Analysis Report https://plateflippers.com/OH2/GG8/

Overview

General Information

Sample URL:	https://plateflippers.com/OH2/GG8/
Analysis ID:	363940
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Phishing site detected (based on shot template match)

Yara detected HtmlPhish_7

Yara detected obfuscated html page

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Invalid T&C link found

Yara detected Encrypted html page by third party sevices

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://plateflippers.com/OH2/GG8/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://plateflippers.com/OH2/GG8/	SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://plateflippers.com/OH2/GG8/Outlook.php	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://plateflippers.com/OH2/GG8/Othermail.php	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://plateflippers.com/OH2/GG8/Office365.php	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://plateflippers.com/OH2/GG8/Root	Avira URL Cloud: Label: phishing
Source: https://plateflippers.com/OH2/GG8/f	Avira URL Cloud: Label: phishing
Source: https://plateflippers.com/OH2/GG8/Outlook.phpp2/GG8/Office365.php	Avira URL Cloud: Label: phishing
Source: https://plateflippers.com/OH2/GG8/Outlook.phpBSign	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for submitted file

Source: https://plateflippers.com/OH2/GG8/

Virustotal: Detection: 10%

Perma Link

Phishing:

Phishing site detected (based on shot template match)

Source: https://plateflippers.com/OH2/GG8/

Matcher: Template: microsoft matched

Yara detected HtmlPhish_7

Source: Yara match

File source: 849224.pages.csv, type: HTML

Yara detected obfuscated html page

Source: Yara match

File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\GG8[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://plateflippers.com/OH2/GG8/images/Onedrive-logo.png

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Phishing site detected (based on logo template match)

Source: https://plateflippers.com/OH2/GG8/Outlook.php	Matcher: Template: microsoft matched
Source: https://plateflippers.com/OH2/GG8/Office365.php	Matcher: Template: office matched

HTML body contains low number of good links

Source: https://plateflippers.com/OH2/GG8/Outlook.php	HTTP Parser: Number of links: 0
Source: https://plateflippers.com/OH2/GG8/Othermail.php	HTTP Parser: Number of links: 0
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: Number of links: 1
Source: https://plateflippers.com/OH2/GG8/Outlook.php	HTTP Parser: Number of links: 0
Source: https://plateflippers.com/OH2/GG8/Othermail.php	HTTP Parser: Number of links: 0
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: Number of links: 1

HTML title does not match URL

Source: https://plateflippers.com/OH2/GG8/Outlook.php	HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://plateflippers.com/OH2/GG8/Othermail.php	HTTP Parser: Title: One Drive does not match URL
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: Title: One Drive does not match URL
Source: https://plateflippers.com/OH2/GG8/Outlook.php	HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://plateflippers.com/OH2/GG8/Othermail.php	HTTP Parser: Title: One Drive does not match URL
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: Title: One Drive does not match URL

Invalid T&C link found

Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: Invalid link: Terms
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: Invalid link: Privacy & Cookies
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: Invalid link: Terms
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: Invalid link: Privacy & Cookies

Yara detected Encrypted html page by third party sevices

Source: Yara match

File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\GG8[1].htm, type: DROPPED

Source: https://plateflippers.com/OH2/GG8/Outlook.php	HTTP Parser: No <meta name="author".. found
Source: https://plateflippers.com/OH2/GG8/Othermail.php	HTTP Parser: No <meta name="author".. found
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: No <meta name="author".. found
Source: https://plateflippers.com/OH2/GG8/Outlook.php	HTTP Parser: No <meta name="author".. found
Source: https://plateflippers.com/OH2/GG8/Othermail.php	HTTP Parser: No <meta name="author".. found
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: No <meta name="author".. found

Source: https://plateflippers.com/OH2/GG8/Outlook.php	HTTP Parser: No <meta name="copyright".. found
Source: https://plateflippers.com/OH2/GG8/Othermail.php	HTTP Parser: No <meta name="copyright".. found
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: No <meta name="copyright".. found
Source: https://plateflippers.com/OH2/GG8/Outlook.php	HTTP Parser: No <meta name="copyright".. found
Source: https://plateflippers.com/OH2/GG8/Othermail.php	HTTP Parser: No <meta name="copyright".. found
Source: https://plateflippers.com/OH2/GG8/Office365.php	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 162.241.127.18:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.127.18:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.127.18:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.4:49779 version: TLS 1.2

Networking:

Source: unknown

DNS traffic detected: queries for: plateflippers.com

Source: fontawesome-webfont[1].eot.2.dr, font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: Othermail[1].htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js
Source: Othermail[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.slim.min.js
Source: style[1].css.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN8rsOUuhv.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Zdcs.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKW-U9hrIqU.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWiUNhrIqU.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWyV9hrIqU.woff)
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKXGUdhrIqU.woff)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr, bootstrap.min[1].css0.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].js0.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: Othermail[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/bootstrap.min.css
Source: Othermail[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js
Source: Othermail[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Source: ~DF8ADC395168C1F92B.TMP.1.dr	String found in binary or memory: https://plateflippers.com/OH2/GG8/
Source: ~DF8ADC395168C1F92B.TMP.1.dr	String found in binary or memory: https://plateflippers.com/OH2/GG8/Office365.php
Source: ~DF8ADC395168C1F92B.TMP.1.dr	String found in binary or memory: https://plateflippers.com/OH2/GG8/Othermail.php
Source: ~DF8ADC395168C1F92B.TMP.1.dr	String found in binary or memory: https://plateflippers.com/OH2/GG8/Outlook.php
Source: ~DF8ADC395168C1F92B.TMP.1.dr	String found in binary or memory: https://plateflippers.com/OH2/GG8/Outlook.phpBSign
Source: ~DF8ADC395168C1F92B.TMP.1.dr	String found in binary or memory: https://plateflippers.com/OH2/GG8/Outlook.phpp2/GG8/Office365.php
Source: {B49B7545-7DC0-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://plateflippers.com/OH2/GG8/Root
Source: ~DF8ADC395168C1F92B.TMP.1.dr, {B49B7545-7DC0-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://plateflippers.com/OH2/GG8/f
Source: Outlook[1].htm.2.dr	String found in binary or memory: https://signup.live.com

Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 162.241.127.18:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.127.18:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.127.18:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.4:49779 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal96.phis.win@3/42@5/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B49B7543-7DC0-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFE69385337526499A.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6904 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6904 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
104.16.19.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
162.241.127.18	plateflippers.com	United States	46606	UNIFIEDLAYER-AS-1US	false

Contacted Domains

Name	IP	Active
plateflippers.com	162.241.127.18	true
cdnjs.cloudflare.com	104.16.19.94	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
code.jquery.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://plateflippers.com/OH2/GG8/Office365.php	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://plateflippers.com/OH2/GG8/Outlook.php	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://plateflippers.com/OH2/GG8/	true		unknown
https://plateflippers.com/OH2/GG8/Othermail.php	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

ID:	363940
Product:	CloudBasic
Start time:	15:39:34
Start date:	05.03.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B49B7543-7DC0-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	961FA85B2766C8D3240EEC0774146A78	97561BA0DEFE39C86AC80C119024C61E9E5CB6BC	766E5FC530E835D548B2CA6F24E6DE444F0240D7A5B935102415662C671900A6
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B49B7545-7DC0-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	7C1C44CB430BD1C5B50D8A2EF81D04CA	685AA0E491E423B7C3CB54A5C6C56B889D454B18	E4F2A29DC03135ED684BB2D5AC90C5576E3B28AB038176EC58DE629150D45324
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BAAB9089-7DC0-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	2A3546169B47B2DD6DED7B81CC05A2CC	A5BC81A0AA4809D529C9151840BBAF84C9263488	CF545D57DDEE32834C667A218639F5B10AA1DA77586AA4FA133C11E769DD6318
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\GG8[1].htm	HTML document, ASCII text, with very long lines, with CRLF line terminators	3BB47566F1DB61E9D7C05BA9713CB6AB	098C1CE436BD93F74F4C300C0B793330B587110D	5A9D4B74A3AC81087E1ED71BF83BE9ECE6CE033C96FEC633C0FDE8ABDAFDAB09
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Othermail[1].htm	HTML document, ASCII text	399FBBA751DA034337A211A936B22B22	C1D80614AEAE0E47083897421190828B3E9043F6	C7A2BC42652E4C60BFD5F2E4D3A3D8111F1602B3C0C4E04E010D6E32B869645D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bootstrap.min[1].css	ASCII text, with very long lines	7E923AD223E9F33E54D22E50CF2BCCE5	8B7CB193D70BB476DB06651C878DFCD1A7E1C0EE	AEBF611C1438DC7EC748E9A6364C734066B34BF2A1C7E2FC6511ED784635B50E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bootstrap.min[1].js	ASCII text, with very long lines	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\css[1].css	ASCII text	7AD11B51C8A9918ADE502DA9DE063EFF	ABF598711588628073EE60E294F288AB76EA187A	5A270BD50EF12A93ABAE711C806D6C59D58B0E0D2A9B3463A8268DC3D2EA6857
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\font-awesome.min[1].css	ASCII text, with very long lines	269550530CC127B6AA5A35925A7DE6CE	512C7D79033E3028A9BE61B540CF1A6870C896F8	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fontawesome-webfont[1].eot	Embedded OpenType (EOT), FontAwesome family	674F50D287A8C48DC19BA404D20FE713	D980C2CE873DC43AF460D4D572D441304499F400	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\mail[1].png	PNG image data, 100 x 87, 8-bit colormap, non-interlaced	D9F81CF593394338BD133AA77B0ECBAF	24AB26A812E74CBB08BB17E495F8852A3DF5A038	2EBC65A696544B8D69ADE5F136250A9548D4BADF1B9AD459E63FF68E7A985C69
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\mem5YaGs126MiZpBA-UN_r8OUuhv[1].woff	Web Open Font Format, TrueType, length 18668, version 1.1	A7622F60C56DDD5301549A786B54E6E6	D55574524345932DB3968C675E1AEA08C68A456F	6E8A28A0638C920E5B76177E5F03BA94FCDEDD3E3ECD347C333D82876B51C9C0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\memnYaGs126MiZpBA-UFUKW-U9hrIqU[1].woff	Web Open Font Format, TrueType, length 17788, version 1.1	92DA6F116D973BD334CF9B3AFDB29C4F	C7E59C92F4D8391276FB0A3A55528CF3965478E7	49B6274BCCB5C6B31E20CEBB213D96197B522B1FB9C95B8649A0626EDB5BD9D8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Onedrive-logo[1].png	PNG image data, 170 x 114, 8-bit colormap, non-interlaced	FFC68AE7FD5A2D7A7CEC7185717B6E88	ABBCEBC2E0794C8F30DF0035881D4405D3A1D69B	4603EA1B2F9DF0C9D4F2A253C550FFBAF27EA2CB53ECDE4277B2ACF9DDE33979
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Outlook[1].htm	HTML document, UTF-8 Unicode text, with very long lines	41533DAD7B078D172234686E36B80E5B	695F0E1AE148DC62106C2044C362DEBCEED2F4C9	6353840890F462A1DE1A412650A42F45E935071015B837C1D703C0BBAAFED53C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-3.1.1.slim.min[1].js	ASCII text, with very long lines	550DDFE84A114F79A767C087DF97F3BC	310BD0C04196573315C2E8446776685AC2961724	FD222B36ABFC87A406283B8DA0B180E22ADEB7E9327AC0A41C6CD5514574B217
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mem5YaGs126MiZpBA-UN7rgOUuhv[1].woff	Web Open Font Format, TrueType, length 18900, version 1.1	1F85E92D8FF443980BC0F83AD7B23B60	EE8642C4FAE325BB460EC29C0C2C9AD8A4C7817D	EA20E5DB3BA915C503173FAE268445FC2745FC9A5DCE2F58D47F5A355E1CDB18
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mem5YaGs126MiZpBA-UN8rsOUuhv[1].woff	Web Open Font Format, TrueType, length 19072, version 1.1	05EBDBE10796850F045FCD484F35788D	07744CFE76B8C37096443A6BCC3FBD04F93AD05B	35EB714D45479FE35586513C7D372CED0AE3E26EB05883950BEA2669C6E802AA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mem5YaGs126MiZpBA-UNirkOUuhv[1].woff	Web Open Font Format, TrueType, length 18696, version 1.1	449D681CD6006390E1BEE3C3A660430B	2A9777AFC07BF0BB4BB48F233ED7C4BCBDB60760	57C79375B1419EE1D984F443CDA77C04B9B38C0BE5330B2D41D65103115FFD72
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mem8YaGs126MiZpBA-UFVZ0d[1].woff	Web Open Font Format, TrueType, length 18100, version 1.1	DE0869E324680C99EFA1250515B4B41C	8033A128504F11145EA791E481E3CF79DCD290E2	81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\tether.min[1].js	ASCII text, with very long lines, with no line terminators	ECDFD3DC464CEDA5F483BB5C96A6E3D2	CBDD0A2B2DD7A9CFC5DB3F33E34323AFA0CA55A3	80BD626EB6D57112072A508EE4E5CE3C2FE5673FE0A5D029810033B24AAA5E9F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Office365[1].htm	HTML document, ASCII text	E52D762B4E73E5F5924D5CC544B1E765	1248AC98038C71D032ED1AB2105BB133B6846B3D	399C3592FBFF1A1C12B4C97DC1F6720E1A3316FF33FBFA069BD7CF0FFF40E606
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\css[1].css	ASCII text	92404C8DCB1F1863E5ADCA427FF6E876	592107E0DF7ADFC6C7D5063E2B41B86F449E48D1	CFF86CE07328574D51AAE24D05AEA68B4587B0B2D75E8FCB985347771E2DCB5D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\landing-devices-bg[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x800, frames 3	55174EA1C3DF4966ED13D25A6223999D	FA1E418627CE2C16FF594A9615B1D53E5F676FFF	C86C4A6731077F1994A8CAECCB1FC06477EA35A5B6ABBB4ABDE1D06B8EF9FF32
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\memnYaGs126MiZpBA-UFUKWiUNhrIqU[1].woff	Web Open Font Format, TrueType, length 17452, version 1.1	BF72679CA22E53320BEAEA090E8BB07D	F3BAA33E986EC10D6F0C8211A826242441D52CC7	1E742589D91A4B7E3888284A43A73675F312D3D6C4E78B3B76EBC36292646100
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\microbg[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, frames 3	C58B50331BCDD1C2B4FFB5E7A456E08A	2D4E7108635F07451A2578D9F847BDC4023F279D	2777ABE0312E6B49428D5D7F7F42E43AF620793F86F823F2E045968AFBDDDB63
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\microsoftlogo[1].png	PNG image data, 115 x 26, 8-bit colormap, non-interlaced	E8F6445B7B7F0B26B63CD135E8BB3B3D	52C38CDD5696EE485D076F1B0FE40032B1BC608D	089AA7FA65A4038B4AB9130D083E6BCC24B0E33F5018984EF1463B8516BC7993
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\office[1].png	PNG image data, 512 x 512, 8-bit colormap, non-interlaced	1AC039422D7C9CEE436B2CAE5C00BD8C	60D9B9A6E2DF337578C35472344F1387775046D8	1500514ADF9E666A3D20530815DF881BC94812C6906A53BD4C216D051D18C372
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\outlook[1].png	PNG image data, 213 x 211, 8-bit colormap, non-interlaced	CACDEE9959D34380D727718FD02B3711	EB971467C555EA2299CC31018C8BC85F67DA59D7	17F02FDB590800C9A21E2B6166F5F22CC54952D58897F09D8E82BB9195BC2071
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\webmaillogo[1].png	PNG image data, 322 x 50, 8-bit colormap, non-interlaced	85F7EBDACD174413927BD4B787997558	B03207C7F3EA92E9EA0EBDC2F804947CC726965D	E298D32D99708F56D68EF9CD0C44EC85910A4DF7552B5B2041FCAA48D5EE9742
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bootstrap.min[1].css	ASCII text, with very long lines	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bootstrap.min[1].js	ASCII text, with very long lines	0827A0BDCD9A917990EEE461A77DD33E	6107D146E54A67C9998230ABF839301575D05702	FA421B6EBBD2FB474D3A3866409CE6C1EFD120B47FF256FFFB8F8F50D556D3D9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[1].css	ASCII text	7AD11B51C8A9918ADE502DA9DE063EFF	ABF598711588628073EE60E294F288AB76EA187A	5A270BD50EF12A93ABAE711C806D6C59D58B0E0D2A9B3463A8268DC3D2EA6857
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\mem6YaGs126MiZpBA-UFUK0Zdcs[1].woff	Web Open Font Format, TrueType, length 17440, version 1.1	06B4BFDA4E139EAF3AB9872A6D66F42F	E5C5999D6AF4869BC60EEA92D1A8C328FB0E1378	39EC493A5A688A85B60A1E889A22CFB93F23C900E0FDC0BE8AB8543DC9DAA783
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\memnYaGs126MiZpBA-UFUKWyV9hrIqU[1].woff	Web Open Font Format, TrueType, length 17668, version 1.1	793B1237017AEACD646FB80911425566	51E3023140BE407FD5FBFD27E0A5D2C30AE66F31	5BB07410994C14D60F72CE3F6E19B172FCD7BC515F9BAEAF1F74C6CC2216E86A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\memnYaGs126MiZpBA-UFUKXGUdhrIqU[1].woff	Web Open Font Format, TrueType, length 17492, version 1.1	56E5756B696615D6164A625E1BCB1A9E	E2AEF56F577DBB78254066B73C2D0FBE30B40AE0	BB87838929C15E1D0A05693C375323B95B6B4690FE207D3639E3A432C44AEF35
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\officebg[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1420x1080, frames 3	058E25C4AA0FCCB6A280E543B4C108E8	05AF10D488E0651737E4AE510DF17DA2166463DA	7A2C0B0E1E16041B12DD1A7D18438CEB14063C980799BAEE1D55CB2F04892777
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\officelogo[1].png	PNG image data, 163 x 75, 8-bit colormap, non-interlaced	8DB2ADD18C0D34794B35DEEE1FDC14DB	6E72801F98A832E9193A4D9F4389AEAE1E5233DD	EFACCC2B190FCCE0F0AB41064D882FB4A701C6AED6B1035595A16138E32A0A50
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\style[1].css	ASCII text	9D8F3FCC24C20CA06678AD500BF55150	E0100DE345BCFA97AF7C15957D7BC1B2BBE91061	CC4703F492AA58E929D57812FD5A8580258006E0121DD097E866B4EE38A800AA
C:\Users\user\AppData\Local\Temp\~DF2B39EDCB32CC438A.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DF8ADC395168C1F92B.TMP	data	5582856D044B69E3ADAC4EB9BAFEC6AC	8588EB79B3B33B414A2F3ACC6B9BC6879E245A0C	5BCB627A23821A0C1415239E896C4327FA46AFEB3AD3C3DB22EA831B0F6A9C77
C:\Users\user\AppData\Local\Temp\~DFE69385337526499A.TMP	data	365522B40BE6DAAB01E930C30A2644B2	BE37B4155E1F1D550D1645876D4A124D6054CEED	F86B78A69AAB23F374EB14C60AEAA7E3AD2941AC88F1ABBD37EC67E5E6932B48

Analysis Report https://plateflippers.com/OH2/GG8/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs