Analysis Report http://www.emailing.nespresso.com/r/?id=h769639fb,5102ea95,508b93ed&p1=l-at.club/ca/fr/unsubscribe?cmp=ZGxhbmVAaW5ub3ZpYS5jb20=&t=43412431243232383631323824465224323032312D30322D3033&c=323232353734

Overview

General Information

Sample URL:	http://www.emailing.nespresso.com/r/?id=h769639fb,5102ea95,508b93ed&p1=l-at.club/ca/fr/unsubscribe?cmp=ZGxhbmVAaW5ub3ZpYS5jb20=&t=43412431243232383631323824465224323032312D30322D3033&c=323232353734
Analysis ID:	358570
Infos:
Most interesting Screenshot:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on shot template match)

Classification

Signatures

Phishing:

Phishing site detected (based on shot template match)

Source: https://l-at.club/main/

Matcher: Template: matched

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 192.236.154.154:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.236.154.154:443 -> 192.168.2.3:49719 version: TLS 1.2

Networking:

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf20d35f7,0x01d70bfe</date><accdate>0xf20d35f7,0x01d70bfe</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf20d35f7,0x01d70bfe</date><accdate>0xf20d35f7,0x01d70bfe</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf20f985b,0x01d70bfe</date><accdate>0xf20f985b,0x01d70bfe</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf20f985b,0x01d70bfe</date><accdate>0xf20f985b,0x01d70bfe</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf211faae,0x01d70bfe</date><accdate>0xf211faae,0x01d70bfe</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf211faae,0x01d70bfe</date><accdate>0xf211faae,0x01d70bfe</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: www.emailing.nespresso.com

Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: KFOmCnqEu92Fr1Mu4mxP[1].ttf.3.dr, KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf.3.dr, KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf.3.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: recaptcha__en[1].js.3.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.3.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.3.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: bootstrap.min[1].css.3.dr	String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].css.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: {1B44EFEA-77F2-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://l-at.club/ca/fr/unsubscribe?cmp=ZGxhbmVAaW5ub3ZpYS5jb20=&t=434124312432323836313238244652243
Source: {1B44EFEA-77F2-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://l-at.club/main/
Source: ~DF9CBFC16E69B9A4A0.TMP.1.dr	String found in binary or memory: https://l-at.club/main/unsubscribe?cmp=ZGxhbmVAaW5ub3ZpYS5jb20=&t=4341243124323238363132382446522432
Source: {1B44EFEA-77F2-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://l-at.club/mainr/unsubscribe?cmp=ZGxhbmVAaW5ub3ZpYS5jb20=&t=434124312432323836313238244652243
Source: recaptcha__en[1].js.3.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: main[1].htm.3.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
Source: recaptcha__en[1].js.3.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.3.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.3.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.3.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: recaptcha__en[1].js.3.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: main[1].htm.3.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: anchor[1].htm.3.dr, bframe[1].htm.3.dr, api[1].js.3.dr, recaptcha__en[1].js.3.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: {1B44EFEA-77F2-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lff6mUaAAAAAEgSfmnyB3bQ-kBmtx8ar1m3-EaI&co=aHR0
Source: {1B44EFEA-77F2-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/bframe?hl=en&v=jxFQ7RQ9s9HTGKeWcoa6UQdD&k=6Lff6mUaAAAAAEgSfmny
Source: anchor[1].htm.3.dr, bframe[1].htm.3.dr, webworker[1].js.3.dr, api[1].js.3.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/recaptcha__en.js
Source: anchor[1].htm.3.dr, bframe[1].htm.3.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/styles__ltr.css

Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 192.236.154.154:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.236.154.154:443 -> 192.168.2.3:49719 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal48.phis.win@3/31@4/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFB3C93A62F3F868D4.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3352 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3352 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
192.236.154.154	unknown	United States		54290	HOSTWINDSUS	false

Private

IP
192.168.2.1

Contacted Domains

Name	IP	Active
l-at.club	192.236.154.154	true
stackpath.bootstrapcdn.com	unknown	unknown
www.emailing.nespresso.com	unknown	unknown
favicon.ico	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://l-at.club/main/	true		unknown

ID:	358570
Product:	CloudBasic
Start time:	21:18:05
Start date:	25.02.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\HWE62H4P\www.google[1].xml	ASCII text, with no line terminators	1468AA83832E822902A99980397CFCA8	BDA4964C15CC025B4855F050041CF47FACE92583	6737466BF8D8653D90A00A9A0AF93854ACD8037EF31809F9CFD610A7F0B90030
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B44EFE8-77F2-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	D63F36214B00ACEEDC9B1CA4A15A4D2A	E2371F5692A185CF0C576050FC08CA6A32C2A655	1ABE756FEB2ED4846A1A5E94B6CA6F39BF740B8F88DF017C684EAD947F6F9334
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B44EFEA-77F2-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	120952B03BFB929313BA4449E2F20C5F	86AFA29B8829D13179E5CEF23F2B73DCA592EE9F	6BA5351DC7F26F26321E1061655DBE0C699F4CC870C459E3EEBF4481D09B32C0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B44EFEB-77F2-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	B52F5317D641ADC0E7AD801A11B701D5	243778556170D9580542939FD183DF60901B0D33	2C5AA1CE7F703B184A0ECD15649484A3AFFCE0D03D96A0853A409D9477BAD7E5
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	8500EAC46430E2BFF8E9824D0B8EE428	CFDFEA6D558AA3338FCDF7235AAA7807CD091D0D	8626DE0FEFA2F8E2E9C214EE11CE1C13C66D3FC96AC0B39527A27FECCA44EEFE
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	FE2E892847C9E5CE1265844A1AE951E1	CD12F0F33F513F239AE4853DB3FD9AC1598D68F9	02C6B5951652759146FF41D306A3C337EDFD44947A3295B0906536AFE8DF99BE
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	4F06798A38BC009A3B803FCFA7DF6E8A	B4165596385327D2441D81195647EA8CBBB95455	87B81913AB881E4B2CABC5C57E65BFD3B58C7E48596A1CA446E110E783F8A9C4
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	86B7A4E148F5C92C410BBE04D4084F34	E6E788BD8D826060FC74A6C214F807B145A774DA	898F0466D9A8B2ED7C93694F9C9EFA51CD63A28CAC5ABD544D7BF179C21AED5D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	9791DE3A0696FEBDCF9349DE6E77EEC7	30E0D941EA002A6E3411E60B16D14630C2A69BAB	D590481D560239D6C94F63791A9B9ABDA7A2CD34139EF564F812A641A1DEAEB5
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	E9D21605EBE8878205E0C5A7FF5953BC	CFDE4C5B026D6B98EA97227B88CA1DD7D6B1F973	8BC0AD9E83A8490AAFA5102D0F150591B235B421450E5B819C4D73285172AA3A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	90EB3D0006520EAD5FB3F39FB2877E6B	F91DC840BF4452C8F90D737C40AC8691BB673574	1B30570777BD4341D3FA16D13D6DDF46EC7FC2A051B1E09F50BF915FF1122CB1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	300E6A318AF11B6B444384EA3D5157B2	1D249238782DED480132A6A5525E00DA28D01C6E	1C59D42C62A25EDFE9EC082ED7820B76E880573778BB3040035BA5CD721C0616
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	9D80D0482D2242BAA48C384FE3C0E128	E2153EBEFBCF2E87DDD3941B227F28B6D7B0A7A6	8A16BC031A764D25564D4BD6DCD6CA16B321893581E8A229C416C077E4B1EAE2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me	4D88404F733741EAACFDA2E318840A98	49E0F3D32666AC36205F84AC7457030CA0A9D95F	B464107219AF95400AF44C949574D9617DE760E100712D4DEC8F51A76C50DDA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla	4D99B85FA964307056C1410F78F51439	F8E30A1A61011F1EE42435D7E18BA7E21D4EE894	01027695832F4A3850663C9E798EB03EADFD1462D0B76E7C5AC6465D2D77DBD0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOmCnqEu92Fr1Mu4mxP[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht	372D0CC3288FE8E97DF49742BAEFCE90	754D9EAA4A009C42E8D6D40C632A1DAD6D44EC21	466989FD178CA6ED13641893B7003E5D6EC36E42C2A816DEE71F87B775EA097F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\logo_48[1].png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\recaptcha__en[1].js	ASCII text, with very long lines	32C49DC5F9FA12F530A84CD51D5E274A	89C75509FB3E3807679E55B57A4C0569A4B8EDD8	46C97699759B3239F2306F7D09DF96131FB1044315B07CFDD62B66C2E4C0125B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\webworker[1].js	ASCII text, with no line terminators	C4DE09C4DA7F5AC82A7022B16D6CA1E1	7B219909A24256D5BC57F6F25DFDDDB0DEDFEE43	AB1E16C1B3F793E0AEC723C7A7ADD9E179781105D1646CED630AF7007CA52720
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\api[1].js	ASCII text, with very long lines, with no line terminators	F265186D221473A895D2373E5666BC80	1B167F3E67EA18FD54FA21AFB265156B4AEAF7E6	7BE93782718B63BDF0478467DBAE39879064F603EB44D42A90A6C6FEE1EE81A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].css	ASCII text, with very long lines	A15C2AC3234AA8F6064EF9C1F7383C37	6E10354828454898FDA80F55F3DECB347FD9ED21	60B19E5DA6A9234FF9220668A5EC1125C157A268513256188EE80F2D2C8D8D36
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main[1].htm	HTML document, ASCII text, with very long lines	35215D0F2AD79BCAF364698DF19471BE	163534CE4E89EB0C0989A8885C535ECC60E6B2B5	8F3882B7A14723C994322F4379F9C5530594929EC8A98362FABBACD342A03482
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bframe[1].htm	HTML document, ASCII text	FA7EE097ECBE3171B44C06E4C395D44C	31AC1C16150A843020992A3FF00D1E947A85FDD7	54FBA8F33AB3E3EBAB58387AEFD96EB73EF40B9455105EF3E540394C8E87C6ED
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].htm	HTML document, ASCII text	83B862BEAD2D480026254FB2A6EB9969	26BAD9E6C1579172B0E3B6BC1C18918164FF6478	FB258CB538CA92D61C8CD4EB08CC23DA70C278B8766EAA731CE11E9B2F1DA4D4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otnuxQi5Wy3Eq9ZSf6m85_p8wZJ2BK7uby0VQVvK-UA[1].js	ASCII text, with very long lines, with no line terminators	7AD08192F8856DD00BB2A2F2186E231B	257BCF4051EAA0DF2BEA75DA9BDC89A2504E9BA6	A2D9EEC508B95B2DC4ABD6527FA9BCE7FA7CC1927604AEEE6F2D15415BCAF940
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\anchor[1].htm	HTML document, ASCII text, with very long lines	36F04426D4072B391A2C7053773B528F	29BC205710F70E83C1F1EFBFE107F7121F39A2A7	7E5251B0E50C39156112C0FCB42854DCFE1601A3DD27B7B6F82259266AC279C0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\styles__ltr[1].css	ASCII text, with very long lines, with no line terminators	E548DC0AEF0A21A2DF5B964EF93118AA	983091AEC1E7BFEB79F768E4B997C43B55EDE14A	6B08EA3A348838BC942AD470A757575975BD09459B63C1872C6E1129A6CA1939
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\unsubscribe[1].htm	HTML document, ASCII text	83B862BEAD2D480026254FB2A6EB9969	26BAD9E6C1579172B0E3B6BC1C18918164FF6478	FB258CB538CA92D61C8CD4EB08CC23DA70C278B8766EAA731CE11E9B2F1DA4D4
C:\Users\user\AppData\Local\Temp\~DF9CBFC16E69B9A4A0.TMP	data	B1D82C7B0890113312BF40989CF5D06B	74C8C749E13F85642141B17E8BEF36381C88D1C4	F310F84F07C2D865AEB1822F3592CFD4088E64D1CF67EB8BC790957619159058
C:\Users\user\AppData\Local\Temp\~DFA03943B27C5375FC.TMP	data	2C07563A6F321F94215D79B4D68E5ED3	8F03C0F44F7A24CA1E562D33CBCF6EE43ED69D3A	CC1D7673A7FBB6883A332A3AED5B72C76E391AB81B935546EE3AC53E2F91E447
C:\Users\user\AppData\Local\Temp\~DFB3C93A62F3F868D4.TMP	data	E4BFE0BB8CEEC9E95FB2AADA7B686BC2	4AED58A78DEC879A69381F6F7BC745746EED4983	F75AFB4DCFC01F3506AB7064CA92ED5A6B5B388BAA12931D81471645BE63895E

Analysis Report http://www.emailing.nespresso.com/r/?id=h769639fb,5102ea95,508b93ed&p1=l-at.club/ca/fr/unsubscribe?cmp=ZGxhbmVAaW5ub3ZpYS5jb20=&t=43412431243232383631323824465224323032312D30322D3033&c=323232353734

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs