Analysis Report https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr

Overview

General Information

Sample URL:	https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr
Analysis ID:	323643
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish_10

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Suspicious form URL found

URL contains potential PII (phishing indication)

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr

UrlScan: detection malicious, Label: phishing brand: sharepoint

Perma Link

Antivirus detection for URL or domain

Source: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#news	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#home	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	UrlScan: Label: phishing brand: sharepoint	Perma Link
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjk	Avira URL Cloud: Label: phishing

Phishing:

Yara detected HtmlPhish_10

Source: Yara match

File source: 609290.pages.csv, type: HTML

Phishing site detected (based on logo template match)

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377

Matcher: Template: sharepoint matched

HTML body contains low number of good links

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Number of links: 0
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Title: Sign \| SharePoint does not match URL
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Title: Sign \| SharePoint does not match URL

Suspicious form URL found

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Form action: send.php
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Form action: send.php

URL contains potential PII (phishing indication)

Source: https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr

Sample URL: PII: prampon@soteb.fr

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: No <meta name="author".. found
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: No <meta name="author".. found

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: No <meta name="copyright".. found
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: No <meta name="copyright".. found

Source: global traffic	HTTP traffic detected: GET /icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: icons.iconarchive.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png HTTP/1.1User-Agent: AutoItHost: icons.iconarchive.comIf-Modified-Since: Sat, 27 Jun 2020 10:27:29 GMTIf-None-Match: "5ef71f11-23c7"Cookie: __cfduid=d7eb16b95148e3cf626e501729a40ba461606466109

Source: gtm[1].js.2.dr	String found in binary or memory: "vtp_html":"\n\u003Cscript type=\"text\/gtmscript\"\u003E!function(b,e,f,g,a,c,d){b.fbq\|\|(a=b.fbq=function(){a.callMethod?a.callMethod.apply(a,arguments):a.queue.push(arguments)},b._fbq\|\|(b._fbq=a),a.push=a,a.loaded=!0,a.version=\"2.0\",a.queue=[],c=e.createElement(f),c.async=!0,c.src=g,d=e.getElementsByTagName(f)[0],d.parentNode.insertBefore(c,d))}(window,document,\"script\",\"https:\/\/connect.facebook.net\/en_US\/fbevents.js\");fbq(\"init\",\"1103530543356374\");fbq(\"track\",\"PageView\");\u003C\/script\u003E\n\u003Cnoscript\u003E\n \u003Cimg height=\"1\" width=\"1\" src=\"https:\/\/www.facebook.com\/tr?id=1103530543356374\u0026amp;ev=PageView\n\u0026amp;noscript=1\"\u003E\n\u003C\/noscript\u003E\n", equals www.facebook.com (Facebook)
Source: fbevents[1].js.2.dr	String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage\|\|function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules\|\|(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]\|\|(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)\|\|(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=f.getFbeventsModules("signalsFBEventsGetTier");e.exports=function(b,c){c=a(c);c=c==null?"www.facebook.com":"www."+c+".facebook.com";return"https://"+c+"/signals/iwl.js?pixel_id="+b}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}};e.exports=new h(function(d,e){function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL\|\|!a.FacebookIWL.init)return;var b=j(g.ENDPOINT);b!=null&&a.FacebookIWL.set&&a.FacebookIWL.set("tier",b);d()};a.FacebookIWLSessionEnd=function(){n.removeItem(m),a.close()};e.src=i(c,g.ENDPOINT);b.body&&b.body.appendChild(e)}var o=!1,p=function(a){return!!(e&&e.pixelsByID&&Object.prototype.hasOwnProperty.call(e.pixelsByID,a))};function q(){if(o)return;var b=n.getItem(m);if(!b)return;b=JSON.parse(b);var c=b.pixelID,d=b.graphToken,e=b.sessionStartTime;o=!0;h(c,function(){var b=p(c)?c:null;a.FacebookIWL.init(b,d,e)})}function r(b){if(o)return;h(b,func

Source: unknown

DNS traffic detected: queries for: mincast.us-south.cf.appdomain.cloud

Source: fontawesome-webfont[1].eot.2.dr, font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: imagestore.dat.2.dr	String found in binary or memory: http://icons.iconarchive.com/icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png
Source: jquery-ui.min[1].js.2.dr	String found in binary or memory: http://jqueryui.com
Source: jquery-ui[1].css.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1
Source: popper.js[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: scripts[1].js.2.dr	String found in binary or memory: http://stackoverflow.com/a/2866613
Source: style[1].css0.2.dr	String found in binary or memory: http://stackoverflow.com/questions/10387740/five-equal-columns-in-twitter-bootstrap/22799354#2279935
Source: scripts[1].js.2.dr	String found in binary or memory: http://stackoverflow.com/questions/411352/how-best-to-determine-if-an-argument-is-not-sent-to-the-ja
Source: KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf.2.dr, KFOmCnqEu92Fr1Mu4mxP[1].ttf.2.dr, KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: style[1].css.2.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.html
Source: magiczoom[1].js.2.dr	String found in binary or memory: http://www.magictoolbox.com/license/
Source: style[1].css.2.dr	String found in binary or memory: http://www.navigatormm.com
Source: style[1].css.2.dr	String found in binary or memory: http://www.navigatormm.com/chimera
Source: gtm[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: scripts[1].js0.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CustomEvent/CustomEvent
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCjC3jsGyL.woff)
Source: bootstrap_002.js[1].js.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.js[1].js.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: gtm[1].js.2.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: bootstrap_002.js[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap_002.js[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: {E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://j123.eu-gb.Root
Source: {E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjk
Source: gtm[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: gtm[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: recaptcha__en[1].js.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: ~DFF335FDC517C7DD21.TMP.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfWmtcUAAAAAOJYBUg1otF0emmfkBJXOL8F-Tsa&co=aHR0
Source: gtm[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: webworker[1].js.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js
Source: anchor[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/styles__ltr.css
Source: {E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.premierpawappdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjk
Source: {E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpRoot
Source: ~DFF335FDC517C7DD21.TMP.1.dr	String found in binary or memory: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=153958532

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: classification engine

Classification label: mal68.phis.win@3/60@8/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFE3365AA569982C87.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3096 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3096 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
31.13.92.14	unknown	Ireland	32934	FACEBOOKUS	false
149.56.20.211	unknown	Canada	16276	OVHFR	false
169.46.89.154	unknown	United States	36351	SOFTLAYERUS	false
74.125.128.155	unknown	United States	15169	GOOGLEUS	false
172.67.212.166	unknown	United States	13335	CLOUDFLARENETUS	false
158.175.115.200	unknown	United States	36351	SOFTLAYERUS	false

Contacted Domains

Name	IP	Active
scontent.xx.fbcdn.net	31.13.92.14	true
icons.iconarchive.com	172.67.212.166	true
stats.l.doubleclick.net	74.125.128.155	true
j123.eu-gb.cf.appdomain.cloud	158.175.115.200	true
www.google.co.uk	216.58.215.227	true
premierpawn.com	149.56.20.211	true
mincast.us-south.cf.appdomain.cloud	169.46.89.154	true
www.premierpawn.com	unknown	unknown
connect.facebook.net	unknown	unknown
stats.g.doubleclick.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	true	100%, UrlScan, Browse	unknown
http://icons.iconarchive.com/icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png	false		high

ID:	323643
Product:	CloudBasic
Start time:	09:34:15
Start date:	27.11.2020
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\KP2WJQV6\www.google[1].xml	ASCII text, with very long lines, with no line terminators	47E9300B4A6738A6F86F147AE60D0975	E9A277060448E5A1872A7A9A2DB5F41BA786B3C9	CAC722A90F40A5D73E66C8B4C00B0CD9CE8CD0B81D61360D9E7E6427C624C836
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1A2634D-30D6-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	DD9FA2A803B3A063B7225A3B63BFDD8A	A6C652E27EE273800325A545524502342D43E40B	5C5AB864C92D2363C08A71D957D81774A1F730E25FBB3D70E7E2B38113EB6D6A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	1EABBDBA7A4D54F49117E1524E70CF21	38B5007A274F7B104D427F6287958A8A14EA4942	1FD10557B55E1CBC04A466D09A67A1CF2FBEA6D2CFA2A3C695B1DAE09A6EDE98
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7B4DF9B-30D6-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	FDC62054608E7755086A0D3E4D5E5EBE	405870AF3A9F0D26EAE2FC41C066111C5371BC36	1B55536A9CC554A0DFF91AE74F5F6442A84E9DA0F73D493A715EDBD1BBE172FD
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	63AF82FA81262C3AFEA6DDF37E5DF4CB	61A68CEA3C286A914C5A72E8D9C81B44FF4B0E82	3DC78268FBD2F3FA20FF6C33F6254B09006DDD1FFE052910E1B6D10AF39C2BB1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4iCv6KVjbNBYlgoCjC3jsGyL[1].woff	Web Open Font Format, TrueType, length 34688, version 1.1	E5613B0C875443174F948840C8CE07F6	92E91634568F4AF1FC4B661E251B668602B4DECF	C5FF97625C996FD2A765D4319EDA3F15CA19BF66B33080E94465493E8EC27FD8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bootstrap.js[1].js	ASCII text, with very long lines	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css	ASCII text	A5BF1276EA34EA6EA695F4E772905480	F6C139D41AA681046830BB7B8809EB55AEA19731	99D27B3C9574DDF2C4FD64FB8B51F348C3E697C469272E245976C1B7AC334320
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.ui.touch-punch.min[1].js	UTF-8 Unicode text, with very long lines	700B877CD3ADE98CE6CD4BE349D81A5C	C1C36E6927436231EB20474356B29667C4C648AA	000854D782781AFF1B16EA5451C1DA3D07EFADD35AB911CCB7E4B851571A25BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\logo_48[1].png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\magiczoom[1].js	ASCII text, with very long lines	549038A8E834E2988F9B7B7D7D7AD953	9FE0D06496A55C6BAEF23A837C530B4B09BD21C6	B7A371259A52F5EC0E5E1E0F582F80FCA1CB842462ADD58607C4B98AAD3C181B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\myscr408434[1].js	ASCII text	166CBD31FF41EFBCD36AB492D6E8EF0D	534EF601C26E73B856776E2A9F4B60D824268836	85F15AD877A5AA9B57A6321E48745DAF51831FAFE863A348368A5C8602D21B1B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\myscr631018[1].js	ASCII text	699027FAA2E349217C03E9C971C45855	2C7AD08C9EC4DACE34110ABF997DCABE811BEDB7	6CCB21762484968A3E2D3064B3D0616458266EDACAC262FC3430D95DAE1C89C7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\script[1].js	ASCII text	56FE09B498FC1A1441D6D9D4F0634FA4	E1BFD475A866F93C57A3561C2EFC8DD9E11FCA80	AEF711D1643073AB593DE1D958EE854D6F63339CB216EDA43666FB9DFCEBFFD0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\style[1].css	assembler source, ASCII text	C46460C4F3B7E4A0BC460A0B32B5728C	C164F976948513D8347B3D4E6FCFC61B2593EBAB	C8927F2EF1F88A242E15BBB8A76BEEFC766B324F8B6F3EC7620BCF86EBA5430C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ubuntu-bold-webfont[1].woff	Web Open Font Format, TrueType, length 37772, version 1.0	A19A5AAA762A0ED7EF4A3314E6119F91	0834EABEFC2D78E6AF6B5A3FE78F853E2CEF2B21	A552A146F50DEA919FF2939BFE823DA55D5E2756426F3F3558851A498D7A6C9F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ubuntu-light-webfont[1].woff	Web Open Font Format, TrueType, length 35164, version 1.0	B6BF5E9E85B33C8CF567E37709CE0606	059D83FBE271D408B39C367E761F918B20EC9E57	99BFF17E3AD02B41842F07EEFA79CB0D717F52AAB458D54042A314C305AE4A30
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\1103530543356374[1].js	ASCII text, with very long lines	3700E5158B975E48AE3D8FF33F2BE73D	69475C8C6F33B3A210B060509507D97FE968B0C4	EE7366F965AEA6F2F318CF7F26FEB0085CB239453D4FBA4315BAE2F1CE6B2643
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Vs6nWS78ghLfsfNsaSX7TbIM18eipulnY6pGcPv__N8[1].js	ASCII text, with very long lines, with no line terminators	3BDA237BDCE57B97F7C04095ACD8C387	15F7A6147D87B7E6C471E45DAAA952D248C299D4	56CEA7592EFC8212DFB1F36C6925FB4DB20CD7C7A2A6E96763AA4670FBFFFCDF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\chimera-framework[1].js	ASCII text	0B1D8080F4427194FAC271881702EC68	771C6E8995B6094E46819F9A2FE2BC4360F175C7	A81DA1599971897BFBC8A6B49B313C5A8B861493AA730E19B6A0CD430DB517F4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\font-awesome.min[1].css	ASCII text, with very long lines	269550530CC127B6AA5A35925A7DE6CE	512C7D79033E3028A9BE61B540CF1A6870C896F8	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery.js[1].js	ASCII text, with very long lines	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-premierPawn-header[1].png	PNG image data, 334 x 40, 8-bit/color RGBA, non-interlaced	B976D10997FB99579DB2D4D4DC4C6FC4	1F579CBE6BDFDD41B0D9BD7C9B9597349CE387DF	DE4038A2291CEB2617B24A30BBE92F96FA7AAF1EA14F9CA9BF43AB2DCC125F45
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\myscr262639[1].js	ASCII text	4589B6F7A4970D66890ECC1277CDB69B	1BD2E6D2891CCEB72B376E8127A5B89B8321CD3D	FA7C98BFAA958B620DC26B384D63A828DB6309C5B60A864EB9CDE28A2B84F741
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\myscr584876[1].js	ASCII text	9124794063B81F01A30E5E13EDB78A6C	014953194CD9DE5FD48FFDF22D15902BFB20B159	975E8D22F5DBD1B005FD7AF747A12E96F46876B89CCD9E5B2E2262155B77E6DB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\nav-admin-skin[1].css	ASCII text	17347BED7C52615C61135B829CE6D0C3	1B0477E44E263FE39C20BDC12A0387C48D1DBF53	2EBEBB104E2719CCB5DD5E021A43B2362CBEDC278E59E60F6D8D454AC8C8474D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\scripts[1].js	ASCII text	CC43D72A100F2C0FA5BFB44D7AD6A438	26A4B89A709719FA0D24447C9D4541DF6EC24953	9F32A4FBF9211F5B53F065F26C60FF144F9B3E8B57DDD5DB6E86543559F80F17
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\style.min[1].css	ASCII text, with very long lines	7D2051E6C59F3598B17877BF41637EC4	E3FBC1265F4CD1EACF83C045E4F21D5F9B92BF8D	BCA7AF0B45B6FC6A2064E8E7A34F2041F3E77261E63F0257209BCDE6BC40545D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\wp-embed.min[1].js	ASCII text, with very long lines	8ED6038A5DBF62380DE72A681340AFD3	1B7F829B844EAA1A3E2D05F51FA81D6579D76738	6EBCDA7A3A41EF97F0B4071160CEB1020E540FDC0F790079A5C2EF01AB654FE0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Microsoft-SharePoint-2013-icon[1].png	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	62FDD2EC231195402D89A8FBC8224165	47DF0C4DAEA8D8C19FB5A79C2AF905A9ECE615C8	83AA2E8C0654186C80BEC720C2096B3F62B27717F9200208AE78B4932D58747E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\analytics[1].js	ASCII text, with very long lines	53EE95B384D866E8692BB1AEF923B763	A82812B87B667D32A8E51514C578A5175EDD94B4	E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\anchor[1].htm	HTML document, ASCII text, with very long lines	8EAAADD00AF0B04AA62FE2EA22995700	D4BBB772C1E7E8F4D7BE883CA3E846558B9820F9	5B43BF629107E8C0C82E1513B3D526F421352F7A144749AF1BE0B2542579AFBE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].css	ASCII text, with very long lines	EC3BB52A00E176A7181D454DFFAEA219	6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68	F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fbevents[1].js	ASCII text, with very long lines	9E0662842A501206D741C8B57826BCFA	3B6E7981C1DF69CD22FB0B43A765196BCDF465DF	0E49C2B4E86D3FDA1DDA93EB1210A47712F7B091181B4E7C6DA2B3E6F8E86396
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-ui.min[1].js	ASCII text, with very long lines	FD255415839568E52A48DA5DE5AF244C	ABD6F85A04584792D77E4791C441FF49E9E28C0D	9671F8BE70AD94A5362E60F4656D5D53BA214D32AB70A3F9D1603D7DADF9D1C1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-ui[1].css	ASCII text, with very long lines	D172B560B073F3BC42FEA160BBFF96A2	680D2ABBECD20E970F207E9FDF85E996D5E72580	9C286C1A80773A8C752FFC323AEC348776F86AB242A4E58636B87F376E0853B1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\linkid[1].js	ASCII text, with very long lines	0CC3A63FE10060AF4A349E5DF666EEFE	3E8D3925B550345123F2CAB26568221FD4154F9C	92FCA55833F48B4289AC8F1CEDD48752B580FCE4EC4B5D81670B8193D6E51B54
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\myscr294914[1].js	ASCII text	D88D51D6C68DC6EF0BAC9737DD14CF68	BC5F511F8FCF2B36646FE8D953547D1266514F36	3BE1AAA49873C8A579CBB323ED55F1576DB39393EC4E97B186AF64F1324AFB43
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\popper.js[1].js	ASCII text, with very long lines	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\scripts[1].js	ASCII text	309E1A27AB5C8722DEA8F46FC8C384D5	784A35686079A37CF469E27FD7EFA1B2FAC7AC97	A0EA735F765D5BC1230BEB63BCB701B69C80D77C48572A61BB159A8915903278
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\styles__ltr[1].css	ASCII text, with very long lines, with no line terminators	B8C5BF5AECA93C917B1E1D30F9E154F9	29158B46C84DAEA48427BED5DF71712B813EC7D1	ED64927E84FD6A93A31D808E018467B1DEBC6F46822A7ACBC20D6F16A1B620B9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\webworker[1].js	ASCII text, with no line terminators	F478DAB0AB23A2C05C140A57CD2AFDCD	E7903342A9766841FC8C80D99D3FA0AF61A0436F	E5FD8BC34FD6C3A210FFDE57800445F90A248CC39189D018D990DE477CA30A10
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me	4D88404F733741EAACFDA2E318840A98	49E0F3D32666AC36205F84AC7457030CA0A9D95F	B464107219AF95400AF44C949574D9617DE760E100712D4DEC8F51A76C50DDA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla	4D99B85FA964307056C1410F78F51439	F8E30A1A61011F1EE42435D7E18BA7E21D4EE894	01027695832F4A3850663C9E798EB03EADFD1462D0B76E7C5AC6465D2D77DBD0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOmCnqEu92Fr1Mu4mxP[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht	372D0CC3288FE8E97DF49742BAEFCE90	754D9EAA4A009C42E8D6D40C632A1DAD6D44EC21	466989FD178CA6ED13641893B7003E5D6EC36E42C2A816DEE71F87B775EA097F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\api[1].js	ASCII text, with very long lines, with no line terminators	B673368BD457EB85C5F0DEE5E9AD2937	84A09F1429917A604FBB5149DEE5A79519BF18EF	62C484E8FCCD8A7492BC297604F00EF9F51E8D1269F7B09E1D23C765F5FA4DCC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap.min[1].js	ASCII text, with very long lines	5869C96CC8F19086AEE625D670D741F9	430A443D74830FE9BE26EFCA431F448C1B3740F9	53964478A7C634E8DAD34ECC303DD8048D00DCE4993906DE1BACF67F663486EF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap_002.js[1].js	ASCII text, with very long lines	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\fontawesome-webfont[1].eot	Embedded OpenType (EOT), FontAwesome family	674F50D287A8C48DC19BA404D20FE713	D980C2CE873DC43AF460D4D572D441304499F400	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\gtm[1].js	ASCII text, with very long lines	E5480E976466AA3A64430215D75C3334	FEBEE1F9D595B0B885C1D2078D7ABF499166F7D5	485028402D37179845895F0F22A00429434A7A6430E68EB24140595ABA0C192D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery-1.11.0[1].js	ASCII text, with very long lines	52D16E147B5346147D0F3269CD4D0F80	4566B5815F47F976C7C3D3083C600AD5561B6FC0	2E945EBCD9B955E7C543BA4AD41E8F7779A077B482A0207DB74BD6DED2021D17
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery-3.js[1].js	ASCII text, with very long lines	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\magiczoom[1].css	ASCII text	45635C0B0B19EE96E6FA204688E9CEDB	E7512DF84C15D1642E4A1F177B34FA4055138994	AC0F98FCB998913794049B3BBBD47DA5402E761D7C9BD5B98DD394F82691D9F5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\map[1].png	PNG image data, 1487 x 998, 8-bit/color RGBA, non-interlaced	50F193C4021ED8A15AA4751DF76E4B5B	5949D1FF7B41CBFFE6F6BA570C3E6664280A807B	2B8FEEBC406D31C8E17797EFF91D11536494340DDD0386277BD68A3029687EDC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\recaptcha__en[1].js	ASCII text, with very long lines	E28E6938C382A88686493D368DE3F7F6	B268A8EAF2BF2BACA9D0E5AA816FF63970AEEA6A	14A2806A256579773A3680E21459DEA7827D002104C6336856E0BEF9A39BE0C9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\smain[1].htm	HTML document, ASCII text	3F5CB294E6EB910EF2A920FA18AD6F30	B816D22E0F9F0B2330451585CD851C2C38EAA302	4684ED49616780844C36AC9B356DD7FD6EE017431F492675D873AB98E9730D2D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\style[1].css	ASCII text, with very long lines	807112993A34461A23636A0D0D623F55	AD806F3D2E1AAB380A539177DC286830C5092060	B70F86F93DBE9523567ACDF5B43DAF2BAC8DFBD41F7548BE08B3D9437B28DCFE
C:\Users\user\AppData\Local\Temp\~DF366A8B049B54D2CF.TMP	data	03AE76C0C9BFD59E3DC39675BD645867	DFBDD484C746E7EB0FECF971B3D782857ED3958B	454C94FB62FE4797841C5AAD0D61982164DCBC8BA46055B0CA5B3600C6AD7AAB
C:\Users\user\AppData\Local\Temp\~DFE3365AA569982C87.TMP	data	C83B8D52C00C0B6DBE5CC37FC5456862	78970F45ACA4CD62DF0CA1D1213DD68560009008	1A7A87914FA6E4B3231BE4ED29A158D55AEF09FA6DBB9BA8D91692DE8496D50B
C:\Users\user\AppData\Local\Temp\~DFF335FDC517C7DD21.TMP	data	0AC927FA0A6BE4B02E4EFAE30511CF49	BB80C81BF0E0A3C7AAE133A6B51C49F573C004EF	D1D21B7ECE7EA3A12908A35E8A930E7EFCEDCC806C374EAD5D78B698FEEE5155

Analysis Report https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs