Analysis Report https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOxu--J36ilf9tiDQdTEuajLGO/pub

Overview

General Information

Sample URL:	https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOxu--J36ilf9tiDQdTEuajLGO/pub
Analysis ID:	433028
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish10

Classification

Signatures

AV Detection:

Antivirus detection for URL or domain

Source: https://funfid.com/.ae/en/NV6588123/

SlashNext: Label: Internet Scam type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish10

Source: Yara match	File source: 849224.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NV6588123[1].htm, type: DROPPED

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.236:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.236:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: lh4.googleusercontent.com

Source: bootstrap[1].css.4.dr	String found in binary or memory: http://getbootstrap.com)
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://docs.google.com/
Source: pub[1].htm.4.dr	String found in binary or memory: https://docs.google.com/abuse?id=AKkXjoxHU2Ro_M6x9yL_8xIK15El_49QE3ABJ-SEzZ4BuKp2mHKNF18S31OH5BVEvdW
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr, ~DF6D99441CB1FA02B4.TMP.2.dr	String found in binary or memory: https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOx
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: pub[1].htm.4.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: pub[1].htm.4.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://funfid.com/.ae
Source: url[1].htm.4.dr	String found in binary or memory: https://funfid.com/.ae/en/
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=AOvVaw1EVQHT19sUbRoot
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=AOvVaw1EVQHT19sUbqCGwqho_dPr
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://funfid.com/.ae/en/NV6588123/
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://funfid.com/.ae/en/NV6588123/FPayTabs
Source: imagestore.dat.4.dr	String found in binary or memory: https://funfid.com/.ae/en/NV6588123/files/favicon.png
Source: ~DF6D99441CB1FA02B4.TMP.2.dr	String found in binary or memory: https://funfid.com/.ae/en/NV6588123/unfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=A
Source: bootstrap[1].css.4.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: bootstrap[1].css.4.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: NV6588123[1].htm.4.dr	String found in binary or memory: https://mci.gov.sa/
Source: imagestore.dat.4.dr, pub[1].htm.4.dr	String found in binary or memory: https://ssl.gstatic.com/docs/documents/images/kix-favicon7.ico
Source: imagestore.dat.4.dr	String found in binary or memory: https://ssl.gstatic.com/docs/documents/images/kix-favicon7.ico~
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://www.google.com
Source: imagestore.dat.4.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: imagestore.dat.4.dr	String found in binary or memory: https://www.google.com/favicon.ico~
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://www.google.com/url?q=https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://www.google.comm/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOx
Source: NV6588123[1].htm.4.dr	String found in binary or memory: https://www.paytabs.com/terms_conditions

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756

Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.236:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.236:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@3/35@2/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4953543-CA77-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF1E12EB6036C3D8D3.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6368 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6368 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.180.225	googlehosted.l.googleusercontent.com	United States		15169	GOOGLEUS	false
104.21.79.236	funfid.com	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
googlehosted.l.googleusercontent.com	142.250.180.225	true
funfid.com	104.21.79.236	true
lh4.googleusercontent.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://funfid.com/.ae/en/NV6588123/	true	SlashNext: Internet Scam type: Phishing & Social Engineering	unknown

ID:	433028
Product:	CloudBasic
Start time:	07:40:31
Start date:	11.06.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4953543-CA77-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	B7D0AE53D16FF146D042D8FF559C74D2	19F94102E5FE8C1E08C0594C13D9D21D047BEC52	AA91B5E60D3334EC49129EAB4745D1495E5F4656F6A9F03EA3FE98F50D0DCF40
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	5C422D12ECA3A3ACAFE72237C0EA0A1C	779E1679F5709F4F44237B5FBAFA34C62A304D82	2A99025482FFA6C4466DF32AB6B3D08991DDCC62A0F7935B749A9BE8C1626D70
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4953546-CA77-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	F15B57CC660F537B68563BB0747F03C0	D27E5BFF32052DF7E1879A8B220E51B500AC39BD	B1FE8C6FD80482DE8F16BFECA974BDF6B569E65F5CF184604F7B1D7F7C10A745
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	F5C7075D5A478085E7E49656F72F567C	D7DE83394FECDF7A961F3AE42819CEA1CF37637C	1E4D05718474B8B7CA1B48648C066A19A1BCBFB39AB10776B2E806DF5C29AED7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff	Web Open Font Format, TrueType, length 26228, version 1.1	6DD4AD69D53830BDF5232A13482BD50D	6FFF1079D7E5D02A2259CB5D7833E790239E01CF	5CE48D9E9D748AD4686094D3CC33F5AE1E272A5B618F5C6D146C4D12EF02E4A6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].ico	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\loading_payment[1].gif	GIF image data, version 89a, 220 x 19	B83976A85230EC557F4FB9815FC630B0	5A74801D8507CF1F2822D9548058C01325236FED	5432B59DECDE382EAE206CBE12DEE7DD05CA9DCACB67F027A59B6A97A4379F07
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\opensans[1].css	ASCII text	3EE62F3A76340D0253B1A8B678164547	288DEC4638AA41FF81CC786D623983E3E05CC97C	E981A7D8F07E0A8C1955D960A85F511FB9D77325C58346D3A84C60925204EA70
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\p1[1].png	PNG image data, 50 x 32, 8-bit/color RGBA, non-interlaced	CFB32CF945039630B7C9D6B8D520A3AB	637F36C5606302054DD8F77E95E4904730757404	8A67AF5B95D4B4FF29B868B7D5FF794DB7F269DFA67E43249F1053A874385B6E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\pub[1].htm	HTML document, UTF-8 Unicode text, with very long lines	A13F0FCB56331EF5730996B60AB2D2AD	4DC4FF09B9DBDE478F7BA61D1CC639DCC2F5D24F	2F0F3FA244C73326FB4A9DBD694472DFDCAADF18B5E74024CE4A088F44F2FAA9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sadad-en-2016[1].png	PNG image data, 179 x 64, 8-bit/color RGBA, non-interlaced	EBED64EB972C6AEEB7B70E00A0BDFF2E	81F71E9A4032495521E02E16E2364C8FBD3C0C86	95CA2AECFD0C06C7C138910CD402DEB49C713BEFD6E335E7270D8877B18BD125
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\62617_1589791686[1].jpg	[TIFF image data, big-endian, direntries=4], baseline, precision 8, 825x465, frames 3	AD74C8959F4A9651FBAF3AF7F35F55B2	BD46A444D9655F09248CA846C407490A8F9028F3	E79140657AF3945F233195C2ACE4E3D37B895F54EBD9A85EC85924A9C77B5949
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap[1].css	ASCII text, with very long lines	D2AB08DE4855F3F73D2ECEC6DA794293	0B53E330C67CD6F8551B7DC12E033B31E4AB1BDB	A60A31E4E77B8FB6360B986653AC24762DB5249892D8907099B7109D2194110C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\cards[1].png	PNG image data, 79 x 16, 8-bit/color RGBA, non-interlaced	9A1B7E5D4FCAB2C7732ED39EC5C33D63	9166E614276E7174A7F1687C8EFD68B9D7CEF5BD	0D38C2901F916ED13747352B787D6335DED7FA0096B030577E753111F24F337F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\css[1].css	ASCII text	B32DCA61F65F0FBBB5C2BAFFFA93DEC6	8A003419BFC888A206D39568184924AE04132779	104B5902DA8676DD427E84A0C0D78B98A0DABA5A889BD39FF20776A8B802E502
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\custom[1].css	assembler source, ASCII text, with CRLF line terminators	1F0D5FD0263401DD0E2A1BCE43228D40	4B57130A8384AEFB48A0A07056B1C8E1B42FE709	8CAB535899226D06D469729EC985B9E6C3D02839580011DD3F2BC2496CB95217
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\express-checkout[1].png	PNG image data, 85 x 34, 8-bit/color RGBA, non-interlaced	2B514CF107B7E0202B3E505E0F260147	E4860E54E93C105A2CBB54CA4B0D26550490842D	24659C763D595A3C543648ECCE68060E3D9C6AF0100991017278498D66AD8D6D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\kix-favicon7[1].ico	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel	833F495423709EE4A2C87EE1E4C2A7AA	E2CB41D31524366260AE3DA9A6A33ED67D2514FF	D40E9376B2F8C8FA5E0372C3DDACB5F6044539CF1D264BBCBEE8057DAF71ED96
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\emirates-post-group-1200px-logo[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1200x250, frames 3	2AF01D18D9E883EA0882CE181E42D238	171166E450024E7BBDC6BA4BF0CBC11D90C10E93	454565D343D2BFDDC8F17AB2E1D93916CFDA14C10A3A9F1C274E6019CCA2104B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].png	PNG image data, 42 x 43, 8-bit/color RGBA, non-interlaced	6224F54A05B79C1E390C66C3789F0F3A	271DC2B7A5654989E92A181375F2C68BD3DBA87A	A9C7A47EAD1CC155CCF66F0C8E1FA24B1802E7BA7FBC31B4B2DEEF2CE2599CD3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\logo[1].png	PNG image data, 123 x 33, 8-bit/color RGBA, non-interlaced	C921932ADE66FA46352075B0F052F86F	06953FE18E6AB163ED447A2528B342E39E211FBF	A5CA036A508C4C10C3B1D0C1AA0BFD155CCFFE2A63ED248FC1B22AABA1399A39
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\master-card-icon[1].png	PNG image data, 36 x 21, 8-bit/color RGBA, non-interlaced	A319B9A8EEBF55AB7FCA42B257F27520	329E86AADAFA184806D3678725212DC1702A0038	4F5CB44EAF44171C773DB823B43D2F71B143AB0CCD73DAFE2D4DA75A9B527FBA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\rotate-device[1].png	PNG image data, 161 x 179, 8-bit/color RGBA, non-interlaced	84C27EEDBC4B11F4D072FDDFE1C1B6EA	524817B0CFD7A62CCDB40391760D6393A83DB6E5	A6C46C09291B11B56EC8272F62213A7E29ED57AD13E943A61A7588A029BD65FA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\style[1].css	assembler source, ASCII text	1C5F56EA8C25A23A31DF9B7DDA47859D	832ADE4F3FFF84B4C6BF96C5FCCF895150C8EA91	FD420BD53AFB73813EFE037EFBE844409D1323B9652A6C7FE784F19757E15B24
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\url[1].htm	HTML document, ASCII text, with CRLF, LF line terminators	2075D589BDB8519E8325639D9BECF665	4D3259461E17DAFA403547DD63FF4EC0542D5692	F58B866297D2185465F86BE28528E07F67309C0DA3AFD753F3441392C5FC07EB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 20332, version 1.1	DC3E086FC0C5ADDC09702E111D2ADB42	B1138B84FF19EAC5F43C4202297529D389BD09B7	EA50AC7FDDB61A5CE248A7F8B3A31A98FE16285E076B16E6DA6B4E10910724BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NV6588123[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators	1FEE90ADF0A2A17F71D8ADD680923CBB	EECD4AAFA23BBC92B4B96D2BB0A85BFC38D7AF4C	7D2C7A9B77D207AD25453AFAE719922A0632E8867AFE78AF57D5DBE7E3C0FB83
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\credit-cards[1].png	PNG image data, 112 x 21, 8-bit/color RGBA, non-interlaced	C87314CBA3DA81E4B10F49FFF411B4D1	E24C686F6FAE2A33C0D788E9BE89B742FF7721C4	D5DCE38263F5759F49F991A2A50098A91AA82BA3CE5A2EB33A66EA2A29855FEB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[1].css	ASCII text	C9B33444138B8312C889B87B157D7830	60CF82CB0DEF72CD46143D1BD562BE26BA874802	8EB72810C473A7DBEAB9EA57FDBFAA004741DFFE2070CACCAC318052AF3B81A1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\p2[1].png	PNG image data, 48 x 33, 8-bit/color RGBA, non-interlaced	B16526BE2CBE2BC6D622EA91C8F7DAE8	5DCD768E97E80D3426382083D9637116528EFF15	704F42F2B8D5C2CF34161340102F38F70EAD0A89F3A616B6F2C3EC1F500DE3BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\p3[1].png	PNG image data, 27 x 41, 8-bit/color RGBA, non-interlaced	81A562003C28AD9C4D6DC2EAE0EF5326	BD9D07C46CFA2B85B9128CA69E43080DECBA900A	92EDA55CFCD4423DFA402B96EC7C4C4016E6299D06EF3F0393862C4216304D04
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\visa-icon[1].png	PNG image data, 58 x 18, 8-bit/color RGBA, non-interlaced	C6B153B479713E3E849547A26CF24065	E96B599DB120C16EEC57774DE92B47706275F46B	A7A929E9986FF28DAF0D6E93093CA394C33AABB143B6351A5E8EF6BC2A15F88A
C:\Users\user\AppData\Local\Temp\~DF1E12EB6036C3D8D3.TMP	data	DDC10E39B1DB6091D23AD2C7A9F0C1E8	18B6CA8950DCFD3AF511C088663C54D5C3CF7DB8	52E8BDF69033378FFF953FE19A01BFC03B05244AABA49D9D826C7CBEE25E4BF4
C:\Users\user\AppData\Local\Temp\~DF6D99441CB1FA02B4.TMP	data	3D5FF773BE9A0DA5CF008E9CE21D90FD	E180202BFB2A5149344927DA8B9B12DDF5B9BCAD	A6329956ECF185DAE68F19D6DA05E8B692CAE72DDB6479991CA829BAF9A25C6B
C:\Users\user\AppData\Local\Temp\~DFA5F3CD9D61D5BB31.TMP	data	EC7809AC65A03C12EB633FDA761CB47D	521AA49733CFE1E7D7E8242977974028C129E8E1	9CFC0E463ACCC32D9A0879D7CA53AE4B7BE84E569657819E0BDC081E6D7974CB

Analysis Report https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOxu--J36ilf9tiDQdTEuajLGO/pub

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs