Analysis Report Direct Deposit.xlsx

Overview

General Information

Sample Name:	Direct Deposit.xlsx
Analysis ID:	323781
MD5:	69e51c55e817ad606af9c380ff76ea90
SHA1:	0385a74d84fbf8964d363fb979ecf6afe14b5eba
SHA256:	c38e8675fe9efcc6c74ac66c182c58d458b091d14ababda785b3144e3fbbfe6f
Tags:	xlsx
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish_10

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

Invalid 'forgot password' link found

JA3 SSL client fingerprint seen in connection with other malware

Classification

Signatures

AV Detection:

Antivirus detection for URL or domain

Source: https://secure-excel-file.glitch.me/

UrlScan: Label: phishing brand: generic microsoft

Perma Link

Phishing:

Yara detected HtmlPhish_10

Source: Yara match	File source: 128757.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\07D9KDVU.htm, type: DROPPED

Phishing site detected (based on logo template match)

Source: https://secure-excel-file.glitch.me/

Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://secure-excel-file.glitch.me/	HTTP Parser: Number of links: 0
Source: https://secure-excel-file.glitch.me/	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://secure-excel-file.glitch.me/	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://secure-excel-file.glitch.me/	HTTP Parser: Title: Sign in to your account does not match URL

Invalid 'forgot password' link found

Source: https://secure-excel-file.glitch.me/	HTTP Parser: Invalid link: Forgot my password
Source: https://secure-excel-file.glitch.me/	HTTP Parser: Invalid link: Forgot my password

Source: https://secure-excel-file.glitch.me/	HTTP Parser: No <meta name="author".. found
Source: https://secure-excel-file.glitch.me/	HTTP Parser: No <meta name="author".. found

Source: https://secure-excel-file.glitch.me/	HTTP Parser: No <meta name="copyright".. found
Source: https://secure-excel-file.glitch.me/	HTTP Parser: No <meta name="copyright".. found

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 172.217.168.2 172.217.168.2
Source: Joe Sandbox View	IP Address: 172.217.168.2 172.217.168.2
Source: Joe Sandbox View	IP Address: 50.87.153.159 50.87.153.159

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3EA4068F.png

Jump to behavior

Source: global traffic

HTTP traffic detected: GET /vendor/doctrine/styles.css HTTP/1.1Accept: text/css, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ibuykenya.comDNT: 1Connection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: linktr.ee

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A.3.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F8008506.3.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: http://ibuykenya.com/vendor/doctrine/styles.css
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: http://jquery.org/license
Source: popper.min[1].js.3.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: ~DF393BF7B86FA4A2BC.TMP.2.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: imagestore.dat.3.dr	String found in binary or memory: http://www.imagemagick.org
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: f[1].txt.3.dr	String found in binary or memory: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://cnhind-onmicrosoft-com.ml/email.php
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: excel.O365[1].htm.3.dr	String found in binary or memory: https://d1fdloi71mui9q.cloudfront.net/YS99cwPS1yJGdXcJU31Y_62xa7aqirVCeh6yn);background-image:url(ht
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: free-fa-regular-400[1].eot.3.dr, free.min[1].css.3.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.3.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: free-fa-regular-400[1].eot.3.dr, free-fa-solid-900[1].eot.3.dr	String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff)
Source: css2[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/capriola/v8/wXKoE3YSppcvo1PDln__.woff)
Source: css2[2].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/karla/v14/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqqFw.woff)
Source: css2[2].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/karla/v14/qkBIXvYC6trAT55ZBi1ueQVIjQTDH52qFw.woff)
Source: css2[2].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/karla/v14/qkBIXvYC6trAT55ZBi1ueQVIjQTDJp2qFw.woff)
Source: css2[2].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/karla/v14/qkBIXvYC6trAT55ZBi1ueQVIjQTDppqqFw.woff)
Source: bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	String found in binary or memory: https://getbootstrap.com)
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://i.ibb.co/crr44kK/bg5.png
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://jquery.com/
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://jquery.org/license
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: ~DF393BF7B86FA4A2BC.TMP.2.dr	String found in binary or memory: https://linktr.ee/excel.O365.securefile
Source: ~DF393BF7B86FA4A2BC.TMP.2.dr	String found in binary or memory: https://linktr.ee/excel.O365.securefile6Excel
Source: {7E9128FA-3101-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://linktr.ee/excel.O365.securefile6ExcelRoot
Source: {7E9128FA-3101-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://linktr.ee/excel.O365.securefile6Excelile.glitch.me/eRoot
Source: {7E9128FA-3101-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://linktr.ee/excel.O365.securefileRoot
Source: ~DF393BF7B86FA4A2BC.TMP.2.dr	String found in binary or memory: https://linktr.ee/excel.O365.securefilep
Source: imagestore.dat.3.dr	String found in binary or memory: https://linktr.ee/static/favicon.png.
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://logo.clearbit.com/
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://outlook.office365.com/owa/&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: ~DF393BF7B86FA4A2BC.TMP.2.dr	String found in binary or memory: https://secure-excel-file.glitch.me/
Source: ~DF393BF7B86FA4A2BC.TMP.2.dr	String found in binary or memory: https://secure-excel-file.glitch.me/.Sign
Source: ~DF393BF7B86FA4A2BC.TMP.2.dr	String found in binary or memory: https://secure-excel-file.glitch.me/ed
Source: {7E9128FA-3101-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://secure-excel-fl.O365.securefilep
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/microsoft_logo_ee5c8d9fb
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://sizzlejs.com/
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://www.ilo.org/actemp/publications/WCMS_740375/lang--en/index.htm
Source: 07D9KDVU.htm.3.dr	String found in binary or memory: https://www.office.com/?auth=2

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49180
Source: unknown	Network traffic detected: HTTP traffic on port 49207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49178
Source: unknown	Network traffic detected: HTTP traffic on port 49180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49191
Source: unknown	Network traffic detected: HTTP traffic on port 49175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49206

Source: classification engine

Classification label: mal60.phis.winXLSX@4/67@12/7

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$Direct Deposit.xlsx

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRD577.tmp

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1748 CREDAT:275457 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1748 CREDAT:275457 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Direct Deposit.xlsx

Initial sample: OLE zip file path = xl/media/image1.png

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.130.133	unknown	United States	54113	FASTLYUS	false
172.217.168.2	unknown	United States	15169	GOOGLEUS	false
143.204.214.108	unknown	United States	16509	AMAZON-02US	false
50.87.153.159	unknown	United States	46606	UNIFIEDLAYER-AS-1US	false
52.205.236.122	unknown	United States	14618	AMAZON-AESUS	false
104.16.19.94	unknown	United States	13335	CLOUDFLARENETUS	false
145.239.131.55	unknown	France	16276	OVHFR	false

Contacted Domains

Name	IP	Active
linktr.ee	151.101.130.133	true
ibuykenya.com	50.87.153.159	true
secure-excel-file.glitch.me	52.205.236.122	true
pagead.l.doubleclick.net	172.217.168.2	true
cdnjs.cloudflare.com	104.16.19.94	true
d1fdloi71mui9q.cloudfront.net	143.204.214.108	true
i.ibb.co	145.239.131.55	true
secure.aadcdn.microsoftonline-p.com	unknown	unknown
ka-f.fontawesome.com	unknown	unknown
code.jquery.com	unknown	unknown
kit.fontawesome.com	unknown	unknown
maxcdn.bootstrapcdn.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ibuykenya.com/vendor/doctrine/styles.css	false	Avira URL Cloud: safe	unknown
https://secure-excel-file.glitch.me/	false	100%, UrlScan, Browse	high
https://linktr.ee/excel.O365.securefile	false		high

ID:	323781
Product:	CloudBasic
Start time:	14:38:59
Start date:	27.11.2020
Sample:	Direct Deposit.xlsx
Cookbook:	defaultwindowsofficecookbook.jbs
System description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Architecture:	WINDOWS
MD5:	69e51c55e817ad606af9c380ff76ea90
SHA1:	0385a74d84fbf8964d363fb979ecf6afe14b5eba
SHA256:	c38e8675fe9efcc6c74ac66c182c58d458b091d14ababda785b3144e3fbbfe6f
Filetype:	Excel Microsoft Office Open XML Format document (40004/1) 83.33%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 58936 bytes, 1 file	DB381E85D86EA4484D20078E9EC667A6	4871FDAF0C2EEC8183FC3CE7710B18FD3C647CEA	C3520E3A6EB43F6D416852C454414C5D7823A96FB9070BC30301ADDEBB334D4D
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	6AEB4E76C6F68EFD7A48092E9F0F3492	823A035C0BDCC3DC09C881E788F7FACA53C6B458	FE1B9A0EABF44FDBE4DDE97C3CC1209FAD2FBB2D2D7476FFBF64066BD9919A4F
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	8FD1AA3D3E08F810B87B96EE42390CFC	E07FCA2E3F4B0DA31659BA8EDCC2F044246C49E9	1510721DDB4CEA3B4FADE892CA1F5A5835B71FBC35A127CB4FF369A4E2D280BA
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	71ECC2F250B120F2E591F9516ECF5D5E	5FA05787DD504E6D3BBE6B25949F596C504D7D66	E7453A9448314C03DCB3431DD2A19E49B3F90FE9A6684E8EC9E93E52872F40F1
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	PNG image data, 16 x 16, 4-bit colormap, non-interlaced	9FB559A691078558E77D6848202F6541	EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31	6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7E9128F8-3101-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	5AD6516FF8A5095810C6B125EB4ED533	AA3E036DB54125EC37123ECCD65C19C07DD3AC11	2BF484CC7472693B1634384C6B036C6B33DAF45DB82CEB85DF58610766238C70
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E9128FA-3101-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	CB438622373D31144D1666EF28CBA93E	649578FAAA3A8FC3A937A4D0E37A05BC01DCC845	1B40D3037C4657122705604D0A52B3E910268124B46935C89C37080EE1452062
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94493AEE-3101-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	DDAAB1CD3E4810DAFA6CA5BCD019D225	FB0A316FB7882B28F481EC6A006AFFA4F0A3EFA6	4A14CA138515F76A470ACB7FBAE3C5AC9A0CF2333144B4043A8CBB0930C0BD9C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\lr5drzg\imagestore.dat	data	74C0320B82593DB8ADBCAD8F8604E714	368A1B538D68D527946B5266D871CE5D8FE8B29C	4A632D3FEFD8E0D41DDB1E8BFF2A9C3749D440CFED835A5E9DA0E8B19D83810C
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\0xdj2JeSLyVbtWi1vLfM_v5dUoYjUI35n9j8l[1].jpg	[TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 277x277, frames 3	92D02EB7F5FF234BBC392920BD1D461E	583E1B2FDCD303E720F440401C5A5CC2ABA3880A	2D83244F48AD4EE1CDD191C983C0468E168EE4BF2F6618794B4440120FE9A999
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\37aee9ee.023bc762744cd0548817[1].js	ASCII text, with very long lines, with no line terminators	240379080B94CB962C365F3634D48E4E	887A81FE5C5AED45B9B849AD1E414AB6C5CD9F4F	18C0E02037833073A6C1312310F391C55A47DD81974B36B99406D24555B982CD
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\4674618e.7a549f670d4ea1a99faf[1].js	ASCII text, with very long lines, with no line terminators	2099A0B679B578D738056778DA5C2EA8	8AE37F705D9D752CEB47339AA10ABDAE84D18098	7E7F002B8581918FFDEA2637DE6C963C9B7B0DDB0ACAD2816ACBFE073E798658
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\75e92289.e259db20f580424981e7[1].js	ASCII text, with very long lines, with no line terminators	C5A27CC16F8AC36E78926FF633DB9E22	E52A5D8A3ABFEE447CB04D8625F8D0A51A6DFFFA	CFB058EDF8CC6FEDC301AEB3D78B1562B82E48F93CFB734999173C4E5AB7D092
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\89963fc67fc7243243e5d1e66f0a4763d3fc8a2b.db7b909395c9b5951944[1].js	ASCII text, with very long lines, with no line terminators	5A648B52451DAE83212DD49C5F61E717	83F46576F25BDA0FF2A0CD656ABF403BA2AB200A	92B8367793DCF89E95E5AD6B1A9C6CA02D18772966D39C90BA5BF4D7278661D3
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\[profile][1].js	ASCII text, with very long lines, with no line terminators	A6BE4B9281D74675B3DA1027F8749D31	71EDA9C31E7308EB544ADAFCE0185D8CBD899D0B	FBA14C65B1FBDBA974804F2AB94C932EEB7D17BE0B7DCAECD0D13A4D84064C2E
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\css2[1].css	ASCII text	E24D6CEBCF543FA75829419AB80905DA	DC20C556ABA7A4507D8F4191F873789F622A6B02	B49FA2E8F3A97F3B225021A86390A6CF496FBF66F4F5C99716A4012B92ECE554
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\css2[2].css	ASCII text	03810A5E417F8FAFD70FCE73E48C4963	5FFCCD05B32423DFC86B0CF0DEB38E50E49AE63F	3A900EF89DA11A351BF7A86E4AC18498E4E6A21ABCCFDDBF754D4AC7307E0777
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\ddbbc6a8.91a110ad55746e11f584[1].js	ASCII text, with very long lines, with no line terminators	0734B12C251D97FC899A1B266CA67248	1C2D29E99B6F92491FD84D3DAA7D27C945C0EB40	83A45B2B7BA76F57197BCE735D7ADFC9401F4ECED2ED09A52B029FC8BD3B1492
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\f5f15f9f.38f5b5554764d92b9414[1].js	ASCII text, with very long lines, with no line terminators	901082983D13EDEA43F11265B9E7894C	43FCEE18646A717458647C81A80E44134420CC2A	FD2C873DE0A6D49B7A5C665E010BCEBE8EB1522F93261ABCCEAD9D0A8C2B9C55
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\webpack-6ef28db84b4c42ad34e9[1].js	ASCII text, with very long lines, with no line terminators	40B4095B5B68A142C856F388CCB756F2	31905340609587E1A7C5D4A92D08A2FA3B404DB1	E2FBB88B4D15A9F7702CA58EBBE8D1D927FFD2667E585E70A5F3D51ACB1A37D2
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\89963fc67fc7243243e5d1e66f0a4763d3fc8a2b_CSS.244c3afbbfc751a1196f[1].js	ASCII text, with no line terminators	8D9097E43D3FDAF69A58B2D76CFC0C2D	5E7B1737270738819AC2BD6DE475BB399D3BD5AB	846BD2506FF67E6FB04C1B886FA912D325ECC49F6A5045E71E2BEC59BC843341
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\bg5[1].png	PNG image data, 640 x 292, 8-bit/color RGBA, non-interlaced	659C89101732808B20AA6659EA06C8C3	02120E8E7A244827B88D62A1EAD4DBC7478112DB	A6ACEAC754D8D55CA2A795FBD633702C754C5A982B86511B89365781D327CD53
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\bootstrap.min[1].css	ASCII text, with very long lines	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\bootstrap.min[1].js	ASCII text, with very long lines	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\commons.a2d313fdf1fe3659cd29[1].js	ASCII text, with very long lines, with no line terminators	34568A086ED9106BF0B061B1C85B2AE6	C73EE4952113A5A4F957CB3E748B52EBC2E8689A	A7B75F8A7782A7C69F155650C793341028DEA8BA1866F3EBCFA40423E9180342
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\css[1].css	ASCII text	72C5D331F2135E52DA2A95F7854049A3	572F349BB65758D377CCBAE434350507341ACD7B	C3A12D7E8F6B2B1F5E4CD0C9938DFC79532AEF90802B424EE910093F156586DA
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\excel.O365[1].htm	HTML document, ASCII text, with very long lines	124C7BDFAAA72AE6E2FFFB3FC1DAD252	BA4817FC0E116EFE04DE2C4ABE02C18BF84EE612	08A74FB872037B7A628C95BD834E4A94AF0DD55293D48A2E7234F6A1E1F6B288
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\f[1].txt	ASCII text, with very long lines	5D2FEECA4ABE16EC87F73BB1E452D943	35AD3FD46E181554318E6710149C262A78A56523	30B509528A09195B7A7080345419048FD35269803CDFEAB438A98C2176A1D9D0
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\favicon[1].png	PNG image data, 16 x 16, 8-bit colormap, non-interlaced	59796246A9967270CEF0A843017EFA42	5E5668C3D666EF12B1447CCF8682190C5428FAE4	13CED3A578043F8F4524CBDA17956773FFF71C7E4D7BDF932826D9F4235978E3
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\framework.8293b41d86da2f0201a3[1].js	ASCII text, with very long lines, with no line terminators	B0A60D1A87C4C3F6089DE9984AC5B669	BD62DBBCE1B1B82500709E0C328014CC981F1E1B	9FBAFE17CCF61EA39A66FFC6C9C4D1189B6BF3231DAFBDE36505105FBD38332F
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\free-v4-shims.min[1].css	ASCII text, with very long lines	2E4C3DA4EAE1C876A281D6CA5A7A5B4C	92AD084AAB53B7AA8C761CD66BDFB1F79B9CAED7	CFFF9EA502195A7B96FE38DECA9188A59B758DEEECC2CD4E78AEA7D911E638C6
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\free.min[1].css	ASCII text, with very long lines	319D424BA89A84BBD230A3B5F7024193	1AE1807CDED8F2E41D2541BCCA8E0D7077FBA6F4	4F02BD6F018D6F08C37C39F2D114101BEAC342C2C065046635E5ED0C42853590
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\styles[1].css	HTML document, ASCII text, with very long lines	CB55EA8477F9AC04643AE3DC6EADEBC2	20E0E4C796C7D83D7AAAD7B5268E185B0A917BB3	9BAF800E00217EAB0294179FAFC781BB9921F536EA0BB02776A0D7FC94777638
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\urlblockindex[1].bin	data	FA518E3DFAE8CA3A0E495460FD60C791	E4F30E49120657D37267C0162FD4A08934800C69	775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\_app[1].js	ASCII text, with very long lines, with no line terminators	90FDA791187A44E22532E49C72081D08	9EA6C51133851554E4BBF237AAE10A51DD80A95B	B80F436A4584458650827345D492CE463784F66A46A4D45C63B54A67DDAE64E8
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\_ssgManifest[1].js	ASCII text, with no line terminators	ABEE47769BF307639ACE4945F9CFD4FF	C0A0DC51EE8A2852BAF5FF30C33B1478FF302585	653F3E53E89B4F8548FF86C19E92BB3C6B84B6BE7485A320B1E00893ED877479
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\free-fa-regular-400[1].eot	Embedded OpenType (EOT), Font Awesome 5 Free Regular family	991B587DBEE2E132C9542FB1280F1372	660DA8C03735C9DFFB26205AAD19EA6B1916268A	44F6500D0D5D7F3F8422B9790EAA47DF4E1D812C90239602E53429376B96D1DF
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\free-fa-solid-900[1].eot	Embedded OpenType (EOT), Font Awesome 5 Free Solid family	D3B45D588F61AB38CB31CBA544B4373C	627D2C71A5FFC7E5F17DA0897EE1B73CD30D255F	366C63E48A15576AA55ED76DB0EBCCA8BCE15F6EFC881BD0AC75982FF1233699
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\main-593fd4ec7c5bf6bc85e3[1].js	ASCII text, with very long lines, with no line terminators	E1A119C1D0B2C1C52A051D1D9B9538AA	C604E4E9BEFABD63673A4E0FA107625FF2F510A5	59961D1F7A55335F90A444C2352B1420B79B174E378731EDE62106ADB4F95278
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\polyfills-561c4794932226d48fd0[1].js	ASCII text, with very long lines, with no line terminators	4542C60A1AF5975B9D2F2DDE3AC535D5	AD9DDCD949A768DC7BB9B25B25B7C9A770197374	819D38B3485945EA7F5157AA0EBC3B1F30D06220C997D8A0ACAE2DF7D4F8970B
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqqFw[1].woff	Web Open Font Format, TrueType, length 20744, version 1.1	BB870D6542189AA6358842BDBC4DE4CC	365FD1EF196F3803EBBE223F41DA7E0D7B362552	56EF42A610239AFC4160F96AED5D89E0DFC8FC664043381504CF144FF0FCBBC0
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\qkBIXvYC6trAT55ZBi1ueQVIjQTDH52qFw[1].woff	Web Open Font Format, TrueType, length 20820, version 1.1	9B397519300927156E38C05B1784E50C	59EF4667E65EFE5442E3BD28F62635A6088C517B	D4773E96F2B217D2ACA14A1E2FEBF9870DBFE9AAE4D9CC52E4DD64127BAD0B0B
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\qkBIXvYC6trAT55ZBi1ueQVIjQTDJp2qFw[1].woff	Web Open Font Format, TrueType, length 20864, version 1.1	1AB71C2F1F9B0CFDBF64A270393BA3DF	D343E2B59A134DCEB9917EC3CB8551EA7615F4CA	A47320D8D747DCE698EAFBA2779F6083DD3EA7732E216B55AB69ECC1AD5A3700
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\qkBIXvYC6trAT55ZBi1ueQVIjQTDppqqFw[1].woff	Web Open Font Format, TrueType, length 20824, version 1.1	98B3968B9D045714CFA9AB7A80EE45A5	BE1DA834578FA6D99B71C3A6B3FC655996196E26	828C641A1D8771BB4DD56B570C1C9C0AA83F0ABDAC8BEA3E8C7B97C3A1B676C9
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\wXKoE3YSppcvo1PDln__[1].woff	Web Open Font Format, TrueType, length 44016, version 1.1	426EF8802433882B5234D3422EF1E15C	BA726D7223C9C11F4DBAA63FF0A6AF94220A384A	A01454F736CCF522E0776E0BAD6E95BA7EAFC4DE37AF25C4FDAE44DF26292552
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\07D9KDVU.htm	HTML document, UTF-8 Unicode text, with very long lines	E696E0DD4A2E50B196E82A52E772E57B	DB21A515F95AED45433F4927BD904F798CD9A8B7	63F23375F560C81F6AC9CD6F3E091348498A85FF847F8BC6F03F0EB6F15B205F
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\71eea0b16954fa49b00816d2602a02cddd90f3fe.95252ede6ddf438ef692[1].js	ASCII text, with very long lines, with no line terminators	97E177EB14CAA6814B4BFCB67809C895	7A544BCB395A81D1DD6B0388A1809DA0BD33FCA9	74D37117F86D8C26DF232B8EAB5B0C4B9EF16E4CB7A7B9910AF9FE17B12A17E5
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\89963fc67fc7243243e5d1e66f0a4763d3fc8a2b_CSS.af1f508a.chunk[1].css	ASCII text, with very long lines	DE3CE252FF3186F67ADFE30243CFED98	F9D4BFC9172D41A14076279D2931CA24E6078A55	451B489942EA58E3313B63249DC2BD34AAE2015CEBA0DF9B9A6C29AE33016715
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\YS99cwPS1yJGdXcJU31Y_62xa7aqirVCeh6yn[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x608, frames 3	4F0C070D37DFCA8652A5E78ABBEBC50B	013F47F80F2AE07B5CE71AAA749595DD3267DE24	19937CE1BB80110BFF3B21817076DB673CBB2B7357263F05B03D5DCEC5C7F8B6
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\_buildManifest[1].js	ASCII text, with very long lines, with no line terminators	CD7B46D9C70D36D2ADAC1B587CF6FDBC	995D16AAB76D598122D05F5FD6BB983B817ED429	FD8DA1ED843C0F0D3DDC47749FBE252386F8FD307D08A4136066627E51477068
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bfcd7a435e3e3c741a3c8cae70d839f00beee574.f1828304484b272de08a[1].js	ASCII text, with very long lines, with no line terminators	70FBD1C2089AC29D84CC191A0FE5C2BD	7ED9D06230EF7CD09024DBD0C304EFF4A5578E39	4EDCF81B31C22CB65332D92AEB21B6664BB5FA827A8BF3D5CF80090508F75AA3
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\favicon[1].ico	PNG image data, 16 x 16, 4-bit colormap, non-interlaced	9FB559A691078558E77D6848202F6541	EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31	6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery-3.1.1.min[1].js	ASCII text, with very long lines	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery-3.2.1.slim.min[1].js	ASCII text, with very long lines	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery-3.3.1[1].js	ASCII text	6A07DA9FAE934BAF3F749E876BBFDD96	46A436EBA01C79ACDB225757ED80BF54BAD6416B	D8AA24ECC6CECB1A60515BC093F1C9DA38A0392612D9AB8AE0F7F36E6EEE1FAD
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery.min[1].js	ASCII text, with very long lines	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\popper.min[1].js	ASCII text, with very long lines	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3EA4068F.png	PNG image data, 400 x 277, 8-bit/color RGBA, non-interlaced	CF84DA9359B77D5769A9B427C269929D	DCFB3FB1886DE30125A5DFC11E5A65CE786EDF1F	5697E0FFEA9EF65FDAAFE0FBC36673FF1C06E7DD6BAF28DF5F06BF53E0393EE8
C:\Users\user\AppData\Local\Temp\Cab4633.tmp	Microsoft Cabinet archive data, 58936 bytes, 1 file	E4F1E21910443409E81E5B55DC8DE774	EC0885660BD216D0CDD5E6762B2F595376995BD0	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
C:\Users\user\AppData\Local\Temp\Cab46A2.tmp	Microsoft Cabinet archive data, 58936 bytes, 1 file	E4F1E21910443409E81E5B55DC8DE774	EC0885660BD216D0CDD5E6762B2F595376995BD0	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
C:\Users\user\AppData\Local\Temp\Tar4634.tmp	data	D0682A3C344DFC62FB18D5A539F81F61	09D3E9B899785DA377DF2518C6175D70CCF9DA33	4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A
C:\Users\user\AppData\Local\Temp\Tar46A3.tmp	data	D0682A3C344DFC62FB18D5A539F81F61	09D3E9B899785DA377DF2518C6175D70CCF9DA33	4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A
C:\Users\user\AppData\Local\Temp\~DF07EE94C78C24348B.TMP	data	1C7AB6E8645C1FB34F4C75555EBC3C7E	80D7E65995713E6221BD5277F6CFBDA872FDEF9F	D355B274297736C9B29E2500BDAD8673C76B7E2E9CD077DC6D7C3D871EBCF5CD
C:\Users\user\AppData\Local\Temp\~DF393BF7B86FA4A2BC.TMP	data	B3F13E07A92CABBCB09DCE115AF40042	543D6785E50206236E9E6B1E5ABA82BAFD725D7E	888268E10B1AFC6C0324256323648DCDA3EC947DE17AFF2DE7AA17498CEB6FAE
C:\Users\user\AppData\Local\Temp\~DF991194E5623C2CC5.TMP	data	C161751BC8849F7BC90754848A12A543	7F17220CBDBBA7AB5C92FF7925C6DB2E1C7833B2	DE2A13DF01A67B3E80A6407AA5313989C858B8B9DCBF8A2CCF1C197829C6AA67
C:\Users\user\Desktop\~$Direct Deposit.xlsx	data	797869BB881CFBCDAC2064F92B26E46F	61C1B8FBF505956A77E9A79CE74EF5E281B01F4B	D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185

Analysis Report Direct Deposit.xlsx

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs