Analysis Report http://huehiufkerfpvkm.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz

Overview

General Information

Sample URL:	http://huehiufkerfpvkm.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz
Analysis ID:	345082
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish_10

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Invalid T&C link found

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: http://huehiufkerfpvkm.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on favicon image match)

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish_10

Source: Yara match

File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\home[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/img/logo2.svg

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Phishing site detected (based on logo template match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	HTTP Parser: Number of links: 0
Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	HTTP Parser: Title: Sign in to your account does not match URL

Invalid T&C link found

Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	HTTP Parser: Invalid link: Terms of use
Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	HTTP Parser: Invalid link: Terms of use

Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	HTTP Parser: No <meta name="author".. found
Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	HTTP Parser: No <meta name="author".. found

Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	HTTP Parser: No <meta name="copyright".. found
Source: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 40.84.135.214:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.84.135.214:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.84.135.214:443 -> 192.168.2.5:49732 version: TLS 1.2

Networking:

Source: global traffic	HTTP traffic detected: GET /x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: huehiufkerfpvkm.craetivehc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ZeroSSLRSADomainSecureSiteCA.crt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: zerossl.crt.sectigo.com
Source: global traffic	HTTP traffic detected: GET /ZeroSSLRSADomainSecureSiteCA.crt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: zerossl.crt.sectigo.com

Source: unknown

DNS traffic detected: queries for: huehiufkerfpvkm.craetivehc.com

Source: ~DF356D71385CE4B18E.TMP.1.dr	String found in binary or memory: http://huehiufkerfpvkm.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz
Source: {3F72F0F0-6106-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://huehiufkerfpvkm.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVzRoot
Source: 10BDC45B4A27319429BBC4F08A4E8A10.2.dr	String found in binary or memory: http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt
Source: {3F72F0F0-6106-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://docs-sharedour.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVzlooksecuredloging.onlinerslo
Source: ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz[1].htm.2.dr	String found in binary or memory: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/?diego.ferreiro
Source: ~DF356D71385CE4B18E.TMP.1.dr	String found in binary or memory: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4M
Source: imagestore.dat.2.dr	String found in binary or memory: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/img/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/img/favicon.ico~
Source: imagestore.dat.2.dr	String found in binary or memory: https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/img/favicon.ico~(

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 40.84.135.214:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.84.135.214:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.84.135.214:443 -> 192.168.2.5:49732 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal80.phis.win@3/18@4/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F72F0EE-6106-11EB-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFD27693C6AAB55A24.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5600 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5600 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
20.81.200.229	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.84.135.214	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
91.199.212.52	unknown	United Kingdom	48447	SECTIGOGB	false

Contacted Domains

Name	IP	Active
docs-sharedourlooksecuredloging.onlinerslog.fit	40.84.135.214	true
crt.sectigo.com	91.199.212.52	true
huehiufkerfpvkm.craetivehc.com	20.81.200.229	true
zerossl.crt.sectigo.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/home?MTYxMTc2NDEwODBhNTQ0ZjBlY2JkM2NmYjc4MjcyYTZlM2E2YmYwNjMwNmFhNDM5N2U0NzlhMDZiMDQ2ZGI5Y2RlMTIxMjZlZmZmMThlOGRkNQ==&data=ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz&email=diego.ferreiro@wizink.es&MTYxMTc2NDEwOGExZTE4OGY1ZTFlNTA0ZjViN2NkMDRhNzdhODlhMWY1NzRkZDE3OGEwNTI3ZjA2N2E1NGU3OWM0ZDU0YjQ0MjQ1YTZiMjBlYQ==%3D	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
http://huehiufkerfpvkm.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz	true		unknown
http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt	false	Avira URL Cloud: safe	unknown

ID:	345082
Product:	CloudBasic
Start time:	17:14:09
Start date:	27.01.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\10BDC45B4A27319429BBC4F08A4E8A10	data	5C8E451E4A7E09535AB02C6301187E84	CE337AB88CDAD351169A54668C6651E37D2C3A58	3BEE4411F74C082D025884DA0688FE633DF567E220D9D17FD2733AF378123E5C
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\10BDC45B4A27319429BBC4F08A4E8A10	data	EAA31D5E30E2F185529653528A02185C	8D9FCF5C4F5C4D06F3DE4850FBD775CAD61980D0	AA25C54684A02BC189C8EC2480B63B5229F3F2C54737F0904F940EFE367074AD
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F72F0EE-6106-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	8005B39A115CE6162BE3AA44B5144D0C	7B190B9F53C890D430AF829BC7C0F995A7AAF40F	F2332F16BC3A5974D47D47ACF91E68AEFBF397907A24D0F59F847BAAFD6611EF
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F72F0F0-6106-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	F13AEC1B649C8A2678CAD4FD7B958A13	626099648B60ABCE10856264D729863EEE033AA8	6B03DEE17A2997D23BF047F7CE0E721DC2B63E53B9DAFFF9A826A478C75B1BA9
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4994EEBB-6106-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	CB05B5A920A18CC364206FDB2A88B7FA	1DF2FC99155828967D42D2D206478DB18C576DFB	41246BA932A4C681B4BDE812027B040283904C5E1EC5C9EB51028ED2890AB248
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat	data	9E43E23A22D2584F44841947BB9617EA	B4C939866E13C0B9F1FEEAC81283F32CAC695620	91D3C714D124D131663AB4105276E05C8F2E7639EF38B50084FB5212D493F44E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\background[1].jpg	[TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], progressive, precision 8, 1920x1080, frames 3	B204756661AE1F820ACDBF507B2C0FE7	8BCC62CD820991FE0C4D35C2E397E9D2E225D4A0	A33593E9043EFEFBAF94D9CA220C885CE1C42DD2A7707F30ED072D7D71587DA5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\logo2[1].svg	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz[1].htm	HTML document, ASCII text	CA1AE28154FE294016416ECCEB7C618D	90DAA9B614BDE0D09C77AD6F395EE106516B9540	FAB2876CD18840FB88240F181D4AE1E03944EC25ED35CC7072797305C3113CB0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\favicon[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\arrow[1].svg	SVG Scalable Vector Graphics image	A9CC2824EF3517B6C4160DCF8FF7D410	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\white_ellipsis[1].svg	SVG Scalable Vector Graphics image	5AC590EE72BFE06A7CECFD75B588AD73	DDA2CB89A241BC424746D8CF2A22A35535094611	6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\home[1].htm	HTML document, UTF-8 Unicode text, with CRLF line terminators	3B84D0C9225D24FC7E5152CB6A2D598F	7A5333C492C1BC12C5610C22D619EF9D04E70247	45364A073B31276BC6EAD8526712AD2B6028094877BF248076FD507432CBAAD8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\login[1].css	ASCII text, with very long lines	4DB4A299AE7E73B3CB53351867416D0C	36C0DFF7A6742EAD3229E476F05C559069C3080F	10C50B88EBF99FDF813A4CCE86BA218A6E2EA3D266146520529F1E1BDDC5EBD3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\logo3[1].png	PNG image data, 342 x 72, 4-bit colormap, non-interlaced	533E293F0C8947ADA653B47C00E394E2	0F507BB89C42F937A290D0EEDA3F2E0DBFCAD5C1	B5D587F6C48A9B22BBE97150249E0C0655AC1780BD273431480A22F8A5BFEF6C
C:\Users\user\AppData\Local\Temp\~DF12B82F2018A6403B.TMP	data	DF2958624447487DF004C835F737F326	C404AA80B34E07D70249BA53B89B07DEB6559857	E43056E46F864A0D969E2EB30C8D2FC716E2EA8C43059863EDA47403C0958ADB
C:\Users\user\AppData\Local\Temp\~DF356D71385CE4B18E.TMP	data	5A52D0F75F0520AF194E4FC9564DF10E	EF4B17897F8C89C4F566F06F358120EB6085375F	347EE3B7C6AC98ADE4EBD763C295166CBAB4DD90D0A7C329C8621D61914D089F
C:\Users\user\AppData\Local\Temp\~DFD27693C6AAB55A24.TMP	data	B563C982C2EC8AABB037DF49DD26BA1F	91AF55CF61820213E9D781EF947B4DCBEA28DBB1	8F12BBCD1E5D0C94F5C3BE723DBAAA5B3FB7577E000463E9A8C7799693536819

Analysis Report http://huehiufkerfpvkm.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs