Edit tour

Windows Analysis Report
https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2

Overview

General Information

Sample URL:	https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2
Analysis ID:	1648133
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Creates files inside the system directory

Deletes files inside the Windows folder

HTML body contains low number of good links

HTML title does not match URL

Invalid 'forgot password' link found

Invalid 'sign-in options' or 'sign-up' link found

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 3656 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,3820764591954156103,7094436852025531885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://mail.webaccess-alerts.net/system/content_images/uploads/484/c83/67-/original/icon-key.png	Avira URL Cloud: Label: phishing
Source: https://mail.webaccess-alerts.net/system/content_files/uploads/592/f93/20-/original/account-security-alert-alternate-styles.css	Avira URL Cloud: Label: phishing
Source: https://mail.webaccess-alerts.net/system/content_images/uploads/e8e/2a9/8c-/original/mountain-bg-min.png	Avira URL Cloud: Label: phishing
Source: https://mail.webaccess-alerts.net/system/content_files/uploads/26b/ad3/4b-/original/content-data-entry-boilerplate.min.css	Avira URL Cloud: Label: phishing
Source: https://mail.webaccess-alerts.net/system/content_images/uploads/8e7/2c9/94-/original/account-security-alert-favicon.png	Avira URL Cloud: Label: phishing
Source: https://mail.webaccess-alerts.net/system/content_files/uploads/1cc/f07/72-/original/static-education-l10n.js	Avira URL Cloud: Label: phishing
Source: https://mail.webaccess-alerts.net/system/content_files/uploads/5b8/ee7/1e-/original/jquery-latest.min.js	Avira URL Cloud: Label: phishing

Source: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2

HTTP Parser: Number of links: 0

Source: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2

HTTP Parser: Title: Sign into your account does not match URL

Source: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2

HTTP Parser: Invalid link: Forgot my password

Source: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2

HTTP Parser: Invalid link: Sign-in options

Source: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2

HTTP Parser: <input type="password" .../> found

Source: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2

HTTP Parser: No <meta name="author".. found

Source: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 100.24.100.138:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 100.24.100.138:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.83.101.48:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.16:49719 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67

Source: global traffic	HTTP traffic detected: GET /u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2 HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /system/content_files/uploads/26b/ad3/4b-/original/content-data-entry-boilerplate.min.css HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _phishme.com_session_id=2201bd82f55d9ed2a76d48a8e67cd31a
Source: global traffic	HTTP traffic detected: GET /system/content_files/uploads/592/f93/20-/original/account-security-alert-alternate-styles.css HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _phishme.com_session_id=2201bd82f55d9ed2a76d48a8e67cd31a
Source: global traffic	HTTP traffic detected: GET /system/content_files/uploads/5b8/ee7/1e-/original/jquery-latest.min.js HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _phishme.com_session_id=2201bd82f55d9ed2a76d48a8e67cd31a
Source: global traffic	HTTP traffic detected: GET /system/content_files/uploads/1cc/f07/72-/original/static-education-l10n.js HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _phishme.com_session_id=2201bd82f55d9ed2a76d48a8e67cd31a
Source: global traffic	HTTP traffic detected: GET /system/content_images/uploads/484/c83/67-/original/icon-key.png HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _phishme.com_session_id=2201bd82f55d9ed2a76d48a8e67cd31a
Source: global traffic	HTTP traffic detected: GET /system/content_images/uploads/484/c83/67-/original/icon-key.png HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _phishme.com_session_id=2201bd82f55d9ed2a76d48a8e67cd31a
Source: global traffic	HTTP traffic detected: GET /system/content_images/uploads/e8e/2a9/8c-/original/mountain-bg-min.png HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.webaccess-alerts.net/system/content_files/uploads/592/f93/20-/original/account-security-alert-alternate-styles.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _phishme.com_session_id=2201bd82f55d9ed2a76d48a8e67cd31a
Source: global traffic	HTTP traffic detected: GET /system/content_images/uploads/e8e/2a9/8c-/original/mountain-bg-min.png HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _phishme.com_session_id=2201bd82f55d9ed2a76d48a8e67cd31a
Source: global traffic	HTTP traffic detected: GET /system/content_images/uploads/8e7/2c9/94-/original/account-security-alert-favicon.png HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _phishme.com_session_id=2201bd82f55d9ed2a76d48a8e67cd31a
Source: global traffic	HTTP traffic detected: GET /system/content_images/uploads/8e7/2c9/94-/original/account-security-alert-favicon.png HTTP/1.1Host: mail.webaccess-alerts.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _phishme.com_session_id=2201bd82f55d9ed2a76d48a8e67cd31a
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: mail.webaccess-alerts.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 100.24.100.138:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 100.24.100.138:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.83.101.48:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.16:49719 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir3656_60280018

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir3656_60280018

Source: classification engine

Classification label: mal56.win@22/9@6/147

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,3820764591954156103,7094436852025531885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,3820764591954156103,7094436852025531885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	12 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://mail.webaccess-alerts.net/system/content_images/uploads/484/c83/67-/original/icon-key.png	100%	Avira URL Cloud	phishing
https://mail.webaccess-alerts.net/system/content_files/uploads/592/f93/20-/original/account-security-alert-alternate-styles.css	100%	Avira URL Cloud	phishing
https://mail.webaccess-alerts.net/system/content_images/uploads/e8e/2a9/8c-/original/mountain-bg-min.png	100%	Avira URL Cloud	phishing
https://mail.webaccess-alerts.net/system/content_files/uploads/26b/ad3/4b-/original/content-data-entry-boilerplate.min.css	100%	Avira URL Cloud	phishing
https://mail.webaccess-alerts.net/system/content_images/uploads/8e7/2c9/94-/original/account-security-alert-favicon.png	100%	Avira URL Cloud	phishing
https://mail.webaccess-alerts.net/system/content_files/uploads/1cc/f07/72-/original/static-education-l10n.js	100%	Avira URL Cloud	phishing
https://mail.webaccess-alerts.net/system/content_files/uploads/5b8/ee7/1e-/original/jquery-latest.min.js	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.80.100	true	false		high
mail.webaccess-alerts.net	100.24.100.138	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mail.webaccess-alerts.net/system/content_images/uploads/484/c83/67-/original/icon-key.png	true	Avira URL Cloud: phishing	unknown
https://mail.webaccess-alerts.net/system/content_images/uploads/e8e/2a9/8c-/original/mountain-bg-min.png	true	Avira URL Cloud: phishing	unknown
https://mail.webaccess-alerts.net/system/content_files/uploads/592/f93/20-/original/account-security-alert-alternate-styles.css	true	Avira URL Cloud: phishing	unknown
https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2	true		unknown
https://mail.webaccess-alerts.net/system/content_files/uploads/5b8/ee7/1e-/original/jquery-latest.min.js	true	Avira URL Cloud: phishing	unknown
https://mail.webaccess-alerts.net/system/content_files/uploads/1cc/f07/72-/original/static-education-l10n.js	true	Avira URL Cloud: phishing	unknown
https://mail.webaccess-alerts.net/system/content_images/uploads/8e7/2c9/94-/original/account-security-alert-favicon.png	true	Avira URL Cloud: phishing	unknown
https://mail.webaccess-alerts.net/system/content_files/uploads/26b/ad3/4b-/original/content-data-entry-boilerplate.min.css	true	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.80.14	unknown	United States		15169	GOOGLEUS	false
64.233.180.84	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
142.250.80.100	www.google.com	United States		15169	GOOGLEUS	false
142.250.80.42	unknown	United States		15169	GOOGLEUS	false
142.250.81.227	unknown	United States		15169	GOOGLEUS	false
142.251.41.14	unknown	United States		15169	GOOGLEUS	false
142.250.65.206	unknown	United States		15169	GOOGLEUS	false
142.250.81.234	unknown	United States		15169	GOOGLEUS	false
142.250.176.195	unknown	United States		15169	GOOGLEUS	false
54.83.101.48	unknown	United States		14618	AMAZON-AESUS	false
142.251.41.3	unknown	United States		15169	GOOGLEUS	false
100.24.100.138	mail.webaccess-alerts.net	United States		14618	AMAZON-AESUS	false
142.251.35.163	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1648133
Start date and time:	2025-03-25 15:20:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@22/9@6/147

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.41.14, 142.250.81.227, 142.250.80.14, 64.233.180.84, 142.250.81.238, 142.250.80.42, 142.250.80.46, 142.250.176.195, 142.250.81.234, 142.250.80.10, 142.251.32.106, 142.250.65.170, 142.250.80.106, 142.251.35.170, 142.251.40.234, 142.250.72.106, 142.250.65.202, 172.217.165.138, 142.250.176.202, 142.251.41.10, 142.250.80.74, 142.250.65.234, 142.251.40.202, 142.251.35.174
Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2

Created / dropped Files

Chrome Cache Entry: 60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18290), with no line terminators
Category:	downloaded
Size (bytes):	18290
Entropy (8bit):	5.153424553011024
Encrypted:	false
SSDEEP:
MD5:	CDE1906F54D9EA8C69BE1488FAD61743
SHA1:	BC35BA9B37E3E293EF57036210F5A71AC0E7001B
SHA-256:	51829C6361406BBE6BBC441E575D760FB1EE39891A7729878B7D3304D4C1399C
SHA-512:	9F151A3215239F5F1D0FE80920DD57683E9F445C604B9500E4D4D9FD3F6577F5521030B0F72FE04331F4F4DFAA1A6543486939F420AA391D0476EF9BAC9F8071
Malicious:	false
Reputation:	unknown
URL:	https://mail.webaccess-alerts.net/system/content_files/uploads/26b/ad3/4b-/original/content-data-entry-boilerplate.min.css
Preview:	@import url(https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;700&display=swap);html{font-size:100%;-webkit-box-sizing:border-box;box-sizing:border-box;-ms-overflow-style:scrollbar;scroll-behavior:smooth;height:100%},::before,::after{-webkit-box-sizing:inherit;box-sizing:inherit}body{background:#fff;font-family:"Inter",sans-serif;font-weight:300;line-height:1.85;color:#6d758d;margin:0;height:100%}.container{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.row-no-gutters{margin-right:0;margin-left:0}.row-no-gutters [class="col-"]{padding-right:0;padding-left:0}.col-xs-1,.col-sm-1,.col-md-1,.col-lg-1,.col-xs-2,.col-sm-2,.col-md-2,.col-lg-2,.col-xs-3,.col-sm-3,.col-md-

Chrome Cache Entry: 61

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (396), with CRLF line terminators
Category:	downloaded
Size (bytes):	15567
Entropy (8bit):	4.64605372301667
Encrypted:	false
SSDEEP:
MD5:	E5B29DC5F05D09F0C754424FEAC17B93
SHA1:	DA79E8FDF2DBAB47A86879354339D8884CD9A75E
SHA-256:	E85ED67D64BA21766E6AB30B7FD8C59DFBAAD329A5D3902F9B99A893863E237E
SHA-512:	F29D035B1BDD25775744484A904E227602FFD1043B9D3A20B2C4B998013E5BF769750C3A0B5D7DFB32F7CF9BEDA383146309C460C1F6E95CF092B8189F81E93F
Malicious:	false
Reputation:	unknown
URL:	https://mail.webaccess-alerts.net/system/content_files/uploads/1cc/f07/72-/original/static-education-l10n.js
Preview:	/* JS-based louserzation logic functionality for multilingual static templates.. Created by: Content Team.. Last updated on: 02/03/2021 /.. / Language selector.. ************************************************************/.. .. // Language Selector on click listener. When you click on any language item, get the corresponding lang(uage) attribute and use it to show contents for that language only, hiding any other language /.. $("#language_selector li a, #languages li a").on("click", function (e) {.. e.preventDefault();.. showAndHideLangs($(this).attr("lang"));.. //Visually mark the language as active in the language selector.. languageAppend();.. //Clear the search input field and show the full of languages is displayed again.. $("input[type='text']").val("");.. $("ul.language-list li").show();.. });.... // Language selector search box listener. When you start typing, search for a matching language

Chrome Cache Entry: 62

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	12355
Entropy (8bit):	5.474192254690416
Encrypted:	false
SSDEEP:
MD5:	58C019E044248EF665027BD9A0436D5B
SHA1:	6561F47456E237186F453E44BA1009B1FA5C9B5D
SHA-256:	DBA26811CDDA7E7F16F5898C63160CC0D24EDD28D5069D4FB0661E98B5B2CAA8
SHA-512:	27BCD46A7CF3A5835B5535D90B42091302120B1815AB2D5A9457C08EDB2F79817CBC0728ED25B8AE84332B40A81FA45B96B73825B85C1CBE1E8D1D7919A5247A
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;700&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swa

Chrome Cache Entry: 63

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2299
Entropy (8bit):	7.887245828776056
Encrypted:	false
SSDEEP:
MD5:	3F4A417E4B9AAB1499C09C8190BB7624
SHA1:	457178C6488FA85407B0B0094F1A2208D4B4FB73
SHA-256:	CB12D174C70D4DA8C56DD54138E8CCE0812341D60B746AB8A1A3AC02908FA978
SHA-512:	5905EFB27044143E2485E4096A27C314E44F9512D8834F550BC0DD5947EF70D89EF639283A4DD60CBC92ED854FC26F99DC7AC8FBC8AD2F180504FAAF17A05A80
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...d...d.....p.T....IDATx..]Mh.I..Y.......fE..fbTD.n2z.4.0...k...=...!JN".....x...N."..$x.....L.fP..q.;..v..T........?(.{....W.U..:.#F..1b8D..h..[[[.x....._;P.J.._]]MW..4.....s...]]]5.?\|.py...u?..yB^.z.~..........v.7............'..... $jeyy9}.......J".@/oxX...s...\XX....E.......$.J-...$&2"kbbbrzz.w.#O,.3...w....J.b...{..}m......o...........K.R...1.`T.8p..\...q...K..a.b..\.W.}................[&ui.a...'.d.=z.o...Tj.7QF..Ri_>...G.....6...r&l....?...!..,.:....#O.z=...E..M.bj.W"K.1_.\4..7r.2>>>.j.Dk..A.g],&Z..9777.P....u.SSS.Tm/.2'.Ky2.....diP^....n7FP...%.62HRX#..Y(.a,..0q......-F<O.Q.B..M.....&zt.P.B...A..=.j.P...KI2.*...U..s.....X..h:J.$...n.w....k<..+,1L.y)G.kt.m.....X;.M...f...F..Z.g..F..#.5JH5^)2..H...Y....9..n..ge.E_.o.J..(E..;...ht....ng..a.4;.R.... .7;......r...!...MbppP...../_..R.........3...-.?..?~\|.o.!DoP....d2..N.j9m..' ..........U..e..$..YN..:.bP..b.r.8s..?~...B........K.F.+.\.W%.K?}.tX.B..^.8}.4)F.....f.....

Chrome Cache Entry: 65

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 1309, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1157967
Entropy (8bit):	7.9973627209212905
Encrypted:	true
SSDEEP:
MD5:	8364D2B76F19793C5407C733E2BA8A2E
SHA1:	AB1C1A81C7EDD471E0EF17A572592F68134E6D87
SHA-256:	0AF82E1261A2AF07E89CC1943F4E2D578879101D7FC76461194F56187E022D46
SHA-512:	18F8170D7C26357A5FC3C61A5AEF654EF88F483128FB5ACED54116B1CB882037EB8BEA3D1E485AB5E1ADBDA8C2641379AA47774CB50E7254887EA9169F937AD5
Malicious:	false
Reputation:	unknown
URL:	https://mail.webaccess-alerts.net/system/content_images/uploads/e8e/2a9/8c-/original/mountain-bg-min.png
Preview:	.PNG........IHDR................@....PLTE...?KQ-5915...................#$.!.19?DRY%-0...3>D()BNU;GMIV\.(+9BF..."%$./+..!........w..=7$&.{..EYb.....36%$..9>>5DK9-!.....589...BFJ......@U^440r.....=</....$.......GB&L[aNcj...<NX...G............JOS...6..-.............{.G5(){....H^g..........3..=..AE@........l..G?5L..:..............i.....HLI...T>....5HRB..&..}....{.....c.....Ujqi..S..X..S^ae..TVW\..E..~.....YH:...Vy....WM(Vfj...Q..r...AL_]U...l........]..z..IM5...Z..UPLHR(OH@...cRE^ca[sw~..fI2iiaann2).b..8E(..a...N....pV@jD.A:.(8C...Va.......d(stkp_QW5.RG.k\..yZ..k{z...kYD'.~aEx[.P\I[Z9u..p....A.o,..3..w.x`..i...aZ..PyP.h..}4.s...vF..d.......r.wW.u..y....aloC.O.nr".;.#y..........J.]G.oC.g.s.v..G..........<5.)Ekt..\.W'.qK.UT(uo...O....-....+IDATx..?k#.....+..7.1M%....:q.....(xi.....q .........R.._..>.$....^..]wI.......).R.TVO..k.k]....5>.8..........N....$............t;]=^....]}.q..8....?..N.!........^...\..<..=.....?....o...p.9>.~..o{...W

Chrome Cache Entry: 66

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	87533
Entropy (8bit):	5.262536918435756
Encrypted:	false
SSDEEP:
MD5:	2C872DBE60F4BA70FB85356113D8B35E
SHA1:	EE48592D1FFF952FCF06CE0B666ED4785493AFDC
SHA-256:	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
SHA-512:	BF6089ED4698CB8270A8B0C8AD9508FF886A7A842278E98064D5C1790CA3A36D5D69D9F047EF196882554FC104DA2C88EB5395F1EE8CF0F3F6FF8869408350FE
Malicious:	false
Reputation:	unknown
URL:	https://mail.webaccess-alerts.net/system/content_files/uploads/5b8/ee7/1e-/original/jquery-latest.min.js
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 67

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	7030
Entropy (8bit):	4.966053726234169
Encrypted:	false
SSDEEP:
MD5:	3FE00905DF926AC65FB23B73AB235FE9
SHA1:	470BE5CF71FD1FEEC011D19C9AED047E24489F16
SHA-256:	BA5CCE3AB58617EB4340C792BA864DE65B5E518FFF84A7B1C1B1D5D0CC3E7D20
SHA-512:	7ADF4664AF48AA144A440F7D62CDA4C83D8213DD1C32686BFA6FEB1853AA9FC0057575B1B081C095E7ECD80B80026283DA4709C75218AE2AB90B9ED52789DB9A
Malicious:	false
Reputation:	unknown
URL:	https://mail.webaccess-alerts.net/system/content_files/uploads/592/f93/20-/original/account-security-alert-alternate-styles.css
Preview:	html {.. min-height:100%;.. height:100%;..}....body {.. background-color: white;...color: #1b1b1b;...font-weight: normal;...font-family: "Segoe UI", "Segoe", "SegoeUI-Regular-final", Tahoma, Helvetica, Arial, sans-serif;...margin: 0;...font-size: 1rem;.. background: url(/system/content_images/uploads/e8e/2a9/8c-/original/mountain-bg-min.png) no-repeat center center fixed;.. -webkit-background-size: cover;.. -moz-background-size: cover;.. -o-background-size: cover;.. background-size: cover;.. display: table;.. height:100%;.. width:100%;.. line-height: 1.42857143;..}....h1, h2, h3, h4, h5, h6 {.. font-weight: 500;.. margin-bottom: 1.25rem;.. font-family: "Segoe UI", "Segoe", "SegoeUI-Regular-final", Tahoma, Helvetica, Arial, sans-serif;..}....h1 {.. font-size: 1.5rem;.. margin-top: 0;..}....h2 {.. font-size: 1.25rem;..}....h3 {.. font-size: 1.25rem;..}....p {.. font-size: .9rem;.. margin: 0.75rem 0;..}....a {.. color: #337

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	52236
Entropy (8bit):	7.977477172324493
Encrypted:	false
SSDEEP:
MD5:	CD9388CFC3E10EB3BA3F86C2780ECBFB
SHA1:	745A31638847D5752D781613F84EE2EAC6914E55
SHA-256:	EAD43A27C91F528F879F5CCC4A212BF4FFBE3160D56A9BD2D7D0142206BE6556
SHA-512:	6A244D2D615304170FA06B4CB40DF11F5698A7B483E7494A28587A6F4A04B7ED4507BECFB1FBDC1F28E7B75760061BFD4F108E3F357407596213DE4009203571
Malicious:	false
Reputation:	unknown
URL:	https://mail.webaccess-alerts.net/system/content_images/uploads/8e7/2c9/94-/original/account-security-alert-favicon.png
Preview:	.PNG........IHDR... ... .....szz.....pHYs.................IDATX....]U..?k.}..N...e.@)....&&.bL..5._0.... .....`K....CL.....h.1...D...h,....3..;w.9{.\|8..).u.$+{..{....w..ud.g...8.o.m8...o....+.=J...f.u....KC.P3J...6.6.J"-.5....$.t.O.....dy0....6.}.LI.........'.$.^.3.. ^..=.b....di....B.#.....-....T\'...+V.GS.9..M.F<S..$...Y..Cm........n]...P\..M.&Q..E.l.lk.B6a.....m\|2P#... A...p..9.)....7...........t....m....W..B.e.H...:....$.d....Y.#.'Y@M..si..n~....B..r..H...4.t.j.@.G.b..j..'...7.X....8.7..B.O...1.0Z..p..K.8.=..0...5c6O.Y.T.EQ.....p$.(..^..@em..><..E....R...:.=..G..q...y...1.,.!.@.....D.LX....!s".x.l.q.GV..c..Ry.?...... d<.Gq....+..9...c...c...p.8.._..7.\I..>.0if...J....c..._.@JC......-<V:.y......'.QU=n..O..P2..uF7..mw3.,s....$.D.$....G"p:m..8..^..I.....tyT..Z.r1.M...O....w....DZ.../>....[....._........!....A4.dL...w.8..=..N...w..5.. #d..4#..$5.v\|..3......l...N..g..9./..v'K.E...c.....!.....C'...\<.~...&[.U.K..1...-.L..........m...

Chrome Cache Entry: 69

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (748), with no line terminators
Category:	downloaded
Size (bytes):	748
Entropy (8bit):	3.9063169922279872
Encrypted:	false
SSDEEP:
MD5:	19DCAB11FD9CFCCB950B0210A35429EB
SHA1:	782AF9E6051E1D46D931DC774827934A114F38D0
SHA-256:	5FB97E386E794AE45CD3DC12A5B89FB78104E89169D7071248755FA76A0FFEDB
SHA-512:	F16911F60B05F91799C34A3E7AF0DE655647C9C7DBB5568852D75649F3A632E5F6F91F294A9E7A1E29EEE5F04003FEE511D93C765FA492B236C74B9966593C72
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhLEAwkEepmK7wDJ1xIFDeeNQA4SBQ3OQUx6EgUN541ADhIFDc5BTHoSBQ3njUAOEgUNzkFMehIFDeeNQA4SBQ3OQUx6EgUN541ADhIFDc5BTHoSBQ3njUAOEgUNzkFMehIFDeeNQA4SBQ3OQUx6EgUN541ADhIFDc5BTHoSBQ3njUAOEgUNzkFMehIFDeeNQA4SBQ3OQUx6EgUN541ADhIFDc5BTHoSBQ3njUAOEgUNzkFMehIFDeeNQA4SBQ3OQUx6EgUN541ADhIFDc5BTHoSBQ3njUAOEgUNzkFMehIFDeeNQA4SBQ3OQUx6EgUN541ADhIFDc5BTHoSBQ3njUAOEgUNzkFMehIFDeeNQA4SBQ3OQUx6EgUN541ADhIFDc5BTHoSBQ3njUAOEgUNzkFMehIFDeeNQA4SBQ3OQUx6EgUN541ADhIFDc5BTHoSBQ3njUAOEgUNzkFMehIFDeeNQA4SBQ3OQUx6EgUN541ADhIFDc5BTHoSBQ3njUAOEgUNzkFMehIFDeeNQA4SBQ3OQUx6EgUN541ADhIFDc5BTHoSBQ3njUAOEgUNzkFMehIFDeeNQA4SBQ3OQUx6IY5c0GrYI8i5?alt=proto
Preview:	Cq4ECgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoACgcN541ADhoACgcNzkFMehoA

Static File Info

⊘No static file info