Analysis Report https://sites.google.com/view/xfcghv/%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9-%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9

Overview

General Information

Sample URL:	https://sites.google.com/view/xfcghv/%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9-%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9
Analysis ID:	339221
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish_20

Phishing site detected (based on image similarity)

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://sites.google.com/view/xfcghv/%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9-%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish_20

Source: Yara match	File source: 494126.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\??????-????????[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://lh5.googleusercontent.com/omAG2gYfq3pkx-zHvXG8rqmfJC60NjuUaLu1ap51rxW1ypKygNrQEzgUeH0uxHTxh09oH5qO=w16383

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 108.177.126.132:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.126.132:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.126.132:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.126.132:443 -> 192.168.2.3:49735 version: TLS 1.2

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x04d2a95b,0x01d6ea16</date><accdate>0x04d2a95b,0x01d6ea16</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x04d2a95b,0x01d6ea16</date><accdate>0x04d2a95b,0x01d6ea16</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x04d50bb2,0x01d6ea16</date><accdate>0x04d50bb2,0x01d6ea16</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x04d50bb2,0x01d6ea16</date><accdate>0x04d50bb2,0x01d6ea16</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x04d76dfb,0x01d6ea16</date><accdate>0x04d76dfb,0x01d6ea16</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x04d76dfb,0x01d6ea16</date><accdate>0x04d76dfb,0x01d6ea16</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: EHPIBSAR.js.2.dr	String found in binary or memory: _.XY=function(a){_.K(this,a,0,-1,null,null)};_.G(_.XY,_.J);_.YY=function(a){return _.Df(a,1,"https://www.youtube.com")}; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: lh5.googleusercontent.com

Source: cb=gapi[1].js.2.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: http://schema.org/WebPage
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: m=view[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: ??????-????????[1].htm.2.dr, ~DFD7A6DFAF6BAD27C2.TMP.1.dr	String found in binary or memory: https://263052666-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-f
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: ??????-????????[1].htm.2.dr, cb=gapi[1].js1.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: client[1].js.2.dr, cb=gapi[1].js1.2.dr	String found in binary or memory: https://apis.google.com
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: inner-frame-minified[1].htm.2.dr, intermediate-frame-minified[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/api.js?checkCookie=1
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/client.js?onload=gapiLoaded
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://clients5.google.com
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://clients5.google.com/webstore/wall/widget
Source: cb=gapi[1].js1.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: https://clients6.google.com
Source: ~DFD7A6DFAF6BAD27C2.TMP.1.dr	String found in binary or memory: https://code.jquery.com/jquery.min.js
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery.min.js"></script>
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://console.developers.google.com/
Source: cb=gapi[1].js1.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: https://content.googleapis.com
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://docs.google.com
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://docs.google.com/picker
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://domains.google.com
Source: cb=gapi[1].js1.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://drive.google.com
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://drive.google.com/drive/my-drive
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://drive.google.com/viewer
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato%3A300%2C300italic%2C400%2C400italic%2C700%2C700italic&d
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-s.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPHw.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh7USSwiPHw.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI5wq_Gwfr.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI9w2_Gwfr.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wWA.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcecodepro/v13/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevQ.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcecodepro/v13/HI_XiYsKILxRpg3hIP6sJ7fM7Pqths7Ds-cs.woff)
Source: ~DFD7A6DFAF6BAD27C2.TMP.1.dr	String found in binary or memory: https://kelham-businesscentre.com/sm/xxl2.php
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://kelham-businesscentre.com/sm/xxl2.php">
Source: cb=gapi[1].js1.2.dr	String found in binary or memory: https://plus.google.com
Source: cb=gapi[1].js1.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: ~DFD7A6DFAF6BAD27C2.TMP.1.dr	String found in binary or memory: https://sites.google.com/
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://sites.google.com/new/
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://sites.google.com/new/?usp
Source: {2CC6C760-5609-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/xfcghv/%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9-%D8%A7%D9%84%D8%B1%D8%A6%D
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/atari/images/atari-logo.png
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/atari/images/favicon_2.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://ssl.gstatic.com/atari/images/favicon_2.ico~
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://ssl.gstatic.com/atari/images/no_results_error.png
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://support.google.com/a/answer/33864?hl=en-US
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://support.google.com/a/answer/7338880
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://support.google.com/cloudsearch/answer/6172299
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://support.google.com/docs/answer/37603
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2407404?hl=en
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2423485?hl=%s
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://support.google.com/drive/answer/7650301
Source: m=view[1].js.2.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://workspace.google.com
Source: cb=gapi[1].js1.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/cloud_search.query
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: cb=gapi[1].js1.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: cb=gapi[1].js1.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/teams.readonly
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: ??????-????????[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/_/atari/_/ss/k=atari.vw.Lwr-IooTrXE.L.I11.O/d=1/ct=zgms/rs=AGEqA5keFj278I7UZ
Source: ??????-????????[1].htm.2.dr, ~DFD7A6DFAF6BAD27C2.TMP.1.dr	String found in binary or memory: https://www.gstatic.com/atari/embeds/5de913a2354e93acf4d43c4db53928e5/intermediate-frame-minified.ht
Source: EHPIBSAR.js.2.dr	String found in binary or memory: https://www.youtube.com

Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735

Source: unknown	HTTPS traffic detected: 108.177.126.132:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.126.132:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.126.132:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.126.132:443 -> 192.168.2.3:49735 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@3/39@3/1

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF34392B1F52AB3DA5.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2592 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2592 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
108.177.126.132	unknown	United States		15169	GOOGLEUS	false

Contacted Domains

Name	IP	Active
googlehosted.l.googleusercontent.com	108.177.126.132	true
lh5.googleusercontent.com	unknown	unknown
263052666-atari-embeds.googleusercontent.com	unknown	unknown
code.jquery.com	unknown	unknown

ID:	339221
Product:	CloudBasic
Start time:	17:37:27
Start date:	13.01.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\W26YVULP\263052666-atari-embeds.googleusercontent[1].xml	ASCII text, with no line terminators	132294CA22370B52822C17DCB5BE3AF6	DD26B82638AD38AD471F7621A9EB79FED448A71C	451ABBE0AEFC000F49967DABF8D42344D146429F03C8C8D4AE5E33FF9963CF77
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2CC6C75E-5609-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	97C78B29A0E04F78F096780B88BF1442	C693B6F792E9D9B996534C991338C2B7B1302063	B2F85465C83628AA0FA8D1A51267197540ABCC6A3F374ACC9F8EC4CABA4F7989
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2CC6C760-5609-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	46BC81C7F85F0CCD6A3960E1B426E827	CE7578CF5534C8E8FF81BD49ED3F8ACC3A98BA4A	40D8F7AB1A28B8502C7CFED685BB07523AEEAD4DFD4DB1C19E3652C59FC27DEA
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33D77CC1-5609-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	D4DCBA0B854C3F958666CE5994D32B9D	C13A67B4FCFFFAA934A1B38E9E24299DB11D426A	5A24C592348CB4F9BE1147721DC5F85AC60C71E2C4A9C663043982E983B73C73
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	E98B6F211C63EF504B699B0159FC2F13	00C02CE2194B379A39647ED366D7430B1CBF3BA8	4325469226CB9CDBA0932492077EF117FE6AF75FBA0628BCB91D4CADDD863A1A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	12A5F31FE0343040FA5FA63F29EBD31D	6FE9A7D3466C111A4FEF11012AE6575074C94E49	040410ECDE097C93CD6E62F603C2487E52361E7FAB85538DFD018D5273DBB1D8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	CB98313E1C381538F02986A8B4653F63	74EC42EDF4E9E99223776475F5817D4EEE10EFD5	81F594C58B0289FF4736D4F60FCCF4935E88B1BF9C84F24F68A500838F7BB396
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	047CD802BC848DFABFB4C2A199172CF5	850626D6A036099E6570F96A04248690A6A23442	8DF787F08F9442DD5EEB90C75A610BDE7B9B4B6F314F6B1F48819FEF9A0F20BE
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	A369B457F605D020F1572E67F02E5938	D17AE1845BEA4C917F4C7D73DC5B4BEA3FB1C8ED	4DDC1E82BA786E13F8DE23A4A6EB5C4ADE8A139C9E46D931ABC482D4FBC2AF41
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	080894F77A2DA1D9D65998ACDD22BBF3	DD2308EE360080E488D664F64236537E28CF9126	5E07764D268AD4128731DA88D2363A79EF4C589BE0012F68EE05F66B55F07E96
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	F6303D6B5E4FBAAE3403756FBE4A206F	CA48AA76437566A1A088B00AA99152CA62888CF3	3DAA52BCD10F25A954F189B6AAB3ABFC1B5417A465746E29DB89CA87B545960D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	8C452E54B873206ADC283CBA3870858C	2A6050001B9D8CC3C8C2D5E1391B5BFFF136701A	F9BC4CE42D82554A1ADD430CD68F7ECD7380C952D174D15BB42DC7E25610961A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	008207AE51DCD0DF63FB35095F86CD53	E6D51564A5BCFA63473B29BE31828F5184A6377E	67C84999FD81C3394170ECDC01458F155CAAA3CBC35334718CBA5D1536F751D4
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	E232DF047CBCD0D27089F1CC717A972F	4621822A447446C0302292431DE032D923CEDEB5	A4FDF279882A8508200319B0DCB5114CD7E9B37056606DF3ACB69308C15DF821
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff	Web Open Font Format, TrueType, length 20356, version 1.1	ADCDE98F1D584DE52060AD7B16373DA3	0A9B76D81989A7A45336EBD7B48ED25803F344B9	806EA46C426AF8FC24E5CF42A210228739696933D36299EB28AEE64F69FC71F1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 20268, version 1.1	60FA3C0614B8FB2F394FA29944C21540	42C8AE79841C592A26633F10EE9A26C75BCF9273	C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cb=gapi[1].js	ASCII text	23FE2C128B889E133D1949B2A3484C5B	8338D0BC9033FB9B36E8EA2E0A290C9E014E9525	72018CFD44C30A588ECAE74C214001787E08B2B114FAF6DCCBF52A7B43578898
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\inner-frame-minified[1].htm	HTML document, ASCII text, with very long lines	BB6B878935B0C4C96AE6E6DD83930DAD	B726BFF3C3F32A38262EBD3AC4ED82EEA5445316	80E142904C9FEECA9D8C64AF55DABFDA8032B2AC29FC26CA11D59AA1ABDDC6AB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\rs=AGEqA5keFj278I7UZ01QR4UKHsO_o5zzEA[1].css	ASCII text, with very long lines, with no line terminators	7553957FFAE7090CB2C6294C8461B261	D643B65081AC628423A714E3249562BC31EB44C3	7F0B94881F51F07528089A8737E63AB3F128E3912C19872DB98B90F3FDDB1F3D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\EHPIBSAR.js	ASCII text, with very long lines	495B618D32CED0E972701317CCD0D9F7	1C80A1C55F6727AF86CF66862AD16C4C7F43964F	4998C47261B1C926E631901C27B66753BEF999AE2AF209820667ED5CC1105AB5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cb=gapi[1].js	ASCII text, with very long lines	130D7B0198C0E4397C17D9C8B2753F89	D1E53CD4FE66CCE194E30BE7D41AC656CC526CC2	A762AE4F4D0D95769C363081097055F98E008CB0AEC4D40223AD110653E0123E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\client[1].js	ASCII text, with very long lines	BBCA6CE9FD075E1CEFFC0FBE577E6E3E	5AA932DAB5FB4FBE198E0BC586B8A0B41A421C96	09EB156DAC054CB50E17986447280D2117FEA6A8697E587131581F0EE2476E9A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\m=pB6Zqd,syt,IZT63,SF3gsd,vfuNJf,syo,syn,sym,syr,sys,syu,syy,YNjGDd,n73qwf,syx,syz,PrPYRd,xs1Gy,hc6Ubd,o02Jie,SpsfSb,sy15,sy14,syj,sy13,zbML3c[1].js	ASCII text, with very long lines	6E6D50B0F39FAA43F001752CEDF5459A	EE0A9D08B33D62AA42059056F8A38D094999346B	813020461F85B2F489C07B579575B219A33C3B37FCB9E0F7FCCBEA5B69907912
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\unnamed[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, frames 3	BCC8C3ADD31D42B2C4B6D13C0DB8D3A5	022579B72587DDA481F4C3C51E5139D092011966	6BDE963A562FFD594492BDFF280C01E9E6518856AA3A9F14B96FCAD867CE2F0F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff	Web Open Font Format, TrueType, length 20464, version 1.1	87284894879F5B1C229CB49C8FF6DECC	FB1BD3BAF122D5D350EB387F0536C20DA71F09DF	BA98F991D002C6BFAAF7B874652FFDCDE9261A86925DB87DF3ED2861EA080ADF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff	Web Open Font Format, TrueType, length 20348, version 1.1	B00849E00F4C2331CDDD8FFB44A6720B	5B7820FEC8F9810E291E1EB98764979830ED6621	76B05400FFF9DA5B43862E3713099E3913916A629560265ED24B19D031227CBF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\cb=gapi[1].js	ASCII text, with very long lines	E41FC242EF1337574A488143FFDB86FB	FCE52270E2E0785236E47256EB75CF8B964B4A57	9C8218196A8B72663BD53CC1B1E0F31D27EF3FB2AA66993293EAD312A75ED303
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\intermediate-frame-minified[1].htm	HTML document, ASCII text, with very long lines	395EBFE6449B3DDFD31BB24C08B33B2D	927F8CABD22E19D9CFF81854DABF9D8C2CF4CD93	B8436DEDA167997143CF3A97B1FC3077530530F0DF46F28B7DC4DA849B066BE4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery.min[1].js	ASCII text, with very long lines	D4A20D75DB01A33E2D65E303CE5C34F3	B14A228C3632EBFE3D20E5EA830CEEA313523353	4B940065E2A67C37E3BD02B23C651F4744A3C219ABA2D4FB99A631113494D376
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\??????-????????[1].htm	HTML document, UTF-8 Unicode text, with very long lines	8FFFD47D9D64F7184FD9B9271327EC12	3C65506AE61025055C484BFE5494634C161B4E91	1C77F68991A3EBA8434DB950C89CC8F5924E6237578D7B91490F7E6C09686AF9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\api[1].js	ASCII text, with very long lines	D2E15D41B50707F172A289D465A6C717	A1AD6F1BFE4FCF9BD585C71E45FB3C81318DA94F	9B9A769F26929AC9DBE5B7E6DE2015E7959804086C9F993017840C7169CDCC71
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css	ASCII text	6427988FBBD306471F9ADC048D8BB309	4A84AFD7BD33766334AC757E08E15A8ED19DA928	0B5CD225186F00CDAA634377B64D124F7AD0F524B3926927068FC781B67E033C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[2].css	ASCII text	05A339E7D2C78834F80DC1865DF9BD64	0122A9D31CE36E12C0AA48CE313C06299F0FA188	C7303D7EE1480C9B183FFDE55A0AA236D2586AF40775267B7EB6118D67545770
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon_2[1].ico	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	EA69A3F95DD5484853D128186DB7E13D	5FDB5FE05108FD6E5386BBDA06778AF4B446DC6A	8179E80BCFEF62154D1FF7371A1C60BD2C6C1E71C3DA2F4A8B1DB518A1900EC2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\m=sy1a,fgj8Rb,EGNJFf,sy1b,uY3Nvd,syg,syi,HYv29e[1].js	ASCII text, with very long lines	3E0CE2D7193DADADFA0862F855EA8900	2A0AC38CCEE930CAC17CFBB9354818AFF99AD170	D2156269EAC569C028A2F09D1692B00183D6FE1BAEE41B84CD83739621070B62
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\m=view[1].js	ASCII text, with very long lines	7492D2DE499DA01734BADD4A4B133D2C	870CC93BBCB1BA92B0A133E1F2260B8182038AD3	A9315424DA3E3178962FE75BC52AC6382CB79213019AAFE05EA0B848FD7AB4F4
C:\Users\user\AppData\Local\Temp\~DF34392B1F52AB3DA5.TMP	data	D410D90A4F725BA8D65E5B90E3962839	E398DCBAC32590AA3951247C636070569DDCAD8A	9D3F41FDC10D9E0D288313CAB8BE1600615E5918FA36DBAE7081FC98CB77F778
C:\Users\user\AppData\Local\Temp\~DF47EFAA0EAA46CB18.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DFD7A6DFAF6BAD27C2.TMP	data	93B387A2204909D43211047CCEA24CC5	26671279D4BFFF264E820ECC7707414A7B788A9D	F830382282C08A2262538AE61251B9E9D8C7F5B6969F0AB43DB60AABF961E926

Analysis Report https://sites.google.com/view/xfcghv/%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9-%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains