Analysis Report http://t.orders.destinationmaternity.com/r/?id=h1fef42,971b0f,971b16&p1=sv.j-ss.xyz?mpeLy=ZGVubmlzLmhvd2FyZEBzY2h3YWIuY29t

Overview

General Information

Sample URL:	http://t.orders.destinationmaternity.com/r/?id=h1fef42,971b0f,971b16&p1=sv.j-ss.xyz?mpeLy=ZGVubmlzLmhvd2FyZEBzY2h3YWIuY29t
Analysis ID:	339439
Most interesting Screenshot:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Classification

Signatures

AV Detection:

Antivirus detection for URL or domain

Source: http://sv.j-ss.xyz/main/

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /r/?id=h1fef42,971b0f,971b16&p1=sv.j-ss.xyz?mpeLy=ZGVubmlzLmhvd2FyZEBzY2h3YWIuY29t HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: t.orders.destinationmaternity.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /?mpeLy=ZGVubmlzLmhvd2FyZEBzY2h3YWIuY29t HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: sv.j-ss.xyz
Source: global traffic	HTTP traffic detected: GET /main/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: sv.j-ss.xyzCookie: PHPSESSID=rbitbocqmopq23qei9h0376kql
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: sv.j-ss.xyzConnection: Keep-AliveCookie: PHPSESSID=rbitbocqmopq23qei9h0376kql

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe2e23f57,0x01d6ea66</date><accdate>0xe2e23f57,0x01d6ea66</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe2e23f57,0x01d6ea66</date><accdate>0xe2e23f57,0x01d6ea66</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe2e703fb,0x01d6ea66</date><accdate>0xe2e703fb,0x01d6ea66</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe2e703fb,0x01d6ea66</date><accdate>0xe2e703fb,0x01d6ea66</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe2e703fb,0x01d6ea66</date><accdate>0xe2e703fb,0x01d6ea66</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe2e703fb,0x01d6ea66</date><accdate>0xe2e703fb,0x01d6ea66</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: t.orders.destinationmaternity.com

Source: ~DF46AFFF78C64CC83D.TMP.1.dr	String found in binary or memory: http://sv.j-ss.xyz/main/
Source: ~DF46AFFF78C64CC83D.TMP.1.dr	String found in binary or memory: http://sv.j-ss.xyz/main/R
Source: {0C87431F-565A-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://sv.j-ss.xyz/main/Root
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf.2.dr, KFOmCnqEu92Fr1Mu4mxP[1].ttf.2.dr, KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: bootstrap.min[1].css.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: main[1].htm.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: main[1].htm.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: recaptcha__en[1].js.2.dr, bframe[1].htm.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: ~DF46AFFF78C64CC83D.TMP.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhPvkZAAAAALJ-7_WbPxTqDTrcCZ6aLEK8Y9v-&co=aHR0
Source: ~DF46AFFF78C64CC83D.TMP.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/bframe?hl=en&v=qc5B-qjP0QEimFYUxcpWJy5B&k=6LdhPvkZAAAAALJ-7_Wb
Source: webworker[1].js.2.dr, bframe[1].htm.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js
Source: bframe[1].htm.2.dr, anchor[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/styles__ltr.css

Source: classification engine

Classification label: mal48.win@3/30@4/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF07DF01E73636D8DB.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5520 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5520 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
44.237.144.219	unknown	United States		16509	AMAZON-02US	false
192.236.249.58	unknown	United States		54290	HOSTWINDSUS	false

Contacted Domains

Name	IP	Active
sv.j-ss.xyz	192.236.249.58	true
destinationmat-rt-prod3-ssl-280079234.us-west-2.elb.amazonaws.com	44.237.144.219	true
stackpath.bootstrapcdn.com	unknown	unknown
favicon.ico	unknown	unknown
t.orders.destinationmaternity.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://t.orders.destinationmaternity.com/r/?id=h1fef42,971b0f,971b16&p1=sv.j-ss.xyz?mpeLy=ZGVubmlzLmhvd2FyZEBzY2h3YWIuY29t	false		high
http://sv.j-ss.xyz/main/	true	1%, Virustotal, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
http://sv.j-ss.xyz/main/	true	1%, Virustotal, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
http://sv.j-ss.xyz/favicon.ico	false	Avira URL Cloud: safe	unknown
http://sv.j-ss.xyz/?mpeLy=ZGVubmlzLmhvd2FyZEBzY2h3YWIuY29t	false	Avira URL Cloud: safe	unknown

ID:	339439
Product:	CloudBasic
Start time:	03:16:26
Start date:	14.01.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\KPPQH58V\www.google[1].xml	ASCII text, with no line terminators	B4B23BD79C3D779AB12DDCC348E4D66B	DC64415A03574D1F9C9308A68F71CD42CD361CD5	74472648A87CC0332DF3611FD004DB6413B0B14C181BFD4B55670353B315B4D2
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0C87431D-565A-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	4A6A58BD0FFE834BF1E1F5D6CFC78830	75BBDAD477F938FD380B0A049D28BCB45A803DF4	B75C1E67D68CF6048AAC4A718E7735C4536711D0C3AE8B8783270DB3D64F548D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C87431F-565A-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	550AF79819AEFE0F373E80865A9662D1	E64639FC7D934CA12DBE0E248002C412D6DCFB09	29722445B4281BD7BDBB869264D75521E751D7BFBE3EE3C14DF530EF6ED32742
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C874320-565A-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	5C333EAFF129A60992C2F2F37E5912AE	00353593E5FD392B5F0C086852B9D06846CEE85C	FF6F3715751B9F068CAA34660468416355E23499869258408F62A81FD38794A1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	A916DD4B09732F8AE49963A4CEAFF29E	1BF594EAF8B87A85FC79517016D0F0BECD1AEC07	2215613E252A3918A7F4D9875F991C6BD6888F900BB0EA36CD48B324C94354EC
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	F6ED0158DA909D6DAA0E18FC004C4ABC	E843688AED9B7E1A7E2AC8BADB57DB67793093C6	C210816B155E66B1213D000A1217CC113808CAA11A4043CDB391A261B3FD298F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	7C35B5C285A7AF7A083625D13323E0DA	4E5FD6102280B1CFA74FF4FB35B1149F7DE5519A	0011FBAB9395927824E96D9BAAE95AF93D124433EC386FC50655AC31FFA24E59
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	7C90EAFD6498570A8DCDF190A1814571	95DFE66167C3473A981C237423B1D44A4AABC324	1D86EB4DF39717F37B58D6CAC3AD311404B3109F092B3E429BA3DEB37A3F4EDB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	C3AC1A66C1FFB5CDA344CE0D9354B373	8D943E672209B5CCCF816CA22CAD8F3A37B124F9	33950630F24E63B3DDE10F689CA2100104C19ED4CEF085229E8E7D24418CD7F8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	ADF4895B9EE8FF04657F78F307C0C493	EF7EB98E5AADF830541879500FA963D1A0E57222	4DF03CAE1F96E0F889EC83AED911AD5A2D25C04FE1485349422CA97707E7A709
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	4EA956E6F065C86ABA9C12E3730184B9	3CE194C76538FFD2C992A3A45CDB51201FD825BD	FEEAFDF54652415EDA247E573CD9C35581645A8C9642D5C542080E54EBF13BFB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	74BDFBCE3ECBE4B5B313CEDFBEE28961	274739FC10C72185DEEC13EB53117D3AF7C1B10D	657B7D7B3F78B20C22934B1D932DC032C2D58FCBB98FF9CD35A0D8BA3034B5F1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	FAB22ACFC16860F1D638AB8C782AE9A2	51D6152AF0F58E7F45E119118E6EC63E7369F1A7	76AB98334BCE24F6D9C8FA62335EC88E66546FDDF76053380E82EF8210A5152C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me	4D88404F733741EAACFDA2E318840A98	49E0F3D32666AC36205F84AC7457030CA0A9D95F	B464107219AF95400AF44C949574D9617DE760E100712D4DEC8F51A76C50DDA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\recaptcha__en[1].js	ASCII text, with very long lines	B61A36B2DAAC8465FD7BC4B61FD3EFF2	4BEFAFEB9C8C87DFD2E9E0ACFEBD02C362BDA615	FB3B275E8321C2C87095A4F4F0FD89FBBBDBE07E6FD5191C4C8CCABFC21692FB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\webworker[1].js	ASCII text, with no line terminators	361ACB06F0961A71419C0B1B82B38EA8	2BACD9ECC2D83B98CFA68D90C563CD842CD06F66	F541F7A27E537DD55BC29F1F74C8A26E107F8CAB11A677EB70CF3394B8F7E6E2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla	4D99B85FA964307056C1410F78F51439	F8E30A1A61011F1EE42435D7E18BA7E21D4EE894	01027695832F4A3850663C9E798EB03EADFD1462D0B76E7C5AC6465D2D77DBD0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOmCnqEu92Fr1Mu4mxP[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht	372D0CC3288FE8E97DF49742BAEFCE90	754D9EAA4A009C42E8D6D40C632A1DAD6D44EC21	466989FD178CA6ED13641893B7003E5D6EC36E42C2A816DEE71F87B775EA097F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].css	ASCII text, with very long lines	A15C2AC3234AA8F6064EF9C1F7383C37	6E10354828454898FDA80F55F3DECB347FD9ED21	60B19E5DA6A9234FF9220668A5EC1125C157A268513256188EE80F2D2C8D8D36
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5Ku9PE-OWgoai1xwrY2pucxrLwxYwv-W4Y9Ykl9OW1I[1].js	ASCII text, with very long lines, with no line terminators	4E0AF4DC490009AB474DF2EF057677CE	F72FF0F9C5D66C03F3029546B79AF1A5E31FAA80	E4ABBD3C4F8E5A0A1A8B5C70AD8DA9B9CC6B2F0C58C2FF96E18F58925F4E5B52
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].htm	HTML document, ASCII text	83B862BEAD2D480026254FB2A6EB9969	26BAD9E6C1579172B0E3B6BC1C18918164FF6478	FB258CB538CA92D61C8CD4EB08CC23DA70C278B8766EAA731CE11E9B2F1DA4D4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo_48[1].png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\anchor[1].htm	HTML document, ASCII text, with very long lines	95EE5CA5C439697C7F7249E969EA6177	AC8445DFF7A2188BF9CA2DCC6E82567455E69C68	D31FAF0D034387AFFCE42D9D8E535F364AAB69CDBD8F801F3E19F1BBB8474400
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\api[1].js	ASCII text, with very long lines, with no line terminators	59799FC20BCEB27DAA0888AB27CD1438	3964910DE7527FA0B4931CF370C47332616C7EC6	C04CBFE21E23CEB866FAE28E981A17DFE9CE6CB178943DDA6F11A495255EC137
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bframe[1].htm	HTML document, ASCII text	5B2EDB62194C2691DAA949A4B58BB99D	ACD6F3A4649E4312120E3E204306BBE092C07BC7	1E2F7B7FCD56BD875221D658DFF1D54A1B808564B66F1916BE5F2B40ED41892E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\main[1].htm	HTML document, ASCII text, with very long lines	829BAB6E7BA006CFBE789C7AED619E5D	2D057854FA2413D4C6CD750CD3AE5CE1091B573A	D6D51923B32F0723F935051BEE09FE061C25BB846072C0910F84AB2C5B83FB5B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\styles__ltr[1].css	ASCII text, with very long lines, with no line terminators	A6338B6C3AAEBFF39D194BAB215524F9	B29E72AA39A20BC15199E6FC98DFDBF447D71AF3	B32D419311E9C267D3EA1DA7C0832D21A0D89829D35A98F92BF7DF780FE72D4F
C:\Users\user\AppData\Local\Temp\~DF07DF01E73636D8DB.TMP	data	504D27DB7DFFA5DF04894FDB116D1889	DD3FA9EB4B8AD10D78F97F48A6D7F9C5BB12AF40	9014A48541D11B17051658ACF7CE422E8DA2D0ED6E74D4C8D555BA57C4C60C11
C:\Users\user\AppData\Local\Temp\~DF449509E43DBBE8A3.TMP	data	DF29DD183306569B8C5724F77DE3742A	501C34CA3AA1979AF22F5F2228376B3051DD0185	ACE655C6E02E32D1EC9A61204A4EFECD4C6D444607A074C37593EEBE7084FCBC
C:\Users\user\AppData\Local\Temp\~DF46AFFF78C64CC83D.TMP	data	785811488848B1FE406385E386B5EBBD	CE809E84DBD37D4818DD88D54EE4572D94C6C222	76418C71214F5C30C5DB79F2BA81E684B0CEBE7D97AB5B121AAFAA58B7A760E0

Analysis Report http://t.orders.destinationmaternity.com/r/?id=h1fef42,971b0f,971b16&p1=sv.j-ss.xyz?mpeLy=ZGVubmlzLmhvd2FyZEBzY2h3YWIuY29t

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs