Windows Analysis Report
E-Contact Form.Htm

Overview

General Information

Sample Name:	E-Contact Form.Htm
Analysis ID:	682140
MD5:	05a607e8baf098163da080885a39920b
SHA1:	69b3695702bc802eb4956d2412d46581002f013a
SHA256:	a6ff2ce720128a6651265513b8cbaf56ba8096e606eb0b861e1668fab78aa03a
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Yara detected HtmlPhish3

HTML body contains low number of good links

Suspicious form URL found

None HTTPS page querying sensitive user data (password, username or email)

No HTML title found

Classification

Signatures

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: E-Contact Form.Htm, type: SAMPLE
Source: Yara match	File source: 78387.0.pages.csv, type: HTML

Yara detected HtmlPhish3

Source: Yara match

File source: E-Contact Form.Htm, type: SAMPLE

HTML body contains low number of good links

Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: Number of links: 0
Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: Number of links: 0

Suspicious form URL found

Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: Form action: https://arrogantladygenesh.com/bm/addresss.php
Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: Form action: https://arrogantladygenesh.com/bm/addresss.php

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: Has password / email / username input fields

No HTML title found

Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: HTML title missing

Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	HTTP Parser: No <meta name="copyright".. found

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 29MB

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49257
Source: unknown	Network traffic detected: HTTP traffic on port 52432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52432
Source: unknown	Network traffic detected: HTTP traffic on port 53461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57635
Source: unknown	Network traffic detected: HTTP traffic on port 49613 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63208
Source: unknown	Network traffic detected: HTTP traffic on port 49257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53461
Source: unknown	Network traffic detected: HTTP traffic on port 65438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60459
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65438
Source: unknown	Network traffic detected: HTTP traffic on port 57635 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49613

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Temp\290bb8b8-412d-4d5c-b68f-8e2137b38a68.tmp

Source: classification engine

Classification label: mal56.phis.winHTM@23/104@9/30

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\alfredo\Desktop\E-Contact Form.Htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,17978909283742658512,207219693336605707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,17978909283742658512,207219693336605707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62F4F26E-B48.pma

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
108.138.7.46	d2fw8kapvfkapu.cloudfront.net	United States	16509	AMAZON-02US	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.142	clients.l.google.com	United States	15169	GOOGLEUS	false
208.67.105.50	arrogantladygenesh.com	United States	20042	GRAYSON-COLLIN-COMMUNICATIONSUS	false
142.250.186.173	accounts.google.com	United States	15169	GOOGLEUS	false
151.101.12.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
199.232.192.193	imgur.com	United States	54113	FASTLYUS	false
142.251.36.3	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
arrogantladygenesh.com	208.67.105.50	true
d2fw8kapvfkapu.cloudfront.net	108.138.7.46	true
accounts.google.com	142.250.186.173	true
imgur.com	199.232.192.193	true
dual-a-0001.a-msedge.net	204.79.197.200	true
clients.l.google.com	142.250.185.142	true
ipv4.imgur.map.fastly.net	151.101.12.193	true
clients2.google.com	unknown	unknown
i.imgur.com	unknown	unknown
images.vexels.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/alfredo/Desktop/E-Contact%20Form.Htm	true		low
https://arrogantladygenesh.com/bm/addresss.php	true	1%, Virustotal, Browse	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	FA7200D6F80CD1757911C45559E59C0E	89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88	D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\0e9a774f-4934-46e4-b75d-41a7524ff792.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\1d3c8c98-b8bf-4d47-ae03-32c69bf75f13.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	EC138F70E5FEACA78DEF472617DC56E5	F56E8567A3F374F384A2F739A16652EA1731E8E3	A0851CD87445AEA4FF9A036FBF57B20DB69C1885C7282A90A171A266533D969B
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\4fccb40c-b96f-4a94-9550-2b76c8f9f884.tmp	ASCII text, with very long lines, with no line terminators	A277184B7C8F38EDC132ECC0B0E992AA	356E28E6DADE445516BF2862AE1057F35C1E6D51	DB3070A86BBFC2F7FF1A60F1992AD045E39AE08EF9DD4D5BBE779E3758A68214
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\8301140a-c5f7-41ec-8786-3fffb1bd1c6f.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	D86113AA65A8F62DB9C0787EB8141B67	7B884BF43DE02D7857381AAEA564C238BDC91C8D	D83EC619C39041135D1BDC350793B7863BEFFB8382E0FB7E5B06552C6F04F37D
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\8580609e-35e6-445e-908b-d457bf1840fa.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	A6B7263767133D13E2BE6E52F18D1D7B	9624D2457656D1715B8E1696BFBB2957AD4FC3BC	BCED6C2FFE55E2E8C77E0F1F528049E4A78BAEA275EBC82F91F839900A77AF79
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	12BF4CE42382DE2C29D719E29E9DD908	82EEFAE296FE24E33BD6FB55BE17A1375AF09E3B	113CC52A3EFDCBCB55EF0E43C215292D71D24CC349E7AEB76A4699B86A97A3A0
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	CAB8BEABE7E66A4015C98A3C77B3698B	C960AAAEA7014E105290C7D0F09BFCA837C8E8CC	75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	13B4724EE0C48D60D10E4A710BF2DFC0	D36956553622495E163F7E516F3DB8300CC43874	04890CE8B96FB09CFBD4B20382348BE32572C110D68527192CFE7331849D1A5C
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	EC138F70E5FEACA78DEF472617DC56E5	F56E8567A3F374F384A2F739A16652EA1731E8E3	A0851CD87445AEA4FF9A036FBF57B20DB69C1885C7282A90A171A266533D969B
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with no line terminators	038931FF72A0C6AA0695A404960B1B22	90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4	BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001	PGP\011Secret Key -	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\cf37e300-1cb2-401d-8022-b3e80bbe0f22.tmp	ASCII text, with no line terminators	038931FF72A0C6AA0695A404960B1B22	90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4	BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\f3fbb79e-5341-4b1c-bb52-516a118f5036.tmp	ASCII text, with very long lines, with no line terminators	13B4724EE0C48D60D10E4A710BF2DFC0	D36956553622495E163F7E516F3DB8300CC43874	04890CE8B96FB09CFBD4B20382348BE32572C110D68527192CFE7331849D1A5C
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\f77f8489-53fd-4e8c-aab9-6c8e0da061c7.tmp	ASCII text, with very long lines, with no line terminators	CAB8BEABE7E66A4015C98A3C77B3698B	C960AAAEA7014E105290C7D0F09BFCA837C8E8CC	75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	3A0E5D4F452CF99191634D0FFAB744A0	F115BBB898EEFF640D8D19AD44A86C3FCDFFC0AD	B9D528D3AE283039F4700C7E4E790744C58A26353A91B536DD91CBA4F648A35F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	5A70953310310D04398EBADDD0E88C70	669D9F1AF8087AEC31E30A6C5DCFD9BCB7561997	11C4A747E90ECDD40D206549602228593C7D7693791333069BE2A289946F5477
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)	data	CCA1C7AD861681202610602998A5BBB1	E8E2C51DF2748137842222E9DFE93D31E5176D94	93C7B73A68203193226E76774AFFA0B578FEF81FA3343B4C887FCCD72222516F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\aaad3cb7-3889-445a-aae4-27b7f667a0fa.tmp	data	CCA1C7AD861681202610602998A5BBB1	E8E2C51DF2748137842222E9DFE93D31E5176D94	93C7B73A68203193226E76774AFFA0B578FEF81FA3343B4C887FCCD72222516F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\abcdaa6a-a910-4b12-a1c9-96d735a24775.tmp	ASCII text, with very long lines, with no line terminators	5A70953310310D04398EBADDD0E88C70	669D9F1AF8087AEC31E30A6C5DCFD9BCB7561997	11C4A747E90ECDD40D206549602228593C7D7693791333069BE2A289946F5477
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\b0112fba-be6b-4bcd-ac94-19cd7063f900.tmp	ASCII text, with very long lines, with no line terminators	14566BE91138BE22F3D9D59518F6416A	27927808CC0006873AE224206229D0BED9857337	8743F07E1407E5C8C433F798E72F7C629285D74B94CFFAACB88A01ADC6A3FE80
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\ffc16d9a-541e-4381-b7b2-e7c533ef5487.tmp	ASCII text, with very long lines, with no line terminators	848DF9E765174BC3AA665ADBC3B60D2F	936B8B61E8FEF3E27AE30C6A59601335EBCE42D2	683381959687FE72AF3C671873D5F1E15D3E21F62DE96793D48FD12D4AF6B066
C:\Users\alfredo\AppData\Local\Temp\51a42634-6686-4670-b0ad-ed9be192596d.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\alfredo\AppData\Local\Temp\55ebf4de-fd7c-4b51-8083-078f0c91f1d5.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	3E5CCD9B583763AF68E28C5101373167	2005CDC0A8070B65E321A197D576698ECC267496	41412C0863920BA95E9FDBD3AF000CBE926A73C078997A233DF55379A5C4D274
C:\Users\alfredo\AppData\Local\Temp\7fe71b1a-498e-45a0-9687-6f9b16cb0bf4.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	2A37AD0EC191D53104BB46953AC6C43C	FD23FFC5B7E4A6B45FBD88A486D15FAA51DC07AE	51F075EB69486CB23B32A0776782B4A1B2AF204429AB94510469E02B115E56CC
C:\Users\alfredo\AppData\Local\Temp\fe5339fa-313f-4fc5-bec7-b53eb7b24356.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	A83A2746B84F1CF573B02965B72ED592	85CC572D6F90029EB99AAFA56297D1BCA494313A	DF4B53C1C7C48E80753D4945E6EC7847084F51BF57F0ED9D341326C74651D6EC
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\it\messages.json	ASCII text, with very long lines	BB9C32BA62DDA02F9471C64B5F9CF916	9825037D5D9185C58456CDD887C77B10A41D8C84	43A0B113D3773BA78F82BB9E42DDC46F6892D0FBBB351F94A7C105E4A146E9C1
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\ja\messages.json	ASCII text, with very long lines	96C8CBD161D3CE9CB1A46CB2CD0C6583	78BBFCF035B5B620E353C8E520653ADD3F4E7DB8	81D8F1D9F72B3139BC5D9845BCF82990308FB6175D07514D8238B1E6D5D02E8A
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\lt\messages.json	ASCII text, with very long lines	41F2D63952202E528DBBB683B480F99C	9DD998542DBE6609299D4A5A25364A32FA7D7865	FF7C083CD1E6134DD8263C634336EB852274BAD1BFAD18762814C42BC65309D8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\lv\messages.json	ASCII text, with very long lines	1D21ED2D46338636E24401F6E56E326F	24497EDB25724BC4A57823C5CD06F50DB9647DD4	434A375C32B8A21C435511C551F740FD4D170EC528A8F4EFC3D798EA4A07B606
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\nb\messages.json	ASCII text, with very long lines	8F0168B9A546D5A99FD8A262C975C80E	B0718071BD0B7251D4459E9C87DF50C14622FBD6	F03FA7384DF79EBA6E0274D570996030F595A3BF6B781929DD9DB6593262E41F
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with very long lines	E7F74DCE7B6411E4E0D95E9252CF74FA	33CC6C73C5F8D0144C0260C2E5A9BD0DB3EF6477	3564AEF46C01602B19CC29FD8A79676C543427EDE98206D0C91B33AF0CCF3977
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\pl\messages.json	ASCII text, with very long lines	E16649D87E4CA6462192CF78EBE543EC	53097D592B13F3C1370366B25024EA72208B136A	EB435F7460A63576CA1ECB51948E7A3AD5168D2F175AE2B5836D469672923D84
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\pt_BR\messages.json	ASCII text, with very long lines	1F4BC8A5EFD59D61127ABEECD4B6CAE3	8647B4D2D643AE4F784ABDDC50D87A39AD02971A	E1950CBBF056F068EA56160DDB318F3E6232BFBBE096D221C7CA6FCAACE2A8B9
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\pt_PT\messages.json	ASCII text, with very long lines	D80ECE7E4B3741CD9CD29B89D006B864	8F0D587B78E36861ED00524ABF886FA20E14CAE4	C8FF9ACAEA1D3B6F8483339CB40F66BC563CCA8DD87F2337F813C492B20F451B
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\ro\messages.json	ASCII text, with very long lines	D63E66B94A4EA2085D80E76209582FB1	4ECAC3EB64DD6253310A0776E6D42257FC290D77	91A5AAD210C3E0241106E8821B3897EDEFEC9D85033C94DB2324FF3A5FDE5AC7
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\ru\messages.json	ASCII text, with very long lines	22F9E62ABAD82C2190A839851245A495	E7F79BD875918F0D0799DB5F45FAC6297FB66AF7	9FC1167626C97BCBFDAFF23C6033A44252F89A501AF1DF41C43CB3A994FEB09F
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\sk\messages.json	ASCII text, with very long lines	4BBAA10FD00AADBBA3EF6E805E8E1A62	1991901BD6A20C4A7977F09DF30C0CFF0524C504	906C4F7FDDE15DE4C841E7910BBF14D9175E894BCB244B56E8447A5ADFA5B7AB
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\sl\messages.json	ASCII text, with very long lines	F45DE58765A37FD095319D7DEB0F2FB6	B585A485C9BC1982EDF7AE0B9AC73A8E91D41CB5	8366774AA582035BC7D949F4E28FAEC371C305D01404DF56FFF5A78B4F6ECDB7
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\sr\messages.json	ASCII text, with very long lines	92C1FAC62EB7F92EC3794D4A141BEF32	2AFA41BF51BF9A1089B0B92A9D2DC74299B79813	9DF154C93B02695AF1CC39F085D9D178EC6AF131A62C2AFC65F125F8F9A5B7AC
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\sv\messages.json	ASCII text, with very long lines	6E1BE9CEE29818E54E3D1C7D483DD6F7	B9DD926B60E225C5BE8A1DBB7EF3ACE422A204A9	E348583D8C53F4A5DEC4551DA93785C17108466E427E06F84708AA383EA0E326
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\th\messages.json	ASCII text, with very long lines	283D5177FB2FC7082967988E2683EC7C	DEDE43967F3CEF9D9325F140872A63BFCE2AA8C5	E8D5820BDE31B66A7641068FDEDD1A5F20C1A783460B98887A670F38422099CF
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\tr\messages.json	ASCII text, with very long lines	1BF2AA4BB904B406C9C2B7DF769BB540	8D29C4B7A79AB0657747CA194D1934292A46D2A8	0F2E8285BA3E2BDBA6B16435FB941B07159AACFAC80196AD5941B79AB52B712A
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\uk\messages.json	ASCII text, with very long lines	FD1C9890679036E1AD914218753B1E8E	58160F7A0FC94110A2876223E406A517C8E2660B	39D19CC3387FFCE13A8F11DAD72E2FCBB7CD1A4367EC699AD7C40D6F52ECE717
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\vi\messages.json	ASCII text, with very long lines	7D52E9357AB847B4CC8DBC8CC4DA93F5	AF877F3992D8056C8F08462BD575595BF79FE5B0	313F71F3FFDCEFC76FC746FF2029FBF8FBE38BD83DCF952FC3DDCD8AA96D5CFB
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\zh_CN\messages.json	ASCII text, with very long lines	393680A09DEE0CB9046A62BDC0750B74	54E7F8215061A4AB241B87AE4E81C8F860EB2C2B	D5FB52C2897FD5C294784DB63C933AC77C609D10AC91431CCB295D87452CBEE6
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_locales\zh_TW\messages.json	ASCII text, with very long lines	CD30D132A7213FC1B7E03C6D0A49CCF7	1141DED39023B821FE9BB4682E0D1EB5469DAF76	5717F13D10E63255947F750C79CBB6BD04A6D97A08261E8D5764AF5EB0561A28
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\alfredo\AppData\Local\Temp\scoped_dir2888_357851724\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209

ID:	682140
Product:	CloudBasic
Start time:	05:13:03
Start date:	11.08.2022
Sample:	E-Contact Form.Htm
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:
Architecture:	WINDOWS
MD5:	05a607e8baf098163da080885a39920b
SHA1:	69b3695702bc802eb4956d2412d46581002f013a
SHA256:	a6ff2ce720128a6651265513b8cbaf56ba8096e606eb0b861e1668fab78aa03a
Filetype:	HyperText Markup Language (15015/1) 30.63%

Windows Analysis Report
E-Contact Form.Htm

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report E-Contact Form.Htm

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
E-Contact Form.Htm