Edit tour

Windows Analysis Report
FW What it takes to build a great search mobile experience.msg

Overview

General Information

Sample name:FW What it takes to build a great search mobile experience.msg
Analysis ID:1654446
MD5:8ec47aca8634972c019696f320871c03
SHA1:4ee888faec6724409b21d14f9bbc43b5b027f1d5
SHA256:bef6dada01df6f2fb995a3207dbab4cc6b7e171c8a48344df4a6cf02858b3104
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
AI detected suspicious elements in Email content
Creates files inside the system directory
Deletes files inside the Windows folder
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry
Uses insecure TLS / SSL version for HTTPS connection

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7072 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW What it takes to build a great search mobile experience.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6292 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "0FB93FDC-1732-419D-833A-C0138701C0ED" "38BFA882-F15D-4348-9508-0CD3F719362D" "7072" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=worldmartech.com&u=aHR0cHM6Ly93d3cuZW52LndvcmxkbWFydGVjaC5jb20vc2lnbnVwLXVzZXIvYW05dUxuZGxaMEJqWVhKa1ptRmpkRzl5ZVM1amJ5NTFhdz09L05UYzFNUT09&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=Wlo3QkdqVkpQenIwbUZnOGhJKzU3ZGI0RDhqNThYQy9XNmNUa0UwR1pkVT0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 6848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2088,i,8509042597815076517,3032925579814416831,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7072, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://www.env.worldmartech.com/favicon.icoAvira URL Cloud: Label: phishing

Phishing

barindex
Source: https://www.env.worldmartech.com/signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ==Joe Sandbox AI: Score: 8 Reasons: The brand 'Algolia' is a known brand, primarily associated with the domain 'algolia.com'., The URL 'www.env.worldmartech.com' does not match the legitimate domain 'algolia.com'., The domain 'worldmartech.com' does not have any known association with Algolia., The presence of multiple input fields requesting personal and professional information is typical in phishing attempts., The URL structure includes an unusual subdomain 'env', which could be an attempt to mimic legitimate subdomains., The domain 'worldmartech.com' could be a generic or unrelated domain, increasing the suspicion of phishing. DOM: 0.0.pages.csv
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email contains multiple PHP errors and template issues, indicating a poorly constructed or malicious email. The links are obfuscated through a Sophos protection system but ultimately lead to a suspicious domain 'worldmartech.com'. The email uses generic marketing language and urgency to get users to download an 'ebook', a common phishing tactic
Source: https://www.env.worldmartech.com/signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ==HTTP Parser: Number of links: 0
Source: https://www.env.worldmartech.com/signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ==HTTP Parser: Title: What it takes to build a great search mobile experience does not match URL
Source: EmailClassification: Lure-Based Attack
Source: https://www.env.worldmartech.com/signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ==HTTP Parser: No favicon
Source: https://www.env.worldmartech.com/signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ==HTTP Parser: No <meta name="author".. found
Source: https://www.env.worldmartech.com/signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ==HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49738 version: TLS 1.0
Source: unknownHTTPS traffic detected: 108.138.128.37:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.138.128.37:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 205.134.255.228:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.11.229:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.69.208:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.10.229:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.11.229:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.41.4:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 39MB
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: eu-west-1.protection.sophos.com to https://www.env.worldmartech.com/signup-user/am9ulndlz0bjyxjkzmfjdg9yes5jby51aw==/ntc1mq==
Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49738 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.155.67
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.155.67
Source: global trafficHTTP traffic detected: GET /?d=worldmartech.com&u=aHR0cHM6Ly93d3cuZW52LndvcmxkbWFydGVjaC5jb20vc2lnbnVwLXVzZXIvYW05dUxuZGxaMEJqWVhKa1ptRmpkRzl5ZVM1amJ5NTFhdz09L05UYzFNUT09&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=Wlo3QkdqVkpQenIwbUZnOGhJKzU3ZGI0RDhqNThYQy9XNmNUa0UwR1pkVT0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw HTTP/1.1Host: eu-west-1.protection.sophos.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ== HTTP/1.1Host: www.env.worldmartech.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://www.env.worldmartech.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/Customer/a24d4bfd-2433-428f-786a-08dd65355f2b.png HTTP/1.1Host: resources.insightsforprofessionals.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.env.worldmartech.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Asset/Inclusion/463938/Reference/promo-image HTTP/1.1Host: response.insightsforprofessionals.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.env.worldmartech.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/jquery-validate/1.15.0/jquery.validate.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.env.worldmartech.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/Customer/a24d4bfd-2433-428f-786a-08dd65355f2b.png HTTP/1.1Host: resources.insightsforprofessionals.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Asset/Inclusion/463938/Reference/promo-image HTTP/1.1Host: response.insightsforprofessionals.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.env.worldmartech.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.env.worldmartech.com/signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ==Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%222c7b8282707515b6abb85586cd791956%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A11%3A%22161.77.13.2%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A111%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F134.0.0.0+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1743583205%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D949b94ae7962df3503229ad09d27179062bea761
Source: global trafficDNS traffic detected: DNS query: eu-west-1.protection.sophos.com
Source: global trafficDNS traffic detected: DNS query: www.env.worldmartech.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: resources.insightsforprofessionals.com
Source: global trafficDNS traffic detected: DNS query: response.insightsforprofessionals.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 02 Apr 2025 08:40:06 GMTServer: ApacheContent-Length: 236Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 108.138.128.37:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.138.128.37:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 205.134.255.228:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.11.229:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.69.208:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.10.229:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.11.229:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.41.4:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6180_1551040496
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6180_1551040496
Source: classification engineClassification label: mal60.phis.winMSG@24/9@16/164
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250402T0439330565-7072.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW What it takes to build a great search mobile experience.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "0FB93FDC-1732-419D-833A-C0138701C0ED" "38BFA882-F15D-4348-9508-0CD3F719362D" "7072" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "0FB93FDC-1732-419D-833A-C0138701C0ED" "38BFA882-F15D-4348-9508-0CD3F719362D" "7072" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=worldmartech.com&u=aHR0cHM6Ly93d3cuZW52LndvcmxkbWFydGVjaC5jb20vc2lnbnVwLXVzZXIvYW05dUxuZGxaMEJqWVhKa1ptRmpkRzl5ZVM1amJ5NTFhdz09L05UYzFNUT09&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=Wlo3QkdqVkpQenIwbUZnOGhJKzU3ZGI0RDhqNThYQy9XNmNUa0UwR1pkVT0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2088,i,8509042597815076517,3032925579814416831,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=worldmartech.com&u=aHR0cHM6Ly93d3cuZW52LndvcmxkbWFydGVjaC5jb20vc2lnbnVwLXVzZXIvYW05dUxuZGxaMEJqWVhKa1ptRmpkRzl5ZVM1amJ5NTFhdz09L05UYzFNUT09&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=Wlo3QkdqVkpQenIwbUZnOGhJKzU3ZGI0RDhqNThYQy9XNmNUa0UwR1pkVT0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2088,i,8509042597815076517,3032925579814416831,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation11
Browser Extensions
1
Process Injection
11
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
1
Modify Registry
LSASS Memory13
System Information Discovery
Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Process Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/jquery.validate.min.js0%Avira URL Cloudsafe
https://eu-west-1.protection.sophos.com/?d=worldmartech.com&u=aHR0cHM6Ly93d3cuZW52LndvcmxkbWFydGVjaC5jb20vc2lnbnVwLXVzZXIvYW05dUxuZGxaMEJqWVhKa1ptRmpkRzl5ZVM1amJ5NTFhdz09L05UYzFNUT09&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=Wlo3QkdqVkpQenIwbUZnOGhJKzU3ZGI0RDhqNThYQy9XNmNUa0UwR1pkVT0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw0%Avira URL Cloudsafe
https://resources.insightsforprofessionals.com/assets/Customer/a24d4bfd-2433-428f-786a-08dd65355f2b.png0%Avira URL Cloudsafe
https://response.insightsforprofessionals.com/Asset/Inclusion/463938/Reference/promo-image0%Avira URL Cloudsafe
https://www.env.worldmartech.com/favicon.ico100%Avira URL Cloudphishing
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
www.env.worldmartech.com
205.134.255.228
truetrue
    unknown
    response.insightsforprofessionals.com
    172.67.69.208
    truefalse
      unknown
      d35tlz0p71apkp.cloudfront.net
      108.138.128.37
      truefalse
        unknown
        resources.insightsforprofessionals.com
        104.26.11.229
        truefalse
          unknown
          cdnjs.cloudflare.com
          104.17.25.14
          truefalse
            high
            www.google.com
            142.251.41.4
            truefalse
              high
              s-0005.dual-s-msedge.net
              52.123.128.14
              truefalse
                high
                eu-west-1.protection.sophos.com
                unknown
                unknownfalse
                  unknown
                  NameMaliciousAntivirus DetectionReputation
                  https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.cssfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://www.env.worldmartech.com/favicon.icotrue
                  • Avira URL Cloud: phishing
                  unknown
                  https://eu-west-1.protection.sophos.com/?d=worldmartech.com&u=aHR0cHM6Ly93d3cuZW52LndvcmxkbWFydGVjaC5jb20vc2lnbnVwLXVzZXIvYW05dUxuZGxaMEJqWVhKa1ptRmpkRzl5ZVM1amJ5NTFhdz09L05UYzFNUT09&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=Wlo3QkdqVkpQenIwbUZnOGhJKzU3ZGI0RDhqNThYQy9XNmNUa0UwR1pkVT0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclwfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/jquery.validate.min.jsfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://resources.insightsforprofessionals.com/assets/Customer/a24d4bfd-2433-428f-786a-08dd65355f2b.pngfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://www.env.worldmartech.com/signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ==true
                    unknown
                    https://response.insightsforprofessionals.com/Asset/Inclusion/463938/Reference/promo-imagefalse
                    • Avira URL Cloud: safe
                    unknown
                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs
                    IPDomainCountryFlagASNASN NameMalicious
                    205.134.255.228
                    www.env.worldmartech.comUnited States
                    22611IMH-WESTUStrue
                    142.251.35.170
                    unknownUnited States
                    15169GOOGLEUSfalse
                    142.250.65.163
                    unknownUnited States
                    15169GOOGLEUSfalse
                    142.250.65.195
                    unknownUnited States
                    15169GOOGLEUSfalse
                    104.26.10.229
                    unknownUnited States
                    13335CLOUDFLARENETUSfalse
                    184.31.69.3
                    unknownUnited States
                    20940AKAMAI-ASN1EUfalse
                    20.189.173.4
                    unknownUnited States
                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    52.111.251.18
                    unknownUnited States
                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    108.138.128.37
                    d35tlz0p71apkp.cloudfront.netUnited States
                    16509AMAZON-02USfalse
                    52.123.128.14
                    s-0005.dual-s-msedge.netUnited States
                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    142.250.64.99
                    unknownUnited States
                    15169GOOGLEUSfalse
                    142.250.81.238
                    unknownUnited States
                    15169GOOGLEUSfalse
                    142.251.40.110
                    unknownUnited States
                    15169GOOGLEUSfalse
                    172.67.69.208
                    response.insightsforprofessionals.comUnited States
                    13335CLOUDFLARENETUSfalse
                    104.26.11.229
                    resources.insightsforprofessionals.comUnited States
                    13335CLOUDFLARENETUSfalse
                    142.251.16.84
                    unknownUnited States
                    15169GOOGLEUSfalse
                    142.250.176.195
                    unknownUnited States
                    15169GOOGLEUSfalse
                    104.17.25.14
                    cdnjs.cloudflare.comUnited States
                    13335CLOUDFLARENETUSfalse
                    142.251.41.4
                    www.google.comUnited States
                    15169GOOGLEUSfalse
                    142.250.65.234
                    unknownUnited States
                    15169GOOGLEUSfalse
                    IP
                    192.168.2.16
                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1654446
                    Start date and time:2025-04-02 10:38:57 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:16
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    Analysis Mode:stream
                    Analysis stop reason:Timeout
                    Sample name:FW What it takes to build a great search mobile experience.msg
                    Detection:MAL
                    Classification:mal60.phis.winMSG@24/9@16/164
                    Cookbook Comments:
                    • Found application associated with file extension: .msg
                    • Exclude process from analysis (whitelisted): svchost.exe
                    • Excluded IPs from analysis (whitelisted): 184.31.69.3, 52.111.251.18, 52.111.251.19, 52.111.251.17, 52.111.251.16, 52.123.128.14
                    • Excluded domains from analysis (whitelisted): ecs.office.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, dual-s-0005-office.config.skype.com, fs.microsoft.com, nleditor.osi.office.net, prod-na.naturallanguageeditorservice.osi.office.net.akadns.net, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, prod-canc-resolver.naturallanguageeditorservice.osi.office.net.akadns.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtOpenFile calls found.
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: www.env.worldmartech.com
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Unicode text, UTF-8 text, with very long lines (22550)
                    Category:downloaded
                    Size (bytes):22688
                    Entropy (8bit):5.223240277623455
                    Encrypted:false
                    SSDEEP:
                    MD5:C4499184878D17D8AF6F4181C0D03102
                    SHA1:C5A2FF013FA357C1D2A6571B5D8E658E670080EA
                    SHA-256:AA1D80CDF0990E97A21069AB16C048EF90A35DF1165B87D19ACCABD7C4EDC860
                    SHA-512:0DA5E2CD6EEB9DE26233F5CE9D341543BC0364154D5DFE54F6B13CF013D8850704438A63684665097E61818DFEE02DCAF758DF7695166F3F2DF262FF8350434F
                    Malicious:false
                    Reputation:unknown
                    URL:https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/jquery.validate.min.js
                    Preview:/*! jQuery Validation Plugin - v1.15.0 - 2/24/2016. * http://jqueryvalidation.org/. * Copyright (c) 2016 J.rn Zaefferer; Licensed MIT */.!function(a){"function"==typeof define&&define.amd?define(["jquery"],a):"object"==typeof module&&module.exports?module.exports=a(require("jquery")):a(jQuery)}(function(a){a.extend(a.fn,{validate:function(b){if(!this.length)return void(b&&b.debug&&window.console&&console.warn("Nothing selected, can't validate, returning nothing."));var c=a.data(this[0],"validator");return c?c:(this.attr("novalidate","novalidate"),c=new a.validator(b,this[0]),a.data(this[0],"validator",c),c.settings.onsubmit&&(this.on("click.validate",":submit",function(b){c.settings.submitHandler&&(c.submitButton=b.target),a(this).hasClass("cancel")&&(c.cancelSubmit=!0),void 0!==a(this).attr("formnovalidate")&&(c.cancelSubmit=!0)}),this.on("submit.validate",function(b){function d(){var d,e;return c.settings.submitHandler?(c.submitButton&&(d=a("<input type='hidden'/>").attr("name",c.su
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:RIFF (little-endian) data, Web/P image
                    Category:downloaded
                    Size (bytes):20434
                    Entropy (8bit):7.950776955324463
                    Encrypted:false
                    SSDEEP:
                    MD5:BC37C4C2A572900186D99A86EF9D24EB
                    SHA1:0E591804D3568D5630289AB8D005E8144FB01373
                    SHA-256:5B4C130C97125884E8C1F80C75D5A15780C43F105E912B2A2F2328BDC666E213
                    SHA-512:21A09A9E5720859582CF3E2DEE59A79E2A2B43A10B4BFC8CFB4FA084BC019D22A388E52FEBFBC6F5F2D5A2E4AB0B492CB23F683E35F9892CDAD4E82E36853E80
                    Malicious:false
                    Reputation:unknown
                    URL:https://response.insightsforprofessionals.com/Asset/Inclusion/463938/Reference/promo-image
                    Preview:RIFF.O..WEBPVP8L.O../....M0l.6..i......g...O..fr.....PG-..O[.N.4....e.+I.<..ku.......tb...^..Hy..$..M../....U....E..zfv...'..tW"..F...H.m.m....9.(....R.M.....~.& +...I..}E.4%...O.I...{.I.$I.w.>......N.8N.41[.K........n. .ME.=h\.6......wcCWx099...G.$.....D"..B;...X...+...LY...K._I&.....`...+.g./)V%*.D...8..L........X,)....V.@..*.KJJZI..<.@X.......)...6.D.. .!B.......n.....)....Ot............U.!.2..YR.5Y......@.s.L.w.N.C....j.U!%6..p........W.G...^.6H.....-gRJ../r'......}:G.U.c.^.....-.i...$..2........CL....J'.F..3eR.Z.Q.i?c.r..O{..m.....96..nJ...m.%)...?..1..U..F....{.<S...x..A.]tVT.i.$@..s...CV.....TyU.|.G...j.m.$i.....1bf.....Wa...... }.1x_}..g...m[..7|....a.C.D.3)G.$.V<...i..... ..=....m...6.\k.s>.]#ww2y.'rH5...W.Tc......{.Yst...x.O.m..FRoc...0.1.B....i..".LE...~k.vm..V.:..g.3...&..hr..&."1....FL..k..i=...}....'. ..)R.[....-..N..*n.h!m.......d..d..}...R.u..M....y?D"2..d.qV..?a..u..D..e.".....}m..-o.m...uI2..&.L:..7._.).S0.p.
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 200 x 88, 8-bit/color RGB, non-interlaced
                    Category:dropped
                    Size (bytes):26154
                    Entropy (8bit):7.9909950621693415
                    Encrypted:true
                    SSDEEP:
                    MD5:7DAC54DB9E97771216FFDEED9560BE52
                    SHA1:AE7D858E37F9F222EFC4FCBB7B6027192298CCEE
                    SHA-256:394BA2818201B88011B73208A27E27B3C5DD4B3AAC496041A296531D366CB43B
                    SHA-512:AA9B42D785AE863B724CAF9566FB72FB91432E44448AA2EEDE4301D10AC5E55AA1998D0ABC6E4D09C60FD677A03DC476F9370593589DFE8CB1EF498995A7A12A
                    Malicious:false
                    Reputation:unknown
                    Preview:.PNG........IHDR.......X.....?\/....piCCPicc..x..;HBQ...Z....!....KE4.E.$..h5t...{.{...Uh.d5.4.....A......%.v.RJ`....?..8.w.]......(..PPJ$W..g<.....Z.pl!N.....p..g...R......E..x...(..w.a5+k.O.....{.W.~....F.G....R..J...;....nh...k..a=_V....2.c....b.0.$....S.O....(!.m.G....(.."1O...1.....Z.I.\}A.|..7.tmC.j...]?..#\...B.f..Sm...0..g.....[0.P.M....N......0t..."..u.. ^..+.......ywwkn........r..HQ..duIDATx.Z{.fEq._..=../.....+`....4> ..R..D....1.(..@..yT..2....!D..Ji..0R..D ......w.....|.3s.......g.L?..g.Ow.}...P.@$......H.(.I|&.......<...<5c.`%.mz...F..0d.NPsH$.E......p..`.HP/.. .$..<.yF]Z@J..a.bb...AQ..q. ......X...)....}.(...4J...7..wK$CbD.IV.......ix..@.sw=.. .P...`..1y.~.o..j..0..A.....Qz6~ih....KE..+..qz.{..2p.63m.w.....a.j.z.....@K..V....d..{.S%...Of......O.]...-..R.$[..^.B..=.n.f..2.+0@!l.E......".....ODc.......T=qK....QT.F.G..4x....ol..*..Q..5z.p..].=}$.kI.K.....8.@D....y.84Q...b..i.x....K.S...pP[....*...i.. .[`N.F.1a..I.8..33#..&..Iw%$...
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with no line terminators
                    Category:downloaded
                    Size (bytes):236
                    Entropy (8bit):4.6136472859144035
                    Encrypted:false
                    SSDEEP:
                    MD5:3DEA6E4A74AE5C8A6B8DD3BAE0DE6081
                    SHA1:0B2672DB2629A86272CA21084220113C548195DB
                    SHA-256:6C09A3F77E8A1CE36FFDF1BF0CFF8AA9BB5C17616BA8F31DB31D8B5946245362
                    SHA-512:9B86BD1B8867C44AD5431A94991E517F73A639F03BFCA39DAF2BC6A9883C5C68E0CA8B69662A2A48E35922960F80B0679EB8E9CB7BACDAC6EF93D46C4B10A9D4
                    Malicious:false
                    Reputation:unknown
                    URL:https://www.env.worldmartech.com/favicon.ico
                    Preview:<html><head><title>Error 404 - Not Found</title><head><body><h1>Error 404 - Not Found</h1><p>The document you are looking for may have been removed or re-named. Please contact the web site owner for further assistance.</p></body></html>
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (65371)
                    Category:downloaded
                    Size (bytes):121200
                    Entropy (8bit):5.0982146191887106
                    Encrypted:false
                    SSDEEP:
                    MD5:EC3BB52A00E176A7181D454DFFAEA219
                    SHA1:6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68
                    SHA-256:F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C
                    SHA-512:E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F8B
                    Malicious:false
                    Reputation:unknown
                    URL:https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css
                    Preview:/*!. * Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (1572)
                    Category:downloaded
                    Size (bytes):18585
                    Entropy (8bit):5.292936072934826
                    Encrypted:false
                    SSDEEP:
                    MD5:A5DFC0939AE28B8F04E49ECB531C6CCF
                    SHA1:93F0373CAFFD48E298D72AA45E0853B088662646
                    SHA-256:1C1BA20E28E8C777890E298A39FDEF985D5EE65CC236723C027A9B55860BC974
                    SHA-512:616EB6D21A4C3562623CF089130413ADB00A361CC7087AEABB05E10F8D9CF43BE2C7027C79E6A4738D1394A18F3798355B8DF10165286B2F111A92FAA6F6F5DD
                    Malicious:false
                    Reputation:unknown
                    URL:"https://fonts.googleapis.com/css?family=Josefin+Sans:300,400|Roboto:300,400,500"
                    Preview:/* vietnamese */.@font-face {. font-family: 'Josefin Sans';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/josefinsans/v32/Qw3aZQNVED7rKGKxtqIqX5EUAnx4RHw.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./* latin-ext */.@font-face {. font-family: 'Josefin Sans';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/josefinsans/v32/Qw3aZQNVED7rKGKxtqIqX5EUA3x4RHw.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./* latin */.@font-face {. font-family: 'Josefin Sans';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/josefinsans/v32/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.wof
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with no line terminators
                    Category:downloaded
                    Size (bytes):168
                    Entropy (8bit):5.212486991126727
                    Encrypted:false
                    SSDEEP:
                    MD5:091B2BE985EA4ABFB01A1AD9CDF92A60
                    SHA1:8A6F0CF49BA8D8AB0A07DD1505D05EE232B61C37
                    SHA-256:666A891A74C317E2D2A23BFE6FF249F0C6CBA83271DA3A3816038D54EDD60E29
                    SHA-512:C80A5792D76D24766B1844B217EEA4E7C5D1BB17A00FA1461D243A3A31CB6C76510B80EC7A56FB98D00E149F6B3855A4B49456064600DDA0D05AF93A6DA1E543
                    Malicious:false
                    Reputation:unknown
                    URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhJfCUHFZyXMBR1vEgUN1Yx-IxIFDYdNGaYSBQ14bxIZEgUNU_J1YRIFDZIFVM4SBQ08K4tVEgUNQSVWeBIFDd6uuR8SBQ3uEZ3nEgUNJZ-c2xIFDaB52aYhyALoGLBqwjQ=?alt=proto
                    Preview:CnsKCw3VjH4jGgQIAxgBCgsNh00ZphoECAUYAQoHDXhvEhkaAAoHDVPydWEaAAoHDZIFVM4aAAoHDTwri1UaAAoHDUElVngaAAoLDd6uuR8aBAghGAEKCw3uEZ3nGgQIIhgBCgsNJZ+c2xoECCMYAQoLDaB52aYaBAgkGAE=
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (430)
                    Category:downloaded
                    Size (bytes):45282
                    Entropy (8bit):3.7870197617583066
                    Encrypted:false
                    SSDEEP:
                    MD5:E0C9BC967AF4D18F43568D505B6AC706
                    SHA1:F49D6283AA8AF29188B033DF6E6D4343F7868469
                    SHA-256:AF29A93637CA949AE11560172F4DE367533053B7F917AF21F73BC56F063099D3
                    SHA-512:21E5A7B557AABFD91F55441898C52E8129112C91F57A7F70DF9FACADC5B7DB91A818AC78707A7C911EB21E5802DA2F371E8C9A41A71EECF7DD21E8C96C83BEA5
                    Malicious:false
                    Reputation:unknown
                    URL:https://www.env.worldmartech.com/signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ==
                    Preview:<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1">. <title>What it takes to build a great search mobile experience</title>. CSS --> . <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Josefin+Sans:300,400|Roboto:300,400,500">. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css">. <link rel="stylesheet" href="css/font-awesome.min.css">-->. <link rel="stylesheet" href="http://env.worldmartech.com/html/3101-trend-micro-gartner-2019/css/animate.css">. <link rel="stylesheet" href="http://env.worldmartech.com/html/3101-trend-micro-gartner-2019/css/style.css">. <link rel="stylesheet" href="http://env.worldmartech.com/html/3101-trend-micro-gartner-2019/css/media-queries.css"
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 4393 x 1001, 8-bit colormap, non-interlaced
                    Category:dropped
                    Size (bytes):40788
                    Entropy (8bit):7.923570776234729
                    Encrypted:false
                    SSDEEP:
                    MD5:3C0D85B9EAE7D6097982CE18E60896A0
                    SHA1:C2F56C627766B6038259D28AB3BB60BC703DC150
                    SHA-256:8F392B46E400D345CE8569C581B91BE471F7F82E15DD145627F6C581E0188CBB
                    SHA-512:758A2743ECC1D1ACD634C375025901099649C1414C9E89B2AD1749407AFD1F359B163741E3203165AE5377DD823A3D2EF1B9DC46607A5F0386431C31F58C57A3
                    Malicious:false
                    Reputation:unknown
                    Preview:.PNG........IHDR...)................3PLTE....=..=..=..=..=..=..=..=..=..=..=..=..=..=..=..=...t.....tRNS.. 0@P`p........T......IDATx....n.@...7...O....p...X..\oD..;.Z...C....(.^.....ZsH...7%..S.a^J..7Re....../...!.i.$........)I..Q..,:/...........`......Zr.Q..w[..&.Ya.......Ng..v[..$%.Urd..|nKq.@...............g...I...aF.`.C....M...h .D.D%W2+.......e:...<..t...T.Q..a-.@....]b*]a.uFl.....L'M$.c....{m..... .... a.3..-s.@R2c.6sZq......6.vz...I.}.>h...[Gx... ).#........ems.7....W..Y.m..Uf.5..N.hL.xFe'............k+...h}.~...L....$%.Q..H.I.j......6G. ..Fq.Ex~W.+..,.=HJ...B.....P......).4.......Z.K.....?...I...a....2.L....1w..F....d..*^S.........X..>....?.... )..W..'.[.......g........C..>v..vc....3u.V!D.-...<w@..yk.o.@)y.J.@....u)....8......S....J.p...&...m..,-%.......X:.-.R...X....z.0..Y.5n)....Rr.TJ.b..(}...vV...[..+''...0K..6..IW_...]...O.3..~.Z]....~....J6.%..|.\./..8..g<..P.).%..U..Z.x..x...;.J.]..NJ).S5...o...;s.....I).M.n...d.....{..aP.Q2...
                    File type:CDFV2 Microsoft Outlook Message
                    Entropy (8bit):4.198337129657051
                    TrID:
                    • Outlook Message (71009/1) 58.92%
                    • Outlook Form Template (41509/1) 34.44%
                    • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                    File name:FW What it takes to build a great search mobile experience.msg
                    File size:85'504 bytes
                    MD5:8ec47aca8634972c019696f320871c03
                    SHA1:4ee888faec6724409b21d14f9bbc43b5b027f1d5
                    SHA256:bef6dada01df6f2fb995a3207dbab4cc6b7e171c8a48344df4a6cf02858b3104
                    SHA512:602d1d576d90351f33bb85785350347b1b137e06505ec8db3e25cad8f2dd80c08771ce1fbc300b223901f8427e7a36eaa60b6bfdd8eb3ccf18e39d292731d1b3
                    SSDEEP:1536:ubAM/mFugomsW8pmNW+WVR5WJW+WXSAHtTWvci:M/LgomsW8Wci
                    TLSH:4583002536F94215F277AF364EF780978936BC92AD24CA8F3191730E0672941E961F3B
                    File Content Preview:........................>..................................."..................................................................................................................................................................................................
                    Subject:FW: What it takes to build a great search mobile experience
                    From:Jon Weg <Jon.Weg@cardfactory.co.uk>
                    To:Security <Security@cardfactory.co.uk>
                    Cc:
                    BCC:
                    Date:Tue, 01 Apr 2025 17:19:13 +0200
                    Communications:
                    • I have received a number of these messages. Not sure if they are going to everyone or just me. Not sure if its something we should be concerned about or not. Please advise. Thanks, Jon From: Martin <martinw@worldmartech.com> Date: Tuesday, 1 April 2025 at 16:05 To: Jon Weg <Jon.Weg@cardfactory.co.uk> Subject: What it takes to build a great search mobile experience A PHP Error was encountered Severity: Notice Message: Constant LOGO_URL already defined Filename: mailtemplate/ibi-836-algolia-what-it-takes-to-build.php Line Number: 6 A PHP Error was encountered Sev CAUTION: This email originated from outside of the organisation. If in doubt please use the report message button to Security. sophospsmartbannerend A PHP Error was encountered Severity: Notice Message: Constant LOGO_URL already defined Filename: mailtemplate/ibi-836-algolia-what-it-takes-to-build.php Line Number: 6 A PHP Error was encountered Severity: Notice Message: Constant ASSET_TITLE already defined Filename: mailtemplate/ibi-836-algolia-what-it-takes-to-build.php Line Number: 8 A PHP Error was encountered Severity: Notice Message: Constant IMAGE_URL already defined Filename: mailtemplate/ibi-836-algolia-what-it-takes-to-build.php Line Number: 10 A PHP Error was encountered Severity: Notice Message: Constant BUTTON_TEXT already defined Filename: mailtemplate/ibi-836-algolia-what-it-takes-to-build.php Line Number: 12 Hi Subscriber, GEP Global Supply Chain Volatility Index: March 2025 Focusing on user experience is an often overlooked strategy that can quickly and directly impact your business numbers. Your mobile user experience cannot be an exact reproduction of your desktop experience, especially your search. This ebook reveals the most common problems that search on mobile will post and the best ways to approach them. Download this free ebook <https://eu-west-1.protection.sophos.com?d=worldmartech.com&u=aHR0cHM6Ly93d3cuZW52LndvcmxkbWFydGVjaC5jb20vc2lnbnVwLXVzZXIvYW05dUxuZGxaMEJqWVhKa1ptRmpkRzl5ZVM1amJ5NTFhdz09L05UYzFNUT09&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=Wlo3QkdqVkpQenIwbUZnOGhJKzU3ZGI0RDhqNThYQy9XNmNUa0UwR1pkVT0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw> from Algolia to learn more. <https://eu-west-1.protection.sophos.com/?d=worldmartech.com&u=aHR0cHM6Ly93d3cuZW52LndvcmxkbWFydGVjaC5jb20vc2lnbnVwLXVzZXIvYW05dUxuZGxaMEJqWVhKa1ptRmpkRzl5ZVM1amJ5NTFhdz09L05UYzFNUT09&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=Wlo3QkdqVkpQenIwbUZnOGhJKzU3ZGI0RDhqNThYQy9XNmNUa0UwR1pkVT0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw> DOWNLOAD NOW <https://eu-west-1.protection.sophos.com?d=worldmartech.com&u=aHR0cHM6Ly93d3cuZW52LndvcmxkbWFydGVjaC5jb20vc2lnbnVwLXVzZXIvYW05dUxuZGxaMEJqWVhKa1ptRmpkRzl5ZVM1amJ5NTFhdz09L05UYzFNUT09&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=Wlo3QkdqVkpQenIwbUZnOGhJKzU3ZGI0RDhqNThYQy9XNmNUa0UwR1pkVT0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw> WorldMarTech, 11B, MG Road, South Tukoganj, Behind Embassy Hotel, Indore, MP (IN) Unsubscribe from all future emails <https://eu-west-1.protection.sophos.com?d=worldmartech.com&u=aHR0cHM6Ly93d3cuZW52LndvcmxkbWFydGVjaC5jb20vZW1haWxzL3Vuc3Vic2NyaWJl&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=UUxnVU9vcXFGUXoyTXdjZDZ3djRHV2xJOXB0N2M0TVI2dHlhL085TXRGOD0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw> Reach us : privacy@worldmartech.com <mailto:privacy@worldmartech.com> Copyright 2024 WorldMarTech, All Rights Reserved Privacy Policy <https://eu-west-1.protection.sophos.com?d=worldmartech.com&u=aHR0cHM6Ly93b3JsZG1hcnRlY2guY29tL3ByaXZhY3ktcG9saWN5Lw==&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=TC9lMlFiZlVyTW9kUU9UdlRWaDY3aFhZaWs1SnczdEd6RVU1UXhDOHB2dz0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw> | Do Not Sell My Information <https://eu-west-1.protection.sophos.com?d=worldmartech.com&u=aHR0cHM6Ly93b3JsZG1hcnRlY2guY29tL2RvLW5vdC1zZWxsLW15LXBlcnNvbmFsLWluZm9ybWF0aW9uLw==&p=m&i=NjUyNDBmODUxNzM0OTU2OGY5NzE0ZWFi&t=dDBnb2JBVG9pREZGRUNUeHJxQ2tlOFo5MUU5TWJtbFFFdUs1SGVHR2tBND0=&h=7712d165c33347ce8b62b974797daf19&s=AVNPUEhUT0NFTkNSWVBUSVa-I5G8dJpbCOKcqB6FvZNNrOD_w7_MjEwFCAXh6udclw> Error! Filename not specified.Error! Filename not specified.
                    Attachments:
                      Key Value
                      Receivedfrom VI0PR03MB10398.eurprd03.prod.outlook.com
                      1519:13 +0000
                      Authentication-Resultsdkim=none (message not signed)
                      (260310a6:20b:4ff::20) with Microsoft SMTP Server (version=TLS1_2,
                      2025 1519:13 +0000
                      ([fe80:834c:3892:fcbc:5f6a%3]) with mapi id 15.20.8534.043; Tue, 1 Apr 2025
                      Content-Typeapplication/ms-tnef; name="winmail.dat"
                      Content-Transfer-Encodingbinary
                      FromJon Weg <Jon.Weg@cardfactory.co.uk>
                      ToSecurity <Security@cardfactory.co.uk>
                      SubjectFW: What it takes to build a great search mobile experience
                      Thread-TopicWhat it takes to build a great search mobile experience
                      Thread-IndexAQHboxd/AGTKttgerUm0YMAfnk6MG7OO7Grp
                      DateTue, 1 Apr 2025 15:19:13 +0000
                      Message-ID<VI0PR03MB10398278EF9ECCB3A138E3D44B8AC2@VI0PR03MB10398.eurprd03.prod.outlook.com>
                      References<67ebfb02192e2@worldmartech.com>
                      In-Reply-To<67ebfb02192e2@worldmartech.com>
                      Accept-Languageen-GB, en-US
                      Content-Languageen-GB
                      X-MS-Exchange-Organization-ModifySensitivityLabel;c9610a5f-04c0-42eb-9845-623a2065dcb9
                      X-MS-Has-AttachX-MS-Exchange-Organization-SCL: -1
                      X-MS-TNEF-Correlator<VI0PR03MB10398278EF9ECCB3A138E3D44B8AC2@VI0PR03MB10398.eurprd03.prod.outlook.com>
                      msip_labelsMSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_Enabled=True;MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_SiteId=7956b84e-0c99-46b5-81c6-28689cfa7221;MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_SetDate=2025-04-01T15:18:19.7139486Z;MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_Name=General;MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_ContentBits=0;MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_Method=Standard
                      x-ms-reactionsallow
                      MIME-Version1.0
                      X-MS-Exchange-Organization-MessageDirectionalityOriginating
                      X-MS-Exchange-Organization-AuthSourceVI0PR03MB10398.eurprd03.prod.outlook.com
                      X-MS-Exchange-Organization-AuthAsInternal
                      X-MS-Exchange-Organization-AuthMechanism04
                      X-MS-Exchange-Organization-Network-Message-Id108ec0f1-29c3-46f8-73a3-08dd71308f2b
                      X-MS-PublicTrafficTypeEmail
                      X-MS-TrafficTypeDiagnosticVI0PR03MB10398:EE_|AS4PR03MB8256:EE_|AS8PR03MB7414:EE_
                      Return-PathJon.Weg@cardfactory.co.uk
                      X-MS-Exchange-Organization-ExpirationStartTime01 Apr 2025 15:19:13.3000
                      X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                      X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                      X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                      X-MS-Office365-Filtering-Correlation-Id108ec0f1-29c3-46f8-73a3-08dd71308f2b
                      X-Microsoft-AntispamBCL:0;ARA:13230040|4022899009|366016|8096899003|13003099007|41050700001;
                      X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKI;H:VI0PR03MB10398.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(366016)(8096899003)(13003099007)(41050700001);DIR:INT;
                      X-MS-Exchange-CrossTenant-OriginalArrivalTime01 Apr 2025 15:19:13.0455
                      X-MS-Exchange-CrossTenant-FromEntityHeaderHosted
                      X-MS-Exchange-CrossTenant-Id7956b84e-0c99-46b5-81c6-28689cfa7221
                      X-MS-Exchange-CrossTenant-AuthSourceVI0PR03MB10398.eurprd03.prod.outlook.com
                      X-MS-Exchange-CrossTenant-AuthAsInternal
                      X-MS-Exchange-CrossTenant-Network-Message-Id108ec0f1-29c3-46f8-73a3-08dd71308f2b
                      X-MS-Exchange-CrossTenant-MailboxTypeHOSTED
                      X-MS-Exchange-CrossTenant-UserPrincipalNameYSL+b5Dx5ReAXgtL80tLpntBxI8HwnXEzHNgVJK4EAt362/RQW27sAEhzc589yYnRhgGEfjYMCXHvqn/Wnb1UHUcg+Wbw3c8wA9VpgdEvo8=
                      X-MS-Exchange-Transport-CrossTenantHeadersStampedAS4PR03MB8256
                      X-MS-Exchange-Transport-EndToEndLatency00:00:01.7201532
                      X-MS-Exchange-Processed-By-BccFoldering15.20.8534.033
                      X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(920097)(425001)(930097)(140003);
                      X-Microsoft-Antispam-Message-Info=?us-ascii?Q?tuh9r77WmFbiYTgaNDoJpNyO3xJiDDt7COmg6/lsLpk91ur9Ludgat/T5lR+?=
                      dateTue, 01 Apr 2025 17:19:13 +0200

                      Icon Hash:c4e1928eacb280a2