Analysis Report http://tomaa4e0.myportfolio.com

Overview

General Information

Sample URL:	http://tomaa4e0.myportfolio.com
Analysis ID:	363859
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish_10

HTML body contains low number of good links

HTML title does not match URL

Invalid 'forgot password' link found

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: http://tomaa4e0.myportfolio.com

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://tomaa4e0.myportfolio.com/

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish_10

Source: Yara match	File source: 830021.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Secure[1].htm, type: DROPPED

HTML body contains low number of good links

Source: https://updatebiteedz.com/adminfax/Secure/	HTTP Parser: Number of links: 0
Source: https://updatebiteedz.com/adminfax/Secure/	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://updatebiteedz.com/adminfax/Secure/	HTTP Parser: Title: Sign in to Outlook does not match URL
Source: https://updatebiteedz.com/adminfax/Secure/	HTTP Parser: Title: Sign in to Outlook does not match URL

Invalid 'forgot password' link found

Source: https://updatebiteedz.com/adminfax/Secure/	HTTP Parser: Invalid link: Forgot my password
Source: https://updatebiteedz.com/adminfax/Secure/	HTTP Parser: Invalid link: Forgot my password

Source: https://updatebiteedz.com/adminfax/Secure/	HTTP Parser: No <meta name="author".. found
Source: https://updatebiteedz.com/adminfax/Secure/	HTTP Parser: No <meta name="author".. found

Source: https://updatebiteedz.com/adminfax/Secure/	HTTP Parser: No <meta name="copyright".. found
Source: https://updatebiteedz.com/adminfax/Secure/	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 151.101.0.119:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.5.181:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.5.181:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.228.36:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.228.36:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49754 version: TLS 1.2

Networking:

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: tomaa4e0.myportfolio.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: tomaa4e0.myportfolio.com

Source: font-awesome[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: main[1].js.2.dr	String found in binary or memory: http://jquery.com/
Source: main[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: main[1].js.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: ECRZHXH2.js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017750
Source: ECRZHXH2.js.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735a6b9
Source: main[1].js.2.dr	String found in binary or memory: http://www.appelsiini.net/projects/lazyload
Source: main[1].js.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_96f69d0cefd8a8ba623a182c351ccc64.png
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.s
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.p
Source: imagestore.dat.2.dr, Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~
Source: imagestore.dat.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Source: Secure[1].htm0.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: ECRZHXH2.js.2.dr	String found in binary or memory: https://p.typekit.net/p.gif
Source: FSSDC7SF.htm.2.dr	String found in binary or memory: https://pro2-bar-s3-cdn-cf.myportfolio.com/0704c1f1-675d-4d26-8e59-22f2d4654d17/135fe84b1f66c7a8c723
Source: ~DF0E4FEC0015BC82D4.TMP.1.dr	String found in binary or memory: https://tomaa4e0.myportfolio.com/
Source: {AC1EB64A-7DB5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://tomaa4e0.myportfolio.com/Root
Source: ~DF0E4FEC0015BC82D4.TMP.1.dr	String found in binary or memory: https://tomaa4e0.myportfolio.com/d
Source: FSSDC7SF.htm.2.dr	String found in binary or memory: https://tomaa4e0.myportfolio.com/home
Source: FSSDC7SF.htm.2.dr	String found in binary or memory: https://updatebiteedz.com/adminfax/Secure
Source: ~DF0E4FEC0015BC82D4.TMP.1.dr, Secure[1].htm.2.dr	String found in binary or memory: https://updatebiteedz.com/adminfax/Secure/
Source: ~DF0E4FEC0015BC82D4.TMP.1.dr	String found in binary or memory: https://updatebiteedz.com/adminfax/Secure/#
Source: ~DF0E4FEC0015BC82D4.TMP.1.dr	String found in binary or memory: https://updatebiteedz.com/adminfax/Secure/$Sign
Source: ~DF0E4FEC0015BC82D4.TMP.1.dr	String found in binary or memory: https://updatebiteedz.com/adminfax/Secure/v
Source: {AC1EB64A-7DB5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://updatebiteedz.tfolio.com/d
Source: ECRZHXH2.js.2.dr	String found in binary or memory: https://use.typekit.net/af/3e2979/00000000000000007735a6b9/30/
Source: ECRZHXH2.js.2.dr	String found in binary or memory: https://use.typekit.net/af/54d47a/000000000000000000017750/27/

Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 151.101.0.119:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.5.181:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.5.181:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.228.36:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.228.36:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49754 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal64.phis.win@3/33@10/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AC1EB648-7DB5-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF36F1538B1983E920.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6660 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6660 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
69.49.228.36	updatebiteedz.com	United States	46606	UNIFIEDLAYER-AS-1US	false
152.199.23.37	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
151.101.0.119	prod.adobe-prod-view.map.fastly.net	United States	54113	FASTLYUS	false
143.204.5.181	d2stful5zc9u0u.cloudfront.net	United States	16509	AMAZON-02US	false
104.16.19.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
cs1100.wpc.omegacdn.net	152.199.23.37	true
cdnjs.cloudflare.com	104.16.19.94	true
prod.adobe-prod-view.map.fastly.net	151.101.0.119	true
updatebiteedz.com	69.49.228.36	true
d2stful5zc9u0u.cloudfront.net	143.204.5.181	true
use.typekit.net	unknown	unknown
p.typekit.net	unknown	unknown
code.jquery.com	unknown	unknown
pro2-bar-s3-cdn-cf.myportfolio.com	unknown	unknown
js-agent.newrelic.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
tomaa4e0.myportfolio.com	unknown	unknown
bam-cell.nr-data.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://tomaa4e0.myportfolio.com/	false	SlashNext: Fake Login Page type: Phishing & Social Engineering	high
https://updatebiteedz.com/adminfax/Secure/	true		unknown
http://tomaa4e0.myportfolio.com/	false		high

ID:	363859
Product:	CloudBasic
Start time:	14:20:30
Start date:	05.03.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AC1EB648-7DB5-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	D04ED5431F5DEFC828B10C8026D244BD	67B5651C46CDD3F863D8B118ACF9A27A107731EA	043338E3230854FB8BB522AB3E9CA0155447BA57C8A46A290A881769AE1CBAA1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC1EB64A-7DB5-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	E6A5040766EF4AB9CE9A8DC44F7BF54F	47AEB266E033A2B23AC4320C8604542E7E98C0DF	911DD87A3CFD20987A55A0A560BF20B318631E4FD87D35B846FA5DA4A5938951
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC1EB64B-7DB5-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	43DB7243C8918C2ACA65BF62BB7CB517	57609A800A33B07BD63B15D9649E860AB82F726C	812B9AF71DB6F8022DF403C5F7E32297CEB2B47CD6C58B3FD0B24DDE25EF9484
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	A4482E0930F934CC59BA08336165A689	B315EF4A49F2DFA8348D853983FBFAFBB872DB9C	B024F4C8B78C4FC44C3320B91A11CB0CEA87B54B3265449BE62EA2190628DE5E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\FSSDC7SF.htm	HTML document, ASCII text, with very long lines	21A0A7EA4574F91C56A0B2D4BAA3E627	EF3D9089B86543A133FE809580ED06D19E24A34A	C96990CA476A99EAEFF482A7326F9ABE0F57CC0981AD664ABF7E91953CF1085E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Secure[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators	3752C84E2D4118729A264E7629A62E88	22C6C7C155B63E6F566BF554406A5F0780C3F800	94860511EBE34294BA25E9D70248BA9855B1743CF7CB88796605494C130582D5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\d[1]	Web Open Font Format, CFF, length 18008, version 0.0	F072C46AC454354FEF9915B3A1DDBB8D	49126892FEAF3A75D962BE43C3AB61382C4E4B0A	F0D84AEF3E8F76C35FD7B689CFD19A1198E25A4F65E2365B7EEFF74831BFE741
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\d[2]	Web Open Font Format, CFF, length 18408, version 0.0	049375D4B5658F1E309CBDB23B267BB4	69814BB116C89EC2CF059C61A9FFA62CCA0D6F6A	4F60549518CA1750042DF065161EF6ACD6A5FF3609C2FA069E5E1299DCD5B427
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\e7fb1b89a0[1].gif	GIF image data, version 89a, 1 x 1	BC32ED98D624ACB4008F986349A20D26	2D3DF8C11D2168CE2C27E0937421D11D85016361	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2_bc3d32a696895f78c19df6c717586a5d[1].svg	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\53_8b36337037cff88c3df203bb73d58e41[1].png	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced	8B36337037CFF88C3DF203BB73D58E41	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\e7fb1b89a0[1].js	ASCII text, with no line terminators	79F2D634CE67570918939DF10A075576	BA47B7DACB11250F9B1B3974B34954B188E3ECAD	D10C94B6CDB747904BAEE9070F003BB45849DA46F8100B1320F286C21CBCAAA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\main[1].js	UTF-8 Unicode text, with very long lines	98D2064F3DF6B3A9E593BAEE2DA6AF4F	1E3CC8DD2D435EB326C063013BE090E75486234F	80E67A4CFDEFC1855E1FA3E1D5E4659CA2BB1EC39719C49DDB81E7FFE8AB48AF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\translations[1].js	ASCII text, with no line terminators	C2571C36C331F0D5BD8C67FF789A6100	F879DE1FDB675BAF27BBBEBA94114CA23BE099DA	6650C64DAB8BFBA200DAAB73D82C0A8A3E5E7021B2E7A008A21489CFD65E7779
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\135fe84b1f66c7a8c7233d67216cafd91614904719[1].css	ASCII text	2A9E4B0E471C49F1B1ADE6BDFF35235B	0D7390606F4C74CBD85D6949F5D81ED9562C200A	6D81AE5BDA6B26891A9BB6B56B5EA987196B795CEB987B1CBAA134F0F60743FD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ECRZHXH2.js	UTF-8 Unicode text, with very long lines	F4BD26CA15C36CBF51350C9EEB3FCDFE	4659CEE856BECFE5AB99913F32613E2A258C97A4	558BB2E6CF04847D13B6F33BE772F266C68C1DC9203621893F5CB57528B211F0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Secure[1].htm	HTML document, ASCII text	4D95ED18B78777D2D4F9684283FB9C17	3A6570D3632829238BA292C179F88DAE11BA1DB1	0544777BF0626458891359161FF71B0F21A6017C02D1DCDDB07C391498C7C06C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410[1].svg	SVG Scalable Vector Graphics image	A9CC2824EF3517B6C4160DCF8FF7D410	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ellipsis_635a63d500a92a0b8497cdc58d0f66b1[1].svg	SVG Scalable Vector Graphics image	635A63D500A92A0B8497CDC58D0F66B1	A32EBA4B4D139E8DA52C5801A13C1EE222B2B882	61D7CCC5D2C41BF86BE6CEFB0063405067849BA64E9F219F60596EF09A54A942
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c[1].svg	SVG Scalable Vector Graphics image	2B5D393DB04A5E6E1F739CB266E65B4C	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c[1].svg	SVG Scalable Vector Graphics image	9DE70D1C5191D1852A0D5AAC28B44A6C	F4F64F5CBDBE6D1115C10A7F9CCB8828E6B67CAE	5D3357BD875B7335ACE42E8EE3A64578E4253BED1A4E279109DE403EEDAE3A69
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\picker_more_7568a43cf440757c55d2e7f51557ae1f[1].svg	SVG Scalable Vector Graphics image	7568A43CF440757C55D2E7F51557AE1F	55C22CA98B5CDCED134F6E24205C288845312A2D	B7FCD37EAAFE3F08647ED072D5289EADFFF6C660A26CDEF31532B3FCFB4A0BB2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\font-awesome[1].css	troff or preprocessor input, ASCII text, with very long lines	C495654869785BC3DF60216616814AD1	0140952C64E3F2B74EF64E050F2FE86EAB6624C8	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery-3.1.1.min[1].js	ASCII text, with very long lines	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\main[1].css	ASCII text, with very long lines	C2CA4403CD337D44981DCC6F4DF8A21A	A72AC2384AF4AD64E7D7D3732EE6C351D3BA4C8D	009A029A1FBE7EC1821F8884761847D0C4857770DC9AEFE51C13FF36C9AC6FD2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\nr-1198.min[1].js	ASCII text, with very long lines, with no line terminators	59C98195BA35E0B45CBE2E5BEEBD1AC8	BB1DD82667456B0B608750BBF8D2871A018535B0	39893061747F88B837A34D0395D05FCA83E7CD5BBF2D582D181A73C5C9A174C6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\p[1].gif	GIF image data, version 89a, 1 x 1	81144D75B3E69E9AA2FA3E9D83A64D03	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\picker_account_add_56e73414003cdb676008ff7857343074[1].svg	SVG Scalable Vector Graphics image	56E73414003CDB676008FF7857343074	9ED7A58CD0E81E9689AC8C6D548A47D0185E0FDC	749F85621D92A5B31B2A377A8C385A36D48A83327DAD9A8A8DA93CD831B8C9A2
C:\Users\user\AppData\Local\Temp\~DF0E4FEC0015BC82D4.TMP	data	F20D2F413C112FDCF2D3527F89BCEE47	94182900FF1205CBCDFCC3EA40A5D3D5BE790281	45E90F4C92813B0977D60BCC1588BD3A872719E4312999171E1A8310292AFB5A
C:\Users\user\AppData\Local\Temp\~DF36F1538B1983E920.TMP	data	84C8D32EC1B6C3113AE364B457E232EA	D4A220854E1DC5DB54D48FAC9642CA76E677ED98	DB3EB173247FD37DA01A0B5FCC9E37CB69319C481821C05E446A8AE29A8FA605
C:\Users\user\AppData\Local\Temp\~DF57C036019050A29E.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA

Analysis Report http://tomaa4e0.myportfolio.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs