Analysis Report https://securepay.mysellful.com/

Overview

General Information

Sample URL:	https://securepay.mysellful.com/
Analysis ID:	383546
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish6

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

AV Detection:

Antivirus detection for URL or domain

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish6

Source: Yara match	File source: 849224.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\s[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\s[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/files/logo.png

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Phishing site detected (based on logo template match)

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b

Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: Number of links: 0
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: Title: Validation does not match URL
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: Title: Validation does not match URL

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: No <meta name="author".. found
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: No <meta name="author".. found

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: No <meta name="copyright".. found
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.155:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.155:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49764 version: TLS 1.2

Source: U6298Q3Z.htm.2.dr	String found in binary or memory: }, false);</script><script data-no-minify="1" async src="https://cdn1.sellful.com/wp-content/plugins/wp-rocket/assets/js/lazyload/11.0.6/lazyload.min.js"></script><script>function lazyLoadThumb(e){var t='<img data-lazy-src="https://i.ytimg.com/vi/ID/hqdefault.jpg" alt="" width="480" height="360"><noscript><img src="https://i.ytimg.com/vi/ID/hqdefault.jpg" alt="" width="480" height="360"></noscript>',a='<div class="play"></div>';return t.replace("ID",e)+a}function lazyLoadYoutubeIframe(){var e=document.createElement("iframe"),t="https://www.youtube.com/embed/ID?autoplay=1";t+=0===this.dataset.query.length?'':'&'+this.dataset.query;e.setAttribute("src",t.replace("ID",this.dataset.id)),e.setAttribute("frameborder","0"),e.setAttribute("allowfullscreen","1"),this.parentNode.replaceChild(e,this)}document.addEventListener("DOMContentLoaded",function(){var e,t,a=document.getElementsByClassName("rll-youtube-player");for(t=0;t<a.length;t++)e=document.createElement("div"),e.setAttribute("data-id",a[t].dataset.id),e.setAttribute("data-query", a[t].dataset.query),e.innerHTML=lazyLoadThumb(a[t].dataset.id),e.onclick=lazyLoadYoutubeIframe,a[t].appendChild(e)});</script> <script type="text/javascript">(function(){window['__CF$cv$params']={r:'63c5facfbc055b4d',m:'6d721a1ef31bf88249a6354e367f324a9ad5309d-1617827069-1800-AcF6ZYmikrgAOjxZxptJe9+zA1SlBh1K3i7wK0XDfUpBsX3WkmKHCh8VOUcQ1bpVjcAM63NYqFdJXymzTahxF03DOldHWRKUTQ/fuc6OOYfa+fmnIM6TQd3b9qBw4c9PAQ==',s:[0xef8fa34e4e,0x076a9a063a],}})();</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js" data-cf-beacon='{"rayId":"63c5facfbc055b4d","si":10,"version":"2021.4.0"}'></script> equals www.youtube.com (Youtube)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.facebook.com (Facebook)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.linkedin.com (Linkedin)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.twitter.com (Twitter)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.vkontakte.ru (VKontakte)

Source: unknown

DNS traffic detected: queries for: securepay.mysellful.com

Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://api.jqueryui.com/position/
Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://jqueryui.com
Source: swiper.min-5.3.6[1].js.2.dr	String found in binary or memory: http://swiperjs.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: ~DF2F964E65D10D0C53.TMP.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/new
Source: {4598208C-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/newRoot
Source: {4598208C-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/newas.mundosano.org/kcontrol-inti/con
Source: new[1].htm.3.dr	String found in binary or memory: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/
Source: {4598208C-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://cdn1.sellful.com/wp-content/cache/busting/google-tracking/ga-0a4e309b5f2d7439b4f8876b19f37fc
Source: U6298Q3Z.htm.2.dr	String found in binary or memory: https://cdn1.sellful.com/wp-content/plugins/wp-rocket/assets/js/lazyload/11.0.6/lazyload.min.js
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://elementor.com/?utm_source=wp-themes&utm_campaign=author-uri&utm_medium=wp-dash
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://elementor.com/hello-theme/?utm_source=wp-themes&utm_campaign=theme-uri&utm_medium=wp-dash
Source: v4-shims.min-3.1.1[1].js.2.dr	String found in binary or memory: https://fontawesome.com
Source: v4-shims.min-3.1.1[1].js.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrEzAdKQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBCc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgVxIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoDIOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoDISmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoJYOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoUoOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojIWmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjovoSmb2Rl.woff)
Source: api[1].js.2.dr	String found in binary or memory: https://github.com/antoinevastel/picasso-like-canvas-fingerprinting
Source: dialog.min-4.8.1[1].js.2.dr	String found in binary or memory: https://github.com/kobizz/dialogs-manager/blob/master/LICENSE.txt
Source: U6298Q3Z.htm.2.dr	String found in binary or memory: https://i.ytimg.com/vi/ID/hqdefault.jpg
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: {3F4FD36D-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://securepay.myse
Source: {3F4FD36D-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF48E2D4C07F892642.TMP.1.dr	String found in binary or memory: https://securepay.mysellful.com/
Source: {3F4FD36D-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://securepay.mysellful.com/Root
Source: {3F4FD36D-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://securepay.mysellful.com/b
Source: U6298Q3Z.htm.2.dr	String found in binary or memory: https://static.cloudflareinsights.com/beacon.min.js
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: https://twitter.com/intent/tweet?text=
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.html
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: https://www.pinterest.com/pin/create/button/?url=
Source: U6298Q3Z.htm.2.dr	String found in binary or memory: https://www.youtube.com/embed/ID?autoplay=1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.155:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.155:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49764 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@5/61@10/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F4FD36B-97DF-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF10431885DFDCFCE2.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2896 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2896 CREDAT:82952 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2896 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2896 CREDAT:82952 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.213	stateless.sellful.com	United States	13335	CLOUDFLARENETUS	false
104.26.11.161	securepay.mysellful.com	United States	13335	CLOUDFLARENETUS	false
162.246.16.250	atendiendochagas.mundosano.org	United States	19318	IS-AS-1US	false
74.125.143.155	stats.l.doubleclick.net	United States	15169	GOOGLEUS	false
104.16.95.65	static.cloudflareinsights.com	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
stateless.sellful.com	104.26.12.213	true
static.cloudflareinsights.com	104.16.95.65	true
stats.l.doubleclick.net	74.125.143.155	true
atendiendochagas.mundosano.org	162.246.16.250	true
www.google.ch	216.58.215.227	true
cdn1.sellful.com	104.26.12.213	true
securepay.mysellful.com	104.26.11.161	true
stats.g.doubleclick.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://securepay.mysellful.com/	true		unknown
https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

AV Detection:

Antivirus detection for URL or domain

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish6

Source: Yara match	File source: 849224.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\s[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\s[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/files/logo.png

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Phishing site detected (based on logo template match)

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b

Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: Number of links: 0
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: Title: Validation does not match URL
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: Title: Validation does not match URL

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: No <meta name="author".. found
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: No <meta name="author".. found

Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: No <meta name="copyright".. found
Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=c0741a92b8450158afedd031b20cb26d2465e0f24a90c485f3368b2d3492108732cb508b	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.155:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.155:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49764 version: TLS 1.2

Source: U6298Q3Z.htm.2.dr	String found in binary or memory: }, false);</script><script data-no-minify="1" async src="https://cdn1.sellful.com/wp-content/plugins/wp-rocket/assets/js/lazyload/11.0.6/lazyload.min.js"></script><script>function lazyLoadThumb(e){var t='<img data-lazy-src="https://i.ytimg.com/vi/ID/hqdefault.jpg" alt="" width="480" height="360"><noscript><img src="https://i.ytimg.com/vi/ID/hqdefault.jpg" alt="" width="480" height="360"></noscript>',a='<div class="play"></div>';return t.replace("ID",e)+a}function lazyLoadYoutubeIframe(){var e=document.createElement("iframe"),t="https://www.youtube.com/embed/ID?autoplay=1";t+=0===this.dataset.query.length?'':'&'+this.dataset.query;e.setAttribute("src",t.replace("ID",this.dataset.id)),e.setAttribute("frameborder","0"),e.setAttribute("allowfullscreen","1"),this.parentNode.replaceChild(e,this)}document.addEventListener("DOMContentLoaded",function(){var e,t,a=document.getElementsByClassName("rll-youtube-player");for(t=0;t<a.length;t++)e=document.createElement("div"),e.setAttribute("data-id",a[t].dataset.id),e.setAttribute("data-query", a[t].dataset.query),e.innerHTML=lazyLoadThumb(a[t].dataset.id),e.onclick=lazyLoadYoutubeIframe,a[t].appendChild(e)});</script> <script type="text/javascript">(function(){window['__CF$cv$params']={r:'63c5facfbc055b4d',m:'6d721a1ef31bf88249a6354e367f324a9ad5309d-1617827069-1800-AcF6ZYmikrgAOjxZxptJe9+zA1SlBh1K3i7wK0XDfUpBsX3WkmKHCh8VOUcQ1bpVjcAM63NYqFdJXymzTahxF03DOldHWRKUTQ/fuc6OOYfa+fmnIM6TQd3b9qBw4c9PAQ==',s:[0xef8fa34e4e,0x076a9a063a],}})();</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js" data-cf-beacon='{"rayId":"63c5facfbc055b4d","si":10,"version":"2021.4.0"}'></script> equals www.youtube.com (Youtube)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.facebook.com (Facebook)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.linkedin.com (Linkedin)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.twitter.com (Twitter)
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: (function(a){window.ShareLink=function(b,c){var d,e={},f=function(a){var b=a.substr(0,e.classPrefixLength);return b===e.classPrefix?a.substr(e.classPrefixLength):null},g=function(a){d.on("click",function(){h(a)})},h=function(a){var b="";if(e.width&&e.height){var c=screen.width/2-e.width/2,d=screen.height/2-e.height/2;b="toolbar=0,status=0,width="+e.width+",height="+e.height+",top="+d+",left="+c}var f=ShareLink.getNetworkLink(a,e),g=/^https?:\/\//.test(f),h=g?"":"_self";open(f,h,b)},i=function(){a.each(b.classList,function(){var a=f(this);if(a)return g(a),!1})},j=function(){a.extend(e,ShareLink.defaultSettings,c),["title","text"].forEach(function(a){e[a]=e[a].replace("#","")}),e.classPrefixLength=e.classPrefix.length},k=function(){d=a(b)};(function(){j(),k(),i()})()},ShareLink.networkTemplates={twitter:"https://twitter.com/intent/tweet?text={text}\x20{url}",pinterest:"https://www.pinterest.com/pin/create/button/?url={url}&media={image}",facebook:"https://www.facebook.com/sharer.php?u={url}",vk:"https://vkontakte.ru/share.php?url={url}&title={title}&description={text}&image={image}",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={text}&source={url}",odnoklassniki:"https://connect.ok.ru/offer?url={url}&title={title}&imageUrl={image}",tumblr:"https://tumblr.com/share/link?url={url}",google:"https://plus.google.com/share?url={url}",digg:"https://digg.com/submit?url={url}",reddit:"https://reddit.com/submit?url={url}&title={title}",stumbleupon:"https://www.stumbleupon.com/submit?url={url}",pocket:"https://getpocket.com/edit?url={url}",whatsapp:"https://api.whatsapp.com/send?text={title}\n{text}\n{url}",xing:"https://www.xing.com/app/user?op=share&url={url}",print:"javascript:print()",email:"mailto:?subject={title}&body={text}\n{url}",telegram:"https://telegram.me/share/url?url={url}&text={text}",skype:"https://web.skype.com/share?url={url}"},ShareLink.defaultSettings={title:"",text:"",image:"",url:location.href,classPrefix:"s_",width:640,height:480},ShareLink.getNetworkLink=function(a,b){var c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,c){return b[c]\|\|""});if("email"===a){if(-1<b.title.indexOf("&")\|\|-1<b.text.indexOf("&")){var d={text:b.text.replace(/&/g,"%26"),title:b.title.replace(/&/g,"%26"),url:b.url};c=ShareLink.networkTemplates[a].replace(/{([^}]+)}/g,function(a,b){return d[b]})}return c.indexOf("?subject=&body")&&(c=c.replace("subject=&","")),c}return c},a.fn.shareLink=function(b){return this.each(function(){a(this).data("shareLink",new ShareLink(this,b))})}})(jQuery); equals www.vkontakte.ru (VKontakte)

Source: unknown

DNS traffic detected: queries for: securepay.mysellful.com

Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://api.jqueryui.com/position/
Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: position.min-1.11.4[1].js.2.dr	String found in binary or memory: http://jqueryui.com
Source: swiper.min-5.3.6[1].js.2.dr	String found in binary or memory: http://swiperjs.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: ~DF2F964E65D10D0C53.TMP.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/new
Source: {4598208C-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/newRoot
Source: {4598208C-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/newas.mundosano.org/kcontrol-inti/con
Source: new[1].htm.3.dr	String found in binary or memory: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/
Source: {4598208C-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://cdn1.sellful.com/wp-content/cache/busting/google-tracking/ga-0a4e309b5f2d7439b4f8876b19f37fc
Source: U6298Q3Z.htm.2.dr	String found in binary or memory: https://cdn1.sellful.com/wp-content/plugins/wp-rocket/assets/js/lazyload/11.0.6/lazyload.min.js
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://elementor.com/?utm_source=wp-themes&utm_campaign=author-uri&utm_medium=wp-dash
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://elementor.com/hello-theme/?utm_source=wp-themes&utm_campaign=theme-uri&utm_medium=wp-dash
Source: v4-shims.min-3.1.1[1].js.2.dr	String found in binary or memory: https://fontawesome.com
Source: v4-shims.min-3.1.1[1].js.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrEzAdKQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBCc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgVxIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoDIOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoDISmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoJYOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoUoOmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojIWmb2Rl.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjovoSmb2Rl.woff)
Source: api[1].js.2.dr	String found in binary or memory: https://github.com/antoinevastel/picasso-like-canvas-fingerprinting
Source: dialog.min-4.8.1[1].js.2.dr	String found in binary or memory: https://github.com/kobizz/dialogs-manager/blob/master/LICENSE.txt
Source: U6298Q3Z.htm.2.dr	String found in binary or memory: https://i.ytimg.com/vi/ID/hqdefault.jpg
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: {3F4FD36D-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://securepay.myse
Source: {3F4FD36D-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF48E2D4C07F892642.TMP.1.dr	String found in binary or memory: https://securepay.mysellful.com/
Source: {3F4FD36D-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://securepay.mysellful.com/Root
Source: {3F4FD36D-97DF-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://securepay.mysellful.com/b
Source: U6298Q3Z.htm.2.dr	String found in binary or memory: https://static.cloudflareinsights.com/beacon.min.js
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: https://twitter.com/intent/tweet?text=
Source: ccaf1bb7df93920b7090e89ad7f87719[1].css.2.dr	String found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.html
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: share-link.min-3.1.1[1].js.2.dr	String found in binary or memory: https://www.pinterest.com/pin/create/button/?url=
Source: U6298Q3Z.htm.2.dr	String found in binary or memory: https://www.youtube.com/embed/ID?autoplay=1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.213:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.155:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.143.155:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.11.161:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.4:49764 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@5/61@10/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F4FD36B-97DF-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF10431885DFDCFCE2.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2896 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2896 CREDAT:82952 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2896 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2896 CREDAT:82952 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	383546
Product:	CloudBasic
Start time:	22:23:40
Start date:	07.04.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F4FD36B-97DF-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	1705FA8D0F76424BF7570B9EB8E93399	D9C93F1094A487007686DC058A51F7029C8CC64B	AA915D91FB6B80A75BC7235A938F35931E8F445DE60B3DCC45102563FA3A3C7E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F4FD36D-97DF-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	44C08EA2058A0FAB0054A5F73125A6CE	BB7EC1CB40DF277FB8532BC97C942C515921CE8E	FB2F62601F6E2DE6D7DCE81430921C5564CE45314891800E8BB83A2F94BCD570
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4598208A-97DF-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	FA013102A7C1AA24578530555AE99AB1	3B1521F963C912B6CFC68335B0F0370507019F5B	1520BA102CE75A342795050F21FB3894BC141C9F79FB944DCF5EE34FFAF4923D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4598208C-97DF-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	60C3A822130BEB863EE8FA2F94365E11	9D64549483C1CD5CB3E9239599903273CE811E74	71832076E9DA208755F7208DA2C8A28859CE7169598B98D63B070C86E793C304
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4DC0AAB8-97DF-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	9CB3DAB088C474AAE4C431E74FD74CC0	C7B74011FC2C3B8AE0E6749279063C95577493DB	0203D4B2D3961D921ECA50DABB59991EECE84F1559F017963C15C318127FD3B8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\U6298Q3Z.htm	HTML document, ASCII text, with very long lines	381A1D9BDE24A86DFE3A688B19419D47	3BB4455607ED196922D7945425871E0B5BFD20AE	A9C8184CF202C16DD0DE549F8E42E8CCA8B0410ACDF94C7CAB2F1A824AECB5F3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\admin-ajax[1].htm	very short file (no magic)	C4CA4238A0B923820DCC509A6F75849B	356A192B7913B04C54574D18C28D46E6395428AB	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\c6561660-new-remittance-785x800[1].png	PNG image data, 785 x 800, 8-bit/color RGB, non-interlaced	F3ABDCA15BFA18336CFC35F883491739	335C15AA3E10703589CE0CF0F64A9A373120F235	67DFDFB4D1A369156EB7F956AE26B1FCE3634AC737DCEEFF5DAD5DAEDB0CE6BC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\css[1].css	ASCII text	4CFC4658F748E1FC67D2EA27F9B3692F	82C520D112F48E337E99DF00067BFAA75D0F9CA2	ABC5A61E85F95E54C925FE9589099AD680912480E7C97052AF0496CBC6D111B8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\frontend-modules.min-3.1.1[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	2AA14A960A066B954DFACB7CE9B6D192	525BBDDC67ADDA7E9B1960FF5AAC621922ABDEB3	DEA0AD73F4973782017880F1DCE0AF21A946D0E21A07DF4C5B98ECED5EBB40B1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ga-0a4e309b5f2d7439b4f8876b19f37fc7[1].js	ASCII text, with very long lines	0A4E309B5F2D7439B4F8876B19F37FC7	7AC30F933A2B889EDBE5D3449F4EC90049B0E2A9	F79723478F4C48501CD49AC52B81D6244A6562B9D3F08CE8AB208A8B8878D4C4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jet-blocks.min-1.2.4[1].js	ASCII text, with very long lines, with no line terminators	A4F2716EEDDAAB1AB3F91DF8A53743BD	864F3205952350B27668E1FBEB300173FA1BFD9F	42123FA141C9B3B24EA7AFA9028E5407324018F168CB68CA04FA46D51180E89F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jet-elements.min-2.5.5[1].js	ASCII text, with very long lines, with no line terminators	AA0D6562E66188D42D8B4EB243D5AEAE	269ED4B11B57DB0B520CEA0F5895EAABF778F022	56DD17B91E80F419356B9519459F99E939F846BAB801BE32A15719293131DE4C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jet-tricks-frontend-1.2.12[1].js	ASCII text	61EE94A46DB07B5D0ADDD2F1CB20AF10	513E714A9FA59ACBBE436EA70EAE7EC8DD5B87C1	340CB3133FD2998435B655096B9DDFC1F24DB65D66F296A7369643C4256273B9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\lazyload.min[1].js	ASCII text, with very long lines	B906C7B5D31EFDE9C615DE31CF4C089C	721540E4BABC25B6F245B92AEEF70E993E408D80	FD9B21475370627E77A6988F76C0BF93A005F9E66C4F2E9FD62E5C2DE5976DC9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\preloaded-elements-handlers.min-3.1.1[1].js	ASCII text, with very long lines	ED8DE4F9A94259E5BC6E81D7857C76E4	0F9330D1551934BF28E3AFC4BD63366DF88E9CA7	420AD608FCB00C75B037C32408D72FABD863EB70B707A36F93DD00F4BDA513E9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\waypoints.min-4.0.2[1].js	ASCII text, with very long lines, with no line terminators	3819C3569DA71DAEC283A75483735F7E	ECD40A5CC6F0B76200C454CA880210DC301CFAB8	214674CC77ABA35AB3567B88E2739FD08E8E96C61D279559AD61874069683EA0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOjCnqEu92Fr1Mu51TLBCc6CsI[1].woff	Web Open Font Format, TrueType, length 22360, version 1.1	C2E42D1EAC2DE2B58A2358686E6ED73C	24760369053031DF1F2BE831E067E3D9E37F0B3A	B31B421BAFE532F6B6BDBB6F680FB11BD3968F23C7FE09A29B1A22F4C8DD2A7E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woff	Web Open Font Format, TrueType, length 22280, version 1.1	6E949B62AF2E8B6F705E35EE4DBC17F4	31BC06C0C932EC0176F42C6864C58D7450BBF97E	917A5159BE44DE9A82072F6A1C52EF645844D6BEDF42F8FD1549CD99D6DB2CC5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOjCnqEu92Fr1Mu51TzBic6CsI[1].woff	Web Open Font Format, TrueType, length 21656, version 1.1	147F4E11CE73A22AAC9C6C2822290953	EEFEA89A9C36F8B1A7CA99372A7E0E05C92EADD6	A22585CFD64238EF14B1B383B5B9A8BAD7C89E354C09FC0886067E876687A38C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOkCnqEu92Fr1MmgVxIIzQ[1].woff	Web Open Font Format, TrueType, length 20424, version 1.1	04B7FD97F88B82DCCCE5EC446CCC29E6	9A3C1CE2EAB659A91AF7016570287428CC82C458	A38AD0B609E4D2039D18B0F9DC89E9060F2E2E05F2F42764A6A93354346A6C37
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 20332, version 1.1	DC3E086FC0C5ADDC09702E111D2ADB42	B1138B84FF19EAC5F43C4202297529D389BD09B7	EA50AC7FDDB61A5CE248A7F8B3A31A98FE16285E076B16E6DA6B4E10910724BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\api[1].js	UTF-8 Unicode text, with very long lines	6C6281C15CBC981BC05942BAC40BCD7E	6015D314D852ECC0C0158731D8E06724805E38E5	0D3118E306C6A26F1D2EFCB698984E6922C5E7E155C94A84760E36E5592A3C11
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\beacon.min[1].js	ASCII text, with very long lines, with no line terminators	804ABD1958381D65E3CCA67900F5870A	189DDFE1F0676B31D120D9D0CC5BCB84B27555A7	5202075998311DCAB7A8020419AC0009F951D88C5D40696612D440857828FFD8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\css[1].css	ASCII text, with very long lines, with CRLF line terminators	63DF83784CADD3A339B776520600C21A	69BB829612F3E3CB2F521323945C9284A2B0DCDE	2EE69AEF3AFB10B368BDE9FEA7E97CC75C030C890E3D2B8DC4AD19D498234DBF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\dialog.min-4.8.1[1].js	ASCII text, with very long lines	58BAF0F238D7AFC7AB926B8D51E5B559	8515E5F578269E29C048450F78C107935D325DFF	2989E0B9E836CB9DE3274D641EC6A58C2052F039E790DDD59B22303930BFDEEB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jet-blog.min-2.2.9[1].js	ASCII text, with very long lines, with no line terminators	BDB89C23157E96CE0A6978293CE0EBFA	B4D7C5D9FAE848643FB9B283D424626A71D50D01	047370A77F43B356CC417AFAF4B959E9B2C47F7DCFF73271A99EFAC3F25E665C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\logo[1].png	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced	EF884BDEDEF280DF97A4C5604058D8DB	6F04244B51AD2409659E267D308B97E09CE9062B	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\s[1].htm	HTML document, ASCII text, with very long lines, with CRLF line terminators	474A9980C4D204E7D4B593832B226BEA	DBDB72D920A55C1AB76FDA122271C9986C8F9389	163589FCFF3F5D67836D8DF3EC13D11E561E93C25B9679D3BA92B98F9D34EABF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\webpack.runtime.min-3.1.1[1].js	ASCII text, with very long lines	7423529C58B1A1BF4EE735F7AFBB59BD	52D72A236F4925E5BD2C0A173A03C7CA8A92BBA8	E9286A9B5C5047627AFB876EBE1C90933EE1C438164D529D01D80C4636C4B405
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOiCnqEu92Fr1Mu51QrEzAdKQ[1].woff	Web Open Font Format, TrueType, length 21776, version 1.1	E21019768EE6D334593AA1EBCA028ACF	DFE80B4CB13F47ECED9236E33AB360DB41711B0C	75D75439F2A7EA1851A3E5B621320B9DFA1399861D2EC6D443A3C2919B93AFB7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff	Web Open Font Format, TrueType, length 22080, version 1.1	FA8878D8872A2AC4BEB377CDAE15566A	34EE72B0E553C3EFA41A7E0DF4EB710596469A10	8411023A027610AEB3DC333438E12A17222163AE78817C5395DA04548ED30150
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff	Web Open Font Format, TrueType, length 22036, version 1.1	522AECAD450B10CE647739BC8D9AA1C6	6C3528F1BDD5B980F41BDCD1D9FCD812FE0C6D61	2B5FB1F0EE063320196A64157AE9A949BB4656BC48604914175F1EDA636DCE07
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff	Web Open Font Format, TrueType, length 20532, version 1.1	DA2721C68B4BC80DB8D4C404F76B118C	3A32E8B7EFBC9DFB52F024D657B8C8C0A80E5804	BD811625271ACCA47F7DAC48B460F13E08EE947B2A8E17E278C4D5CCB5D9323C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff	Web Open Font Format, TrueType, length 20404, version 1.1	BF0F407102FAF3A0B521D3B545F547A5	CA357CD0DE5DD0242E8EFACFB8D24AB60FDC86AB	855A06974032BB69157D469ABA6F63440E8BE47C421F45C3F396F4E0B87B6DE8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff	Web Open Font Format, TrueType, length 20396, version 1.1	68D6DABFE54E245E7D5D5C16C3C4B1A9	7FDAB895EAEBECEDB3FB5473EAB94A1B292CEF19	A01A632E56731A854F35701AA8C3A6A19A113290D9032FF9048F8064C45383BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmYUtfBBc-[1].woff	Web Open Font Format, TrueType, length 20412, version 1.1	64BBA9C4E8156C152050C657E9D24BF1	90ECF87091FAABE7BC0FF54A43828FA4DD483278	D33864E01E5103EBE439732BB606E694C73B6851F24DA25D41901EB17CB5D98E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jet-tabs-frontend.min-1.1.7[1].js	ASCII text, with very long lines, with no line terminators	1A3B3BDF021E39D1CEB582804793620B	823A875AA14387C45DA64842E8E883EC1F50069F	8F66B0245A0249DF24108EECA809057C74121739DEA7F8A4FB35AE0B1180E41A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\position.min-1.11.4[1].js	ASCII text, with very long lines	1C4A13EDEC1958817E83433AEAA42F62	851D4F36AC29A54F9AEB865E4772E10B941252D3	49AF6B83569C5E8C707E93884D9BA619B402F0A115925951301E2E3C844F0AD8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\share-link.min-3.1.1[1].js	ASCII text, with very long lines	9BB8540493A7FE11B229870EB37BE165	D77F17CB9057DC8F622B8C0BF23F6ACB739B3B8E	4A7EE62EB33F3BBB66C2151E5CAC6BF4904E28302EFC36128F3E3CCAE6FDE580
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\wu-visit-counter.min[1].js	ASCII text, with very long lines, with no line terminators	BD2D3003A2FF56FFE8D773738166C4E8	038E00D4CC39EC3B07034BDE7D183488A327D93D	E0D101D1C3EAA67495D8A04D1D4A2D84B02B44CE6C9B060C323A5534CD83D59C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ccaf1bb7df93920b7090e89ad7f87719[1].css	UTF-8 Unicode text, with very long lines	94547D32CD5E7AFFFDF394055C5C767D	10E65A16AD492DFEF08374373BCAED3559159D61	3BFA9CA8A9F68321B95EABB8E2401C2725C76E967A9C2A560C4C2014C351DA11
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[1].css	ASCII text	775906B0B3B1AB6C28A494E1C39BAD70	EA02161815087057FAAD5AD45C8AFC53A3C5E4AD	1A8242357B58770FCA34F6B86921FF5BAFB8C0F536891E7A86A04451350A544C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\frontend.min-3.0.5[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	64A17E19546A8EAEB7449982967CFA69	B777FF3056A8DD8C79F93C0125F21EC3909C9802	65115988F62E8284EBC9BBD735C7DE493F47ED8EA5A266FDDB4C86D4997472FB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\frontend.min-3.1.1[1].js	ASCII text, with very long lines	DCE958AFB428DD3DC78F203EF99BAE42	36EC6A22853E4212CFA7D150E9486200C943FE63	26D2072B425A61E1ED81ED2B3F254888531E62060C7C4B3C788FFB925A8C864E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\gtm-479609c18ecd923ecdd3ed096cb1cd91[1].js	ASCII text, with very long lines	7EDF89BCE763DAE748007CC1141380D7	C60F42B0D042E5D3A07A2EBA19C2ADCC1963DB3F	F823A747AEE70B21C44208FC0B5413A7512557E5188A2AA64529241A5B4C4E4E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery-1.12.4-wp[1].js	ASCII text, with very long lines	49EDCCEA2E7BA985CADC9BA0531CBED1	F8747F8EE704D9AF31D0950015E01D3F9635B070	1DB21D816296E6939BA1F42962496E4134AE2B0081E26970864C40C6D02BB1DF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery-migrate.min-1.4.1[1].js	ASCII text, with very long lines	7121994EEC5320FBE6586463BF9651C2	90532AFF6D4121954254CDF04994D834F7EC169B	48EB8B500AE6A38617B5738D2B3FAEC481922A7782246E31D2755C034A45CD5D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery.sticky.min-3.0.5[1].js	ASCII text, with very long lines, with no line terminators	E16A8821E5F099C3A619889EA7CF0399	A38E0C736AAF0B019B29B63B00E68C1381502217	A48DEA362116D7516A2CF97066A32758D353760EE02DBF900DDFF86B02A16473
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\new[1].htm	HTML document, ASCII text	0E241B8D33B2AE011B112941747BA154	1F027D10066871A789A960053D74B17B81843920	2F3D726E8D6811D028A298E3BF49D01FBC0D12AD6D91993EE16CA5BDEC111295
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\pdf[1].png	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	F1E3F187F7C23FA8D1555004F3800356	E71E52A142E754399AE39EF38584789B66E9EA00	DB307FCEF7F95139689007D7A623B340EC21282BD421C4E4B2BA09078F230545
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\s[1].htm	HTML document, ASCII text, with very long lines, with CRLF line terminators	474A9980C4D204E7D4B593832B226BEA	DBDB72D920A55C1AB76FDA122271C9986C8F9389	163589FCFF3F5D67836D8DF3EC13D11E561E93C25B9679D3BA92B98F9D34EABF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\swiper.min-5.3.6[1].js	ASCII text, with very long lines	15BB2B8491FC7E84137D65F610E1685A	CD76B70A5426893E9C022B9A75C50A7C1348E2D0	B23F49F504FAA32AAC548B6662FFD64412F6738496FAB8BE38DA46C5B7121804
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\v4-shims.min-3.1.1[1].js	ASCII text, with very long lines	7A5DEA0A705CC2F4CD87DBAAA6666BC6	678BC6F750F13ADB29BBC158EB0D9CD813B736FA	97CF1307C16A437B77B5F7F5C9BC0B985D0745A14BE5A279019ACA5A3432E264
C:\Users\user\AppData\Local\Temp\dat2AC1.tmp	Web Open Font Format, TrueType, length 2532, version 2.24904	10600F6B3D9C9BE2D2B2CE58D2C6508B	421CA4369738433E33348785FE776A0C839605D5	29B7A9358ABDC68C51DB5A5AF4A4F4E2E041A67527ADEE2366B1F84F116FE9A5
C:\Users\user\AppData\Local\Temp\datE3F4.tmp	Web Open Font Format, TrueType, length 2532, version 2.24904	10600F6B3D9C9BE2D2B2CE58D2C6508B	421CA4369738433E33348785FE776A0C839605D5	29B7A9358ABDC68C51DB5A5AF4A4F4E2E041A67527ADEE2366B1F84F116FE9A5
C:\Users\user\AppData\Local\Temp\~DF10431885DFDCFCE2.TMP	data	C8B1350854105637B45F54178C6ACF9A	851EB38AD0D13CC6FC552A12BCA7959C90906286	1B2B8DA4D3882B4F41263E006102325CF07B51F120C411E3B4C39CCCC1767BF6
C:\Users\user\AppData\Local\Temp\~DF2F964E65D10D0C53.TMP	data	1AE561A298614F097789A1BD7C31A132	9FAC00B0E10B993F8A66EE8D9CF8F2231F6CFB44	2C6970B203EC530148ED8CDD9CA1842BDBC267FA8C698430454AFB6A177B26A2
C:\Users\user\AppData\Local\Temp\~DF4285359F45B414EE.TMP	data	C98693E68ED5FBE3822095BF4CD04475	864046C71A0B16C94F54A81F71E0BEF6D228600E	E1138B672D70E7B77391B392310AB061FDF8E79D2A11468A5E6BF03F1C8E228E
C:\Users\user\AppData\Local\Temp\~DF48E2D4C07F892642.TMP	data	34D0AC4F2AC17A3EB7F61C400078BBF3	CEA54C707752DAA74488E6029EBD92F72CCDE3E2	E668C3034695C6B1F43E8577DA0DB38F54BDA9763E4146D335148C967CB272BF
C:\Users\user\AppData\Local\Temp\~DF97F175772E8E507A.TMP	data	2BF3721D69D0CC39C77DA148214A7C20	0EC756EBE84ACFA8BCBC7DEE1DCC0C1984B767B8	C5720BD71AB4B7A2BC5F4DA9EE78E7CFAACFDA9C23AE6EB9B9372D973FD1F8F4

Analysis Report https://securepay.mysellful.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs