Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
20399201011-2023.jpg.html

Overview

General Information

Sample name:20399201011-2023.jpg.html
Analysis ID:1358193
MD5:800db45a3f63f32396b7b3e65ea7b574
SHA1:2d18ace17b975a2e2bd35d98533380664a48d012
SHA256:a80b66ac9ff80ec74d7d434dea97c3ff758517c4e21da9625d97d31fd6637e57

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
HTML file submission containing password form
Creates files inside the system directory
Detected hidden input values containing email addresses (often used in phishing pages)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden URLs or javascript code
HTML page contains obfuscate script src
HTML title does not match URL
None HTTPS page querying sensitive user data (password, username or email)
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 5276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\20399201011-2023.jpg.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2052,i,9912628921689900689,5546769601433557711,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: euunclaimedpymt.comVirustotal: Detection: 6%Perma Link
Source: 20399201011-2023.jpg.htmlVirustotal: Detection: 33%Perma Link
Source: 20399201011-2023.jpg.htmlHTTP Parser: s.eggers@stadtwerke-husum.de
Source: 20399201011-2023.jpg.htmlHTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: Number of links: 0
Source: 20399201011-2023.jpg.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
Source: 20399201011-2023.jpg.htmlHTTP Parser: Base64 decoded: var tnk = $("#tnk").val();$(document).bind('keydown', function(e) {if(e.ctrlKey && (e.which == 83)) {e.preventDefault();return false;}});document.addEventListener('contextmenu', event => event.preventDefault());document.onkeydown = funct...
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJCXZhciBkb2MgPSBkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQ7CgkJCWRvYy5zZXRBdHRyaWJ1dGUoICdkYXRhLXVzZXJhZ2VudCcsIG5hdmlnYXRvci51c2VyQWdlbnQgKTsKCQk=
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gxIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gwIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gyIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwoidXNlIHN0cmljdCI7dmFyIF9jcmVhdGVDbGFzcz1mdW5jdGlvbigpe2Z1bmN0aW9uIGRlZmluZVByb3BlcnRpZXModGFyZ2V0LHByb3BzKXtmb3IodmFyIGk9MDtpPHByb3BzLmxlbmd0aDtpKyspe3ZhciBkZXNjcmlwdG9yPXByb3BzW2ldO2Rlc2NyaXB0b3IuZW
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwooZnVuY3Rpb24oKSB7CiJ1c2Ugc3RyaWN0Ijt2YXIgcj0iZnVuY3Rpb24iPT10eXBlb2YgU3ltYm9sJiYic3ltYm9sIj09dHlwZW9mIFN5bWJvbC5pdGVyYXRvcj9mdW5jdGlvbihlKXtyZXR1cm4gdHlwZW9mIGV9OmZ1bmN0aW9uKGUpe3JldHVybiBlJiYiZnVuY3
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJCXZhciBkb2MgPSBkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQ7CgkJCWRvYy5zZXRBdHRyaWJ1dGUoICdkYXRhLXVzZXJhZ2VudCcsIG5hdmlnYXRvci51c2VyQWdlbnQgKTsKCQk=
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gxIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gwIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gyIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwoidXNlIHN0cmljdCI7dmFyIF9jcmVhdGVDbGFzcz1mdW5jdGlvbigpe2Z1bmN0aW9uIGRlZmluZVByb3BlcnRpZXModGFyZ2V0LHByb3BzKXtmb3IodmFyIGk9MDtpPHByb3BzLmxlbmd0aDtpKyspe3ZhciBkZXNjcmlwdG9yPXByb3BzW2ldO2Rlc2NyaXB0b3IuZW
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwooZnVuY3Rpb24oKSB7CiJ1c2Ugc3RyaWN0Ijt2YXIgcj0iZnVuY3Rpb24iPT10eXBlb2YgU3ltYm9sJiYic3ltYm9sIj09dHlwZW9mIFN5bWJvbC5pdGVyYXRvcj9mdW5jdGlvbihlKXtyZXR1cm4gdHlwZW9mIGV9OmZ1bmN0aW9uKGUpe3JldHVybiBlJiYiZnVuY3
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJCXZhciBkb2MgPSBkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQ7CgkJCWRvYy5zZXRBdHRyaWJ1dGUoICdkYXRhLXVzZXJhZ2VudCcsIG5hdmlnYXRvci51c2VyQWdlbnQgKTsKCQk=
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gxIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gwIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gyIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwoidXNlIHN0cmljdCI7dmFyIF9jcmVhdGVDbGFzcz1mdW5jdGlvbigpe2Z1bmN0aW9uIGRlZmluZVByb3BlcnRpZXModGFyZ2V0LHByb3BzKXtmb3IodmFyIGk9MDtpPHByb3BzLmxlbmd0aDtpKyspe3ZhciBkZXNjcmlwdG9yPXByb3BzW2ldO2Rlc2NyaXB0b3IuZW
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwooZnVuY3Rpb24oKSB7CiJ1c2Ugc3RyaWN0Ijt2YXIgcj0iZnVuY3Rpb24iPT10eXBlb2YgU3ltYm9sJiYic3ltYm9sIj09dHlwZW9mIFN5bWJvbC5pdGVyYXRvcj9mdW5jdGlvbihlKXtyZXR1cm4gdHlwZW9mIGV9OmZ1bmN0aW9uKGUpe3JldHVybiBlJiYiZnVuY3
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJCXZhciBkb2MgPSBkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQ7CgkJCWRvYy5zZXRBdHRyaWJ1dGUoICdkYXRhLXVzZXJhZ2VudCcsIG5hdmlnYXRvci51c2VyQWdlbnQgKTsKCQk=
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gxIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gwIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gyIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwoidXNlIHN0cmljdCI7dmFyIF9jcmVhdGVDbGFzcz1mdW5jdGlvbigpe2Z1bmN0aW9uIGRlZmluZVByb3BlcnRpZXModGFyZ2V0LHByb3BzKXtmb3IodmFyIGk9MDtpPHByb3BzLmxlbmd0aDtpKyspe3ZhciBkZXNjcmlwdG9yPXByb3BzW2ldO2Rlc2NyaXB0b3IuZW
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwooZnVuY3Rpb24oKSB7CiJ1c2Ugc3RyaWN0Ijt2YXIgcj0iZnVuY3Rpb24iPT10eXBlb2YgU3ltYm9sJiYic3ltYm9sIj09dHlwZW9mIFN5bWJvbC5pdGVyYXRvcj9mdW5jdGlvbihlKXtyZXR1cm4gdHlwZW9mIGV9OmZ1bmN0aW9uKGUpe3JldHVybiBlJiYiZnVuY3
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJCXZhciBkb2MgPSBkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQ7CgkJCWRvYy5zZXRBdHRyaWJ1dGUoICdkYXRhLXVzZXJhZ2VudCcsIG5hdmlnYXRvci51c2VyQWdlbnQgKTsKCQk=
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gxIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gwIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gyIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwoidXNlIHN0cmljdCI7dmFyIF9jcmVhdGVDbGFzcz1mdW5jdGlvbigpe2Z1bmN0aW9uIGRlZmluZVByb3BlcnRpZXModGFyZ2V0LHByb3BzKXtmb3IodmFyIGk9MDtpPHByb3BzLmxlbmd0aDtpKyspe3ZhciBkZXNjcmlwdG9yPXByb3BzW2ldO2Rlc2NyaXB0b3IuZW
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwooZnVuY3Rpb24oKSB7CiJ1c2Ugc3RyaWN0Ijt2YXIgcj0iZnVuY3Rpb24iPT10eXBlb2YgU3ltYm9sJiYic3ltYm9sIj09dHlwZW9mIFN5bWJvbC5pdGVyYXRvcj9mdW5jdGlvbihlKXtyZXR1cm4gdHlwZW9mIGV9OmZ1bmN0aW9uKGUpe3JldHVybiBlJiYiZnVuY3
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJCXZhciBkb2MgPSBkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQ7CgkJCWRvYy5zZXRBdHRyaWJ1dGUoICdkYXRhLXVzZXJhZ2VudCcsIG5hdmlnYXRvci51c2VyQWdlbnQgKTsKCQk=
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gxIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gwIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,CgkJKGZ1bmN0aW9uKCQpIHsKCgkJCSQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCkgewoKCQkJCSQoIiNtaW9fY2FsY19ib3gyIC50YWJzLWNvbnRlbnQgLnR5cGUgYSIpLmNsaWNrKCBmdW5jdGlvbiAoKSB7CgkJCQkJdmFyIHRhYkNvbnRlbnQgPSAkKHRoaXMpLmF0dHIoJ2hyZWYnKTsKCQ
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwoidXNlIHN0cmljdCI7dmFyIF9jcmVhdGVDbGFzcz1mdW5jdGlvbigpe2Z1bmN0aW9uIGRlZmluZVByb3BlcnRpZXModGFyZ2V0LHByb3BzKXtmb3IodmFyIGk9MDtpPHByb3BzLmxlbmd0aDtpKyspe3ZhciBkZXNjcmlwdG9yPXByb3BzW2ldO2Rlc2NyaXB0b3IuZW
Source: https://www.stadtwerke-husum.de/HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwooZnVuY3Rpb24oKSB7CiJ1c2Ugc3RyaWN0Ijt2YXIgcj0iZnVuY3Rpb24iPT10eXBlb2YgU3ltYm9sJiYic3ltYm9sIj09dHlwZW9mIFN5bWJvbC5pdGVyYXRvcj9mdW5jdGlvbihlKXtyZXR1cm4gdHlwZW9mIGV9OmZ1bmN0aW9uKGUpe3JldHVybiBlJiYiZnVuY3
Source: 20399201011-2023.jpg.htmlHTTP Parser: Title: PDF | stadtwerke-husum.de Document Previewer does not match URL
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: Title: PDF | stadtwerke-husum.de Document Previewer does not match URL
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: Has password / email / username input fields
Source: 20399201011-2023.jpg.htmlHTTP Parser: <input type="password" .../> found
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: <input type="password" .../> found
Source: 20399201011-2023.jpg.htmlHTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: No favicon
Source: 20399201011-2023.jpg.htmlHTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: No <meta name="author".. found
Source: 20399201011-2023.jpg.htmlHTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49727 version: TLS 1.0
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 0MB later: 29MB
Source: unknownHTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49727 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_5276_1323492214
Source: classification engineClassification label: mal60.phis.winHTML@17/6@26/148
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: 20399201011-2023.jpg.htmlVirustotal: Detection: 33%
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\20399201011-2023.jpg.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2052,i,9912628921689900689,5546769601433557711,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2052,i,9912628921689900689,5546769601433557711,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Stealing of Sensitive Information

barindex
Source: file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmlHTTP Parser: file:///C:/Users/user/Desktop/20399201011-2023.jpg.html
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
11
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium2
Encrypted Channel
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Application Layer Protocol
SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Extra Window Memory Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Application Layer Protocol
Data Encrypted for ImpactDNS ServerEmail Addresses

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
20399201011-2023.jpg.html33%VirustotalBrowse
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
euunclaimedpymt.com7%VirustotalBrowse
stadtwerke-husum.de0%VirustotalBrowse
www.stadtwerke-husum.de0%VirustotalBrowse
portal.stadtwerke-husum.de0%VirustotalBrowse
SourceDetectionScannerLabelLink
file:///C:/Users/user/Desktop/20399201011-2023.jpg.html0%Avira URL Cloudsafe
about:blank0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
euunclaimedpymt.com
45.95.168.70
truetrueunknown
accounts.google.com
172.217.3.77
truefalse
    high
    code.jquery.com
    151.101.2.137
    truefalse
      high
      i.gyazo.com
      104.18.25.163
      truefalse
        high
        www.google.com
        142.250.217.164
        truefalse
          high
          stadtwerke-husum.de
          87.230.105.169
          truefalseunknown
          www.stadtwerke-husum.de
          87.230.105.169
          truefalseunknown
          clients.l.google.com
          142.250.64.142
          truefalse
            high
            portal.stadtwerke-husum.de
            185.28.230.216
            truefalseunknown
            clients1.google.com
            unknown
            unknownfalse
              high
              clients2.google.com
              unknown
              unknownfalse
                high
                NameMaliciousAntivirus DetectionReputation
                file:///C:/Users/user/Desktop/20399201011-2023.jpg.htmltrue
                • Avira URL Cloud: safe
                low
                about:blankfalse
                • Avira URL Cloud: safe
                low
                https://www.stadtwerke-husum.de/false
                  unknown
                  https://portal.stadtwerke-husum.de/csit/action/csProductCalculatorShort?formReset.x=true&iFrame=true&media=POWER&openerHusum=Startseite%20Headerfalse
                    unknown
                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs
                    IPDomainCountryFlagASNASN NameMalicious
                    192.178.50.67
                    unknownUnited States
                    15169GOOGLEUSfalse
                    1.1.1.1
                    unknownAustralia
                    13335CLOUDFLARENETUSfalse
                    87.230.105.169
                    stadtwerke-husum.deGermany
                    35329GD-EMEA-DC-CGN3DEfalse
                    104.18.25.163
                    i.gyazo.comUnited States
                    13335CLOUDFLARENETUSfalse
                    192.178.50.42
                    unknownUnited States
                    15169GOOGLEUSfalse
                    142.250.217.227
                    unknownUnited States
                    15169GOOGLEUSfalse
                    142.250.64.238
                    unknownUnited States
                    15169GOOGLEUSfalse
                    142.250.217.238
                    unknownUnited States
                    15169GOOGLEUSfalse
                    185.28.230.216
                    portal.stadtwerke-husum.deGermany
                    12843TELEMAXXDEfalse
                    142.250.64.200
                    unknownUnited States
                    15169GOOGLEUSfalse
                    151.101.2.137
                    code.jquery.comUnited States
                    54113FASTLYUSfalse
                    142.250.64.142
                    clients.l.google.comUnited States
                    15169GOOGLEUSfalse
                    142.250.217.164
                    www.google.comUnited States
                    15169GOOGLEUSfalse
                    45.95.168.70
                    euunclaimedpymt.comCroatia (LOCAL Name: Hrvatska)
                    42864GIGANET-HUGigaNetInternetServiceProviderCoHUtrue
                    239.255.255.250
                    unknownReserved
                    unknownunknownfalse
                    172.217.3.77
                    accounts.google.comUnited States
                    15169GOOGLEUSfalse
                    IP
                    192.168.2.16
                    Joe Sandbox version:38.0.0 Ammolite
                    Analysis ID:1358193
                    Start date and time:2023-12-11 10:05:56 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    Analysis Mode:stream
                    Analysis stop reason:Timeout
                    Sample name:20399201011-2023.jpg.html
                    Detection:MAL
                    Classification:mal60.phis.winHTML@17/6@26/148
                    Cookbook Comments:
                    • Found application associated with file extension: .html
                    • Exclude process from analysis (whitelisted): dllhost.exe
                    • Excluded IPs from analysis (whitelisted): 192.178.50.67, 34.104.35.123
                    • Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, clientservices.googleapis.com
                    • Not all processes where analyzed, report is missing behavior information
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 11 08:06:26 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2673
                    Entropy (8bit):3.98644084550774
                    Encrypted:false
                    SSDEEP:
                    MD5:DAC5317D5117C22A600E40F2F5CF3CB1
                    SHA1:E8CC5D8A2B3D6C018FABDAF71569DA0D49AB534C
                    SHA-256:3C7933B6E5AA743C558EA067253453BFD4B7029E7DE804B87FBDC32A23C230B7
                    SHA-512:16E3B5D2AD0166C46A9FE4D3E30C9D999D327EBED32FA6313D25DDF7B278CAFEE4EC4D6CCE7DDC2CB72024847966BB3E57A203380190B3B220BA7A2913F2988D
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....)W0R.,..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.W.H....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.W.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.W.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.W.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.W.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 11 08:06:26 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2675
                    Entropy (8bit):4.002133647909013
                    Encrypted:false
                    SSDEEP:
                    MD5:3B6532DB7B88DD57865B8EBCE8821E52
                    SHA1:1102520AA7F8756DD4EFBDADF78FF9408009CD46
                    SHA-256:E6DC19162B73FD5D1B6314A412413C5E77805ADCFDDC32EC36153A9F1C865D23
                    SHA-512:E00401D071D8BE4AE0549703C5188DD2CAC472924E4A14CD848C4A06F63C74AECEDE50A9E04D8C61A7ED1986E38D44523EA5A7F23C846632FF71772692EEB9D5
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....l/'R.,..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.W.H....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.W.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.W.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.W.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.W.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2689
                    Entropy (8bit):4.0134454624335545
                    Encrypted:false
                    SSDEEP:
                    MD5:7CA83F2FE6EC0CBF4665588C64639B7E
                    SHA1:7984C1F4DFC1AA96F154268C9C76AE6153EEE742
                    SHA-256:BACE373A2F49E42C938034723E2B5855984209FB1B851BEBCB662F719E1E9281
                    SHA-512:35376880101F92AA0596DE816CB0ECAF1E053AAEA657880F467C3470C4C11DA1A6C0EEF6B02E2440B2E5E892E2512725ED6A2E763CB94961674FFBE49665CE43
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.W.H....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.W.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.W.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.W.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 11 08:06:26 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):4.002066578043301
                    Encrypted:false
                    SSDEEP:
                    MD5:196732168E53325F1CBECDD4C3ED37C9
                    SHA1:EC5A4ED54F0D6A456E0781C0577753A8672125E4
                    SHA-256:AC87F753EC50945DC91729C18FA5712633C74088A995BA31D6B7CD157352141E
                    SHA-512:9A523890ACED1A665ACD0018E2D46BF66D3927E5BFEADDD62EB806AF238BF1B8FEF60894F61373FAFC40196DD6A42AFFC0E3C5DD7A5C8D306EB2E83C13481E8F
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,......#R.,..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.W.H....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.W.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.W.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.W.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.W.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 11 08:06:26 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.990966348385927
                    Encrypted:false
                    SSDEEP:
                    MD5:4F0B617F17571F947B66F46AA9A6DA4F
                    SHA1:0072E5A784D3ED7177A58E8EE01AF7B02BFFD4BB
                    SHA-256:CCDA9709728E262D2B6723F4C406FAFCE69BA8C3A3B92A67E72B5E908D7D7101
                    SHA-512:1B4BDA1210619B0D3A29B6717254DEA02A96A3B2FE917C480BD0D43261CF843BD6AD716F6077CDF6094013CA530396730EC28FEEA6A170D5EF8E7F6B60639FD8
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,......,R.,..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.W.H....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.W.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.W.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.W.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.W.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 11 08:06:26 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):4.0015266579255515
                    Encrypted:false
                    SSDEEP:
                    MD5:D18CD59600CEC897B01E8BF1F26BB264
                    SHA1:D694A84505C83482B7B6C9EDE0734828034EFA55
                    SHA-256:567B7663C59C2C68D07097ECE9F164A09FFE7D9618D58DC845E87B72F6D61A4C
                    SHA-512:3DA619C8D90935C4A932EBA377A74468799CF98ECCE1B032A9C8324494FAE22801CB58DF6F92D351AD8C820F23377F42BE9A9E9D3A3681FD0C97536D4022FD8A
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....^..R.,..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.W.H....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.W.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.W.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.W.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.W.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    File type:HTML document, ISO-8859 text, with very long lines (3648), with CRLF line terminators
                    Entropy (8bit):5.943956448801516
                    TrID:
                    • HyperText Markup Language (12001/1) 18.75%
                    • HyperText Markup Language (12001/1) 18.75%
                    • HyperText Markup Language (11501/1) 17.97%
                    • HyperText Markup Language (11501/1) 17.97%
                    • HyperText Markup Language (11001/1) 17.19%
                    File name:20399201011-2023.jpg.html
                    File size:9'142 bytes
                    MD5:800db45a3f63f32396b7b3e65ea7b574
                    SHA1:2d18ace17b975a2e2bd35d98533380664a48d012
                    SHA256:a80b66ac9ff80ec74d7d434dea97c3ff758517c4e21da9625d97d31fd6637e57
                    SHA512:b08728c125bb9ebb876c58651102e8da283e338df7e2ae876b5e47b2e153f368cb279f493ee67749f2dd1844ce95b627dcf1c177d0a9b07e1c84dd38d97d6bbe
                    SSDEEP:192:FXQRL+xiBNLxCxXtL5KlLGQq+qztaVARWMQqxd9StQ29CSigFfkZH/+g+yN5H:FAPL60lLnq+qJaVARWMQqxStQ29CdgF+
                    TLSH:E912C770BE8E4C1957B2518362FC7EC5119F8B7056A18E1C7FB622BBE4C15B11AD21DC
                    File Content Preview:<html>..<head>...<meta name="viewport" content="width=device-width, initial-scale=1">...<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />...<title>PDF | stadtwerke-husum.de Document Previewer</title>...<script src="https://code.jquery.com/j
                    Icon Hash:173149cccc490307