3A (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:45.256650925 CET8.8.8.8192.168.2.40x2ff1No error (0)www.google.com172.217.168.68A (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:45.300988913 CET8.8.8.8192.168.2.40x5ad6No error (0)www.google.com172.217.168.68A (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:46.375910997 CET8.8.8.8192.168.2.40xbf56No error (0)cs1227.wpc.alphacdn.net192.229.221.185A (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:46.899960041 CET8.8.8.8192.168.2.40x173bNo error (0)cdn.jsdelivr.netcdn.jsdelivr.net.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                    Nov 29, 2022 20:59:46.901210070 CET8.8.8.8192.168.2.40x471eNo error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:46.901210070 CET8.8.8.8192.168.2.40x471eNo error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:47.661205053 CET8.8.8.8192.168.2.40xa5eaNo error (0)secure.aadcdn.microsoftonline-p.comsecure.aadcdn.microsoftonline-p.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                    Nov 29, 2022 20:59:51.864490032 CET8.8.8.8192.168.2.40x2767No error (0)cs1227.wpc.alphacdn.net192.229.221.185A (IP address)IN (0x0001)false
                                    Nov 29, 2022 20:59:52.041032076 CET8.8.8.8192.168.2.40xa8c0No error (0)secure.aadcdn.microsoftonline-p.comsecure.aadcdn.microsoftonline-p.com.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • accounts.google.com
                                    • clients2.google.com
                                    • cialistabspharmacy.com
                                    • https:
                                      • logincdn.msauth.net
                                      • cdnjs.cloudflare.com

                                    Statistics

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:20:59:37
                                    Start date:29/11/2022
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                                    Imagebase:0x7ff683680000
                                    File size:2851656 bytes
                                    MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low

                                    General

                                    Target ID:1
                                    Start time:20:59:38
                                    Start date:29/11/2022
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1828,i,2187161938276056667,2480233056043708616,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                                    Imagebase:0x7ff683680000
                                    File size:2851656 bytes
                                    MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low

                                    General

                                    Target ID:2
                                    Start time:20:59:39
                                    Start date:29/11/2022
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg
                                    Imagebase:0x7ff683680000
                                    File size:2851656 bytes
                                    MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low

                                    Disassembly

                                    No disassembly