Analysis Report http://microsoftonlineofficeteam.weebly.com

Overview

General Information

Sample URL:	http://microsoftonlineofficeteam.weebly.com
Analysis ID:	321294
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish_20

Phishing site detected (based on logo template match)

HTML body contains low number of good links

Suspicious form URL found

Classification

Signatures

Phishing:

Yara detected HtmlPhish_20

Source: Yara match

File source: 855271.pages.csv, type: HTML

Phishing site detected (based on logo template match)

Source: https://microsoftonlineofficeteam.weebly.com/

Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://microsoftonlineofficeteam.weebly.com/	HTTP Parser: Number of links: 0
Source: https://microsoftonlineofficeteam.weebly.com/	HTTP Parser: Number of links: 0

Suspicious form URL found

Source: https://microsoftonlineofficeteam.weebly.com/	HTTP Parser: Form action: https://microsoftonlineofficeteam.weebly.com/ajax/apps/formSubmitAjax.php
Source: https://microsoftonlineofficeteam.weebly.com/	HTTP Parser: Form action: https://microsoftonlineofficeteam.weebly.com/ajax/apps/formSubmitAjax.php

Source: https://microsoftonlineofficeteam.weebly.com/	HTTP Parser: No <meta name="author".. found
Source: https://microsoftonlineofficeteam.weebly.com/	HTTP Parser: No <meta name="author".. found

Source: https://microsoftonlineofficeteam.weebly.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://microsoftonlineofficeteam.weebly.com/	HTTP Parser: No <meta name="copyright".. found

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: microsoftonlineofficeteam.weebly.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: microsoftonlineofficeteam.weebly.com

Source: plugins[1].js.2.dr	String found in binary or memory: http://hammerjs.github.io/
Source: ga[1].js.2.dr	String found in binary or memory: http://www.google-analytics.com
Source: YRETO7NA.htm.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Source: footerSignup[1].js.2.dr	String found in binary or memory: https://cdn2.editmysite.com/js/
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOXOhv.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OXOhv.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Xdcs.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFW50d.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWiUNhlIqU.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWyV9hlIqU.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/quattrocento/v12/OZpEg_xvsDZQL_LKIF7q4jP3zWj8.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/quattrocento/v12/OZpbg_xvsDZQL_LKIF7q4jP_eE3vfqne.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/quattrocentosans/v13/va9X4lja2NVIDdIAAoMR5MfuElaRB0zMj_bTDXDoiw.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/quattrocentosans/v13/va9Z4lja2NVIDdIAAoMR5MfuElaRB0RyklrfPXo.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/quattrocentosans/v13/va9a4lja2NVIDdIAAoMR5MfuElaRB0zMh0P2Hg.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/quattrocentosans/v13/va9c4lja2NVIDdIAAoMR5MfuElaRB0zHt0k.woff)
Source: YRETO7NA.htm.2.dr	String found in binary or memory: https://github.com/snowplow/snowplow-javascript-tracker/blob/2.6.2/src/js/tracker.js#L1509
Source: ~DF95679539DE16C271.TMP.1.dr	String found in binary or memory: https://microsoftonlineofficeteam.weebly.com/
Source: microsoftonlineofficeteam.weebly[1].xml.2.dr	String found in binary or memory: https://microsoftonlineofficeteam.weebly.com/"
Source: ~DF95679539DE16C271.TMP.1.dr	String found in binary or memory: https://microsoftonlineofficeteam.weebly.com/FOffice
Source: {1C4F981A-2BAC-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://microsoftonlineofficeteam.weebly.com/FRoot
Source: {1C4F981A-2BAC-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://microsoftonlineofficeteam.weebly.com/Fchoices.eu/weebly.com/Root
Source: {1C4F981A-2BAC-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://microsoftonlineofficeteam.weebly.com/Root
Source: imagestore.dat.2.dr	String found in binary or memory: https://microsoftonlineofficeteam.weebly.com/favicon.ico
Source: YRETO7NA.htm.2.dr	String found in binary or memory: https://microsoftonlineofficeteam.weebly.com/uploads/1/3/4/9/134905392/click-image_orig.png
Source: YRETO7NA.htm.2.dr	String found in binary or memory: https://microsoftonlineofficeteam.weebly.com/uploads/1/3/4/9/134905392/office-logo_orig.png
Source: YRETO7NA.htm.2.dr	String found in binary or memory: https://microsoftonlineofficeteam.weebly.com/uploads/1/3/4/9/134905392/tiny_orig.png
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: ga[1].js.2.dr	String found in binary or memory: https://ssl.google-analytics.com
Source: ga[1].js.2.dr	String found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
Source: ga[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect?
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: plugins[1].js.2.dr	String found in binary or memory: https://twitter.com/jacobrossi/status/480596438489890816
Source: ga[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences?
Source: ga[1].js.2.dr	String found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: YRETO7NA.htm.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: recaptcha__en[1].js.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js
Source: YRETO7NA.htm.2.dr	String found in binary or memory: https://www.weebly.com/signup?utm_source=internal&utm_medium=footer
Source: ~DF95679539DE16C271.TMP.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/
Source: ~DF95679539DE16C271.TMP.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/4Your
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.youronlinechoices.eu/favicon.ico~
Source: ~DF95679539DE16C271.TMP.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/weebly.com/
Source: ~DF95679539DE16C271.TMP.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/weebly.com/d
Source: {1C4F981A-2BAC-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.youronlineeofficeteam.weebly.com/
Source: optout_testpage[1].js.2.dr	String found in binary or memory: https://yoc.edaa.eu/tpc/step2.js.php

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: classification engine

Classification label: mal52.phis.win@3/51@5/4

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF6183A4918010BD9D.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3440 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3440 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.158.107.63	unknown	United States	16509	AMAZON-02US	false
151.101.1.46	unknown	United States	54113	FASTLYUS	false
35.163.165.143	unknown	United States	16509	AMAZON-02US	false
199.34.228.54	unknown	United States	27647	WEEBLYUS	false

Contacted Domains

Name	IP	Active
pages-wildcard.weebly.com	199.34.228.54	true
sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com	35.163.165.143	true
weebly.map.fastly.net	151.101.1.46	true
youronlinechoices.eu	35.158.107.63	true
ec.editmysite.com	unknown	unknown
www.youronlinechoices.eu	unknown	unknown
microsoftonlineofficeteam.weebly.com	unknown	unknown
cdn2.editmysite.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.youronlinechoices.eu/	false	high
https://microsoftonlineofficeteam.weebly.com/	false	high
http://microsoftonlineofficeteam.weebly.com/	false	high

ID:	321294
Product:	CloudBasic
Start time:	19:45:32
Start date:	20.11.2020
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EE99FI2K\microsoftonlineofficeteam.weebly[1].xml	ASCII text, with very long lines, with no line terminators	96A49AAC91A702E4ECC2BDBA26AA6F96	FC12208B3C555B339E10533ABC4EC04FCB4F0EDA	35353D6BE8328C2FE0DFB56A4275A60A75194C2E4C71A6F68D68C6F7CB41144C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C4F9818-2BAC-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	7B275171CC2A81B1551C3C31AFA9CBD2	292E284A4B0672E81DF67316FD7C94A61550F699	8CD195EBDFA1851D8F62794631A331C8F33594AED77AA35759F89CE6E057BCF9
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C4F981A-2BAC-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	D38CBDBAF1C14D0CBAB41ACC36EDB31E	C41A74A7011284B377DAB16017C983B61B2785AE	F12E17EE39732D4580C8B72D0424843E1EB8BC11EB706F40355E2071F4F3D30E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22594615-2BAC-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	74CD47E76FD39F512726C6D01EC64F70	15A3B48ADB2E01B5430639F6DEA0B1FBF215B561	4EF7B22F2F8872635629DEF02F44A04AE2D86B6D564BD2005758C5D6E7FAA12D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	B5A1222B62559BAE8948A302A5B972DC	4CD8FFAF80F4E3C8E213D12FB27B642B6C3265F1	3667CFB0B25CE0DF781016985D95A873DB9F326F43C00D2F9D731C60701AA040
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\_base[1].css	ASCII text, with CRLF line terminators	628EEFC663AD39CAEF16A83148A03C89	72186A3F65BD3BD150F853719245E698B2C3ACE8	749E39174D56D9A4B6C3B2506E84EB58372942A56CF81A235C0C7BD78A0D6139
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\api[1].js	ASCII text, with very long lines, with no line terminators	D7DDEFB3DCD865CDF39D69733D7B07ED	C717C545CD4D4A869397A446B79ADB70DD2AD267	C78896AA2332CAD7BE8EB1777485215B07F69CEF8A4394C16AD1CE16C8CDCD43
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bg[1].jpg	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x820, frames 3	1D5D4A2D47179DF1839A7735DDABF04B	ED106694EBD83967FF8920DA3B2932D9C3440C06	42BD45AF1EBE2548F76BC1D07435FC17FF7322D742C6DEDFBBAE34187B8E4F0F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css	ASCII text	AB35911DB24D9967624E197B9D50C304	9D4FBA9EAE573A1D63FAE1EC7B2C6717FA8180A4	6FA5F726D51B94839AD55BD56B436A50D8EAD4926F6B0B8FF7C0AFE0FAFBF198
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	4D27526198AC873CCEC96935198E0FB9	B98D8B73AD6A0F7477C3397561B4AAB37BF262AA	40A2146151863BCF46C786D596E81A308D1B0D26D74635BE441E92656F29B1B4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[2].ico	MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel	4BC8A795A4CDC652BF30BDBFD164489E	791D68953CF0E73FD6015FA64EADF7D2E73B6CCC	55E6E4F19555E11ECBEB7CA9AEDB43C644AF505961B8667E548CDED50072C4EB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\main_style[1].css	ASCII text, with very long lines	A4D6218BA8089C96FDC55F28C2B16AE1	0B0EF5B6EB12025B3047E628520E48BA757B9434	01114B7D7DECEBFB47CA46ED1311A5892D421FA3E97E20A120775E4362FB6399
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\plugins[1].js	ASCII text	64497D2AB794CDB5E3C5C86CF7C5A611	34ACD67927409D0795EE025F64F99757494AFFED	637B5D2A661D0201F239A7AFCD1278BF55BEC7EF7ADA6CC6C0485C4E45D9B702
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\recaptcha__en[1].js	ASCII text, with very long lines	E28E6938C382A88686493D368DE3F7F6	B268A8EAF2BF2BACA9D0E5AA816FF63970AEEA6A	14A2806A256579773A3680E21459DEA7827D002104C6336856E0BEF9A39BE0C9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\snowday262[1].js	ASCII text, with very long lines	99BBE560926E583B8E99036251DEB783	8D81B73AE06F664F9D9E53DD5829A799BF434491	648E766BF519673F9A90CC336CBECEDE80DCBE3419B43D36ECBB25D88F5584A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\allbg[1].png	PNG image data, 800 x 600, 8-bit/color RGBA, non-interlaced	CC0D22CC07B02FEFA76F9B6EDC05F20F	F8666C7C71CB097FC0EE6D72E4473CAEF634BC8C	0C973C75E567B40FC5DD54600CA4DA4870C07CE27AD4993F7BF94EE286738E0D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fancybox[1].css	ASCII text, with very long lines	1DCEBBB5A1EB8B028310CEEB72A339B3	E254B7A35AC189FD1CE9CF8BD78593BEBFE27D7D	865CB87DE9FC4D6530EDCE21F0103107ABAE6ABE45CABDFF2AD9AF067B3D8E0A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\footer-toast-published-image-1[1].png	PNG image data, 199 x 97, 8-bit colormap, non-interlaced	6E0F7AD31BF187E0D88FC5787573BA71	14E8B85CC32A01C8901E4AC0160582D29A45E9E6	580EF6409E067A4EC4A427400C7D6216184869E2DA53343DF20753CC1F8A46CD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\footerSignup[1].js	ASCII text, with very long lines, with no line terminators	40B81B2D52BA9D2E2C64C31FF6A24CD7	6B5689250661646ECBB841F2475F1556A113373C	E06BACA13F25DF9C7D684FC1B1FDFBBBB95070A1D5A9CD648632DA7BCCC90B96
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\gdprscript[1].js	HTML document, ASCII text, with very long lines	42860AA0B1F14D5FEAED4B47415A82A9	536B5E9EBA071DE15CDA2CDDEB3BE49D4B68D1A7	C10F17A262EC4E944479DE5F1C1413BCF73176B77C184D68368DB79456EAC03A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main-customer-accounts-site[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	855C4EBEE2D7E2C0CD51EAE2CA335C60	269BB8D11DFA11006E3CB9399150D861A0DD2080	F50F4BE822D585A864A062536EA8882AC9097D6435C0664BB8DDA69304CC17C0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main[1].js	ASCII text, with very long lines	4CE1F3A4CA4D7BF293ECF92BC3C127F0	61F5C0D12A51F600F4405D766E4320AC0E8E88EA	5D4BEA154A0AADF67F8A3F363AFA10922F926DE28E324A986AF68653929FF7DE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sites[1].css	ASCII text, with very long lines	9B0CEA89EFE53D91D78D11FFD47932D9	4923AB33295645E85508386F7B6B884BA671C25A	004224D90390C7CD683C2B1911C8FF02DA3C2F1DD84DB133333F3D704ADB7355
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\social-icons[1].css	ASCII text, with very long lines	D5681302AB8D76CBE59A327F93583A98	7A19A362B7AC993BE113B4F0DF19B812D7364F3B	EA94AEAB89CAB3B7BD76FFE69C2B9DDDB5B47DD180CB5929180185616C0B7F62
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stl[1].js	HTML document, UTF-8 Unicode text, with very long lines	C8EBC858D4E671923051F526AEA05C11	58A633E24F3FCCE51252B60D1EB7D4D2AFA5C840	BE0CBAC9AA6019FCB587157F324152EE21D966A7523A90CE4315BED07E8BCB63
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\INS6GHRP.htm	HTML document, UTF-8 Unicode text, with very long lines	77AA38B99585E4494F65C020CB89323A	6A23BE1A79FBE11B626EE441701E2F5D5C61DC8E	CC0E3EE621076F1A9DAAC830B6288214ED30FDE6600A60B2664D53049A7D8877
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\_style[1].css	ASCII text, with CRLF line terminators	2D7F4E14F37214C06A56AFAA16E3863D	059282DDD4CCC918EFE617DCE29C435D5A9B43E0	863774F4D19CB43AC4D88DA2D62C794E7CB8FB85C056D94AC63420753FD3C042
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\click-image_orig[1].png	PNG image data, 2809 x 427, 8-bit/color RGBA, non-interlaced	84E47EFB5D6023AE9236BB1C7C65F19C	9BA167842982BA9E52CDD9D3BD74A02A9FFAA68B	A69D1B3A4A16AD8753004ECAC1617CF030E5534C83E22E07862B63C49079CBCB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\css[1].css	ASCII text	D4802F073D0CCC692E548FFD0877E8CB	F40C4257927D6EF79FFCEF122BC3C4FB34FD9208	6FB5254767EE0A417C0129DA3DB8D80A78F89366194DC910E1636D310B9114FE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\free-footer-v3[1].css	ASCII text, with very long lines	B09E83D2AEAC55C0D3B67186CD5009FF	FA87CEC84CC36FC2E70804867DA24578EA331999	251A983A1B4B2CC76542AA398AE6B3499978A788860B54A8081D35D7A843303C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ga[1].js	ASCII text, with very long lines	E9372F0EBBCF71F851E3D321EF2A8E5A	2C7D19D1AF7D97085C977D1B69DCB8B84483D87C	1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hashslider[1].js	ASCII text, with CRLF line terminators	F413E3863F8880532F2A042FE1086680	A5AC3915DB1426460F27A77FD899E0222643C57F	5083A310E36E3DC495487342D84D9BA1027366F7EAD5B947554E9A25307235A6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hp-1[1].jpg	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x226, frames 3	A636AFA30C6506165AB59D742D62DF6A	07FECA0C90B90E0B50E1E33433989E2C4F54A900	2A6B8FB0E63006299B1A56718A556764C24C8D019C5488694C91D34CE4B146DB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-1.7.1.min[1].js	HTML document, UTF-8 Unicode text, with very long lines	DDB84C1587287B2DF08966081EF063BF	9EB9AC595E9B5544E2DC79FFF7CD2D0B4B5EF71F	88171413FC76DDA23AB32BAA17B11E4FFF89141C633ECE737852445F1BA6C1BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\js[1].js	ASCII text, with CRLF line terminators	719011CE58E3E27A5CA358EB68633731	306DB7EA27198599A2B5D83E4C14D5A4B96CA5D8	6473FCA18BA884A4714D3D5A815945D1E8C04E2360AB29FFC0656253569F1550
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\office-logo_orig[1].png	PNG image data, 724 x 482, 8-bit/color RGB, non-interlaced	DDE0AEF9D34CA2590B16D46FE18BFC26	7A14F542C1003D918E22F1DEACFEAB7844D782F3	8052D0A57766A6A15808AE15811AA44816091D9211F85C9F74F63B4AE777899D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\optout_testpage[1].js	ASCII text	A9AB22057607F33502E121C36553393E	D554E1EC42DAA46A914196D70873C44E38DAF26E	76F879A978FF9A76393222D462025F5CF8A80835FE3B3D91D30E545470477B44
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\tiny_orig[1].png	PNG image data, 149 x 38, 8-bit/color RGB, non-interlaced	012F788DBE66E570C15CCB175AA4B988	6CC5BA50D18EE40B4A2B6D7C5C82A006C6C1AFFA	A1F40BD5E807DF5F2D21CB0DEB5F1A28BFCD6846D71BAF952930FC367D765630
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\OZpEg_xvsDZQL_LKIF7q4jP3zWj8[1].woff	Web Open Font Format, TrueType, length 47412, version 1.1	F4CE2FACE198528C023D9829F2C8A966	721DA89B459818124B5556D8305807E29E0C9805	BE959900EB3AFF193CDD7192A33B91BB664755F7068B51E6533E8E37CBC32014
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\OZpbg_xvsDZQL_LKIF7q4jP_eE3vfqne[1].woff	Web Open Font Format, TrueType, length 49732, version 1.1	236BF209453D5788642AA825F4CFC137	45A7A69D307B0B4FF92410A7388275ADE30B03EF	07AE2FB42BCF7408559A1B756834892A304F89B089645820657A3F8DD9B8915B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\YRETO7NA.htm	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators	C62A7A9FD68EC8ABD648631B963412E3	B5612D0ECF20419572543FBEF3EAE268508F0153	E0E303780D8A9FF312832F9C3ACB6FDDFEF2DF8C0B981A665340D7E97C8A9B3E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css	ASCII text	F290221A8E244E2D3FD642BA26A9F134	5E8DB402314AB331B0A836021551D76AEC59FBAB	F8D9863B6FCA9A679D31A1F445DF2CC1401DFA0921E9779BB0FBD80457EE47AF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\custom[1].js	ASCII text	29FC207672510B76EAD1EF5DBA730E07	B6786A2C238A15CAFB14171CEBCECE74BC3E54B5	51336E9210D70B71C15C249D51F2F67EF80B727549AAC03C489071722B7C74F0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery.min[1].js	ASCII text, with very long lines	3576A6E73C9DCCDBBC4A2CF8FF544AD7	06E872300088B9BA8A08427D28ED0EFCDF9C6FF5	61C6CAEBD23921741FB5FFE6603F16634FCA9840C2BF56AC8201E9264D6DACCF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\va9X4lja2NVIDdIAAoMR5MfuElaRB0zMj_bTDXDoiw[1].woff	Web Open Font Format, TrueType, length 32856, version 1.1	F0192F1825E8AE3528375ABAA2462562	0D026D1FBE96EB7F70912DD457381DB44A6708C3	B55A3545569D49EE028001C91C31B3998663DD9B676CF911795E049239E7BED6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\va9Z4lja2NVIDdIAAoMR5MfuElaRB0RyklrfPXo[1].woff	Web Open Font Format, TrueType, length 31536, version 1.1	3E6818D45FF1E32297DEABEA5B312B36	DC3669427E39AA5435A866FB80C5235F28FDE6B8	A75AFACF25F5B146275C61CB85E2E859D8CBCED030F11482CBE66E460434008D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\va9a4lja2NVIDdIAAoMR5MfuElaRB0zMh0P2Hg[1].woff	Web Open Font Format, TrueType, length 34136, version 1.1	BAB60E8CFCE720F643AF637F870B850B	E8D7264D7DD0FB6E3431CB8EBD6B5DADE3B39823	FBADEBCCE90E5552D3721FAAC1BCCA1ACD3437BA57CB68EC3DEED769C87887CE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\va9c4lja2NVIDdIAAoMR5MfuElaRB0zHt0k[1].woff	Web Open Font Format, TrueType, length 31580, version 1.1	7DFA8D9D47BE6A61596B8FFD686813A9	114FD7A4D18876E3DBD8BE3D385DEBEDFDC09E79	0A11E81CC846F83022291E523B0FF58566150819084C9A7C033BC42F57DBFF2E
C:\Users\user\AppData\Local\Temp\~DF6183A4918010BD9D.TMP	data	A67A72228FFB611AAD7C8C860C48E44C	29EAED61D2AC9A3D62DDCFD09EE51C606308BA81	436CA059A83D42780D6DB028971E7C0F2537D4CDC25CC89ED31AA6E7A506664C
C:\Users\user\AppData\Local\Temp\~DF95679539DE16C271.TMP	data	7422FD2EBDACE2D9C02E86A7474C3A0D	5B58B916947D39B9F603E70E0C0E0236E2BE1655	BB4635FDB3614B31D4E5CF17D1D2A04E4301415DEEF56102429D7D9AA0215670
C:\Users\user\AppData\Local\Temp\~DFAA861CDFA17B3544.TMP	data	C2748346E132EB29A4E4EA9917B34EEB	9295180D49A8AA29511500E4FA8637C95123EDDE	60CEC3E051DCC3274699CD0AA688093FEA92CFF8839C0BA670DF0DB47BF6AFF0

Analysis Report http://microsoftonlineofficeteam.weebly.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs