Analysis Report smartandfinalTicket#51347303511505986.htm

Overview

General Information

Sample Name:	smartandfinalTicket#51347303511505986.htm
Analysis ID:	356325
MD5:	5f42d465e7e680e051a74bb797bc6535
SHA1:	843faae5f7d10488aed129367e8ea7ada3396942
SHA256:	e4b97c79b4c90cb26a1c518bc1a6d821444436d4420d1e579b781b1c3704bb57
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish_10

JA3 SSL client fingerprint seen in connection with other malware

Classification

Signatures

AV Detection:

Antivirus detection for URL or domain

Source: https://sydneybuildingengineers.com.au/OfficeV4/authorize_client_id:5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg?data=dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on favicon image match)

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish_10

Source: Yara match	File source: 820094.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\authorize_client_id_5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg[1].htm, type: DROPPED

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 208.91.198.178:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 208.91.198.178:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49752 version: TLS 1.2

Networking:

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6aad3e8e,0x01d70964</date><accdate>0x6aad3e8e,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6aad3e8e,0x01d70964</date><accdate>0x6aad3e8e,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: saisas.com.co

Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: authorize_client_id_5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg[1].htm.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UN_r8OUuhs.ttf)
Source: {920BAF37-7557-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://saisas.com.co//Desktop/smartandfinalTicket#51347303511505986.htmexrobotosv4/?vishal.kumar
Source: ~DF0C840B5320C13C8C.TMP.1.dr, exrobotosv4[1].htm.3.dr	String found in binary or memory: https://saisas.com.co/exrobotosv4/?vishal.kumar
Source: smartandfinalTicket#51347303511505986.htm	String found in binary or memory: https://saisas.com.co/exrobotosv4?vishal.kumar
Source: OfficeV4[1].htm.3.dr	String found in binary or memory: https://sydneybuildingengineers.com.au/OfficeV4/?/dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t
Source: ~DF0C840B5320C13C8C.TMP.1.dr	String found in binary or memory: https://sydneybuildingengineers.com.au/OfficeV4/authorize_client_id:5g1afb80-7jfq-ask4-t1bx-5zw0d17r
Source: imagestore.dat.3.dr	String found in binary or memory: https://sydneybuildingengineers.com.au/OfficeV4/images/favicon.ico~
Source: exrobotosv4[1].htm0.3.dr	String found in binary or memory: https://sydneybuildingengineers.com.au/OfficeV4?/dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t
Source: {920BAF37-7557-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://sydneybuildingexrobotosv4/?vishal.kumar

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: unknown	HTTPS traffic detected: 208.91.198.178:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 208.91.198.178:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.winHTM@3/31@3/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{920BAF35-7557-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF837C423F64999335.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6832 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6832 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
208.91.198.178	unknown	United States		394695	PUBLIC-DOMAIN-REGISTRYUS	false
192.169.157.161	unknown	United States		398101	GO-DADDY-COM-LLCUS	false

Private

IP
192.168.2.1

Contacted Domains

Name	IP	Active
saisas.com.co	208.91.198.178	true
sydneybuildingengineers.com.au	192.169.157.161	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://sydneybuildingengineers.com.au/OfficeV4/authorize_client_id:5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg?data=dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

ID:	356325
Product:	CloudBasic
Start time:	22:46:52
Start date:	22.02.2021
Sample:	smartandfinalTicket#51347303511505986.htm
Cookbook:	defaultwindowshtmlcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	5f42d465e7e680e051a74bb797bc6535
SHA1:	843faae5f7d10488aed129367e8ea7ada3396942
SHA256:	e4b97c79b4c90cb26a1c518bc1a6d821444436d4420d1e579b781b1c3704bb57
Filetype:	HyperText Markup Language (31031/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{920BAF35-7557-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	CC0839461BF3524F53495B614F900C1E	ED510A27010418870F36443495B871535085B250	F7B62B91A8DB59B574E9EFAAE8320B7CCEDC3EF8320784A6A9B7957FF29C4667
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{920BAF37-7557-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	05C7154E35AB6A2A8F7DC63F4E289274	3DF842FAE87B7D0333779E67DD02206A10CAE68D	AA2BE18E8E34CA217B8F5F1925C4AD974F7B58F34030B479C9757202CE2408C8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99B83FD3-7557-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	E67013FA0FABB1BEAD4BED5951E7B836	830F3173699D9ECFA9EBE7264C154CB8CE63E4FE	27633182774D0D0714849DAE741BB2AE60DF5DD3D627C1B70AB9EA2F361BB161
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	0D082AF07F390BE14E01DF31C5E60DA9	39045AA5551DA28B35CCE55585A59903CEB60E00	D66311C9E09CBFACCF84EAA121DEA78045825185D4FBCE3F7546F3EDC60C8347
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	E01331A6EB1343F508DA169504CEB422	E39AA20353A9B5F5399B488610494C8B8AA00F1F	60E926C69C992C0A1B23D09118021D3CDF4EE4959BA5357E07C60FC56C2A2366
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	90C17E549181CFDF88BC408E181AD19C	39470F72E77D650AD6009BCC5803FEDCC50F2663	6BCF727C5C6A044FD1D7C2ECAD7FEC76A3D4E41BBEA889B7A17FF5752A18E0A3
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	29BE80C87E97121C213CB3D34327E385	80AA8DA5E6751E11848E3244620E117C790D3542	24691562C62340B2BA95A94742E3F6B545B32ADABC46F500360648DEC10D8425
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	2C9F501DA18158DCA76A8FF7DA4F29CE	6B97A5EAD015D84EA709C81C4C90E862156D6DD5	8266CEE2AC9ABC4A35E58DE8A7AF318D2222F35A3FA927998CD6B73B8E71F35E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	6FD9BBD0AE034CE87D8A53D91420C3CE	E92964FE90C2B07EC8216A6688EAE1F236D4516C	A198B08AD5A452352E7DC23989B3DD8093ABBD30DC95E0A3A145D481F01C00A0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	52D0BECF21B145CD666A40B605025EE9	C3C3CFADDE941BF6D3190549487AC88E2933C48C	12368EAE89D2A863C281446F62EEB1F741CEE6DE04EF8EFD7C9CF2CC8F9B6A9C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	399EF1928730BF78593B16DEAC7D6E5B	12DEEE1FC18CEB67EA7A6A1AD4523F23D3A74C22	8DA5512F1CE5B50803EF119E838D0D4B1F5BBABAD70CF4F5C53DA64B7045E4A3
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	6357EE3D77268A8D600CEB67605E98D5	E3DB30439696F58DF0F42585975851511D364702	E4B037D9150B24D7D217D77488AEBBB157D62A36951A1C853059811F7F495D95
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	E6E35AB1BEEB430776892C9C1CECB5E6	AD73F61752F8757E5B5A1B7F908C550455232763	A491F1D67AE301A620C6943F2CB1DCE28159E9C131AF286030026DB49A51A929
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\enterpass[1].png	PNG image data, 170 x 29, 8-bit/color RGB, non-interlaced	BD6E291A9A3CC17ED37605E4FF0010CC	6C1EFD74231E3D253E0F51E4656ECED2F3335D71	706DE242E7C3CFC4B16BA8174723F26FB80566C3171E9E795F057476011A5DE1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\exrobotosv4[1].htm	HTML document, ASCII text	2B9C6FB3BF190B5120DB7A101A6423A1	036A29B9FD863690D0E9B587F23AC8AD7FF43318	A8B64AD32CC041DBA431BDB513F7B32D9A0136B946098C41316DA8FE6910AABA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\forgpass[1].png	PNG image data, 121 x 20, 8-bit/color RGB, non-interlaced	B19CAC60E41C79BD974C1080088C6FEF	FFE553D8CA430DD309494E910A989271648A4DDD	E29DB32031DC537AEE9CB557B408395F3324F1E0F744349C0CDF943A3AF39296
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sigin[1].png	PNG image data, 108 x 32, 8-bit/color RGBA, non-interlaced	681B83E88BA6AACCC72705FBF9F2257B	D69957C47026108511225160BE9BD15788D26E14	F32A760F15530284447282AF5C7D0825BABF8BC4739E073928F6128830819F7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\OfficeV4[1].htm	HTML document, ASCII text	1F050ABD9871AB7BC253372B20676707	FAF361AABE24FB11BF6E138AAE938309D2C8846B	390FB9037C5F93F9C6FBEDA176512667FBF586A11C1A61677C9A94F2A1A03639
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon[1].ico	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	7CDD5A7E87E82D145E7F82358F9EBD04	265104CAD00300E4094F8CE6A9EDC86E54812EAD	5D91563B6ACD54468AE282083CF9EE3D2C9B2DAA45A8DE9CB661C2195B9F6CBF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\firstmsg1[1].png	PNG image data, 353 x 41, 8-bit/color RGBA, non-interlaced	B7EA3983E3C2D7E5F61B8D1B42758189	FE0817947CA4BC53152ED9378470675D9AF189FD	7B6CF23AC2454B039DDF4F51B7074636ED5B08B6A1D254A47430C4ACE2A3569D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\arrow_left[1].svg	SVG Scalable Vector Graphics image	A9CC2824EF3517B6C4160DCF8FF7D410	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\authorize_client_id_5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg[1].htm	data	09C38B34378DC77C039A763ABDC79BFC	FC8E6EAC6934571B6770EF0385EE0F90090E9E4D	7DD245A1505B111C1DF02CB04687FE51FCE3ABDD8F1E39A8B9C26997FD5C7791
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\inv-big-background[1].png	PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced	62DDD263C8A6A4C9074E205B91182D04	1B56D11B012DD79DD99212EBB54ADCFB60920A9D	A59EA699D353D00FF2999111F9FA11FB73A47EDA7800642609CA230560EA3703
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\passwrd[1].png	PNG image data, 69 x 34, 8-bit/color RGBA, non-interlaced	4F2A1D382216546E2C3BC620497FD4E3	F785EC5967B5666387304F779306F9C3E3359FF4	105C03D3360CDB953585482374B2CC953D090741037502B0609629F5BB0135B7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\style[1].css	ASCII text, with very long lines, with no line terminators	9F94F80A5DC09BB962778175292195BC	A7F2E32B422AC9654F39EA870E403599791FCE1C	1CF4B3AD7ABF3189E78C1B3BD07308C92A03FA795FDBC5821FCDE24030CFEAD0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ellipsis_grey[1].svg	SVG Scalable Vector Graphics image	2B5D393DB04A5E6E1F739CB266E65B4C	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ellipsis_white[1].svg	SVG Scalable Vector Graphics image	5AC590EE72BFE06A7CECFD75B588AD73	DDA2CB89A241BC424746D8CF2A22A35535094611	6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\exrobotosv4[1].htm	HTML document, ASCII text	8811C2BED058D34E67AAB7C4E57B0223	004F00A5154F6D0A3D14F2CAA409DA9521CDB550	B231234616F9B76794F2AEDC3038DFBEB5DFA37E2D924D1A55DDC679608AE288
C:\Users\user\AppData\Local\Temp\~DF0C840B5320C13C8C.TMP	data	39EBA000C28E4BAE67BDFED43BAA54A2	4FEBC8D5E77845E177C0B53D3C56D48FD552F203	7B73DF045AB6A2F7B0BCA3C8EBB202096A9157D511567BEAAED5C3927E10D3B3
C:\Users\user\AppData\Local\Temp\~DF837C423F64999335.TMP	data	9794E786A7D9719EDA29406BBCDDFB7C	F0136E6D96B2141675DA4664450320759C1A9C41	499C84543D837C8D76E7DE67A525B29DD83AE227ADFBE5ABF290ED429645B73D
C:\Users\user\AppData\Local\Temp\~DFC6F44CA59B7DB5F9.TMP	data	A55B6CDE2DA92BC4E46420F0691E946B	B35878C65074EC1D692D6486FCCFC1ED77B38321	C530022B78638EC2CF3695EC132B28855CC2DCCC07D57754AD065D8A8ECA3F05

Analysis Report smartandfinalTicket#51347303511505986.htm

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs