Windows Analysis Report
test@somewhere.com.html

Overview

General Information

Sample Name:	test@somewhere.com.html
Analysis ID:	655631
MD5:	2d475c74396d3a17455856e03750e639
SHA1:	8be111091be27e9caa1902c9aa38e6469985dcaf
SHA256:	1dffbbe9eb7c804144f3fd8744cee452450d7c6bbf0209f258e7507c08d2ef6b
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish44

Snort IDS alert for network traffic

HTML body contains low number of good links

None HTTPS page querying sensitive user data (password, username or email)

No HTML title found

Classification

Signatures

Phishing

Yara detected HtmlPhish44

Source: Yara match

File source: test@somewhere.com.html, type: SAMPLE

HTML body contains low number of good links

Source: file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	HTTP Parser: Number of links: 0

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	HTTP Parser: Has password / email / username input fields

No HTML title found

Source: file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	HTTP Parser: HTML title missing
Source: file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	HTTP Parser: HTML title missing

Source: file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	HTTP Parser: No <meta name="copyright".. found

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 13MB

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2027757 ET DNS Query for .to TLD 192.168.2.3:52544 -> 1.1.1.1:53

Source: unknown

DNS traffic detected: queries for: cdnjs.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56916
Source: unknown	Network traffic detected: HTTP traffic on port 60760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51463
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61949
Source: unknown	Network traffic detected: HTTP traffic on port 56916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50770
Source: unknown	Network traffic detected: HTTP traffic on port 54819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59107
Source: unknown	Network traffic detected: HTTP traffic on port 54892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56512
Source: unknown	Network traffic detected: HTTP traffic on port 49195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50820
Source: unknown	Network traffic detected: HTTP traffic on port 51009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49453
Source: unknown	Network traffic detected: HTTP traffic on port 61351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63581
Source: unknown	Network traffic detected: HTTP traffic on port 53750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53462 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57420
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53462
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52491
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61351
Source: unknown	Network traffic detected: HTTP traffic on port 53543 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57548 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51009
Source: unknown	Network traffic detected: HTTP traffic on port 59135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51463 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52491 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53543
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57548
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61609
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57308
Source: unknown	Network traffic detected: HTTP traffic on port 64306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51130
Source: unknown	Network traffic detected: HTTP traffic on port 56512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51692
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60760
Source: unknown	Network traffic detected: HTTP traffic on port 51130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54892
Source: unknown	Network traffic detected: HTTP traffic on port 50820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63581 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54290
Source: unknown	Network traffic detected: HTTP traffic on port 50770 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: www.somewhere.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Temp\37fd234e-c818-4886-beec-9e1baace1842.tmp

Source: classification engine

Classification label: mal56.phis.winHTML@22/75@12/89

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument C:\Users\alfredo\Desktop\test@somewhere.com.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,15277383464472110615,3560837105709000163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,15277383464472110615,3560837105709000163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62BF3CC7-994.pma

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.150.137	unknown	United States	13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
142.250.187.163	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false
172.217.16.205	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.185.202	unknown	United States	15169	GOOGLEUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
69.16.175.42	unknown	United States	20446	HIGHWINDS3US	false
142.250.185.170	unknown	United States	15169	GOOGLEUS	false
142.250.181.238	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
13.224.189.91	d26p066pn2w0s0.cloudfront.net	United States	16509	AMAZON-02US	false
145.14.144.140	us-east-1.route-1.000webhost.awex.io	Netherlands	204915	AWEXUS	false
104.18.23.52	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.38.66	embed.tawk.to	United States	13335	CLOUDFLARENETUS	false
192.34.58.29	www.applicationsecurity.ninja	United States	14061	DIGITALOCEAN-ASNUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
gstaticadssl.l.google.com	142.250.187.163	true
stackpath.bootstrapcdn.com	104.18.11.207	true
embed.tawk.to	172.67.38.66	true
d26p066pn2w0s0.cloudfront.net	13.224.189.91	true
accounts.google.com	172.217.16.205	true
cdnjs.cloudflare.com	104.17.24.14	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
www.applicationsecurity.ninja	192.34.58.29	true
clients.l.google.com	142.250.181.238	true
us-east-1.route-1.000webhost.awex.io	145.14.144.140	true
clients2.google.com	unknown	unknown
ka-f.fontawesome.com	unknown	unknown
code.jquery.com	unknown	unknown
kit.fontawesome.com	unknown	unknown
www.somewhere.com	unknown	unknown
deflation-community.000webhostapp.com	unknown	unknown
logo.clearbit.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.somewhere.com/	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
file:///C:/Users/alfredo/Desktop/test@somewhere.com.html	true		low

ID:	655631
Product:	CloudBasic
Start time:	11:27:46
Start date:	01.07.2022
Sample:	test@somewhere.com.html
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:
Architecture:	WINDOWS
MD5:	2d475c74396d3a17455856e03750e639
SHA1:	8be111091be27e9caa1902c9aa38e6469985dcaf
SHA256:	1dffbbe9eb7c804144f3fd8744cee452450d7c6bbf0209f258e7507c08d2ef6b

Name	Type	MD5	SHA1	SHA256
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\0f78a17b-9996-400f-b421-0a7a1f967db2.tmp	ASCII text, with very long lines, with no line terminators	AF552FA4C0D0B8DD97833568437DD6C5	10E00BB6BFC21230A50AFBD0E3BCD47E20CCD523	2E8B70C70D80CE352041FE45F35FF0AD752575ED9EC7C43C19996B6C874B694A
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\414ccee9-2cf0-45c1-bb36-d9c83977e708.tmp	ASCII text, with very long lines, with no line terminators	B0DBF85319A196DE91E50FD498534A9E	681BE3C481B53532D5375401FBEC0F2683CD9948	D2BA9A8F25F4C6136CCA81D244BB9562D76A0131BC10B8DEF43D144CA3AE970F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	FA7200D6F80CD1757911C45559E59C0E	89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88	D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\1f1fe6c4-ff10-4a04-9b2a-80167bf3ee2d.tmp	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\383315f1-4424-4c10-a80f-51361525d0b1.tmp	ASCII text, with very long lines, with no line terminators	4A588EEF775A8467DE20E103B9A0F57E	917BFDD34CC4FA573A44116BD6165496CEC51410	7FC3A1B66CC3994ED82FC1974CCC854881FE15CF1F0B73A7C5B89D43513A2256
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\398277b2-f9b9-4d0b-92cc-7f0287f61020.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	DB7314A1F592B03FBD75A04CA6DC3096	E1F495EB07B089F87BA6D180AAE52724804AACBA	55482995FBC9CA25595AA91C8F74D7C70CA7B035A854F52377753DB2AF1F1DB7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\4580db1d-2ccd-48d9-a039-e424fbc2f45f.tmp	ASCII text, with very long lines, with no line terminators	4AFA1A3CA6726DE25EFD37AF194E0751	0FE7317DD807A3CFB73840A25434F1A09581F1A8	8951176CAD123DB4398EB21550B526011276FA36E51058D83E83FA77AED19498
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\5d90d01d-bc05-40cc-b33f-a6838389ba07.tmp	ASCII text, with very long lines, with no line terminators	31FE409728477E74DF6C8B98B0A1DDA6	D7FB1794D429C1840E5FF66C97018E4FD9F9221D	8B8656134AB6387596B9431DBC7F737CF1DA0FD32FFEFA3C1987819991B1B53D
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\7a0d8a11-0cce-469c-b939-58201d6e6967.tmp	ASCII text, with very long lines, with no line terminators	9E74F359F8F0C58C529992ABAF3C5527	4D9F0D9BA2D9D770E92BBB225B34D44D555E8306	DDA6F506CCCC1F1B176F509D716D1ABA81159227A91648C56629F3F4C30A98A0
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\8aa0e452-8ccd-4ec0-b7a9-35a13d916e4e.tmp	ASCII text, with no line terminators	661760F65468E15DD28C1FD21FB55E6D	207638003735C9B113B1F47BB043CDCDBF4B0B5F	0A5F22651F8FE6179E924A10A444B7C394C56E1ED6015D3FC336198252984C0E
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	data	63A7722CA87718A11E40C69E5642DB4D	2F78B84638D5713EA71F265465737BB1F2267327	1901EC5AF6A59EE40A922EF4E3D5EE2C0A941331091C157D446B75B867BADC43
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	data	914FD8DC5F9A741C6947E1AB12A9D113	6529EFE14E7B0BEA47D78B147243096408CDAAE4	8BE3C96EE64B5D2768057EA1C4D1A70F40A0041585F3173806E2278E9300960B
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG	ASCII text	BA6252ED401E2FED83363DCE7FF26B07	1AD623A7C59EC97A47A6F08F0347C8435257090F	E76737CA8EB830C2FDF0D3A5E7E77F956EABB672B58F8FAD37CDD56590C8F994
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	ASCII text	3A15DA4D1D0344028D8C1AF0C99B5737	CB0B82F9847F6EBA6336CDE62C13A4B8D103A0DF	26DD260D9AE14FBAC462127D2350E73224997302204345FF2460819F968E6273
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1	data	C056E91E9B893E6B833704CB770DA095	216409B3390EBEE683E1458986F8CA6EF8988B7F	8F4C14B28C46FE4B17B97136622BCE6F0BBCD38C7C43E89B4CEF47EB0B66E573
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History	SQLite 3.x database, last written using SQLite version 3035005	061E825322AD0025EE0CF9C3AEDABD60	C676D0914BA39942F3B9879668752C73DA9EFF62	2BEA86EBED891E2060DFBE3FDE426D6A168A25215E4F5D9E52AD31B7727C9E7F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	01305A315DE4763CE518E0B8D11630DF	16838C0583D11913CCFB45C98D3A93B0DE029BEF	A905EBEC3F44C198B9EA46BF7DFB6B56D192F3A4644E52C2F46CC9983E8FF090
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	SQLite 3.x database, last written using SQLite version 3035005	5BA75311B1B0D6276E298ECCD12B8B07	AD9ABB15695F177530511DFD188EB8C33B8F7929	AEB7F25D09A00715C768CB87BA66EE544830347F998CCF218DE5C2072C4AAF3E
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	31FE409728477E74DF6C8B98B0A1DDA6	D7FB1794D429C1840E5FF66C97018E4FD9F9221D	8B8656134AB6387596B9431DBC7F737CF1DA0FD32FFEFA3C1987819991B1B53D
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	9E74F359F8F0C58C529992ABAF3C5527	4D9F0D9BA2D9D770E92BBB225B34D44D555E8306	DDA6F506CCCC1F1B176F509D716D1ABA81159227A91648C56629F3F4C30A98A0
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	DB7314A1F592B03FBD75A04CA6DC3096	E1F495EB07B089F87BA6D180AAE52724804AACBA	55482995FBC9CA25595AA91C8F74D7C70CA7B035A854F52377753DB2AF1F1DB7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13301173707165807	data	CDAA4C19CB46224BF5411D79D9B4BF75	7A5CC8054F34646BE87455C5D9670422F80CFE19	CA4E3A83467B3940AAB618DE3072E577C6554972A2096FBC0AA30EF7543C0CB9
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13301173708720801	data	6DCC394E18916BE8E40CE342E82B5892	1E649F9F81C024949B4FFB1D2C522A968AB15F0A	1F3C3F20B1771FB595E500BCFD893A94AF42B7A9CAEEF672F038ADCAED30647F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG	ASCII text	1DAC2625285273E787A93E8E05FB0D5C	DD70E1C92A8A984578257B7A3E76BAA648BA1284	E00B938F606593838221E98C28551C69BBAD5B56808CA5A0FAA71A0502E2EB80
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG	ASCII text	772B0961542CEE610795BE06121DB293	8219441ED02C6A08CB508712E1E628B19BC7B32C	057CCCE6845662B994AC5E1EBFF548A32ED3BFA6BF2C9DDEB055BFCE345F0B19
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	F97E8684FB28683BE2CCA8EDEA881A57	7EAAEF4117340EE8DC779AE3FF4D0B8BE42069CB	125C4FCF8FEB8AFBD87180EA62AD279DD4A196CA63408850E5BCD2ED1B32B945
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity (copy)	ASCII text, with no line terminators	661760F65468E15DD28C1FD21FB55E6D	207638003735C9B113B1F47BB043CDCDBF4B0B5F	0A5F22651F8FE6179E924A10A444B7C394C56E1ED6015D3FC336198252984C0E
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Visited Links	data	C002397D5AC6A58DA9DD80762BABA964	66F175F5991287AD144714BD0B2D2AD1E46ADC04	3FDAB58268702BB59873E6B0A523E4AE6FE3E69611C6DECD1F05CB8542F54D10
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Web Data	SQLite 3.x database, last written using SQLite version 3035005	1FBF00B609BD2DE92671DC5D027AA065	FB42EC4850832D58DCECAF079FB480AE59C1B7B9	33BF80B80D70C0FBCDC70221BF3E009C591C3D5C50CCC6EB47A3600719B9ED0B
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\cccec9b9-da4e-4700-a3fa-b754474ae6d3.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	4F9B6FF15DB21D0DDBF975EA20D70B9D	39FAA0688BF4B9B382152BCE11008D0F5AA115BC	15EEAAD2E952C3FBEB7281B7B3DE82C3746AFEF58E1359AEEDFDBA0B6268253F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG	ASCII text	5C4287ECC73F41787DE65F33A7A576B5	C1CD30B6012E36C8690672EB119512ACE1F68FB1	E0A41514C74E1C5890FB07FE527CA2E296783261B094755123C35DED07E7976A
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\dda4d149-5076-4fa0-a2c0-abce23289ca1.tmp	ASCII text, with very long lines, with no line terminators	854005CD4A92ED8259CAB8EF470A7AEB	DA8C905DC30FE1AFB19FFE714F58E0EF91C029F0	88EA3F156E4A38E3394ED3C8C90222F5D61D531939AB42AFA88B0F1D69FB930F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\e704e804-c1a7-4116-a9b7-70aa1fc9725b.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\f129bee2-386e-47f6-ba47-14271f33047b.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	28DC1164E1B6C7D30C4F716E2A5C3761	CD0B2E28CE5074B8A44D9A0076A8C6A05C40FBD4	86C58C6A5E4619B72E47D550D77C9EFB4C95174D38AD9AE3B4D892C5F29EE81E
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log	data	8DDB8ECCEDEA26E9315796657D20FE02	DA6313976F49188D6E9F2456598821F9B45ECA1A	67626C29664B00DA47B733D97DF4B2ECE697D055B4CFEBF8258F82A90AC25DFE
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG	ASCII text	AFBB35F34236B242A690E2C93DA4AE97	794E72251F0F7B09020A7F9A6F3C3E8515836FAC	ED4662BD70C27C7FEAABE41A8840FD85733CCB92D8F7725EA4B67D940FBF969A
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1	data	D691E1B7FA0EFE695E77424F3D01ED9F	5013384C7B365AFD4FD81B92FD725EF0CCB89B9B	D23162AF8B97283DFB3BD83CF31D2B8AD1BB151FE7E0AF46F9DD12C97BDE9686
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	3A0E5D4F452CF99191634D0FFAB744A0	F115BBB898EEFF640D8D19AD44A86C3FCDFFC0AD	B9D528D3AE283039F4700C7E4E790744C58A26353A91B536DD91CBA4F648A35F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	B0DBF85319A196DE91E50FD498534A9E	681BE3C481B53532D5375401FBEC0F2683CD9948	D2BA9A8F25F4C6136CCA81D244BB9562D76A0131BC10B8DEF43D144CA3AE970F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1	data	465AFDF525F59768075E2976EDEBBF41	AE4A070CC81B3D248443D1B1BAA44027A88017B1	B9E5C85DA5F560B0B75649BEE57463C729890B547AF027CA75A091C6F0CD0688
C:\Users\alfredo\AppData\Local\Temp\7669c153-0ea1-45bd-899e-6c92688a2fdc.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	7F0FCE2F184F63FED8E9929FB106C282	0582EB5BFC7FCCCC1C77A860F00E351E61F5DC67	7C33F333216849E50AFC9550DA7DA4450D221B837340716ACCEE3766FFD4A62B
C:\Users\alfredo\AppData\Local\Temp\e1ca661c-2bca-4dbc-9294-9e5713ad3c2e.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	1BC19ADD6624A17181030E661D883F78	5A4FFBCAEA16813EB260B8C15117C04274E044EB	94AC703B5444114EE6E8B254A420350B4AFBD117831A9F7E6124E23F54317E63
C:\Users\alfredo\AppData\Local\Temp\e20301b0-2c8c-4b36-970c-0d674f002fb7.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\_locales\es\messages.json	ASCII text, with very long lines	3F4B0F56C2839839FC3E3270ED4CB7B6	0D74EA655EAE3990E95BD26F6E1467EDF3EB3478	1912EA5E0A62BBC669DC14AB5A5BD5514B0502C483EE1F27C3F8834384187079
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\_locales\es_419\messages.json	ASCII text, with very long lines	1FD5DAF46C4D7C4F571C263EC37B943B	A57EE5EF6861F88005C2230EA3D633A1B4CA105A	BCC2CF06F66E9E3BB4B7887D0EE0AE4A72A6C49F4B2A578A7733B78208984417
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2452_179984024\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209

Windows Analysis Report
test@somewhere.com.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report test@somewhere.com.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
test@somewhere.com.html