Analysis Report https://securepay.mysellful.com/

Overview

General Information

Sample URL:	https://securepay.mysellful.com/
Analysis ID:	383544
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish6

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

AV Detection:

Antivirus detection for URL or domain

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish6

Source: Yara match	File source: 849224.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\s[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\s[2].htm, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/files/logo.png

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Phishing site detected (based on logo template match)

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f

Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: Number of links: 0
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: Title: Validation does not match URL
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: Title: Validation does not match URL

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: No <meta name="author".. found
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: No <meta name="author".. found

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: No <meta name="copyright".. found
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.7:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.156:443 -> 192.168.2.7:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.156:443 -> 192.168.2.7:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49764 version: TLS 1.2

Source: MC8R5KA7.htm.2.dr	String found in binary or memory: }, false);</script><script data-no-minify="1" async src="https://cdn1.sellful.com/wp-content/plugins/wp-rocket/assets/js/lazyload/11.0.6/lazyload.min.js"></script><script>function lazyLoadThumb(e){var t='<img data-lazy-src="https://i.ytimg.com/vi/ID/hqdefault.jpg" alt="" width="480" height="360"><noscript><img src="https://i.ytimg.com/vi/ID/hqdefault.jpg" alt="" width="480" height="360"></noscript>',a='<div class="play"></div>';return t.replace("ID",e)+a}function lazyLoadYoutubeIframe(){var e=document.createElement("iframe"),t="https://www.youtube.com/embed/ID?autoplay=1";t+=0===this.dataset.query.length?'':'&'+this.dataset.query;e.setAttribute("src",t.replace("ID",this.dataset.id)),e.setAttribute("frameborder","0"),e.setAttribute("allowfullscreen","1"),this.parentNode.replaceChild(e,this)}document.addEventListener("DOMContentLoaded",function(){var e,t,a=document.getElementsByClassName("rll-youtube-player");for(t=0;t<a.length;t++)e=document.createElement("div"),e.setAttribute("data-id",a[t].dataset.id),e.setAttribute("data-query", a[t].dataset.query),e.innerHTML=lazyLoadThumb(a[t].dataset.id),e.onclick=lazyLoadYoutubeIframe,a[t].appendChild(e)});</script> <script type="text/javascript">(function(){window['__CF$cv$params']={r:'63c5f7eb3d62592e',m:'5b2b182e265696655316fdd90396806cce8eecfd-1617826951-1800-AZTTThY0OvsmqZbFn10kKm/SkiRlAWoExDliPZdSvYYJe+RAfXkZV/8t72nIORSxB6qPJcyls8cfd3sOcJV2F/ki+ywiM82Gjn/1Rjp/X4+NGk2KlzMG2DKfdWauiYxwFA==',s:[0xfd130a1f11,0x47f720f7b6],}})();</script></body></html> equals www.youtube.com (Youtube)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.facebook.com (Facebook)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.linkedin.com (Linkedin)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.twitter.com (Twitter)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.vkontakte.ru (VKontakte)

Source: unknown

DNS traffic detected: queries for: securepay.mysellful.com

Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://api.jqueryui.com/position/
Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://jqueryui.com
Source: swiper.min-5.3.6[1].js.2.dr	String found in binary or memory: http://swiperjs.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: ~DF7A51840F262B8417.TMP.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/new
Source: {70535A4C-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/newRoot
Source: {70535A4C-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/newas.mundosano.org/kcontrol-inti/con
Source: new[1].htm.7.dr	String found in binary or memory: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/
Source: ~DF827A3CCA513061E4.TMP.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998
Source: {67FCA281-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://atendiendochagllful.com/b
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://cdn1.sellful.com/wp-content/cache/busting/google-tracking/ga-0a4e309b5f2d7439b4f8876b19f37fc
Source: MC8R5KA7.htm.2.dr	String found in binary or memory: https://cdn1.sellful.com/wp-content/plugins/wp-rocket/assets/js/lazyload/11.0.6/lazyload.min.js
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://elementor.com/?utm_source=wp-themes&utm_campaign=author-uri&utm_medium=wp-dash
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://elementor.com/hello-theme/?utm_source=wp-themes&utm_campaign=theme-uri&utm_medium=wp-dash
Source: v4-shims.min-3.1.1[1].js.2.dr	String found in binary or memory: https://fontawesome.com
Source: v4-shims.min-3.1.1[1].js.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: css[2].css.7.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrEzAdKQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBCc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgVxIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoDIOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoDISmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoJYOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoUoOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojIWmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjovoSmb2Rl.woff)
Source: api[1].js.2.dr	String found in binary or memory: https://github.com/antoinevastel/picasso-like-canvas-fingerprinting
Source: dialog.min-4.8.1[1].js.2.dr	String found in binary or memory: https://github.com/kobizz/dialogs-manager/blob/master/LICENSE.txt
Source: MC8R5KA7.htm.2.dr	String found in binary or memory: https://i.ytimg.com/vi/ID/hqdefault.jpg
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: {67FCA281-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://securepay.mysellful.com/
Source: {67FCA281-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://securepay.mysellful.com/Root
Source: ~DF827A3CCA513061E4.TMP.1.dr	String found in binary or memory: https://securepay.mysellful.com/b
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: https://twitter.com/intent/tweet?text=
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.html
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: https://www.pinterest.com/pin/create/button/?url=
Source: MC8R5KA7.htm.2.dr	String found in binary or memory: https://www.youtube.com/embed/ID?autoplay=1

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.7:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.156:443 -> 192.168.2.7:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.156:443 -> 192.168.2.7:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49764 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@5/58@9/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{67FCA27F-982A-11EB-90E6-ECF4BB82F7E0}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user~1\AppData\Local\Temp\~DFDB692E0DABAF91D0.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4460 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4460 CREDAT:82952 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4460 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4460 CREDAT:82952 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.213	stateless.sellful.com	United States	13335	CLOUDFLARENETUS	false
104.26.11.161	securepay.mysellful.com	United States	13335	CLOUDFLARENETUS	false
162.246.16.250	atendiendochagas.mundosano.org	United States	19318	IS-AS-1US	false
74.125.143.156	stats.l.doubleclick.net	United States	15169	GOOGLEUS	false
104.26.13.213	cdn1.sellful.com	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
stateless.sellful.com	104.26.12.213	true
stats.l.doubleclick.net	74.125.143.156	true
atendiendochagas.mundosano.org	162.246.16.250	true
www.google.ch	216.58.215.227	true
cdn1.sellful.com	104.26.13.213	true
securepay.mysellful.com	104.26.11.161	true
stats.g.doubleclick.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://securepay.mysellful.com/	true		unknown

AV Detection:

Antivirus detection for URL or domain

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish6

Source: Yara match	File source: 849224.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\s[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\s[2].htm, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/files/logo.png

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Phishing site detected (based on logo template match)

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f

Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: Number of links: 0
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: Title: Validation does not match URL
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: Title: Validation does not match URL

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: No <meta name="author".. found
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: No <meta name="author".. found

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: No <meta name="copyright".. found
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=eb74f312212be18a263f555439392ab2f19be7815afbdfc1069c245ec67f3c3c7067c33f	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.7:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.156:443 -> 192.168.2.7:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.156:443 -> 192.168.2.7:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49764 version: TLS 1.2

Source: MC8R5KA7.htm.2.dr	String found in binary or memory: }, false);</script><script data-no-minify="1" async src="https://cdn1.sellful.com/wp-content/plugins/wp-rocket/assets/js/lazyload/11.0.6/lazyload.min.js"></script><script>function lazyLoadThumb(e){var t='<img data-lazy-src="https://i.ytimg.com/vi/ID/hqdefault.jpg" alt="" width="480" height="360"><noscript><img src="https://i.ytimg.com/vi/ID/hqdefault.jpg" alt="" width="480" height="360"></noscript>',a='<div class="play"></div>';return t.replace("ID",e)+a}function lazyLoadYoutubeIframe(){var e=document.createElement("iframe"),t="https://www.youtube.com/embed/ID?autoplay=1";t+=0===this.dataset.query.length?'':'&'+this.dataset.query;e.setAttribute("src",t.replace("ID",this.dataset.id)),e.setAttribute("frameborder","0"),e.setAttribute("allowfullscreen","1"),this.parentNode.replaceChild(e,this)}document.addEventListener("DOMContentLoaded",function(){var e,t,a=document.getElementsByClassName("rll-youtube-player");for(t=0;t<a.length;t++)e=document.createElement("div"),e.setAttribute("data-id",a[t].dataset.id),e.setAttribute("data-query", a[t].dataset.query),e.innerHTML=lazyLoadThumb(a[t].dataset.id),e.onclick=lazyLoadYoutubeIframe,a[t].appendChild(e)});</script> <script type="text/javascript">(function(){window['__CF$cv$params']={r:'63c5f7eb3d62592e',m:'5b2b182e265696655316fdd90396806cce8eecfd-1617826951-1800-AZTTThY0OvsmqZbFn10kKm/SkiRlAWoExDliPZdSvYYJe+RAfXkZV/8t72nIORSxB6qPJcyls8cfd3sOcJV2F/ki+ywiM82Gjn/1Rjp/X4+NGk2KlzMG2DKfdWauiYxwFA==',s:[0xfd130a1f11,0x47f720f7b6],}})();</script></body></html> equals www.youtube.com (Youtube)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.facebook.com (Facebook)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.linkedin.com (Linkedin)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.twitter.com (Twitter)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.vkontakte.ru (VKontakte)

Source: unknown

DNS traffic detected: queries for: securepay.mysellful.com

Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://api.jqueryui.com/position/
Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://jqueryui.com
Source: swiper.min-5.3.6[1].js.2.dr	String found in binary or memory: http://swiperjs.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: ~DF7A51840F262B8417.TMP.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/new
Source: {70535A4C-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/newRoot
Source: {70535A4C-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/newas.mundosano.org/kcontrol-inti/con
Source: new[1].htm.7.dr	String found in binary or memory: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/
Source: ~DF827A3CCA513061E4.TMP.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998
Source: {67FCA281-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://atendiendochagllful.com/b
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://cdn1.sellful.com/wp-content/cache/busting/google-tracking/ga-0a4e309b5f2d7439b4f8876b19f37fc
Source: MC8R5KA7.htm.2.dr	String found in binary or memory: https://cdn1.sellful.com/wp-content/plugins/wp-rocket/assets/js/lazyload/11.0.6/lazyload.min.js
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://elementor.com/?utm_source=wp-themes&utm_campaign=author-uri&utm_medium=wp-dash
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://elementor.com/hello-theme/?utm_source=wp-themes&utm_campaign=theme-uri&utm_medium=wp-dash
Source: v4-shims.min-3.1.1[1].js.2.dr	String found in binary or memory: https://fontawesome.com
Source: v4-shims.min-3.1.1[1].js.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: css[2].css.7.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrEzAdKQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBCc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgVxIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoDIOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoDISmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoJYOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoUoOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojIWmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjovoSmb2Rl.woff)
Source: api[1].js.2.dr	String found in binary or memory: https://github.com/antoinevastel/picasso-like-canvas-fingerprinting
Source: dialog.min-4.8.1[1].js.2.dr	String found in binary or memory: https://github.com/kobizz/dialogs-manager/blob/master/LICENSE.txt
Source: MC8R5KA7.htm.2.dr	String found in binary or memory: https://i.ytimg.com/vi/ID/hqdefault.jpg
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: {67FCA281-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://securepay.mysellful.com/
Source: {67FCA281-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://securepay.mysellful.com/Root
Source: ~DF827A3CCA513061E4.TMP.1.dr	String found in binary or memory: https://securepay.mysellful.com/b
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: https://twitter.com/intent/tweet?text=
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.html
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: https://www.pinterest.com/pin/create/button/?url=
Source: MC8R5KA7.htm.2.dr	String found in binary or memory: https://www.youtube.com/embed/ID?autoplay=1

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.213:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.7:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.156:443 -> 192.168.2.7:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.156:443 -> 192.168.2.7:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49764 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@5/58@9/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{67FCA27F-982A-11EB-90E6-ECF4BB82F7E0}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user~1\AppData\Local\Temp\~DFDB692E0DABAF91D0.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4460 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4460 CREDAT:82952 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4460 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4460 CREDAT:82952 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	383544
Product:	CloudBasic
Start time:	22:21:36
Start date:	07.04.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{67FCA27F-982A-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	14A4CADDB82EC0E781777E9540CF67BE	FDD1D8AE005A0C2B12FBEE428D6574230E1CC568	B9A57E10F8A7509B7772EB29C8C4A9824822BF25880560EB75808BE96D73CCBE
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67FCA281-982A-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	48ABD361C1E7AF1235DBCF825A658FFD	A2667BB84DD449F8C2F59FBB9E36271E641F3C93	23A16B270E183C69DA64EA0229D7424769FEF466F8102A35D918FCE6418C79FD
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70535A4C-982A-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	AC7FA7415DC1FD0F06E1C73270CFFF97	856F3003777909A3EF7DDB6BB3A9094C0F88D13D	A1357FC570883FD6BCF0AF4BB84313C72AA7F6D9D44C2759DC1CAF96ACBEF91D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70535A4D-982A-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	2E5D0E625F4F8D24E88D38350C3F5C76	B32E3918530AFE574D665497266BC47E3D68D155	26F16C139274B01EDB4CA9375A9D39D937CBECC24E87FB050E4E3221A579F4CA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\css[1].css	ASCII text	775906B0B3B1AB6C28A494E1C39BAD70	EA02161815087057FAAD5AD45C8AFC53A3C5E4AD	1A8242357B58770FCA34F6B86921FF5BAFB8C0F536891E7A86A04451350A544C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\css[2].css	ASCII text	4CFC4658F748E1FC67D2EA27F9B3692F	82C520D112F48E337E99DF00067BFAA75D0F9CA2	ABC5A61E85F95E54C925FE9589099AD680912480E7C97052AF0496CBC6D111B8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\dialog.min-4.8.1[1].js	ASCII text, with very long lines	58BAF0F238D7AFC7AB926B8D51E5B559	8515E5F578269E29C048450F78C107935D325DFF	2989E0B9E836CB9DE3274D641EC6A58C2052F039E790DDD59B22303930BFDEEB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\frontend-modules.min-3.1.1[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	2AA14A960A066B954DFACB7CE9B6D192	525BBDDC67ADDA7E9B1960FF5AAC621922ABDEB3	DEA0AD73F4973782017880F1DCE0AF21A946D0E21A07DF4C5B98ECED5EBB40B1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\frontend.min-3.1.1[1].js	ASCII text, with very long lines	DCE958AFB428DD3DC78F203EF99BAE42	36EC6A22853E4212CFA7D150E9486200C943FE63	26D2072B425A61E1ED81ED2B3F254888531E62060C7C4B3C788FFB925A8C864E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js	ASCII text, with very long lines	7EDF89BCE763DAE748007CC1141380D7	C60F42B0D042E5D3A07A2EBA19C2ADCC1963DB3F	F823A747AEE70B21C44208FC0B5413A7512557E5188A2AA64529241A5B4C4E4E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\jet-blocks.min-1.2.4[1].js	ASCII text, with very long lines, with no line terminators	A4F2716EEDDAAB1AB3F91DF8A53743BD	864F3205952350B27668E1FBEB300173FA1BFD9F	42123FA141C9B3B24EA7AFA9028E5407324018F168CB68CA04FA46D51180E89F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\jet-elements.min-2.5.5[1].js	ASCII text, with very long lines, with no line terminators	AA0D6562E66188D42D8B4EB243D5AEAE	269ED4B11B57DB0B520CEA0F5895EAABF778F022	56DD17B91E80F419356B9519459F99E939F846BAB801BE32A15719293131DE4C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\pdf[1].png	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	F1E3F187F7C23FA8D1555004F3800356	E71E52A142E754399AE39EF38584789B66E9EA00	DB307FCEF7F95139689007D7A623B340EC21282BD421C4E4B2BA09078F230545
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\preloaded-elements-handlers.min-3.1.1[1].js	ASCII text, with very long lines	ED8DE4F9A94259E5BC6E81D7857C76E4	0F9330D1551934BF28E3AFC4BD63366DF88E9CA7	420AD608FCB00C75B037C32408D72FABD863EB70B707A36F93DD00F4BDA513E9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\swiper.min-5.3.6[1].js	ASCII text, with very long lines	15BB2B8491FC7E84137D65F610E1685A	CD76B70A5426893E9C022B9A75C50A7C1348E2D0	B23F49F504FAA32AAC548B6662FFD64412F6738496FAB8BE38DA46C5B7121804
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\wu-visit-counter.min[1].js	ASCII text, with very long lines, with no line terminators	BD2D3003A2FF56FFE8D773738166C4E8	038E00D4CC39EC3B07034BDE7D183488A327D93D	E0D101D1C3EAA67495D8A04D1D4A2D84B02B44CE6C9B060C323A5534CD83D59C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\KFOiCnqEu92Fr1Mu51QrEzAdKQ[1].woff	Web Open Font Format, TrueType, length 21776, version 1.1	E21019768EE6D334593AA1EBCA028ACF	DFE80B4CB13F47ECED9236E33AB360DB41711B0C	75D75439F2A7EA1851A3E5B621320B9DFA1399861D2EC6D443A3C2919B93AFB7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\KFOjCnqEu92Fr1Mu51TLBCc6CsI[1].woff	Web Open Font Format, TrueType, length 22360, version 1.1	C2E42D1EAC2DE2B58A2358686E6ED73C	24760369053031DF1F2BE831E067E3D9E37F0B3A	B31B421BAFE532F6B6BDBB6F680FB11BD3968F23C7FE09A29B1A22F4C8DD2A7E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\KFOjCnqEu92Fr1Mu51TzBic6CsI[1].woff	Web Open Font Format, TrueType, length 21656, version 1.1	147F4E11CE73A22AAC9C6C2822290953	EEFEA89A9C36F8B1A7CA99372A7E0E05C92EADD6	A22585CFD64238EF14B1B383B5B9A8BAD7C89E354C09FC0886067E876687A38C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\KFOkCnqEu92Fr1MmgVxIIzQ[1].woff	Web Open Font Format, TrueType, length 20424, version 1.1	04B7FD97F88B82DCCCE5EC446CCC29E6	9A3C1CE2EAB659A91AF7016570287428CC82C458	A38AD0B609E4D2039D18B0F9DC89E9060F2E2E05F2F42764A6A93354346A6C37
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\api[1].js	UTF-8 Unicode text, with very long lines	6C6281C15CBC981BC05942BAC40BCD7E	6015D314D852ECC0C0158731D8E06724805E38E5	0D3118E306C6A26F1D2EFCB698984E6922C5E7E155C94A84760E36E5592A3C11
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\css[1].css	ASCII text, with very long lines, with CRLF line terminators	63DF83784CADD3A339B776520600C21A	69BB829612F3E3CB2F521323945C9284A2B0DCDE	2EE69AEF3AFB10B368BDE9FEA7E97CC75C030C890E3D2B8DC4AD19D498234DBF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js	ASCII text, with very long lines	0A4E309B5F2D7439B4F8876B19F37FC7	7AC30F933A2B889EDBE5D3449F4EC90049B0E2A9	F79723478F4C48501CD49AC52B81D6244A6562B9D3F08CE8AB208A8B8878D4C4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\jet-blog.min-2.2.9[1].js	ASCII text, with very long lines, with no line terminators	BDB89C23157E96CE0A6978293CE0EBFA	B4D7C5D9FAE848643FB9B283D424626A71D50D01	047370A77F43B356CC417AFAF4B959E9B2C47F7DCFF73271A99EFAC3F25E665C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\lazyload.min[1].js	ASCII text, with very long lines	B906C7B5D31EFDE9C615DE31CF4C089C	721540E4BABC25B6F245B92AEEF70E993E408D80	FD9B21475370627E77A6988F76C0BF93A005F9E66C4F2E9FD62E5C2DE5976DC9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\logo[1].png	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced	EF884BDEDEF280DF97A4C5604058D8DB	6F04244B51AD2409659E267D308B97E09CE9062B	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\s[1].htm	HTML document, ASCII text, with very long lines, with CRLF line terminators	474A9980C4D204E7D4B593832B226BEA	DBDB72D920A55C1AB76FDA122271C9986C8F9389	163589FCFF3F5D67836D8DF3EC13D11E561E93C25B9679D3BA92B98F9D34EABF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\s[2].htm	HTML document, ASCII text, with very long lines, with CRLF line terminators	474A9980C4D204E7D4B593832B226BEA	DBDB72D920A55C1AB76FDA122271C9986C8F9389	163589FCFF3F5D67836D8DF3EC13D11E561E93C25B9679D3BA92B98F9D34EABF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\share-link.min-3.1.1[1].js	ASCII text, with very long lines	9BB8540493A7FE11B229870EB37BE165	D77F17CB9057DC8F622B8C0BF23F6ACB739B3B8E	4A7EE62EB33F3BBB66C2151E5CAC6BF4904E28302EFC36128F3E3CCAE6FDE580
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\MC8R5KA7.htm	HTML document, ASCII text, with very long lines	A1195EB5C3C6D7B2258505A0B11FC1A2	96DC8419032CD521DA33E4AD76DCFBCABCB157AE	C401366641ABCD9E1856FC7D2641CF14F77CE5A9009C5C378E9E50ABDAA95CC4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\admin-ajax[1].htm	very short file (no magic)	C4CA4238A0B923820DCC509A6F75849B	356A192B7913B04C54574D18C28D46E6395428AB	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\c6561660-new-remittance-785x800[1].png	PNG image data, 785 x 800, 8-bit/color RGB, non-interlaced	F3ABDCA15BFA18336CFC35F883491739	335C15AA3E10703589CE0CF0F64A9A373120F235	67DFDFB4D1A369156EB7F956AE26B1FCE3634AC737DCEEFF5DAD5DAEDB0CE6BC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\ccaf1bb7df93920b7090e89ad7f87719[1].css	UTF-8 Unicode text, with very long lines	94547D32CD5E7AFFFDF394055C5C767D	10E65A16AD492DFEF08374373BCAED3559159D61	3BFA9CA8A9F68321B95EABB8E2401C2725C76E967A9C2A560C4C2014C351DA11
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\frontend.min-3.0.5[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	64A17E19546A8EAEB7449982967CFA69	B777FF3056A8DD8C79F93C0125F21EC3909C9802	65115988F62E8284EBC9BBD735C7DE493F47ED8EA5A266FDDB4C86D4997472FB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\jet-tricks-frontend-1.2.12[1].js	ASCII text	61EE94A46DB07B5D0ADDD2F1CB20AF10	513E714A9FA59ACBBE436EA70EAE7EC8DD5B87C1	340CB3133FD2998435B655096B9DDFC1F24DB65D66F296A7369643C4256273B9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\jquery-1.12.4-wp[1].js	ASCII text, with very long lines	49EDCCEA2E7BA985CADC9BA0531CBED1	F8747F8EE704D9AF31D0950015E01D3F9635B070	1DB21D816296E6939BA1F42962496E4134AE2B0081E26970864C40C6D02BB1DF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\jquery-migrate.min-1.4.1[1].js	ASCII text, with very long lines	7121994EEC5320FBE6586463BF9651C2	90532AFF6D4121954254CDF04994D834F7EC169B	48EB8B500AE6A38617B5738D2B3FAEC481922A7782246E31D2755C034A45CD5D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\new[1].htm	HTML document, ASCII text	0E241B8D33B2AE011B112941747BA154	1F027D10066871A789A960053D74B17B81843920	2F3D726E8D6811D028A298E3BF49D01FBC0D12AD6D91993EE16CA5BDEC111295
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\v4-shims.min-3.1.1[1].js	ASCII text, with very long lines	7A5DEA0A705CC2F4CD87DBAAA6666BC6	678BC6F750F13ADB29BBC158EB0D9CD813B736FA	97CF1307C16A437B77B5F7F5C9BC0B985D0745A14BE5A279019ACA5A3432E264
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\webpack.runtime.min-3.1.1[1].js	ASCII text, with very long lines	7423529C58B1A1BF4EE735F7AFBB59BD	52D72A236F4925E5BD2C0A173A03C7CA8A92BBA8	E9286A9B5C5047627AFB876EBE1C90933EE1C438164D529D01D80C4636C4B405
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff	Web Open Font Format, TrueType, length 22080, version 1.1	FA8878D8872A2AC4BEB377CDAE15566A	34EE72B0E553C3EFA41A7E0DF4EB710596469A10	8411023A027610AEB3DC333438E12A17222163AE78817C5395DA04548ED30150
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woff	Web Open Font Format, TrueType, length 22280, version 1.1	6E949B62AF2E8B6F705E35EE4DBC17F4	31BC06C0C932EC0176F42C6864C58D7450BBF97E	917A5159BE44DE9A82072F6A1C52EF645844D6BEDF42F8FD1549CD99D6DB2CC5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff	Web Open Font Format, TrueType, length 22036, version 1.1	522AECAD450B10CE647739BC8D9AA1C6	6C3528F1BDD5B980F41BDCD1D9FCD812FE0C6D61	2B5FB1F0EE063320196A64157AE9A949BB4656BC48604914175F1EDA636DCE07
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff	Web Open Font Format, TrueType, length 20532, version 1.1	DA2721C68B4BC80DB8D4C404F76B118C	3A32E8B7EFBC9DFB52F024D657B8C8C0A80E5804	BD811625271ACCA47F7DAC48B460F13E08EE947B2A8E17E278C4D5CCB5D9323C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff	Web Open Font Format, TrueType, length 20404, version 1.1	BF0F407102FAF3A0B521D3B545F547A5	CA357CD0DE5DD0242E8EFACFB8D24AB60FDC86AB	855A06974032BB69157D469ABA6F63440E8BE47C421F45C3F396F4E0B87B6DE8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff	Web Open Font Format, TrueType, length 20396, version 1.1	68D6DABFE54E245E7D5D5C16C3C4B1A9	7FDAB895EAEBECEDB3FB5473EAB94A1B292CEF19	A01A632E56731A854F35701AA8C3A6A19A113290D9032FF9048F8064C45383BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmYUtfBBc-[1].woff	Web Open Font Format, TrueType, length 20412, version 1.1	64BBA9C4E8156C152050C657E9D24BF1	90ECF87091FAABE7BC0FF54A43828FA4DD483278	D33864E01E5103EBE439732BB606E694C73B6851F24DA25D41901EB17CB5D98E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 20332, version 1.1	DC3E086FC0C5ADDC09702E111D2ADB42	B1138B84FF19EAC5F43C4202297529D389BD09B7	EA50AC7FDDB61A5CE248A7F8B3A31A98FE16285E076B16E6DA6B4E10910724BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\jet-tabs-frontend.min-1.1.7[1].js	ASCII text, with very long lines, with no line terminators	1A3B3BDF021E39D1CEB582804793620B	823A875AA14387C45DA64842E8E883EC1F50069F	8F66B0245A0249DF24108EECA809057C74121739DEA7F8A4FB35AE0B1180E41A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\jquery.sticky.min-3.0.5[1].js	ASCII text, with very long lines, with no line terminators	E16A8821E5F099C3A619889EA7CF0399	A38E0C736AAF0B019B29B63B00E68C1381502217	A48DEA362116D7516A2CF97066A32758D353760EE02DBF900DDFF86B02A16473
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\position.min-1.11.4[1].js	ASCII text, with very long lines	1C4A13EDEC1958817E83433AEAA42F62	851D4F36AC29A54F9AEB865E4772E10B941252D3	49AF6B83569C5E8C707E93884D9BA619B402F0A115925951301E2E3C844F0AD8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\waypoints.min-4.0.2[1].js	ASCII text, with very long lines, with no line terminators	3819C3569DA71DAEC283A75483735F7E	ECD40A5CC6F0B76200C454CA880210DC301CFAB8	214674CC77ABA35AB3567B88E2739FD08E8E96C61D279559AD61874069683EA0
C:\Users\user\AppData\Local\Temp\dat3A40.tmp	Web Open Font Format, TrueType, length 2532, version 2.24904	10600F6B3D9C9BE2D2B2CE58D2C6508B	421CA4369738433E33348785FE776A0C839605D5	29B7A9358ABDC68C51DB5A5AF4A4F4E2E041A67527ADEE2366B1F84F116FE9A5
C:\Users\user\AppData\Local\Temp\datF3B1.tmp	Web Open Font Format, TrueType, length 2532, version 2.24904	10600F6B3D9C9BE2D2B2CE58D2C6508B	421CA4369738433E33348785FE776A0C839605D5	29B7A9358ABDC68C51DB5A5AF4A4F4E2E041A67527ADEE2366B1F84F116FE9A5
C:\Users\user\AppData\Local\Temp\~DF0A2A2977AA5B8124.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DF7A51840F262B8417.TMP	data	B194237E369C3EFEA1DD3B523486D9E7	B672BB3691A94B2DE671AAC4E96B625F5ED69E26	28C3CEFDB7AE04FDC597B88C33E74D4BE4CE7B193573F480361225345CFC44F4
C:\Users\user\AppData\Local\Temp\~DF827A3CCA513061E4.TMP	data	D42FC5B8267C2A66D266198C42197588	CA13CB6B924B323771E5E81535888E210030DB2A	CC3A05FEE26D68C93BFE11A8448AF8D897DADD87AA4C3A45A9E854551BA10A50
C:\Users\user\AppData\Local\Temp\~DFDB692E0DABAF91D0.TMP	data	89F5139BEA455C2D7D25734F22E6FE50	1A8C2714ABAF7ECF412BA09F0C57E63941BEBD74	C96250606C29D3812A1A43436AF7BEE1688FCA3E87B61294A2C30D0D13BB2392

Analysis Report https://securepay.mysellful.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs