Windows Analysis Report
https://securemail.scotiabank.com/login.html?msgUserId=3df1ee463c187a4a&enterprise=scotiabank&rrRegcode=z4fsDrJH&locale=en_US

Overview

General Information

Sample URL:	https://securemail.scotiabank.com/login.html?msgUserId=3df1ee463c187a4a&enterprise=scotiabank&rrRegcode=z4fsDrJH&locale=en_US
Analysis ID:	1524415

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

Stores files to the Windows start menu directory

Classification

Signatures

HTML body contains low number of good links

Source: https://securemail.scotiabank.com/registration.html?rrRegcode=z4fsDrJH&rrUserId=d3a07600-eed1-4071-bbb3-f0efb30cbd0c&enterprise=scotiabank&locale=en_US&msgUserId=3df1ee463c187a4a

HTTP Parser: Number of links: 1

Source: https://securemail.scotiabank.com/registration.html?rrRegcode=z4fsDrJH&rrUserId=d3a07600-eed1-4071-bbb3-f0efb30cbd0c&enterprise=scotiabank&locale=en_US&msgUserId=3df1ee463c187a4a

HTTP Parser: <input type="password" .../> found

Source: https://securemail.scotiabank.com/registration.html?rrRegcode=z4fsDrJH&rrUserId=d3a07600-eed1-4071-bbb3-f0efb30cbd0c&enterprise=scotiabank&locale=en_US&msgUserId=3df1ee463c187a4a

HTTP Parser: No <meta name="author".. found

Source: https://securemail.scotiabank.com/registration.html?rrRegcode=z4fsDrJH&rrUserId=d3a07600-eed1-4071-bbb3-f0efb30cbd0c&enterprise=scotiabank&locale=en_US&msgUserId=3df1ee463c187a4a

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.16:61087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:61089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:61090 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:61091 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61086 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61086 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61086 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61086 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61086 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61086 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61086 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61086 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61086 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:49729 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61086 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.206

Source: global traffic	DNS traffic detected: DNS query: securemail.scotiabank.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: 56.163.245.4.in-addr.arpa

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61091
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61093
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61088
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.16:61087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:61089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:61090 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:61091 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@13/10@9/117

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://securemail.scotiabank.com/login.html?msgUserId=3df1ee463c187a4a&enterprise=scotiabank&rrRegcode=z4fsDrJH&locale=en_US
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2004,i,16933052379600877227,8667870706670837033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2004,i,16933052379600877227,8667870706670837033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
142.250.184.196	unknown	United States	15169	GOOGLEUS	false
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
216.58.212.138	unknown	United States	15169	GOOGLEUS	false
142.250.185.110	unknown	United States	15169	GOOGLEUS	false
15.157.79.229	unknown	United States	71	HP-INTERNET-ASUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
3.96.31.0	emx.bns.emailprivacy.com	United States	16509	AMAZON-02US	false
142.250.186.110	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.13
192.168.2.23

Contacted Domains

Name	IP	Active
www.google.com	142.250.186.36	true
emx.bns.emailprivacy.com	3.96.31.0	true
56.163.245.4.in-addr.arpa	unknown	unknown
securemail.scotiabank.com	unknown	unknown
206.23.85.13.in-addr.arpa	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://securemail.scotiabank.com/registration.html?rrRegcode=z4fsDrJH&rrUserId=d3a07600-eed1-4071-bbb3-f0efb30cbd0c&enterprise=scotiabank&locale=en_US&msgUserId=3df1ee463c187a4a	false		unknown

ID:	1524415
Product:	CloudBasic
Start time:	18:37:00
Start date:	02.10.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 15:37:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8F96FF8B972634F55426F28D68373107	3B33ADD60103E4F17A1C79457B06E3B3EDE4EE2D	9F825369530D6B051530B120D567669B79C929D572A5BC3A0D9148B8A200EA90
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 15:37:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	9F24CF983180A998BB2187C0EEECB1A0	EDAD0077E83601510AD762E7E6B07ADA05D56068	3E0222CE195E2278A163C99A70D6C4685C25FDC86FB0B759D0D6C2EF80E6DB0B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	89CCA04A24E6D35F765108DCA0EA9233	F8CEC1AF4C2E106E2DEF5D4DBDEB5D9528A4E481	0F554A6AAF6234549986F947ACBA87015CD0CB0FC9695F8B07F58E1A49F83425
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 15:37:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1CB2AE1ED541B870C52EF2C54D3D985B	F8A65109A97D1C237291AA9B20735F6A33FFBBA0	AC914DF0FA9F07C4F318076F17E2CB163084167F011985F6D0ACDA257E40F0EE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 15:37:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E4F5A74393E8B641CA41E8EF3DB6DE7C	9C63DE6670A588C5BEA8597C7012F4F4C922FB55	EC74FA65986076526293196E6FF77FDC846185650F1D9495B1157A4C5A3B2FC2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 15:37:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7FFE65C872E7E4EFB482E53BC9E5B699	7464899A2BD28EEC85EDA5EF3DE5CE81FCAF27BF	4A6892C8616997AD51EB51BF330B1640839360E89A45BF5D955001E72A7E0381
Chrome Cache Entry: 104	Unicode text, UTF-8 text, with very long lines (65342)	CD822B7FD22C8A95A68470C795ADEA69	1F139981B9B47A766EFA0A61BB78ADA351F16C4B	3017DF4A76DB5F01C2B99B603D88B03106DF13BCFE18E67B7C13C2341D3A67DF
Chrome Cache Entry: 106	ASCII text, with very long lines (52276)	BEE86630DE9C2517FA9609659E8EF17C	B17E8AC37245F310F7CF7098B2F49AF45D9D9A90	46499962C5220A50CF2F177F5B811D1E1BD017ECF0CBC28F7C5AA2A5CAEA7DA7
Chrome Cache Entry: 107	ASCII text, with very long lines (65356)	3D2737A3E747BAA7DF13A04E222289E3	70C232A17CB96CD9AFD2B99F1C5FF9848C99358B	63C3AB89DE31CE59C2D2688247FD652DB6D5ADE096BCF683B94E983713878B5B
Chrome Cache Entry: 99	ASCII text, with very long lines (65536), with no line terminators	F04B2FD9362438AED7D80ED031294604	9F33BBDEB56F9DAD1BEF4C062047DAE6F9D3BBA1	3C07AB9F8C07FB885E3C50C18BA30C42EB694FBCF26DA1BF9F470A5B05980F1B

Windows Analysis Report
https://securemail.scotiabank.com/login.html?msgUserId=3df1ee463c187a4a&enterprise=scotiabank&rrRegcode=z4fsDrJH&locale=en_US

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://securemail.scotiabank.com/login.html?msgUserId=3df1ee463c187a4a&enterprise=scotiabank&rrRegcode=z4fsDrJH&locale=en_US

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://securemail.scotiabank.com/login.html?msgUserId=3df1ee463c187a4a&enterprise=scotiabank&rrRegcode=z4fsDrJH&locale=en_US