Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#U25b6 #Ud83d#Udd18#U2500#U2500#U2500#U2500#U2500#U2500#U2500 126 Voice-Attchment.919-340-XX.html

Overview

General Information

Sample Name:#U25b6 #Ud83d#Udd18#U2500#U2500#U2500#U2500#U2500#U2500#U2500 126 Voice-Attchment.919-340-XX.html
Analysis ID:756300
MD5:c8a579e165f7b8c76b71f56a5766a4d0
SHA1:b6c3f4b86d8658333c7a3e3c99c2608e1d9b0cc0
SHA256:95d40b7fb897e11d1a5974e62ff659c3665cb7078cac051aac2d9155c8072c04
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
HTML document with suspicious title
Phishing site detected (based on image similarity)
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware

Classification

  • System is w10x64
  • chrome.exe (PID: 2516 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1816,i,18019605785344620809,16696382858066997968,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5552 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#U25b6 #Ud83d#Udd18#U2500#U2500#U2500#U2500#U2500#U2500#U2500 126 Voice-Attchment.919-340-XX.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
61093.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    No Sigma rule has matched
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Source: Yara matchFile source: 61093.0.pages.csv, type: HTML
    Source: file:///C:/Users/user/Desktop/%23U25b6%20%23Ud83d%23Udd18%23U2500%23U2500%23U2500%23U2500%23U2500%23U2500%23U2500%20126%20Voice-Attchment.919-340-XX.htmlMatcher: Found strong image similarity, brand: Microsoft image: 61093.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: unknownHTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.23.72:443 -> 192.168.2.3:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.3:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.3:49733 version: TLS 1.2
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Joe Sandbox ViewIP Address: 104.17.24.14 104.17.24.14
    Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
    Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
    Source: unknownDNS traffic detected: queries for: clients2.google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /onlne/aa/admin/js/mj.php?ar=d29yZA== HTTP/1.1Host: mandemutworld.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /81d6b03a-itah-k4j9-s88y6um2sckipyinyzz2ai-jemkeyiq/logintenantbranding/0/bannerlogo?ts=637758174410899401 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /81d6b03a-itah-k4j9-s88y6um2sckipyinyzz2ai-jemkeyiq/logintenantbranding/0/illustration?ts=637758160209820938 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: logincdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /81d6b03a-itah-k4j9-s88y6um2sckipyinyzz2ai-jemkeyiq/logintenantbranding/0/bannerlogo?ts=637758174410899401 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauthimages.net
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.net
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
    Source: unknownHTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.23.72:443 -> 192.168.2.3:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.3:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.3:49733 version: TLS 1.2

    System Summary

    barindex
    Source: file:///C:/Users/user/Desktop/%23U25b6%20%23Ud83d%23Udd18%23U2500%23U2500%23U2500%23U2500%23U2500%23U2500%23U2500%20126%20Voice-Attchment.919-340-XX.htmlTab title: Sign in to Outlook
    Source: classification engineClassification label: mal56.phis.winHTML@29/0@11/13
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1816,i,18019605785344620809,16696382858066997968,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#U25b6 #Ud83d#Udd18#U2500#U2500#U2500#U2500#U2500#U2500#U2500 126 Voice-Attchment.919-340-XX.html
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1816,i,18019605785344620809,16696382858066997968,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath Interception1
    Process Injection
    2
    Masquerading
    OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel
    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Process Injection
    LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
    Non-Application Layer Protocol
    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
    Application Layer Protocol
    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
    Ingress Tool Transfer
    SIM Card SwapCarrier Billing Fraud
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://aadcdn.msauthimages.net/81d6b03a-itah-k4j9-s88y6um2sckipyinyzz2ai-jemkeyiq/logintenantbranding/0/bannerlogo?ts=6377581744108994010%Avira URL Cloudsafe
    https://mandemutworld.com/onlne/aa/5ac0e99.php0%Avira URL Cloudsafe
    https://mandemutworld.com/onlne/aa/admin/js/mj.php?ar=d29yZA==0%Avira URL Cloudsafe
    https://aadcdn.msauthimages.net/81d6b03a-itah-k4j9-s88y6um2sckipyinyzz2ai-jemkeyiq/logintenantbranding/0/illustration?ts=6377581602098209380%Avira URL Cloudsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    accounts.google.com
    172.217.168.45
    truefalse
      high
      mandemutworld.com
      88.99.17.3
      truefalse
        unknown
        cdnjs.cloudflare.com
        104.17.24.14
        truefalse
          high
          maxcdn.bootstrapcdn.com
          104.18.10.207
          truefalse
            high
            part-0032.t-0009.t-msedge.net
            13.107.246.60
            truefalse
              unknown
              cs1227.wpc.alphacdn.net
              192.229.221.185
              truefalse
                unknown
                www.google.com
                172.217.168.68
                truefalse
                  high
                  clients.l.google.com
                  142.250.203.110
                  truefalse
                    high
                    cs1025.wpc.upsiloncdn.net
                    152.199.23.72
                    truefalse
                      unknown
                      aadcdn.msauthimages.net
                      unknown
                      unknownfalse
                        unknown
                        clients2.google.com
                        unknown
                        unknownfalse
                          high
                          code.jquery.com
                          unknown
                          unknownfalse
                            high
                            cdn.jsdelivr.net
                            unknown
                            unknownfalse
                              high
                              NameMaliciousAntivirus DetectionReputation
                              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                                high
                                https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.cssfalse
                                  high
                                  https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.cssfalse
                                    high
                                    file:///C:/Users/user/Desktop/%23U25b6%20%23Ud83d%23Udd18%23U2500%23U2500%23U2500%23U2500%23U2500%23U2500%23U2500%20126%20Voice-Attchment.919-340-XX.htmltrue
                                      low
                                      https://mandemutworld.com/onlne/aa/5ac0e99.phpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0false
                                        high
                                        https://mandemutworld.com/onlne/aa/admin/js/mj.php?ar=d29yZA==false
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://aadcdn.msauthimages.net/81d6b03a-itah-k4j9-s88y6um2sckipyinyzz2ai-jemkeyiq/logintenantbranding/0/bannerlogo?ts=637758174410899401false
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://aadcdn.msauthimages.net/81d6b03a-itah-k4j9-s88y6um2sckipyinyzz2ai-jemkeyiq/logintenantbranding/0/illustration?ts=637758160209820938false
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                          high
                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs
                                          IPDomainCountryFlagASNASN NameMalicious
                                          104.17.24.14
                                          cdnjs.cloudflare.comUnited States
                                          13335CLOUDFLARENETUSfalse
                                          104.18.10.207
                                          maxcdn.bootstrapcdn.comUnited States
                                          13335CLOUDFLARENETUSfalse
                                          152.199.23.72
                                          cs1025.wpc.upsiloncdn.netUnited States
                                          15133EDGECASTUSfalse
                                          142.250.203.110
                                          clients.l.google.comUnited States
                                          15169GOOGLEUSfalse
                                          13.107.246.60
                                          part-0032.t-0009.t-msedge.netUnited States
                                          8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          88.99.17.3
                                          mandemutworld.comGermany
                                          24940HETZNER-ASDEfalse
                                          172.217.168.68
                                          www.google.comUnited States
                                          15169GOOGLEUSfalse
                                          172.217.168.45
                                          accounts.google.comUnited States
                                          15169GOOGLEUSfalse
                                          239.255.255.250
                                          unknownReserved
                                          unknownunknownfalse
                                          192.229.221.185
                                          cs1227.wpc.alphacdn.netUnited States
                                          15133EDGECASTUSfalse
                                          IP
                                          192.168.2.1
                                          192.168.2.7
                                          127.0.0.1
                                          Joe Sandbox Version:36.0.0 Rainbow Opal
                                          Analysis ID:756300
                                          Start date and time:2022-11-30 00:19:55 +01:00
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 6m 58s
                                          Hypervisor based Inspection enabled:false
                                          Report type:light
                                          Sample file name:#U25b6 #Ud83d#Udd18#U2500#U2500#U2500#U2500#U2500#U2500#U2500 126 Voice-Attchment.919-340-XX.html
                                          Cookbook file name:defaultwindowshtmlcookbook.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:17
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal56.phis.winHTML@29/0@11/13
                                          EGA Information:Failed
                                          HDC Information:Failed
                                          HCA Information:
                                          • Successful, ratio: 100%
                                          • Number of executed functions: 0
                                          • Number of non-executed functions: 0
                                          Cookbook Comments:
                                          • Found application associated with file extension: .html
                                          • Browse: https://privacy.microsoft.com/fr/privacystatement
                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                          • TCP Packets have been reduced to 100
                                          • Excluded IPs from analysis (whitelisted): 93.184.220.29, 93.184.221.240, 209.197.3.8, 67.27.158.254, 8.248.113.254, 8.238.190.126, 8.238.191.126, 67.27.157.126, 172.217.168.67, 69.16.175.10, 69.16.175.42, 104.16.88.20, 104.16.86.20, 104.16.89.20, 104.16.87.20, 104.16.85.20, 34.104.35.123
                                          • Excluded domains from analysis (whitelisted): logincdn.msauth.net, fg.download.windowsupdate.com.c.footprint.net, cds.s5x3j6q5.hwcdn.net, cdn.jsdelivr.net.cdn.cloudflare.net, cs9.wac.phicdn.net, clientservices.googleapis.com, wu.azureedge.net, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, aadcdn.azureedge.net, aadcdn.ec.azureedge.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, fs.microsoft.com, aadcdnoriginwus2.azureedge.net, wu.ec.azureedge.net, lgincdnvzeuno.ec.azureedge.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, aadcdn.msauth.net, wu-bg-shim.trafficmanager.net, firstparty-azurefd-prod.trafficmanager.net, lgincdnvzeuno.azureedge.net, edgedl.me.gvt1.com, lgincdn.trafficmanager.net, aadcdnoriginwus2.afd.azureedge.net
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                          No simulations
                                          No context
                                          No context
                                          No context
                                          No context
                                          No context
                                          No created / dropped files found
                                          File type:HTML document, ASCII text, with very long lines (1617), with no line terminators
                                          Entropy (8bit):5.344750225083175
                                          TrID:
                                          • HyperText Markup Language (12001/1) 66.65%
                                          • HyperText Markup Language (6006/1) 33.35%
                                          File name:#U25b6 #Ud83d#Udd18#U2500#U2500#U2500#U2500#U2500#U2500#U2500 126 Voice-Attchment.919-340-XX.html
                                          File size:1617
                                          MD5:c8a579e165f7b8c76b71f56a5766a4d0
                                          SHA1:b6c3f4b86d8658333c7a3e3c99c2608e1d9b0cc0
                                          SHA256:95d40b7fb897e11d1a5974e62ff659c3665cb7078cac051aac2d9155c8072c04
                                          SHA512:4bc7c18cdab4828f0a659fd22322ca9402b9a54c5ad1f710166cdf66d9749d11b9d6c5d88f8626366b890806b456901e83114eecc80d236483ac50a8bc190228
                                          SSDEEP:24:kVP/IwkMPtNcz4rMR5dFkS01VaODNXKCQrJdxEkLW31kSoeeyZxkw1vVI:n3MPt2ErgCaODxtQPLyppkqvW
                                          TLSH:5D3170749472DD31C5536CE8F1C96F0E309D815EDB16580927E888990BDBD8A4235FF9
                                          File Content Preview:<html><head></head><body><div style="display:none;"><form method="post" action=""><input type="hidden" name="_token" value="t1wUS8AKQFFQS9WT5UHdbIuzMtyBZXaZyYti0PMp"><input type="text" name="product_id" value="9" hidden=""><div class="form-group row mt-5"
                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 30, 2022 00:20:51.580408096 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.580440044 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.580509901 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.587924004 CET49699443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.587985039 CET44349699142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.588085890 CET49699443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.589639902 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.589658976 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.589828968 CET49699443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.589863062 CET44349699142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.645701885 CET49701443192.168.2.3172.217.168.45
                                          Nov 30, 2022 00:20:51.645747900 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:51.645848036 CET49701443192.168.2.3172.217.168.45
                                          Nov 30, 2022 00:20:51.656306982 CET49701443192.168.2.3172.217.168.45
                                          Nov 30, 2022 00:20:51.656346083 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:51.664351940 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:51.664397955 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:51.664473057 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:51.664977074 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:51.665004015 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:51.682297945 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.682796955 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.682857037 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.683593988 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.683711052 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.684911013 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.684988022 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.738284111 CET44349699142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.738959074 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:51.768210888 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:51.792342901 CET49701443192.168.2.3172.217.168.45
                                          Nov 30, 2022 00:20:51.792398930 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:51.792643070 CET49699443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.792714119 CET44349699142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.793606043 CET44349699142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.793617010 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:51.793637037 CET44349699142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.793642044 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:51.793697119 CET49699443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.794492960 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:51.794519901 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:51.794589043 CET49701443192.168.2.3172.217.168.45
                                          Nov 30, 2022 00:20:51.795229912 CET44349699142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.795310020 CET49699443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:51.795352936 CET44349699142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:51.795850039 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:51.795912981 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:51.917767048 CET49699443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:52.228665113 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:52.228708982 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:52.228904009 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:52.229000092 CET49699443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:52.229074001 CET44349699142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:52.229320049 CET44349699142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:52.229429960 CET49701443192.168.2.3172.217.168.45
                                          Nov 30, 2022 00:20:52.229470968 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:52.229624033 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:52.229727983 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:52.229759932 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:52.229943991 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:52.229964972 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.230084896 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.230529070 CET49701443192.168.2.3172.217.168.45
                                          Nov 30, 2022 00:20:52.230551958 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:52.230659962 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:52.230670929 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.275619030 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:52.275754929 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:52.275758028 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:52.275810957 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:52.277087927 CET49698443192.168.2.3142.250.203.110
                                          Nov 30, 2022 00:20:52.277116060 CET44349698142.250.203.110192.168.2.3
                                          Nov 30, 2022 00:20:52.283499002 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.283524036 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.283612013 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:52.283644915 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.283662081 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:52.283713102 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:52.306258917 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:52.306454897 CET49701443192.168.2.3172.217.168.45
                                          Nov 30, 2022 00:20:52.306482077 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:52.306627989 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:52.306683064 CET49701443192.168.2.3172.217.168.45
                                          Nov 30, 2022 00:20:52.307744980 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.307773113 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.307828903 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.307882071 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:52.307921886 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.307924986 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:52.307938099 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.307974100 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:52.307971954 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.308029890 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:52.308037043 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.316368103 CET49701443192.168.2.3172.217.168.45
                                          Nov 30, 2022 00:20:52.316411018 CET44349701172.217.168.45192.168.2.3
                                          Nov 30, 2022 00:20:52.333547115 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.333578110 CET4434970288.99.17.3192.168.2.3
                                          Nov 30, 2022 00:20:52.333789110 CET49702443192.168.2.388.99.17.3
                                          Nov 30, 2022 00:20:52.333816051 CET4434970288.99.17.3192.168.2.3
                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 30, 2022 00:20:51.253921986 CET5799053192.168.2.38.8.8.8
                                          Nov 30, 2022 00:20:51.281322956 CET53579908.8.8.8192.168.2.3
                                          Nov 30, 2022 00:20:51.368350029 CET5238753192.168.2.38.8.8.8
                                          Nov 30, 2022 00:20:51.395328045 CET53523878.8.8.8192.168.2.3
                                          Nov 30, 2022 00:20:51.586791992 CET6062553192.168.2.38.8.8.8
                                          Nov 30, 2022 00:20:51.615792036 CET53606258.8.8.8192.168.2.3
                                          Nov 30, 2022 00:20:52.469736099 CET4930253192.168.2.38.8.8.8
                                          Nov 30, 2022 00:20:52.475405931 CET5397553192.168.2.38.8.8.8
                                          Nov 30, 2022 00:20:52.476200104 CET5113953192.168.2.38.8.8.8
                                          Nov 30, 2022 00:20:52.492763996 CET53493028.8.8.8192.168.2.3
                                          Nov 30, 2022 00:20:52.498127937 CET6058253192.168.2.38.8.8.8
                                          Nov 30, 2022 00:20:52.517107010 CET53605828.8.8.8192.168.2.3
                                          Nov 30, 2022 00:20:53.837598085 CET5963653192.168.2.38.8.8.8
                                          Nov 30, 2022 00:20:53.857350111 CET53596368.8.8.8192.168.2.3
                                          Nov 30, 2022 00:20:55.704586029 CET6532053192.168.2.38.8.8.8
                                          Nov 30, 2022 00:21:07.316586971 CET5943353192.168.2.38.8.8.8
                                          Nov 30, 2022 00:21:52.566946030 CET6551153192.168.2.38.8.8.8
                                          Nov 30, 2022 00:21:52.585711956 CET53655118.8.8.8192.168.2.3
                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Nov 30, 2022 00:20:51.253921986 CET192.168.2.38.8.8.80x3f99Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:51.368350029 CET192.168.2.38.8.8.80xedc6Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:51.586791992 CET192.168.2.38.8.8.80xf934Standard query (0)mandemutworld.comA (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:52.469736099 CET192.168.2.38.8.8.80x53c3Standard query (0)maxcdn.bootstrapcdn.comA (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:52.475405931 CET192.168.2.38.8.8.80x6243Standard query (0)cdn.jsdelivr.netA (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:52.476200104 CET192.168.2.38.8.8.80xc736Standard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:52.498127937 CET192.168.2.38.8.8.80xb775Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:53.837598085 CET192.168.2.38.8.8.80xd609Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:55.704586029 CET192.168.2.38.8.8.80x43bStandard query (0)aadcdn.msauthimages.netA (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:21:07.316586971 CET192.168.2.38.8.8.80xfc48Standard query (0)aadcdn.msauthimages.netA (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:21:52.566946030 CET192.168.2.38.8.8.80x290dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Nov 30, 2022 00:20:51.281322956 CET8.8.8.8192.168.2.30x3f99No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                          Nov 30, 2022 00:20:51.281322956 CET8.8.8.8192.168.2.30x3f99No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:51.395328045 CET8.8.8.8192.168.2.30xedc6No error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:51.615792036 CET8.8.8.8192.168.2.30xf934No error (0)mandemutworld.com88.99.17.3A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:52.492763996 CET8.8.8.8192.168.2.30x53c3No error (0)maxcdn.bootstrapcdn.com104.18.10.207A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:52.492763996 CET8.8.8.8192.168.2.30x53c3No error (0)maxcdn.bootstrapcdn.com104.18.11.207A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:52.497066975 CET8.8.8.8192.168.2.30xc736No error (0)code.jquery.comcds.s5x3j6q5.hwcdn.netCNAME (Canonical name)IN (0x0001)false
                                          Nov 30, 2022 00:20:52.500051022 CET8.8.8.8192.168.2.30x6243No error (0)cdn.jsdelivr.netcdn.jsdelivr.net.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                          Nov 30, 2022 00:20:52.502990961 CET8.8.8.8192.168.2.30xba5fNo error (0)cs1227.wpc.alphacdn.net192.229.221.185A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:52.517107010 CET8.8.8.8192.168.2.30xb775No error (0)www.google.com172.217.168.68A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:53.857350111 CET8.8.8.8192.168.2.30xd609No error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:53.857350111 CET8.8.8.8192.168.2.30xd609No error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:53.858860970 CET8.8.8.8192.168.2.30xe9dfNo error (0)dual.part-0032.t-0009.t-msedge.netpart-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Nov 30, 2022 00:20:53.858860970 CET8.8.8.8192.168.2.30xe9dfNo error (0)part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:53.858860970 CET8.8.8.8192.168.2.30xe9dfNo error (0)part-0032.t-0009.t-msedge.net13.107.213.60A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:55.724462032 CET8.8.8.8192.168.2.30x43bNo error (0)aadcdn.msauthimages.netaadcdn.azureedge.netCNAME (Canonical name)IN (0x0001)false
                                          Nov 30, 2022 00:20:55.724462032 CET8.8.8.8192.168.2.30x43bNo error (0)cs1025.wpc.upsiloncdn.net152.199.23.72A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:20:58.302872896 CET8.8.8.8192.168.2.30x2320No error (0)cs1227.wpc.alphacdn.net192.229.221.185A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:21:07.340468884 CET8.8.8.8192.168.2.30xfc48No error (0)aadcdn.msauthimages.netaadcdn.azureedge.netCNAME (Canonical name)IN (0x0001)false
                                          Nov 30, 2022 00:21:07.340468884 CET8.8.8.8192.168.2.30xfc48No error (0)cs1025.wpc.upsiloncdn.net152.199.23.72A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:21:07.558468103 CET8.8.8.8192.168.2.30x754eNo error (0)dual.part-0032.t-0009.t-msedge.netpart-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Nov 30, 2022 00:21:07.558468103 CET8.8.8.8192.168.2.30x754eNo error (0)part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:21:07.558468103 CET8.8.8.8192.168.2.30x754eNo error (0)part-0032.t-0009.t-msedge.net13.107.213.60A (IP address)IN (0x0001)false
                                          Nov 30, 2022 00:21:52.585711956 CET8.8.8.8192.168.2.30x290dNo error (0)www.google.com172.217.168.68A (IP address)IN (0x0001)false
                                          • clients2.google.com
                                          • accounts.google.com
                                          • mandemutworld.com
                                          • maxcdn.bootstrapcdn.com
                                          • logincdn.msauth.net
                                          • https:
                                          • cdnjs.cloudflare.com
                                          • aadcdn.msauth.net
                                          • aadcdn.msauthimages.net

                                          Click to jump to process

                                          Target ID:0
                                          Start time:00:20:45
                                          Start date:30/11/2022
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                                          Imagebase:0x7ff614650000
                                          File size:2851656 bytes
                                          MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Target ID:1
                                          Start time:00:20:46
                                          Start date:30/11/2022
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1816,i,18019605785344620809,16696382858066997968,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                                          Imagebase:0x7ff614650000
                                          File size:2851656 bytes
                                          MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Target ID:2
                                          Start time:00:20:47
                                          Start date:30/11/2022
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#U25b6 #Ud83d#Udd18#U2500#U2500#U2500#U2500#U2500#U2500#U2500 126 Voice-Attchment.919-340-XX.html
                                          Imagebase:0x7ff614650000
                                          File size:2851656 bytes
                                          MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          No disassembly