Analysis Report https://ccaeperu.com/?real-estate-agent2938423

Overview

General Information

Sample URL:	https://ccaeperu.com/?real-estate-agent2938423
Analysis ID:	384636
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish10

HTML title does not match URL

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://ccaeperu.com/?real-estate-agent2938423

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/r.php?locale=en_US	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/r.php?locale=en_US	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	UrlScan: Label: phishing brand: facebook	Perma Link

Phishing:

Yara detected HtmlPhish10

Source: Yara match	File source: 562258.9.links.csv, type: HTML
Source: Yara match	File source: 562258.1.links.csv, type: HTML
Source: Yara match	File source: 562258.7.links.csv, type: HTML
Source: Yara match	File source: 562258.pages.csv, type: HTML
Source: Yara match	File source: 562258.5.links.csv, type: HTML
Source: Yara match	File source: 562258.8.links.csv, type: HTML
Source: Yara match	File source: 562258.6.links.csv, type: HTML
Source: Yara match	File source: 562258.4.links.csv, type: HTML
Source: Yara match	File source: 562258.3.links.csv, type: HTML
Source: Yara match	File source: 562258.2.links.csv, type: HTML
Source: Yara match	File source: 562258.10.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\VBLSBCBU.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\B0LQ5SBH.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\9HQ2AZB5.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6LTWT96P.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\G1MK1W1S.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\3GXKZCM3.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\HTQSVEM0.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RUFPPAMX.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\A5FVZRWT.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Z4A97TMF.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RqQo1U5NOq1[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\O7nelmd9XSI[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\r[1].htm, type: DROPPED

HTML title does not match URL

Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: Title: Log in does not match URL

Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: No <meta name="author".. found
Source: https://m.facebook.com/	HTTP Parser: No <meta name="author".. found
Source: https://m.facebook.com/	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: No <meta name="author".. found

Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: No <meta name="copyright".. found
Source: https://m.facebook.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://m.facebook.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 68.66.226.79:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.66.226.79:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49759 version: TLS 1.2

Source: VEs5hzVWt5B[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/09P_rcHKL4D/ equals www.facebook.com (Facebook)
Source: BwjU4B_qfpp[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/HAC-_9WTKIm/ equals www.facebook.com (Facebook)
Source: GonuXiY4BzC[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: GonuXiY4BzC[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: fzkbB_w4sxK[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: VEs5hzVWt5B[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/ZtTipMAcpq9/ equals www.facebook.com (Facebook)
Source: GonuXiY4BzC[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/e1uPfGqT9n9/ equals www.facebook.com (Facebook)
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.facebook.c equals www.facebook.com (Facebook)
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://www.facebook.com/-estate-agent2938423 equals www.facebook.com (Facebook)
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.facebook.creal-estate-agent2938423~ equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: ccaeperu.com

Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423.php?locale=en_USRoot
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423//-estate-agent2938423Root
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423Root
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=9tyym8t91xbt8b81mt81smbbm1s.
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=bnvtbtxmsbx1vy11snsm8nx8smbb
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=m9xvsybnvn1sv.bsnmnsyx119yb8
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=snstmsbsvtx.s1.smysttx.sv11m
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=stmn8bymn1v1.18svn81tv1ymtxt
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=svnv9tsbx9tbsttsnxbtbnt.mynx
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=vt9n.n11981t1t8b1t1xm1msm.s9
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=xbsmyynyy.8y18y8tvmsstm1ntys
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423om/-estate-agent2938423Root
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423~
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/r
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/r.php?locale=en_US
Source: ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/r.php?locale=en_US938423
Source: ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/r.php?locale=en_USB
Source: 9HQ2AZB5.htm.2.dr, VBLSBCBU.htm.2.dr, O7nelmd9XSI[1].htm.2.dr, RUFPPAMX.htm.2.dr, r[1].htm.2.dr, RqQo1U5NOq1[1].htm.2.dr, B0LQ5SBH.htm.2.dr, 6LTWT96P.htm.2.dr, G1MK1W1S.htm.2.dr, favicon[1].htm.2.dr, 3GXKZCM3.htm.2.dr, HTQSVEM0.htm.2.dr, favicon[1].htm0.2.dr, A5FVZRWT.htm.2.dr, Z4A97TMF.htm.2.dr	String found in binary or memory: https://developers.fb.com/?ref=pf
Source: 9HQ2AZB5.htm.2.dr	String found in binary or memory: https://fb.com/
Source: RpTFjVvO4D0[1].js.2.dr	String found in binary or memory: https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/y5/l/0
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/y6/l/0
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/qMrE4RFJBoQ.js?_nc_x=Ij3Wp8lg5Kz
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yR/r/kPkP7qOaPwj.js?_nc_x=Ij3Wp8lg5Kz
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/fzkbB_w4sxK.js?_nc_x=Ij3Wp8lg5Kz
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yb/l/0
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yj/l/0
Source: imagestore.dat.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/gB76kJXPYJV.png
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/vdzjXL4eT5D.js?_nc_x=Ij3Wp8lg5Kz
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3iK-b4/yR/l/en_US/W5StuHxENhR.js?_nc_x=Ij3Wp8lg5Kz
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.facebook.c
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.facebook.creal-estate-agent2938423~
Source: 9HQ2AZB5.htm.2.dr	String found in binary or memory: https://www.fb.com/rsrc.php/yl/r/H3nktOa7ZMg.ico
Source: VEs5hzVWt5B[1].js.2.dr	String found in binary or memory: https://www.internalfb.com/intern/invariant/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 68.66.226.79:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.66.226.79:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49759 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@3/61@12/4

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6767ACED-9935-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF0C626AC06D5E2361.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4828 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4828 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
157.240.17.15	unknown	United States	32934	FACEBOOKUS	false
68.66.226.79	ccaeperu.com	United States	55293	A2HOSTINGUS	false
157.240.219.13	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
157.240.17.35	star-mini.c10r.facebook.com	United States	32934	FACEBOOKUS	false

Contacted Domains

Name	IP	Active
star-mini.c10r.facebook.com	157.240.17.35	true
fbsbx.com	157.240.17.35	true
scontent.xx.fbcdn.net	157.240.219.13	true
fb.com	157.240.17.35	true
facebook.com	157.240.17.35	true
fbcdn.net	157.240.17.35	true
ccaeperu.com	68.66.226.79	true
www.fb.com	unknown	unknown
www.facebook.com	unknown	unknown
m.facebook.com	unknown	unknown
static.xx.fbcdn.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	true	100%, UrlScan, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	true	100%, UrlScan, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	true	100%, UrlScan, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	true	100%, UrlScan, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	true	100%, UrlScan, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	true	100%, UrlScan, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	true	100%, UrlScan, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://m.facebook.com/	false		high
https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://ccaeperu.com/?real-estate-agent2938423	true		unknown

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://ccaeperu.com/?real-estate-agent2938423

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/r.php?locale=en_US	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/r.php?locale=en_US	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	UrlScan: Label: phishing brand: facebook	Perma Link
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	UrlScan: Label: phishing brand: facebook	Perma Link

Phishing:

Yara detected HtmlPhish10

Source: Yara match	File source: 562258.9.links.csv, type: HTML
Source: Yara match	File source: 562258.1.links.csv, type: HTML
Source: Yara match	File source: 562258.7.links.csv, type: HTML
Source: Yara match	File source: 562258.pages.csv, type: HTML
Source: Yara match	File source: 562258.5.links.csv, type: HTML
Source: Yara match	File source: 562258.8.links.csv, type: HTML
Source: Yara match	File source: 562258.6.links.csv, type: HTML
Source: Yara match	File source: 562258.4.links.csv, type: HTML
Source: Yara match	File source: 562258.3.links.csv, type: HTML
Source: Yara match	File source: 562258.2.links.csv, type: HTML
Source: Yara match	File source: 562258.10.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\VBLSBCBU.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\B0LQ5SBH.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\9HQ2AZB5.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6LTWT96P.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\G1MK1W1S.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\3GXKZCM3.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\HTQSVEM0.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RUFPPAMX.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\A5FVZRWT.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Z4A97TMF.htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RqQo1U5NOq1[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\O7nelmd9XSI[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\r[1].htm, type: DROPPED

HTML title does not match URL

Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: Title: Log in does not match URL
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: Title: Log in does not match URL

Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: No <meta name="author".. found
Source: https://m.facebook.com/	HTTP Parser: No <meta name="author".. found
Source: https://m.facebook.com/	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: No <meta name="author".. found
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: No <meta name="author".. found

Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/r.php?locale=en_US	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?real-estate-agent2938423	HTTP Parser: No <meta name="copyright".. found
Source: https://m.facebook.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://m.facebook.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: No <meta name="copyright".. found
Source: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 68.66.226.79:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.66.226.79:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49759 version: TLS 1.2

Source: VEs5hzVWt5B[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/09P_rcHKL4D/ equals www.facebook.com (Facebook)
Source: BwjU4B_qfpp[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/HAC-_9WTKIm/ equals www.facebook.com (Facebook)
Source: GonuXiY4BzC[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: GonuXiY4BzC[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: fzkbB_w4sxK[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: VEs5hzVWt5B[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/ZtTipMAcpq9/ equals www.facebook.com (Facebook)
Source: GonuXiY4BzC[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/e1uPfGqT9n9/ equals www.facebook.com (Facebook)
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.facebook.c equals www.facebook.com (Facebook)
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://www.facebook.com/-estate-agent2938423 equals www.facebook.com (Facebook)
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.facebook.creal-estate-agent2938423~ equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: ccaeperu.com

Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423.php?locale=en_USRoot
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423//-estate-agent2938423Root
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423Root
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=9tyym8t91xbt8b81mt81smbbm1s.
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=bnvtbtxmsbx1vy11snsm8nx8smbb
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=m9xvsybnvn1sv.bsnmnsyx119yb8
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=snstmsbsvtx.s1.smysttx.sv11m
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=stmn8bymn1v1.18svn81tv1ymtxt
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=svnv9tsbx9tbsttsnxbtbnt.mynx
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=vt9n.n11981t1t8b1t1xm1msm.s9
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423cmd=xbsmyynyy.8y18y8tvmsstm1ntys
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423om/-estate-agent2938423Root
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/?real-estate-agent2938423~
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ccaeperu.com/r
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/r.php?locale=en_US
Source: ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/r.php?locale=en_US938423
Source: ~DF77662EBE27437295.TMP.1.dr	String found in binary or memory: https://ccaeperu.com/r.php?locale=en_USB
Source: 9HQ2AZB5.htm.2.dr, VBLSBCBU.htm.2.dr, O7nelmd9XSI[1].htm.2.dr, RUFPPAMX.htm.2.dr, r[1].htm.2.dr, RqQo1U5NOq1[1].htm.2.dr, B0LQ5SBH.htm.2.dr, 6LTWT96P.htm.2.dr, G1MK1W1S.htm.2.dr, favicon[1].htm.2.dr, 3GXKZCM3.htm.2.dr, HTQSVEM0.htm.2.dr, favicon[1].htm0.2.dr, A5FVZRWT.htm.2.dr, Z4A97TMF.htm.2.dr	String found in binary or memory: https://developers.fb.com/?ref=pf
Source: 9HQ2AZB5.htm.2.dr	String found in binary or memory: https://fb.com/
Source: RpTFjVvO4D0[1].js.2.dr	String found in binary or memory: https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/y5/l/0
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/y6/l/0
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/qMrE4RFJBoQ.js?_nc_x=Ij3Wp8lg5Kz
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yR/r/kPkP7qOaPwj.js?_nc_x=Ij3Wp8lg5Kz
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/fzkbB_w4sxK.js?_nc_x=Ij3Wp8lg5Kz
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yb/l/0
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yj/l/0
Source: imagestore.dat.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/gB76kJXPYJV.png
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/vdzjXL4eT5D.js?_nc_x=Ij3Wp8lg5Kz
Source: B9RXHZ5I.htm.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3iK-b4/yR/l/en_US/W5StuHxENhR.js?_nc_x=Ij3Wp8lg5Kz
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.facebook.c
Source: {6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.facebook.creal-estate-agent2938423~
Source: 9HQ2AZB5.htm.2.dr	String found in binary or memory: https://www.fb.com/rsrc.php/yl/r/H3nktOa7ZMg.ico
Source: VEs5hzVWt5B[1].js.2.dr	String found in binary or memory: https://www.internalfb.com/intern/invariant/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 68.66.226.79:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.66.226.79:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.219.13:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49759 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@3/61@12/4

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6767ACED-9935-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF0C626AC06D5E2361.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4828 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4828 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	384636
Product:	CloudBasic
Start time:	15:12:58
Start date:	09.04.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\m.facebook[1].xml	ASCII text, with no line terminators	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6767ACED-9935-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	0072F634E27348C1ED32B25CF30C8A59	8C9127D6C8D20F9FCCB1B12CAD9CDCC2E5CDFFC4	F0381FB3A528916666693066C76E78E6FF5AFEC8286E3FD082D0811F3D796C0A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	522FDB7AAB9213ED0C92C61A0A20ED02	1C0C9F33B4A2CD3F57CE0E298152777BD7C9F899	1EEF4E71EFE467AB09996BC8094FBCAB2652BD2BF1B01175953264B5F3B49FE8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6767ACF0-9935-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	7403594A64A8C0C933D26332B0DF38F7	6BFD9F5EAECCFEB51243142CC27F65FFBAEB81B0	4CB098360BB76BB0CD5EE49E5EAE1E9DDAEE0E24E597E2ABC9C7558CCB5410A2
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	B45F114C08F7D3AC943080A577EEE859	F45802E218840F07C2319E3EBC3D4F6E61B9E09E	DA10756673AF83C195C4B73C4B9AA54A90F82C4C9FA2295DBDBAB47304ACA2C7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\3GXKZCM3.htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	0FA61F48FCD95C41B86B0588F2413E0C	91154692B3D9E62E0BF8E5EE34364033AC293377	5BD1094305CC24100F7A9AE7FC112E89B3301E5FD3FDB404F5D46A5258A95BCB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\G1MK1W1S.htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	EF28B9AF4F55651692A7CEAE181CEE66	CCA27393E23A51424031BFA1F1A98868E0AB03FB	8E4A0DC19A03D5A9A9783E1DD9776DABDA062DA7A80AA1672845D6905592BCEF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\GonuXiY4BzC[1].js	ASCII text, with very long lines	F6BE46592D787A4E2D6B8F47470A92D9	3E4CC97625D2B22D34A097DDE0646A203B1A4333	5320C68A11331DCE100F37C976E9149E91DDAD5B4FC8A4F2B4415D8372A85247
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\HTQSVEM0.htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	6286B4F1462506B5F00A31FB92825163	4133D5403B0968AF3CAA9BCE6736497F995B64DC	3249F1C5A088AB929405754A6A63F88A5F892572D24B338FB6FBD48AF2C33B81
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\MNiY97WzXPw[1].js	C source, ASCII text, with very long lines	32725573142525786F658FBEEB46EE50	27535B2678FE89C958AAB3D4B3E21739615712D8	5C81B60060ADAE5945A11F94D02AC2FF7C7CE4DBC8CD69000C359CA08F1CAA57
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RqQo1U5NOq1[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	19ECE2E22F1A74AF578795E2CE42889B	A86644AB62A4D727442FC479F04A8D7C34F21F90	978C6DAFEE34473356E240B4367FEB9D19CB008175DAE8240154C6A924E2B9C0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\SWQSh8s8jr2[1].css	ASCII text, with very long lines	56F1012F9038610D4323E60F0336AC92	0B88B14D347366B714CD6555D437E2E6FB4ED9A7	9B49292E18BA707E5B84526E5F35CADF7A7246AA847087B7C20137B21BF6B4A2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\VEs5hzVWt5B[1].js	ASCII text, with very long lines	346028FD22C2848201627CACD87E7E44	13C2B4E0E4C4423F0D3FF62C4BAA75E6C338499F	C91668125CE2BF6CF670222B82CCEED766B58341111704D5026C739A0902F0CF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Z4A97TMF.htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	89EA7E50F3FFFA5B61C5748E9365F028	182A4DDFB7A04717D564808C8729EB96C8D56320	90C799C4F26600200AB43D1F68C4CF85B127264E102FA32C529A9A44C8F70C54
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	94DE0293BBF1D6835E4DCC5DC4347CF2	8595B0AEF14CB94E06417ACD87076AC48007B978	A4DAF526FDF6517104DFA2529621A75FE6D06D69999F59B198235DC062A11C75
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\gB76kJXPYJV[1].png	PNG image data, 196 x 196, 8-bit colormap, non-interlaced	389DFA18BE34D8CF767E06FD5CDE4EC6	47B751CFFAB47D076816C63CE08D3E84600376EE	3C45CE612F41B1E7936E7CF5B235047344FD3146D1630E342F186D1D1E8E00D5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\r[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	5F765609AE5CA78BB8AB72D384A6B249	056B5237448F26AB246BCF3F1ADDC98BA976C565	ECB55D76491AF70B3A48A983E1EABD71A4D0F7CB1A13B9D2450BEDAFB3B6D0D3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sO8pFbm5AdZ[1].png	PNG image data, 124 x 279, 8-bit colormap, non-interlaced	C0ACD687DA43DABDE2DE3B7C72C5D0F6	140C33E1836ABCAD4142608A7E77A9A099820EB6	E91CBEE69B8C4EBEE53B0DB95AB385E9F6EA4BEA7FBC1B08B3961F5B87101221
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\22KpFFJQuZn[1].css	ASCII text, with very long lines	A62D62FD8007344163F69A268E7E918A	8C0A433D5E0BB8AE23C6AE5B302D51E77B0D195B	D05D03A47182FD8C95735DAF2F65F2B80B8A8545DD6C0E271CFE3FDCCBF81246
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2b4ptAQoeCF[1].js	ASCII text, with very long lines	BFEE33A16601268523152A0F32A72380	F87C42234BC8715AA6D6AEFE80D722E2B94F2221	F7808EC7FF2FFE1C0F9D01EF87BDB7A9DB00DB99D65A2750FCD2AFE082ACC873
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BwjU4B_qfpp[1].js	ASCII text, with very long lines	AA319BB3DC5CA571817088C857306945	D89ED924EE578B70C99317DA2AA480D95A6FCFE8	9F737A9DDC6C4ED27D748F1571A6041EECDA3DFD7C391898CC35B01F0E6C435D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\IxxDAbiZepi[1].css	ASCII text, with very long lines	3B0814188433956AF3D73648D0DB00B7	49BB4B80E746AA2296DDB987BA8D49F911D4E4B4	28FC8DA452C6C21D1AEDA674F2F6B8864504FBE8A1823EEBB6CE1814836AF08E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\JopZtdti8dq[1].js	ASCII text, with very long lines	3D275AC87B7225FAE26690F31A3110F1	D72083AD2A31CBC8BEA643676F2B214F2028A26A	95D95840165EA5FC374A27F1CFFE88A1B3D033562916EF1071393C9C8ADBFE86
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\NOmsNpPjqKN[1].js	ASCII text, with very long lines	BD36C07720E78ECA14E40F732B0DEA96	9400166538F6F65A89E1C102CCA07DAE82C4FF34	404CBEFB1D9A3B2CD4F723C8553D714EA257E78B3691BC1BB37BF1F78A192AD6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\QrKwBeCiZyv[1].css	ASCII text, with very long lines	B2FB748287798413178D4E1A1476E5C2	2517605D2727663377491224AACFA365209C6721	9D427CB90E448F435ACBF1BD66AC37C7CEC6E8B8AFA5BF8D691FC80C51F62DE2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RUFPPAMX.htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	AC309C3BBE172ED5CBC37060FCD0B5CC	BCDAA6B0997F4B82EF90C360950B2AB3B485D931	24EFD34CFDA269AE64A495DEEFEADA684AB3F3CE990363FA869BAC8AF47B6B7F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RpTFjVvO4D0[1].js	ASCII text, with very long lines	5120667A686AB2528C050D156D27B811	C69B77AF43F14EFB4951367CF6A4EEEA661F6219	5147F2B0C3A7E731F599FDB80503F7D445BFAFB8736B512166A166906E926759
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\TAH3WlPZB8H[1].js	ASCII text, with very long lines	29EBFF3A7ACAB502296B5C2FD1283962	2C443237A07210D4FD5E1073D2AB1263F2AAE6FF	7FCF2EA5DCBBE5ED06D0740A3E2A22C2B474C2ED4F6F7BA87EB8F9DDEE7EC0F3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\h3jijAStzKK[1].css	ASCII text, with very long lines	2546EA47AA7749C9BA01D2EDEF9C87F2	67E90018EDFD011A95692EF3549BD2C420A1126C	17359A995DE7DEF07EA79A016F3506C1ED56B3C8C9AFC8F9A1C76F7ABB9636A4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\n4bGLjGRWrl[1].js	ASCII text, with very long lines	4E068352658B4E168C79AA686F611FA8	EAF91AFAA2AB1F6C0D16A284B51284BC5158C42F	5E75640FA4EAA50080551EE539B16841EC479343BB40891F91D7092B5C7FF901
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\vjVEyrdqGK6[1].css	ASCII text, with very long lines	E431EF5BA54E86632644507C1625DBE0	368235C186B92B7ED6BED000CA718EB432F21864	15DF2A9AEC645B1DC61F7688529859C0DC4C58DDF9DA3798E9951D9DAB185D36
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\1487645_6012475414660_1439393861_n[1].png	PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced	8DC258A49B60FAE051E9A7CE11AD05CF	DAFEF280663F4205FC7F0E47799E9945E6A68D6D	C8CAED93847AFFC154CB3D424E34FC146E7340BB29ABEBD5EBA7063E3DCA0604
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6LTWT96P.htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	3EFD2F3A4034940DC005B22CF17C2A2C	C4204FE95E7C3189B65DD33AEC0438D941CF3935	4121DB577DE5FAECEB0BB546C53CFF8A71642F56D7AF4B493EE6932F19EB126A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6jPqzzsJS-8[1].png	PNG image data, 25 x 50, 8-bit colormap, non-interlaced	49BC583875987E80421183496C664F95	A1D9900FDECED487CC9B2F8FD626DCCBD79F6C6C	8A31B173A18165F976983AC2F0FACF472378ECB9523FA1B87580755448ED0F7C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\A5FVZRWT.htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	C62C76D4225B37F3A18B8D189398348C	D24E12A2222283BB46396F21FFA46B03B40BCC32	67518687B5587DBC89A222E15381BDF2DF5857C2F118986498EC6A38081345F5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\B0LQ5SBH.htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	F286B16912453EE003BE85434993A4DF	10D1CCB31E70AB691321FD40B3FC917E60A9C8AC	57230F4234A78BFF4A5599F2B424BEEE41A253F9F85D2FB8996116C3E451C914
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\B9RXHZ5I.htm	HTML document, UTF-8 Unicode text, with very long lines	F70CAEBF3F5310D809952C71719333E6	C322BD913A0950801807CF09546C26ECC338576A	C5AA40C15EC8C30A9375126860CDA2039423D612E975BFD4D5C534AEB4A5CE2F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\O7nelmd9XSI[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	17E700BFBAB3EBF99E42ABD15B1E0CED	648FA128A1999BE6C084F759863E2D27B345EA32	A75E1B10E2B21B657C7DF9B46FE7F5B40A2064C3A2C907C05653E852BD38E1EC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\TRX669RO.htm	HTML document, ASCII text, with very long lines, with no line terminators	7B81ED1A40E222900D10C6B6880509CB	26B6273003550AB1A37713318266ED3928B6D967	70CD41F31AA8D8E560B362A36A404F3FCD5D9BB9C25E20B179F08B0C3BEAC0D2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Z2s1olWKEnZ[1].css	ASCII text, with very long lines	D01072DED8F324BC7AA58945B67ED06E	56DEE4A8631FEDB03AF1D18A2A7DEF90171CA166	4D1335258BC3B6BAC34C46278F0BFE34C7B6F42BF7B71FA1A7EC6251A6710A7D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ahNSxu_HONL[1].css	ASCII text, with very long lines	461EB8488518B615E35A46E9FCD9D153	2061F911C22E64533D4F9FE84858911BFA30499B	C4AC11AA7BF4ED601CFA3D9F43BF8889ACDC51B4334C96AC0F50E0652344E95E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	CBCD7E47C1D933F744D7F063864C0CAC	5DD83D065BFDAD3CE3057AF4E9EB0764105C1B54	18F9C171FB1D422A38DEB4211983FC25F6E318BACC3941FD3BBC1ADCC96A3CFD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\fzkbB_w4sxK[1].js	ASCII text, with very long lines	491EC01003B04E45EAD30DC74FBEE0D4	39010359BC432B9968BDFC527C06DF0A1AA83359	0A1465669DD7D447C8D681757A7F8B1716D9A3C1377E9F07AF9C7400A8CD9625
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\kPkP7qOaPwj[1].js	ASCII text, with very long lines	B68DF8E0C602CBBE2DE69A972434E9E5	2D922F3BC1B1200163913C1EBD330C315E6CD00A	AA38C0FACA53151E1B91B3D9BE06F8300A624E16335F9EEC803F5EB9E62B8504
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\qMrE4RFJBoQ[1].js	ASCII text, with very long lines	24A19D20FA5E0D65E7BD4F2DE56B99CD	6F5DF27C52FAD92577BDFA16D32474FA8F5348FC	0A1BBC175701C580963EDE7ED4A9123501F799093E9C8EC937079AF9122448A7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\vdzjXL4eT5D[1].js	ASCII text, with very long lines	4EFF4044F57721F7EA0160601470AD0A	8CE1513DB599D66AFA74A41553F5BBE1CA5E79AA	02884C499F49E11926E5D61894DEC87E86071159D2E536833174C16A068F45B5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\4MFjarAmouj[1].js	ASCII text, with very long lines	686DA670633C5DC513BFE8D3F6478821	815A9D3C3A698B6EB9A8CBEFC48282D6465E6146	BB0752526B51AF28DE2E97E39E78D4D57FC5C88924A003F65357BF6FFBFCB83F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\9HQ2AZB5.htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	DE299BB362A6A0563F51CCB48A75A3EC	8A92837F2507D69A772F83E9C949BE62D998BDF9	BB2FCEA23F63EE668E66E89E043FF29C9A962B06ED2AA21371DF3E072516BBBD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Af0wuS8syLV[1].css	ASCII text, with very long lines	337646DFB423F1EBF4BD0BFFFA8D713B	FD67500FF260D3C557AFFADFA229B7FB90B200C7	FCF3940491CDF8A242E9E29B4482FDA62BAFF8783AF14BBF268625BFFFAE7215
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\U3QfFrS_cgV[1].css	assembler source, ASCII text, with very long lines	6EB997D7F3650E5F4201F92E6430E2B7	D2923FB96389B08B51C996DF090EE1C563095227	088BE894F81B5817E320204DA06BB3E07C98049081D8407D7D5127553C3C0010
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\VBLSBCBU.htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines	612A91716213B3EB19A74E6188EC3230	6B221133BD9BF2B9ABC49BAB6EB1F24B1A97797B	482B3C1DEBE2361A0307A909D28ED952CD505661CF2AF9773B29C02CF1B478D7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\W5StuHxENhR[1].js	ASCII text, with very long lines	0F4740226BAF73E52FC24C2A10D28E27	94602A1E910B1E7C65DCA86EAF3F51C9F0A6B4B2	2DE5743B1B4E18A3ABE6FD6333157278AB60B82109F6741CB6795D41ACC8E6B8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\c2cKQyepvf-[1].js	ASCII text, with very long lines	26A8659038AEBEFD8BB9056F4D9AD5EE	0C054E9EC2F83DF56E248CE855D598AF7359E65B	3C4B923A05D7523D05190C3B17FE6C509C51A91B4CD9D44A997BE71D037CC350
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dF5SId3UHWd[1].svg	SVG Scalable Vector Graphics image	EBD8798BC32C86494851A07770E04E63	B5461DC8F5F5F848033441D506EE05D48742438B	9531E96099E973B3D1C291F3E60419D8FE4730F46DE8A492FCCD2B4C962C96CE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\hsts-pixel[1].gif	GIF image data, version 89a, 1 x 1	DF3E567D6F16D040326C7A0EA29A4F41	EA7DF583983133B62712B5E73BFFBCD45CC53736	548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\mnwJrbabqoh[1].js	ASCII text, with very long lines	0BE984614DCDE8F80776ADDEA6B69C97	1E62D2CA26092425AADC5B6D9B3598911C9DE278	883C8C239FB17336986443FA0EEF05C9C8C3911151BE4080A0471FC6912A82A0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\rBNJvj38u9T[1].js	ASCII text, with very long lines	7F82068076F2D3AB8B35AB42D1C9A237	074FA8AD79D84172E2E3E6961E0EA251931048F9	A91C374DA35B477F8A0E76CFC6D8A5230C3BA694933605F43E7BAF6E0ED105CF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\toipMWCRTEo[1].js	ASCII text, with very long lines	E9ACD860107BF7BA4DBE71EFE88BE749	65F2693E41A18DD73FB7DDE0BB289A9674C4E3BC	A6E7427AE5061BBAB3308B62E04299A84C7AB3CAA2FFE0A0CA68101B12202D49
C:\Users\user\AppData\Local\Temp\~DF0C626AC06D5E2361.TMP	data	3EFBE678B4DB43A805ED8AA7F5D4A5F9	1594089E41B7C3FC34EE70D9C13D4D13ABF4112E	193987FDF8F4634115089E099820157419F83F9AAF5032CD22B6D38B3BC303A0
C:\Users\user\AppData\Local\Temp\~DF77662EBE27437295.TMP	data	7243C9233A5458A744856C0E1D16E76F	C63E5D8B270560D38C58C82167254BFA906BF254	B766ADCCC45E202C2E6038AF2B8F4DE612806A0C57D93804592F789B5F8007E8
C:\Users\user\AppData\Local\Temp\~DFA111B94D5E8C7290.TMP	data	7DC903F6114D7CEAC73E7F749ED594A2	AE1D4D5829C887261B85E5730F1DBD3045FD983E	CE8C56703DCC439C57D62418EFC1019BA445045C9F8DE916A4C423747C29FE2A

Analysis Report https://ccaeperu.com/?real-estate-agent2938423

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs