Analysis Report https://edulibsworg.ru/ertyhtbgrvfcdsetrbgv4refcd.php

Overview

General Information

Sample URL:	https://edulibsworg.ru/ertyhtbgrvfcdsetrbgv4refcd.php
Analysis ID:	364015
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish_10

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

AV Detection:

Antivirus detection for URL or domain

Source: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnbgfvdctyu.html

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish_10

Source: Yara match	File source: 585948.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\kujyhnbgfvdctyu[1].htm, type: DROPPED

HTML body contains low number of good links

Source: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnbgfvdctyu.html	HTTP Parser: Number of links: 0
Source: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnbgfvdctyu.html	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnbgfvdctyu.html	HTTP Parser: Title: ...Login... does not match URL
Source: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnbgfvdctyu.html	HTTP Parser: Title: ...Login... does not match URL

Source: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnbgfvdctyu.html	HTTP Parser: No <meta name="author".. found
Source: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnbgfvdctyu.html	HTTP Parser: No <meta name="author".. found

Source: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnbgfvdctyu.html	HTTP Parser: No <meta name="copyright".. found
Source: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnbgfvdctyu.html	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 103.153.182.185:443 -> 192.168.2.22:49165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.153.182.185:443 -> 192.168.2.22:49166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 134.70.24.1:443 -> 192.168.2.22:49172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 134.70.24.1:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.22:49173 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.22:49174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.22:49184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.22:49183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.22:49185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.22:49186 version: TLS 1.2

Networking:

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\favicon[1].ico

Jump to behavior

Source: unknown

DNS traffic detected: queries for: edulibsworg.ru

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A.1.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: popper.min[1].js.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://abogadosparatodoswnet.ru/ytrgfrtyhnbgfvdc25feb/next.php
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: free.min[1].css.1.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.1.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: css[1].css.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff)
Source: bootstrap.min[1].css.1.dr, bootstrap.min[1].js.1.dr	String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.min[1].js0.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].css.1.dr, bootstrap.min[1].js0.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js0.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://logo.clearbit.com/
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: {BD316631-7E18-11EB-ADCF-ECF4BBB5915B}.dat.0.dr, ~DF61C7615D0C13BE7F.TMP.0.dr	String found in binary or memory: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnb
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://storage.googleapis.com/oijhgbfvergyt4res.appspot.com/landing.css
Source: kujyhnbgfvdctyu[1].htm.1.dr	String found in binary or memory: https://storage.googleapis.com/oijhgbfvergyt4res.appspot.com/weblogo.png

Source: unknown	Network traffic detected: HTTP traffic on port 49184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown	Network traffic detected: HTTP traffic on port 49183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 49172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49174 -> 443

Source: unknown	HTTPS traffic detected: 103.153.182.185:443 -> 192.168.2.22:49165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.153.182.185:443 -> 192.168.2.22:49166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 134.70.24.1:443 -> 192.168.2.22:49172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 134.70.24.1:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.22:49173 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.22:49174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.22:49184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.22:49183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.22:49185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.22:49186 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal56.phis.win@3/29@9/4

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BD31662F-7E18-11EB-ADCF-ECF4BBB5915B}.dat

Jump to behavior

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF560C05FD321D069A.TMP

Jump to behavior

Source: C:\Program Files\Internet Explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:268 CREDAT:275457 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:268 CREDAT:275457 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.10.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
103.153.182.185	edulibsworg.ru	unknown	134687	TWIDC-AS-APTWIDCLimitedHK	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
134.70.24.1	objectstorage.us-ashburn-1.oci.oraclecloud.com	United States	31898	ORACLE-BMC-31898US	false

Contacted Domains

Name	IP	Active
stackpath.bootstrapcdn.com	104.18.10.207	true
cdnjs.cloudflare.com	104.16.18.94	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
edulibsworg.ru	103.153.182.185	true
objectstorage.us-ashburn-1.oci.oraclecloud.com	134.70.24.1	true
ka-f.fontawesome.com	unknown	unknown
code.jquery.com	unknown	unknown
kit.fontawesome.com	unknown	unknown
objectstorage.us-ashburn-1.oraclecloud.com	unknown	unknown
favicon.ico	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://objectstorage.us-ashburn-1.oraclecloud.com/n/idx0jpmo1evz/b/ythgrffrtyujnhtbgvrfcd/o/kujyhnbgfvdctyu.html	false	SlashNext: Fake Login Page type: Phishing & Social Engineering	high

ID:	364015
Product:	CloudBasic
Start time:	17:10:07
Start date:	05.03.2021
Cookbook:	browseurl.jbs
System description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 58596 bytes, 1 file	2FEBC5EB397A71B7A4862D0DCC21CA5E	5568FBD6D7DB899850D3AAFF95FEC08952361678	2E9BE05B763D01CB0CD6FDE8BC64432A012AD3ECD9A6F3099DDE740A2D148A13
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	6AEB4E76C6F68EFD7A48092E9F0F3492	823A035C0BDCC3DC09C881E788F7FACA53C6B458	FE1B9A0EABF44FDBE4DDE97C3CC1209FAD2FBB2D2D7476FFBF64066BD9919A4F
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	4DD7C6AFE5455C5C89E773C6379CE521	1BF9A13A82C4D900261E49701A5C9635C65196A4	DACB2A9B396CF7E30C41E710B8A156E215FF8A1DD0C2474E8FC8B782F52D382C
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	151704D00CCC2A4CC41A6DAED0340AF5	7D28FDC6321881E39E48CC68626B682DBB1498FA	3C3BB04253909FE060DF9A90DE6508169FA3BDB864D7E61AF0DFA8FE0CA70EA5
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	DA597791BE3B6E732F0BC8B20E38EE62	1125C45D285C360542027D7554A5C442288974DE	5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BD31662F-7E18-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	9E7EB3ACCD00DDADBB45881C93F61CBC	74E3FD23FE3284DE2A48E59FB6DADAF0431C60F7	91DD9EDAEDACABA5B8BF84B69780B73349E144A8B66440F55E39216D66C2EB8B
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BD316631-7E18-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	9A92144B48FF9F9C3FECE325753BA8AC	6712E9ACA60DCCD6306E4B5583FE3042DADBFF15	26072611A2846DAFC65CB819E17557209C23CFE1B5E357872C968A06414F44C1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C450C440-7E18-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	8DBE06C48B78C1521A560D7DDA081B24	445C895DA6D80A2F2D833FEFB5A74FEAD85281CA	05D1C443FAB9FD73117CA9155F44325878A5EC1FBE7C441288936360984AB3F7
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\css[1].css	ASCII text	72C5D331F2135E52DA2A95F7854049A3	572F349BB65758D377CCBAE434350507341ACD7B	C3A12D7E8F6B2B1F5E4CD0C9938DFC79532AEF90802B424EE910093F156586DA
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\weblogo[1].png	PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced	40AE4F6568F8A76588FF3DCB4D5F43B4	F3643C44611D47E477C2B718C2FF40A20182964C	31CCB91FFA866D8E061ADA54BC00A8EE5F098EB8014607EB92F25D3B8A9EAB2F
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\favicon[1].ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	DA597791BE3B6E732F0BC8B20E38EE62	1125C45D285C360542027D7554A5C442288974DE	5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\kujyhnbgfvdctyu[1].htm	HTML document, ASCII text, with CRLF line terminators	36B3FB81B81DF125C17477C069F9B30C	7F24AC1F219A0E55E5C327AD1FEA9A044D377114	0BCAC2ED5C8524B8DBA3B3E5AF4AB14F970FDA42F8358407C05CA29CBFBED339
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\landing[1].css	ASCII text	673A72457FDC4E41205701CAAD05C205	07A41BCC92BF10346761A1EC007B24301E61F22C	BED9A5050FF03491E4F55741A3B3EC18429D79C8337FFB2FB4511DA79B6A10EE
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\popper.min[1].js	ASCII text, with very long lines	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\bootstrap.min[1].js	ASCII text, with very long lines	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\jquery-3.2.1.slim.min[1].js	ASCII text, with very long lines	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\jquery.min[1].js	ASCII text, with very long lines	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bootstrap.min[1].css	ASCII text, with very long lines	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bootstrap.min[1].js	ASCII text, with very long lines	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\free-v4-shims.min[1].css	ASCII text, with very long lines	1848E71668F42835079E5FA2AF6CF4A8	6AE345E2FEB8C2A524E7CF9E22A3A87BAEE60593	D7CC3C57F9BDA4C6DCB83BB3C19F2F2AA86ECEC6274E243CD4EC315AE8E30101
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\free.min[1].css	ASCII text, with very long lines	4ECC071B77D6B1790FA9FB8A5173F972	B44FCBAAC4F3AA7381D71DE20064AC84B0B729D1	8C7BBA7DEB64FF95E98F7AC8CD0D3B675A4BCF02F302E57EDC5A1D6FA3D6CF94
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\urlblockindex[1].bin	data	FA518E3DFAE8CA3A0E495460FD60C791	E4F30E49120657D37267C0162FD4A08934800C69	775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
C:\Users\user\AppData\Local\Temp\CabB95F.tmp	Microsoft Cabinet archive data, 58596 bytes, 1 file	61A03D15CF62612F50B74867090DBE79	15228F34067B4B107E917BEBAF17CC7C3C1280A8	F9E23DC21553DAA34C6EB778CD262831E466CE794F4BEA48150E8D70D3E6AF6D
C:\Users\user\AppData\Local\Temp\CabB980.tmp	Microsoft Cabinet archive data, 58596 bytes, 1 file	61A03D15CF62612F50B74867090DBE79	15228F34067B4B107E917BEBAF17CC7C3C1280A8	F9E23DC21553DAA34C6EB778CD262831E466CE794F4BEA48150E8D70D3E6AF6D
C:\Users\user\AppData\Local\Temp\TarB960.tmp	data	4E0487E929ADBBA279FD752E7FB9A5C4	2497E03F42D2CBB4F4989E87E541B5BB27643536	AE781E4F9625949F7B8A9445B8901958ADECE7E3B95AF344E2FCB24FE989EEB7
C:\Users\user\AppData\Local\Temp\TarB981.tmp	data	4E0487E929ADBBA279FD752E7FB9A5C4	2497E03F42D2CBB4F4989E87E541B5BB27643536	AE781E4F9625949F7B8A9445B8901958ADECE7E3B95AF344E2FCB24FE989EEB7
C:\Users\user\AppData\Local\Temp\~DF49C379F6CC9907A6.TMP	data	444502397FD612BA183437AA34F91D92	F3453480952F0BE34A8A31776AFC4409D3AE1235	E2C9DAB8862EF1A7BDCD353065F5FFAC804DEE93577931C93006725F8647729C
C:\Users\user\AppData\Local\Temp\~DF560C05FD321D069A.TMP	data	9885224417F4B65783BA40D42A81D069	B53584878BAC51CD5B642CC07B6D7390EE4DEE89	29614AEDB74257C36B43BF721E7DDD9A7E1A1EA995028836D770626CA8BE0900
C:\Users\user\AppData\Local\Temp\~DF61C7615D0C13BE7F.TMP	data	31EA62B7F834CF14EC724E31D92D975A	FEFFEE462B63A9D6A4E32F7EED2ABCACC5D37A89	06804370F0684667D23BCD3CC2056CCEA5AC14B9D39EB9CBFDE5E89EF9601197

Analysis Report https://edulibsworg.ru/ertyhtbgrvfcdsetrbgv4refcd.php

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs