Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VM Tue, January 24, 2023 #18654.html

Overview

General Information

Sample Name:VM Tue, January 24, 2023 #18654.html
Analysis ID:791307
MD5:80cc2287a8d92303bbb07808b1d7ac08
SHA1:fdeb4f5abafd0d978ebe0b8b1a8a1026d6282922
SHA256:e3c04a3f5e27cc3d6630ac9c7e8d8b5c8fe0be2514d7676b538de9c18e45aaa4
Infos:

Detection

Captcha Phish, HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish44
Yara detected Captcha Phish
Antivirus detection for URL or domain
IP address seen in connection with other malware

Classification

  • System is w10x64
  • chrome.exe (PID: 6052 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1724,i,2672952510848693389,14012057706382809610,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 4392 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\VM Tue, January 24, 2023 #18654.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
VM Tue, January 24, 2023 #18654.htmlJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security
    SourceRuleDescriptionAuthorStrings
    99254.0.pages.csvJoeSecurity_CaptchaPhish_1Yara detected Captcha PhishJoe Security
      No Sigma rule has matched
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: https://h-kd0.shop/main/SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
      Source: https://h-kd0.shop/favicon.icoAvira URL Cloud: Label: phishing
      Source: https://h-kd0.shop/?e=YXNyeUBraW1iby5jby51aw==Avira URL Cloud: Label: phishing

      Phishing

      barindex
      Source: Yara matchFile source: VM Tue, January 24, 2023 #18654.html, type: SAMPLE
      Source: Yara matchFile source: 99254.0.pages.csv, type: HTML
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
      Source: Joe Sandbox ViewIP Address: 104.16.169.131 104.16.169.131
      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
      Source: unknownDNS traffic detected: queries for: accounts.google.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /?e=YXNyeUBraW1iby5jby51aw== HTTP/1.1Host: h-kd0.shopConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /main/ HTTP/1.1Host: h-kd0.shopConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=eioem6nv7v7icqhj7kg3faav62
      Source: global trafficHTTP traffic detected: GET /1/api.js HTTP/1.1Host: www.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://h-kd0.shop/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /captcha/v1/48ebaaf/static/hcaptcha.html HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://h-kd0.shop/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /captcha/v1/48ebaaf/static/hcaptcha.html HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://h-kd0.shop/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Tue, 27 Dec 2022 13:52:50 GMT
      Source: global trafficHTTP traffic detected: GET /captcha/v1/48ebaaf/hcaptcha.js HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://newassets.hcaptcha.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: h-kd0.shopConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://h-kd0.shop/main/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=eioem6nv7v7icqhj7kg3faav62
      Source: global trafficHTTP traffic detected: GET /captcha/v1/48ebaaf/hcaptcha.js HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://newassets.hcaptcha.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"6f882143f7e3a0802a1c7633f8b11933"If-Modified-Since: Tue, 27 Dec 2022 13:52:50 GMT
      Source: global trafficHTTP traffic detected: GET /c/9b22d05/hsw.js HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /i/9b22d05/e HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Jan 2023 09:21:14 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 209Connection: close
      Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
      Source: classification engineClassification label: mal64.phis.winHTML@31/0@8/8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1724,i,2672952510848693389,14012057706382809610,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\VM Tue, January 24, 2023 #18654.html
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1724,i,2672952510848693389,14012057706382809610,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath Interception1
      Process Injection
      2
      Masquerading
      OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
      Encrypted Channel
      Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Process Injection
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
      Non-Application Layer Protocol
      Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
      Application Layer Protocol
      Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
      Ingress Tool Transfer
      SIM Card SwapCarrier Billing Fraud
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      hcaptcha.com0%VirustotalBrowse
      h-kd0.shop4%VirustotalBrowse
      www.hcaptcha.com0%VirustotalBrowse
      newassets.hcaptcha.com0%VirustotalBrowse
      SourceDetectionScannerLabelLink
      https://h-kd0.shop/main/100%SlashNextCredential Stealing type: Phishing & Social Engineering
      https://www.hcaptcha.com/1/api.js0%URL Reputationsafe
      https://h-kd0.shop/favicon.ico100%Avira URL Cloudphishing
      https://newassets.hcaptcha.com/i/9b22d05/e0%Avira URL Cloudsafe
      https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html0%Avira URL Cloudsafe
      https://newassets.hcaptcha.com/c/9b22d05/hsw.js0%Avira URL Cloudsafe
      https://hcaptcha.com/checksiteconfig?v=48ebaaf&host=h-kd0.shop&sitekey=f8954f89-2ff5-49a0-afdd-3656b68b442c&sc=1&swa=10%Avira URL Cloudsafe
      https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js0%Avira URL Cloudsafe
      https://h-kd0.shop/?e=YXNyeUBraW1iby5jby51aw==100%Avira URL Cloudphishing
      NameIPActiveMaliciousAntivirus DetectionReputation
      hcaptcha.com
      104.16.169.131
      truefalseunknown
      h-kd0.shop
      192.111.146.184
      truefalseunknown
      accounts.google.com
      142.250.203.109
      truefalse
        high
        www.google.com
        142.250.203.100
        truefalse
          high
          clients.l.google.com
          216.58.215.238
          truefalse
            high
            www.hcaptcha.com
            104.16.169.131
            truefalseunknown
            newassets.hcaptcha.com
            104.16.169.131
            truefalseunknown
            clients2.google.com
            unknown
            unknownfalse
              high
              NameMaliciousAntivirus DetectionReputation
              https://h-kd0.shop/main/true
              • SlashNext: Credential Stealing type: Phishing & Social Engineering
              unknown
              https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.htmlfalse
              • Avira URL Cloud: safe
              unknown
              https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html#frame=challenge&id=0mrxeuynfqs&host=h-kd0.shop&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&sitekey=f8954f89-2ff5-49a0-afdd-3656b68b442c&theme=light&origin=https%3A%2F%2Fh-kd0.shopfalse
                unknown
                https://www.hcaptcha.com/1/api.jsfalse
                • URL Reputation: safe
                unknown
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                  high
                  https://h-kd0.shop/main/true
                  • SlashNext: Credential Stealing type: Phishing & Social Engineering
                  unknown
                  https://h-kd0.shop/favicon.icofalse
                  • Avira URL Cloud: phishing
                  unknown
                  https://newassets.hcaptcha.com/i/9b22d05/efalse
                  • Avira URL Cloud: safe
                  unknown
                  https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                    high
                    https://hcaptcha.com/checksiteconfig?v=48ebaaf&host=h-kd0.shop&sitekey=f8954f89-2ff5-49a0-afdd-3656b68b442c&sc=1&swa=1false
                    • Avira URL Cloud: safe
                    unknown
                    https://newassets.hcaptcha.com/c/9b22d05/hsw.jsfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html#frame=checkbox&id=0mrxeuynfqs&host=h-kd0.shop&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&sitekey=f8954f89-2ff5-49a0-afdd-3656b68b442c&theme=light&origin=https%3A%2F%2Fh-kd0.shopfalse
                      unknown
                      https://h-kd0.shop/?e=YXNyeUBraW1iby5jby51aw==false
                      • Avira URL Cloud: phishing
                      unknown
                      https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.jsfalse
                      • Avira URL Cloud: safe
                      unknown
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      104.16.169.131
                      hcaptcha.comUnited States
                      13335CLOUDFLARENETUSfalse
                      239.255.255.250
                      unknownReserved
                      unknownunknownfalse
                      216.58.215.238
                      clients.l.google.comUnited States
                      15169GOOGLEUSfalse
                      192.111.146.184
                      h-kd0.shopUnited States
                      31863DACEN-2USfalse
                      142.250.203.100
                      www.google.comUnited States
                      15169GOOGLEUSfalse
                      142.250.203.109
                      accounts.google.comUnited States
                      15169GOOGLEUSfalse
                      IP
                      192.168.2.1
                      127.0.0.1
                      Joe Sandbox Version:36.0.0 Rainbow Opal
                      Analysis ID:791307
                      Start date and time:2023-01-25 10:20:14 +01:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 6m 21s
                      Hypervisor based Inspection enabled:false
                      Report type:light
                      Sample file name:VM Tue, January 24, 2023 #18654.html
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:18
                      Number of new started drivers analysed:1
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal64.phis.winHTML@31/0@8/8
                      EGA Information:Failed
                      HDC Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Found application associated with file extension: .html
                      • Browse: https://www.hcaptcha.com/what-is-hcaptcha-about?ref=h-kd0.shop&utm_campaign=f8954f89-2ff5-49a0-afdd-3656b68b442c&utm_medium=checkbox
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, qwavedrv.sys, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                      • TCP Packets have been reduced to 100
                      • Excluded IPs from analysis (whitelisted): 142.250.203.99, 34.104.35.123, 216.58.215.234, 172.217.168.10, 172.217.168.42, 172.217.168.74, 142.250.203.106
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtWriteVirtualMemory calls found.
                      No simulations
                      No context
                      No context
                      No context
                      No context
                      No context
                      No created / dropped files found
                      File type:HTML document, ASCII text, with very long lines (4002), with no line terminators
                      Entropy (8bit):3.4266196238262228
                      TrID:
                        File name:VM Tue, January 24, 2023 #18654.html
                        File size:4002
                        MD5:80cc2287a8d92303bbb07808b1d7ac08
                        SHA1:fdeb4f5abafd0d978ebe0b8b1a8a1026d6282922
                        SHA256:e3c04a3f5e27cc3d6630ac9c7e8d8b5c8fe0be2514d7676b538de9c18e45aaa4
                        SHA512:c76b561c8859e454f9814390b49610247945025f2cb6dbbec56ecc5e3d273dae959c753071b6283bdb7c6197684a562ff73ec4a53fa4d1a58ab7738257b76e8a
                        SSDEEP:96:SadmnL1B9dp6Ml94QtwqS11D8fEsUSnfUV:SadOt/6MlN2qG1D8fEsUSfUV
                        TLSH:2181593C6210D88F6D736E3FFCB45E54D018AF97EDC96B84041A44E63BE01AA76042EB
                        File Content Preview:<script language="javascript">document.write( unescape( '%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%3E%0D%0A%3C%68%74%6D%6C%20%6C%61%6E%67%3D%22%65%6E%22%3E%0D%0A%3C%68%65%61%64%3E%0D%0A%20%20%20%20%3C%6D%65%74%61%20%63%68%61%72%73%65%74%3D%22%55%54%46%2D
                        Icon Hash:78d0a8cccc88c460
                        TimestampSource PortDest PortSource IPDest IP
                        Jan 25, 2023 10:21:09.933392048 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:09.933448076 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:09.933542967 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:09.933958054 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:09.934019089 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:09.934158087 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:09.935447931 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:09.935471058 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:09.935682058 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:09.935715914 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:09.994476080 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:09.995348930 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:09.995419979 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:09.995959997 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:09.996073008 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:09.996789932 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:09.996866941 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:10.037544966 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.038136005 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:10.038177967 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.039885044 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.040011883 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:10.702723980 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:10.702788115 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:10.703005075 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:10.703443050 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:10.703507900 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:10.704070091 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:10.704102039 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.704377890 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:10.704386950 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.704441071 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.743932009 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:10.743984938 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.744127035 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:10.760406971 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:10.760742903 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:10.760898113 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:10.783873081 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.783965111 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:10.784017086 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.784287930 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.784360886 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:10.881444931 CET49696443192.168.2.3142.250.203.109
                        Jan 25, 2023 10:21:10.881515980 CET44349696142.250.203.109192.168.2.3
                        Jan 25, 2023 10:21:10.882282019 CET49695443192.168.2.3216.58.215.238
                        Jan 25, 2023 10:21:10.882330894 CET44349695216.58.215.238192.168.2.3
                        Jan 25, 2023 10:21:11.256012917 CET49698443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.256067038 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.256232023 CET49698443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.256967068 CET49698443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.257005930 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.257355928 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.257421017 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.257494926 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.257812977 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.257847071 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.743828058 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.766611099 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.778563976 CET49698443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.778633118 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.778795958 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.778848886 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.781620026 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.781708002 CET49698443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.782171965 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.782252073 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.937261105 CET49698443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.937304974 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.937423944 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.937464952 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.937791109 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.937815905 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:11.938647032 CET49698443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:11.938676119 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.012048006 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:12.012090921 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.015979052 CET49698443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:12.113486052 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:12.220944881 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.221200943 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.221401930 CET49698443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:12.228759050 CET49698443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:12.228807926 CET44349698192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.237673998 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:12.237729073 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.374614000 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.374670029 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.374710083 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.374835014 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:12.374835014 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:12.374854088 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.374907017 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:12.584649086 CET49699443192.168.2.3192.111.146.184
                        Jan 25, 2023 10:21:12.584701061 CET44349699192.111.146.184192.168.2.3
                        Jan 25, 2023 10:21:12.679800987 CET49701443192.168.2.3104.16.169.131
                        Jan 25, 2023 10:21:12.679925919 CET44349701104.16.169.131192.168.2.3
                        Jan 25, 2023 10:21:12.680052996 CET49701443192.168.2.3104.16.169.131
                        Jan 25, 2023 10:21:12.680505991 CET49701443192.168.2.3104.16.169.131
                        Jan 25, 2023 10:21:12.680532932 CET44349701104.16.169.131192.168.2.3
                        TimestampSource PortDest PortSource IPDest IP
                        Jan 25, 2023 10:21:09.904345989 CET5892153192.168.2.38.8.8.8
                        Jan 25, 2023 10:21:09.905561924 CET6270453192.168.2.38.8.8.8
                        Jan 25, 2023 10:21:09.925120115 CET53627048.8.8.8192.168.2.3
                        Jan 25, 2023 10:21:09.930423975 CET53589218.8.8.8192.168.2.3
                        Jan 25, 2023 10:21:10.750754118 CET5799053192.168.2.38.8.8.8
                        Jan 25, 2023 10:21:10.769975901 CET53579908.8.8.8192.168.2.3
                        Jan 25, 2023 10:21:12.648492098 CET6062553192.168.2.38.8.8.8
                        Jan 25, 2023 10:21:12.668647051 CET53606258.8.8.8192.168.2.3
                        Jan 25, 2023 10:21:13.161659002 CET4930253192.168.2.38.8.8.8
                        Jan 25, 2023 10:21:13.180979967 CET53493028.8.8.8192.168.2.3
                        Jan 25, 2023 10:21:14.067257881 CET6058253192.168.2.38.8.8.8
                        Jan 25, 2023 10:21:14.085923910 CET53605828.8.8.8192.168.2.3
                        Jan 25, 2023 10:21:14.289933920 CET5713453192.168.2.38.8.8.8
                        Jan 25, 2023 10:21:14.309168100 CET53571348.8.8.8192.168.2.3
                        Jan 25, 2023 10:22:14.123693943 CET6501753192.168.2.38.8.8.8
                        Jan 25, 2023 10:22:14.151098967 CET53650178.8.8.8192.168.2.3
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Jan 25, 2023 10:21:09.904345989 CET192.168.2.38.8.8.80xa722Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:09.905561924 CET192.168.2.38.8.8.80xc890Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:10.750754118 CET192.168.2.38.8.8.80xb5b6Standard query (0)h-kd0.shopA (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:12.648492098 CET192.168.2.38.8.8.80x447eStandard query (0)www.hcaptcha.comA (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:13.161659002 CET192.168.2.38.8.8.80x3987Standard query (0)newassets.hcaptcha.comA (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:14.067257881 CET192.168.2.38.8.8.80x97deStandard query (0)www.google.comA (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:14.289933920 CET192.168.2.38.8.8.80x2831Standard query (0)hcaptcha.comA (IP address)IN (0x0001)false
                        Jan 25, 2023 10:22:14.123693943 CET192.168.2.38.8.8.80x5323Standard query (0)www.google.comA (IP address)IN (0x0001)false
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Jan 25, 2023 10:21:09.925120115 CET8.8.8.8192.168.2.30xc890No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                        Jan 25, 2023 10:21:09.925120115 CET8.8.8.8192.168.2.30xc890No error (0)clients.l.google.com216.58.215.238A (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:09.930423975 CET8.8.8.8192.168.2.30xa722No error (0)accounts.google.com142.250.203.109A (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:10.769975901 CET8.8.8.8192.168.2.30xb5b6No error (0)h-kd0.shop192.111.146.184A (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:12.668647051 CET8.8.8.8192.168.2.30x447eNo error (0)www.hcaptcha.com104.16.169.131A (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:12.668647051 CET8.8.8.8192.168.2.30x447eNo error (0)www.hcaptcha.com104.16.168.131A (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:13.180979967 CET8.8.8.8192.168.2.30x3987No error (0)newassets.hcaptcha.com104.16.169.131A (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:13.180979967 CET8.8.8.8192.168.2.30x3987No error (0)newassets.hcaptcha.com104.16.168.131A (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:14.085923910 CET8.8.8.8192.168.2.30x97deNo error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:14.309168100 CET8.8.8.8192.168.2.30x2831No error (0)hcaptcha.com104.16.169.131A (IP address)IN (0x0001)false
                        Jan 25, 2023 10:21:14.309168100 CET8.8.8.8192.168.2.30x2831No error (0)hcaptcha.com104.16.168.131A (IP address)IN (0x0001)false
                        Jan 25, 2023 10:22:14.151098967 CET8.8.8.8192.168.2.30x5323No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                        • clients2.google.com
                        • accounts.google.com
                        • h-kd0.shop
                        • https:
                          • www.hcaptcha.com
                          • newassets.hcaptcha.com
                          • hcaptcha.com

                        Click to jump to process

                        Target ID:0
                        Start time:10:21:07
                        Start date:25/01/2023
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                        Imagebase:0x7ff614650000
                        File size:2851656 bytes
                        MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Target ID:1
                        Start time:10:21:08
                        Start date:25/01/2023
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1724,i,2672952510848693389,14012057706382809610,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                        Imagebase:0x7ff614650000
                        File size:2851656 bytes
                        MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Target ID:2
                        Start time:10:21:09
                        Start date:25/01/2023
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\VM Tue, January 24, 2023 #18654.html
                        Imagebase:0x7ff614650000
                        File size:2851656 bytes
                        MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        No disassembly