Analysis Report receipt145.htm

Overview

General Information

Sample Name:	receipt145.htm
Analysis ID:	356265
MD5:	b7581c1c3a2bdee565cdfe6b3e8a37ca
SHA1:	495182556b37cb96d1825ae10d3772b1c1df2c75
SHA256:	9bd8d84ffd6b03973ad90b022c9a1b1efb7e6f1a3bed838cb84b6a15ab96b725
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish_10

JA3 SSL client fingerprint seen in connection with other malware

Classification

Signatures

Phishing:

Phishing site detected (based on favicon image match)

Source: https://kupitesla.ru/.,/authorize_client_id:rbjev5ld-ter8-nrba-rviq-g1okelty80v5_mscx13gp7ov0zb89htqlfej5yni2wdkru4a69hf24uc5knyilzr10o6v7bam8qwe3stjxdgpwjuvzb73sptoa14dkn0il2mc68qyh59egfrx?data=am1pbGxlckBjdXN0b21lcnNiYW5rLmNvbQ==

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish_10

Source: Yara match	File source: 760639.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\authorize_client_id_rbjev5ld-ter8-nrba-rviq-g1okelty80v5_mscx13gp7ov0zb89htqlfej5yni2wdkru4a69hf24uc5knyilzr10o6v7bam8qwe3stjxdgpwjuvzb73sptoa14dkn0il2mc68qyh59egfrx[1].htm, type: DROPPED

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 188.127.230.6:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.127.230.6:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.127.230.6:443 -> 192.168.2.5:49723 version: TLS 1.2

Networking:

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKdate: Mon, 22 Feb 2021 19:27:48 GMTserver: Apachex-powered-by: PHP/7.2.34vary: Accept-Encodingcontent-encoding: gzipcontent-length: 195content-type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 35 8f c1 0a c2 30 10 44 ef f9 8a 25 1e aa 58 12 bc 6a da 2f f0 20 82 78 10 91 45 57 12 8d 6d 68 b6 ad fe bd 69 ab 7b d9 65 98 7d cc 18 cb 2f 5f 82 30 96 f0 96 36 a4 31 ec d8 53 b9 f3 84 91 e0 88 8e 95 52 46 4f 6a b2 c6 6b e3 02 03 7f 02 15 92 e9 cd fa 81 1d 4e aa 2c 47 44 87 0d 58 8c 16 0a e8 5d 75 ab 7b e5 eb 2b b2 ab 2b 35 c8 1b 31 3a 0e fb 6d 32 80 b4 cc 21 ae b5 7e b6 c1 31 45 8f aa 69 b5 ca b5 84 e5 48 51 31 78 c7 f3 6c 96 2d 4e ab 73 7a fe 43 eb 40 d5 3c 51 72 90 97 48 fe 2e 17 02 8c 9e 92 94 42 18 fd 6b 95 8e a1 e6 17 8c 15 a3 32 ed 00 00 00 Data Ascii: 50D%Xj/ xEWmhi{e}/_061SRFOjkN,GDX]u{++51:m2!~1EiHQ1xl-NszC@<QrH.Bk2

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: jmiller.dearfibromyalgia.comConnection: Keep-Alive

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5176fc91,0x01d7099c</date><accdate>0x5176fc91,0x01d7099c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5176fc91,0x01d7099c</date><accdate>0x5176fc91,0x01d7099c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x517bc152,0x01d7099c</date><accdate>0x517bc152,0x01d7099c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x517bc152,0x01d7099c</date><accdate>0x517bc152,0x01d7099c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x517bc152,0x01d7099c</date><accdate>0x517bc152,0x01d7099c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x517bc152,0x01d7099c</date><accdate>0x517e23ad,0x01d7099c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: jmiller.dearfibromyalgia.com

Source: receipt145.htm, ~DFA8B2F17F0A132309.TMP.1.dr	String found in binary or memory: http://jmiller.dearfibromyalgia.com/#am1pbGxlckBjdXN0b21lcnNiYW5rLmNvbQ==
Source: {7A07C4B1-758F-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://jmiller.dearfibs/Desktop/receipt145.htmromyalgia.com/#am1pbGxlckBjdXN0b21lcnNiYW5rLmNvbQ==Roo
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: authorize_client_id_rbjev5ld-ter8-nrba-rviq-g1okelty80v5_mscx13gp7ov0zb89htqlfej5yni2wdkru4a69hf24uc5knyilzr10o6v7bam8qwe3stjxdgpwjuvzb73sptoa14dkn0il2mc68qyh59egfrx[1].htm.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UN_r8OUuhs.ttf)
Source: imagestore.dat.2.dr, ~DFA8B2F17F0A132309.TMP.1.dr, EJ6HO1WF.htm.2.dr	String found in binary or memory: https://kupitesla.ru/.
Source: {7A07C4B1-758F-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://kupitesla.ru/.romyalgia.com/#am1pbGxlckBjdXN0b21lcnNiYW5rLmNvbQ==

Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 188.127.230.6:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.127.230.6:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.127.230.6:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.winHTM@3/29@3/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A07C4AF-758F-11EB-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF31CA591828887135.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6408 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6408 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Confirm
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Confirm
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Confirm
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Confirm
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Confirm
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Confirm
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Confirm
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Confirm
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Confirm
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Confirm

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
198.54.115.226	unknown	United States		22612	NAMECHEAP-NETUS	false
188.127.230.6	unknown	Russian Federation		56694	DHUBRU	false

Contacted Domains

Name	IP	Active
jmiller.dearfibromyalgia.com	198.54.115.226	true
kupitesla.ru	188.127.230.6	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://jmiller.dearfibromyalgia.com/	false	Avira URL Cloud: safe	unknown
https://kupitesla.ru/.,/authorize_client_id:rbjev5ld-ter8-nrba-rviq-g1okelty80v5_mscx13gp7ov0zb89htqlfej5yni2wdkru4a69hf24uc5knyilzr10o6v7bam8qwe3stjxdgpwjuvzb73sptoa14dkn0il2mc68qyh59egfrx?data=am1pbGxlckBjdXN0b21lcnNiYW5rLmNvbQ==	true		unknown

ID:	356265
Product:	CloudBasic
Start time:	20:26:54
Start date:	22.02.2021
Sample:	receipt145.htm
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	b7581c1c3a2bdee565cdfe6b3e8a37ca
SHA1:	495182556b37cb96d1825ae10d3772b1c1df2c75
SHA256:	9bd8d84ffd6b03973ad90b022c9a1b1efb7e6f1a3bed838cb84b6a15ab96b725
Filetype:	Text - UTF-8 encoded (3003/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A07C4AF-758F-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	AEB8D08E2647630ABF0CB1AFA88A2DEA	B0EB272A09DFB15FB22D98371BCBC4C37420900A	1C7C9D089A763F8F11CB2F2A43D77C7F57670E15787387F5028B354361142246
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A07C4B1-758F-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	109119234A5EB7F9F10FF4710F2D6F4D	4CFC5A2D59A61884810B3F51B4BE1C033B81219C	4EF304309C5454CCC0E0216ADA3A126818ACAAA68FB3824C3B6E9EE0A8CDC9F5
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8068EF3C-758F-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	4CF23E379EE29D50DB3BC57B9C66C34C	78ECFF2FB0096356877B6B0E2AF8307989435B68	5D52307E75B9E521C18AB382B27CB84FCD438818482F6CB393B789F16CE5CC98
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	9D3D0CFB52208CC92D34839E9E0B707D	FFE2C9E1C6A994C96C1DCE7A9839413DFEEA3ADE	0AD16237EC577223E3CF16E6CBA720E91C2DAC35292202842DE883C794E2F09B
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	16E8BE9EFA7D3F36D2DA65B1C0FA0970	19EA5BE5A8B55A27C804334E04C1F7A69C6F7B4B	C86CF586CF34225CB968D9669114B221A3217D90BFB893818D1391023474096D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	FB2D0D86E31B8DD582E9AF9087154B5F	A78EF6D05907231D651A88AEB707EEC83F66C146	D8DE338F0584DDEA3C3BC4F1E7019D8A04248B690E7F888691BC6464D48E420C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	C1B8D3A4C2ADB21E45C74D30F06A10B8	459E2EDF48782F4762533D6BD0813F9972D4CA44	71DE2DC99DB9671788D7AC2C48FACC753DDF2E7DF780C5A6CB3A213E06E388E8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	0143616566B85D488CE72573178EC50F	B8C816994DE2386ABFBE87ED4BF0F443BC3C99F5	1AC3E5EA288A8F973ED41C06E6F80EDA81D9998CA2E3E39BA1DF25769B4B620E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	8DA9D8329435D0EB699631B64A17F039	26F125EE5DC3DC5DC27710AD70BCCBEE916024C4	1B711F4514E05A713D53AEE6F9EEE45E11D6627DFE61723A4A857E5FB97D6881
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	4A84F18D6456263B2B9BC517824823D9	DCD91A60D1B1A56518F048BEBEEC21AE1FABC6EF	E3C04748C816FDD0251FD2A66B9F42255575F9A508568F9301C4FB74C68EB44B
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	4D1424E52E1960C99ED77285685B85A1	143296D43C412FE6FC625CFD41465DFD13008BD0	248F9DC2A6BE2A06D8671EDF494139E8706F6C6B29162FA8DC6084BBE75D0B9C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	66F938412C2C59022611A1776FEAAED2	511CBBB5A4DCB090EE3DDDA92B10A09C38129427	2D2AA9568E2B54F188674CFF601D671382ED113BD73B9D85F45578F76281535A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat	data	C90998AAA4D6CCB630CBF6B2F03042FA	73339A2A912AA0346C0FA992B559756F896D451A	03BAD78E44C1D9532A89EA6F3A28EEF092AC30373D6CA529F3AB307CF3EBF5A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\arrow_left[1].svg	SVG Scalable Vector Graphics image	A9CC2824EF3517B6C4160DCF8FF7D410	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\ellipsis_white[1].svg	SVG Scalable Vector Graphics image	5AC590EE72BFE06A7CECFD75B588AD73	DDA2CB89A241BC424746D8CF2A22A35535094611	6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\EJ6HO1WF.htm	HTML document, ASCII text	4409D7C0E57559F8455396193A7A2631	FA44365A92F1EEFB1924760A99C7D2D5209DDAAF	5EC342C9CC23C6683AAFFC3D63C020543397184A948FFECD994CA25A1FAF3648
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\favicon[1].ico	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	7CDD5A7E87E82D145E7F82358F9EBD04	265104CAD00300E4094F8CE6A9EDC86E54812EAD	5D91563B6ACD54468AE282083CF9EE3D2C9B2DAA45A8DE9CB661C2195B9F6CBF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\firstmsg1[1].png	PNG image data, 353 x 41, 8-bit/color RGBA, non-interlaced	B7EA3983E3C2D7E5F61B8D1B42758189	FE0817947CA4BC53152ED9378470675D9AF189FD	7B6CF23AC2454B039DDF4F51B7074636ED5B08B6A1D254A47430C4ACE2A3569D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\inv-big-background[1].png	PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced	62DDD263C8A6A4C9074E205B91182D04	1B56D11B012DD79DD99212EBB54ADCFB60920A9D	A59EA699D353D00FF2999111F9FA11FB73A47EDA7800642609CA230560EA3703
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\passwrd[1].png	PNG image data, 69 x 34, 8-bit/color RGBA, non-interlaced	4F2A1D382216546E2C3BC620497FD4E3	F785EC5967B5666387304F779306F9C3E3359FF4	105C03D3360CDB953585482374B2CC953D090741037502B0609629F5BB0135B7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\sigin[1].png	PNG image data, 108 x 32, 8-bit/color RGBA, non-interlaced	681B83E88BA6AACCC72705FBF9F2257B	D69957C47026108511225160BE9BD15788D26E14	F32A760F15530284447282AF5C7D0825BABF8BC4739E073928F6128830819F7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ellipsis_grey[1].svg	SVG Scalable Vector Graphics image	2B5D393DB04A5E6E1F739CB266E65B4C	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\enterpass[1].png	PNG image data, 170 x 29, 8-bit/color RGB, non-interlaced	BD6E291A9A3CC17ED37605E4FF0010CC	6C1EFD74231E3D253E0F51E4656ECED2F3335D71	706DE242E7C3CFC4B16BA8174723F26FB80566C3171E9E795F057476011A5DE1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\authorize_client_id_rbjev5ld-ter8-nrba-rviq-g1okelty80v5_mscx13gp7ov0zb89htqlfej5yni2wdkru4a69hf24uc5knyilzr10o6v7bam8qwe3stjxdgpwjuvzb73sptoa14dkn0il2mc68qyh59egfrx[1].htm	data	0C1D80D078B619667EE6BD7DF6B7D253	B4033F6475096F2B66ABCEA37DEA12C926BB8B23	3322825E1FCD088269058D9C3063490AD65F658DCE0527FCE2D68F720AA991E8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\forgpass[1].png	PNG image data, 121 x 20, 8-bit/color RGB, non-interlaced	B19CAC60E41C79BD974C1080088C6FEF	FFE553D8CA430DD309494E910A989271648A4DDD	E29DB32031DC537AEE9CB557B408395F3324F1E0F744349C0CDF943A3AF39296
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\style[1].css	ASCII text, with very long lines, with no line terminators	9F94F80A5DC09BB962778175292195BC	A7F2E32B422AC9654F39EA870E403599791FCE1C	1CF4B3AD7ABF3189E78C1B3BD07308C92A03FA795FDBC5821FCDE24030CFEAD0
C:\Users\user\AppData\Local\Temp\~DF31CA591828887135.TMP	data	A5732EB9F8F689F6F381556CE36F516F	944084DCF51EE5BE97AFC89496F79C02606E6918	EE12659D9C0441ED7102DBF523D79A25C6FC3CBB19F3C0A4A70D03C09F8B98E7
C:\Users\user\AppData\Local\Temp\~DF510D92E2FD96CFB5.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DFA8B2F17F0A132309.TMP	data	9325AFC52E1946AAE0CC377B3F73C54D	0B762B6BB120FE360520BEA39155C9EED8AA25B3	E8307FB894B7DF9034A4537C9DE3C6A61D0F870F0670595B790A547BC3A27C3B

Analysis Report receipt145.htm

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs