Analysis Report https://lowrybrenda714e.myportfolio.com/

Overview

General Information

Sample URL:	https://lowrybrenda714e.myportfolio.com/
Analysis ID:	344886
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish_10

HTML body contains low number of good links

HTML title does not match URL

Invalid 'forgot password' link found

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://lowrybrenda714e.myportfolio.com/

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://nobledriving.co.uk/securefax/Secure/

UrlScan: Label: phishing brand: microsoft

Perma Link

Phishing:

Yara detected HtmlPhish_10

Source: Yara match	File source: 609290.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Secure[1].htm, type: DROPPED

HTML body contains low number of good links

Source: https://nobledriving.co.uk/securefax/Secure/	HTTP Parser: Number of links: 0
Source: https://nobledriving.co.uk/securefax/Secure/	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://nobledriving.co.uk/securefax/Secure/	HTTP Parser: Title: Sign in to Outlook does not match URL
Source: https://nobledriving.co.uk/securefax/Secure/	HTTP Parser: Title: Sign in to Outlook does not match URL

Invalid 'forgot password' link found

Source: https://nobledriving.co.uk/securefax/Secure/	HTTP Parser: Invalid link: Forgot my password
Source: https://nobledriving.co.uk/securefax/Secure/	HTTP Parser: Invalid link: Forgot my password

Source: https://nobledriving.co.uk/securefax/Secure/	HTTP Parser: No <meta name="author".. found
Source: https://nobledriving.co.uk/securefax/Secure/	HTTP Parser: No <meta name="author".. found

Source: https://nobledriving.co.uk/securefax/Secure/	HTTP Parser: No <meta name="copyright".. found
Source: https://nobledriving.co.uk/securefax/Secure/	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 151.101.0.119:443 -> 192.168.2.3:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.119:443 -> 192.168.2.3:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.5.181:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.5.181:443 -> 192.168.2.3:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.235.215.62:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.235.215.62:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49725 version: TLS 1.2

Networking:

Source: unknown

DNS traffic detected: queries for: lowrybrenda714e.myportfolio.com

Source: font-awesome[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: main[1].js.2.dr	String found in binary or memory: http://jquery.com/
Source: main[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: main[1].js.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: PEOKBA7N.js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017750
Source: PEOKBA7N.js.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735a6b9
Source: main[1].js.2.dr	String found in binary or memory: http://www.appelsiini.net/projects/lazyload
Source: main[1].js.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_96f69d0cefd8a8ba623a182c351ccc64.png
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.s
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.p
Source: imagestore.dat.2.dr, Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~
Source: imagestore.dat.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DFB052A6523F436CBD.TMP.1.dr	String found in binary or memory: https://lowrybrenda714e.myportfolio.com/
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://lowrybrenda714e.myportfolio.com/$Cust
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://lowrybrenda714e.myportfolio.com/$CustRoot
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://lowrybrenda714e.myportfolio.com/$Custo.uk/securefax/Secure/#Root
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://lowrybrenda714e.myportfolio.com/$Custo.uk/securefax/Secure/Root
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://lowrybrenda714e.myportfolio.com/$Customer
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://lowrybrenda714e.myportfolio.com/Root
Source: CBDX8KFB.htm.2.dr	String found in binary or memory: https://lowrybrenda714e.myportfolio.com/home
Source: ~DFB052A6523F436CBD.TMP.1.dr	String found in binary or memory: https://lowrybrenda714e.myportfolio.com/p
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://lowrybrenda714e.myportfolio.com/r
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://nobledriving.c
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://nobledriving.ce.myportfolio.com/r
Source: CBDX8KFB.htm.2.dr	String found in binary or memory: https://nobledriving.co.uk/securefax/Secure
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DFB052A6523F436CBD.TMP.1.dr, Secure[1].htm.2.dr	String found in binary or memory: https://nobledriving.co.uk/securefax/Secure/
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://nobledriving.co.uk/securefax/Secure/#
Source: ~DFB052A6523F436CBD.TMP.1.dr	String found in binary or memory: https://nobledriving.co.uk/securefax/Secure/#.ico
Source: ~DFB052A6523F436CBD.TMP.1.dr	String found in binary or memory: https://nobledriving.co.uk/securefax/Secure/#Visited:
Source: {8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://nobledriving.co.uk/securefax/Secure/$Sign
Source: ~DFB052A6523F436CBD.TMP.1.dr	String found in binary or memory: https://nobledriving.co.uk/securefax/Secure/7
Source: ~DFB052A6523F436CBD.TMP.1.dr	String found in binary or memory: https://nobledriving.co.uk/securefax/Secure/Visited:
Source: PEOKBA7N.js.2.dr	String found in binary or memory: https://p.typekit.net/p.gif
Source: CBDX8KFB.htm.2.dr	String found in binary or memory: https://pro2-bar-s3-cdn-cf2.myportfolio.com/92ba9c29-e151-43bb-9cb5-03e2bee5b76a/d42c286c3ea44af105d
Source: PEOKBA7N.js.2.dr	String found in binary or memory: https://use.typekit.net/af/3e2979/00000000000000007735a6b9/30/
Source: PEOKBA7N.js.2.dr	String found in binary or memory: https://use.typekit.net/af/54d47a/000000000000000000017750/27/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 151.101.0.119:443 -> 192.168.2.3:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.119:443 -> 192.168.2.3:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.5.181:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.5.181:443 -> 192.168.2.3:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.235.215.62:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.235.215.62:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49725 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal64.phis.win@3/33@10/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFBA9B5AC1B8981F21.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3892 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3892 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.235.215.62	unknown	United States	22611	IMH-WESTUS	false
152.199.23.37	unknown	United States	15133	EDGECASTUS	false
151.101.0.119	unknown	United States	54113	FASTLYUS	false
143.204.5.181	unknown	United States	16509	AMAZON-02US	false
104.16.19.94	unknown	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
pro2-bar-s3-cdn-cf2.myportfolio.com	143.204.5.181	true
cs1100.wpc.omegacdn.net	152.199.23.37	true
cdnjs.cloudflare.com	104.16.19.94	true
prod.adobe-prod-view.map.fastly.net	151.101.0.119	true
nobledriving.co.uk	23.235.215.62	true
lowrybrenda714e.myportfolio.com	unknown	unknown
use.typekit.net	unknown	unknown
p.typekit.net	unknown	unknown
code.jquery.com	unknown	unknown
js-agent.newrelic.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
bam-cell.nr-data.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://nobledriving.co.uk/securefax/Secure/	true	100%, UrlScan, Browse	unknown
https://lowrybrenda714e.myportfolio.com/	false		high

ID:	344886
Product:	CloudBasic
Start time:	11:47:10
Start date:	27.01.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8E041430-60D8-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	631D29480A2EC171E00528553996C818	2929FA9CB80B9286E125377004698B3C0FB70E7A	40FC5E910ED3F44E7CB1233661591362D563ED094FC691B891E30E55B44E65EB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E041432-60D8-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	4DA08B4E3257DC3F6653DA8D607DBB0C	9C5AE53BECDE12B8FFF12D48A5D68230E7100A64	42D2C97B4237FD3EE85F651562EE4A751B7BEBD5953F6133FAE53E76DEDD7400
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E041433-60D8-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	8767D84E048FAAE353E8E6B636038D5E	F2CB1057A8DE22DCA5B7D4B2E407D2C59AF31CAD	C66496053A3CB9A8E449CC67E6AE8138ADAD309FA98967F0D6D66DBC2E0CC364
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	C3C046E79AFF9CAC76C5C6AD1E37A781	57ACF932447BC97662BF7A87D8C9741525688F18	1550E4A08EB8F2FD82B4B342019E58D63FE1855F8CCA4A2900045F5B315D75BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2_bc3d32a696895f78c19df6c717586a5d[1].svg	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\53_8b36337037cff88c3df203bb73d58e41[1].png	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced	8B36337037CFF88C3DF203BB73D58E41	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\d[1]	Web Open Font Format, CFF, length 18008, version 0.0	F072C46AC454354FEF9915B3A1DDBB8D	49126892FEAF3A75D962BE43C3AB61382C4E4B0A	F0D84AEF3E8F76C35FD7B689CFD19A1198E25A4F65E2365B7EEFF74831BFE741
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e7fb1b89a0[1].js	ASCII text, with no line terminators	79F2D634CE67570918939DF10A075576	BA47B7DACB11250F9B1B3974B34954B188E3ECAD	D10C94B6CDB747904BAEE9070F003BB45849DA46F8100B1320F286C21CBCAAA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\translations[1].js	ASCII text, with no line terminators	C2571C36C331F0D5BD8C67FF789A6100	F879DE1FDB675BAF27BBBEBA94114CA23BE099DA	6650C64DAB8BFBA200DAAB73D82C0A8A3E5E7021B2E7A008A21489CFD65E7779
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\PEOKBA7N.js	UTF-8 Unicode text, with very long lines	F4BD26CA15C36CBF51350C9EEB3FCDFE	4659CEE856BECFE5AB99913F32613E2A258C97A4	558BB2E6CF04847D13B6F33BE772F266C68C1DC9203621893F5CB57528B211F0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410[1].svg	SVG Scalable Vector Graphics image	A9CC2824EF3517B6C4160DCF8FF7D410	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ellipsis_635a63d500a92a0b8497cdc58d0f66b1[1].svg	SVG Scalable Vector Graphics image	635A63D500A92A0B8497CDC58D0F66B1	A32EBA4B4D139E8DA52C5801A13C1EE222B2B882	61D7CCC5D2C41BF86BE6CEFB0063405067849BA64E9F219F60596EF09A54A942
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c[1].svg	SVG Scalable Vector Graphics image	2B5D393DB04A5E6E1F739CB266E65B4C	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\font-awesome[1].css	troff or preprocessor input, ASCII text, with very long lines	C495654869785BC3DF60216616814AD1	0140952C64E3F2B74EF64E050F2FE86EAB6624C8	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main[1].css	ASCII text, with very long lines	C2CA4403CD337D44981DCC6F4DF8A21A	A72AC2384AF4AD64E7D7D3732EE6C351D3BA4C8D	009A029A1FBE7EC1821F8884761847D0C4857770DC9AEFE51C13FF36C9AC6FD2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\p[1].gif	GIF image data, version 89a, 1 x 1	81144D75B3E69E9AA2FA3E9D83A64D03	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\picker_account_add_56e73414003cdb676008ff7857343074[1].svg	SVG Scalable Vector Graphics image	56E73414003CDB676008FF7857343074	9ED7A58CD0E81E9689AC8C6D548A47D0185E0FDC	749F85621D92A5B31B2A377A8C385A36D48A83327DAD9A8A8DA93CD831B8C9A2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Secure[1].htm	HTML document, ASCII text	906456EFC733F23B6480F07A2470AB27	665365E73633E421B1B652404BE25EDD8B52B0F9	C0BB2227B11586F24D0146F589B942CD226ED843EAFB1634E5CFE0A12469C33F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\d[1]	Web Open Font Format, CFF, length 18408, version 0.0	049375D4B5658F1E309CBDB23B267BB4	69814BB116C89EC2CF059C61A9FFA62CCA0D6F6A	4F60549518CA1750042DF065161EF6ACD6A5FF3609C2FA069E5E1299DCD5B427
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\main[1].js	UTF-8 Unicode text, with very long lines	F90A92BEBB436E19DA2E72400493FDA4	3DABB13E104F7168613DA2A766AF3D12886CDF43	054BBE56161A924C1926D0D13D9F73584B2DE6F3986BA7649F1A8FB4D6580B54
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c[1].svg	SVG Scalable Vector Graphics image	9DE70D1C5191D1852A0D5AAC28B44A6C	F4F64F5CBDBE6D1115C10A7F9CCB8828E6B67CAE	5D3357BD875B7335ACE42E8EE3A64578E4253BED1A4E279109DE403EEDAE3A69
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\picker_more_7568a43cf440757c55d2e7f51557ae1f[1].svg	SVG Scalable Vector Graphics image	7568A43CF440757C55D2E7F51557AE1F	55C22CA98B5CDCED134F6E24205C288845312A2D	B7FCD37EAAFE3F08647ED072D5289EADFFF6C660A26CDEF31532B3FCFB4A0BB2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\CBDX8KFB.htm	HTML document, UTF-8 Unicode text, with very long lines	99811322BB28262BDCB29B76E3914508	D0BC435ABF0F5CC0FEBB4A128A622A79911C82FC	5CC5B38FE07D9262DC05CF002DCE7F0ABCD1D02C395204058C155FBA831A7178
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Secure[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators	3752C84E2D4118729A264E7629A62E88	22C6C7C155B63E6F566BF554406A5F0780C3F800	94860511EBE34294BA25E9D70248BA9855B1743CF7CB88796605494C130582D5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\d42c286c3ea44af105d458437c0a646f1611744117[1].css	ASCII text	39A756BA9E9DB3CE9BCE8BFCA80A133E	A65A34378DEB21BA3ABAAA620A9B659B7F6F34A7	FD62831268BD7554FA54978B7B023FCC3B70C97BE63D3DBE52062935D9ADB484
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\e7fb1b89a0[1].gif	GIF image data, version 89a, 1 x 1	BC32ED98D624ACB4008F986349A20D26	2D3DF8C11D2168CE2C27E0937421D11D85016361	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery-3.1.1.min[1].js	ASCII text, with very long lines	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\nr-1194.min[1].js	ASCII text, with very long lines, with no line terminators	4F5C23CBA20072EDE6A543EFB2F986C3	B1BD2B130983492A7FB0841360582777C34DBBEB	04446C6509E4513C239C7803CF8A8C3727E8CEF843C8537E48D5E05E1FA723CD
C:\Users\user\AppData\Local\Temp\~DF69821264FC6EDB01.TMP	data	7EDBD46B5124C2F0D858CBDEA3EFFB6B	5189311B91914FDF6726262FD909BC125BA7908D	EDADD0CE65F596B726F03F687F542AA468A90AD67EBDB1F272D0F6043C687CB6
C:\Users\user\AppData\Local\Temp\~DFB052A6523F436CBD.TMP	data	A217F577E0FEB7AED3D90EBE371381D9	107A31111C5D3D6B078BB2A16EF8AB27087F4259	61F0FABE4E6D789AF830A1BDE3F052A89634CFAEE9BD5DCAC18C476619DEC9BD
C:\Users\user\AppData\Local\Temp\~DFBA9B5AC1B8981F21.TMP	data	BB244B240AA62E57F1530EF645776B5D	148476B7B48C69B2B189CD5FBEB9D90EAB5D2495	F1A48F3467D4F18BE023199FBE1894FCD8BBFF513342CC916D3CEF9445D57FAD

Analysis Report https://lowrybrenda714e.myportfolio.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs