Analysis Report http://msoffice506.weebly.com

Overview

General Information

Sample URL:	http://msoffice506.weebly.com
Analysis ID:	383629
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML title does not match URL

Suspicious form URL found

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: http://msoffice506.weebly.com

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://msoffice506.weebly.com/

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish10

Source: Yara match

File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\J3GPWO06.htm, type: DROPPED

HTML body contains low number of good links

Source: https://msoffice506.weebly.com/	HTTP Parser: Number of links: 0
Source: https://msoffice506.weebly.com/	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://msoffice506.weebly.com/	HTTP Parser: Title: Sign in to your microsoft does not match URL
Source: https://msoffice506.weebly.com/	HTTP Parser: Title: Sign in to your microsoft does not match URL

Suspicious form URL found

Source: https://msoffice506.weebly.com/	HTTP Parser: Form action: https://msoffice506.weebly.com/ajax/apps/formSubmitAjax.php
Source: https://msoffice506.weebly.com/	HTTP Parser: Form action: https://msoffice506.weebly.com/ajax/apps/formSubmitAjax.php

Source: https://msoffice506.weebly.com/	HTTP Parser: No <meta name="author".. found
Source: https://msoffice506.weebly.com/	HTTP Parser: No <meta name="author".. found

Source: https://msoffice506.weebly.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://msoffice506.weebly.com/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49683 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49684 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49685 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49686 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49688 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49687 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 44.241.55.43:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 44.241.55.43:443 -> 192.168.2.3:49709 version: TLS 1.2

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: msoffice506.weebly.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: msoffice506.weebly.com

Source: plugins[1].js.2.dr	String found in binary or memory: http://hammerjs.github.io/
Source: jquery.revealer[1].js.2.dr, jquery.trend[1].js.2.dr	String found in binary or memory: http://pixelunion.net
Source: arrow-light[1].svg.2.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: ga[1].js.2.dr	String found in binary or memory: http://www.google-analytics.com
Source: J3GPWO06.htm.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Source: MutationObserver[1].js.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=85161
Source: MutationObserver[1].js.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=749920
Source: footerSignup[1].js.2.dr	String found in binary or memory: https://cdn2.editmysite.com/js/
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lM.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaHUlM.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTDH52aE0lM.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTDH52aHUlM.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBKXvYC6trAT7RQNNK2EG7SIwPWMNlCV3lGb7U.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBKXvYC6trAT7RQNNK2EG7SIwPWMNmlUHlGb7U.woff)
Source: css[3].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs169vsUhiYw.woff)
Source: css[3].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUhiYw.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUZiYw.woff)
Source: css[3].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUhiYw.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrlnANW6Cp8.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrmAB9W6Cp8.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_Of2_ROW-.woff)
Source: MutationObserver[1].js.2.dr	String found in binary or memory: https://gist.github.com/megawac/8201012
Source: MutationObserver[1].js.2.dr	String found in binary or memory: https://gist.github.com/megawac/8355978
Source: MutationObserver[1].js.2.dr	String found in binary or memory: https://github.com/WebKit/webkit/blob/master/Source/WebCore/dom/MutationObserver.cpp
Source: MutationObserver[1].js.2.dr	String found in binary or memory: https://github.com/megawac/MutationObserver.js
Source: ~DF319CEFDB770DE62E.TMP.1.dr, J3GPWO06.htm.2.dr	String found in binary or memory: https://msoffice506.weebly.com/
Source: msoffice506.weebly[1].xml.2.dr	String found in binary or memory: https://msoffice506.weebly.com/"
Source: ~DF319CEFDB770DE62E.TMP.1.dr	String found in binary or memory: https://msoffice506.weebly.com/2Sign
Source: {FDCCFF1C-9856-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://msoffice506.weebly.com/Root
Source: imagestore.dat.2.dr	String found in binary or memory: https://msoffice506.weebly.com/favicon.ico
Source: J3GPWO06.htm.2.dr	String found in binary or memory: https://msoffice506.weebly.com/uploads/1/3/6/6/136605011/hhhjfhdhjfhfjkvv-ll_orig.png
Source: J3GPWO06.htm.2.dr	String found in binary or memory: https://msoffice506.weebly.com/uploads/1/3/6/6/136605011/hjfhhjf_orig.png
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: ga[1].js.2.dr	String found in binary or memory: https://ssl.google-analytics.com
Source: ga[1].js.2.dr	String found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
Source: ga[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect?
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: plugins[1].js.2.dr	String found in binary or memory: https://twitter.com/jacobrossi/status/480596438489890816
Source: ga[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences?
Source: ga[1].js.2.dr	String found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: J3GPWO06.htm.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: recaptcha__en[1].js.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js
Source: J3GPWO06.htm.2.dr	String found in binary or memory: https://www.weebly.com/signup?utm_source=internal&utm_medium=footer

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49685
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49683
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708

Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49683 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49684 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49685 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49686 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49688 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49687 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 44.241.55.43:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 44.241.55.43:443 -> 192.168.2.3:49709 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@3/47@4/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF4850F0FA0D4B6F93.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5636 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5636 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.1.46	weebly.map.fastly.net	United States	54113	FASTLYUS	false
44.241.55.43	sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
199.34.228.54	pages-wildcard.weebly.com	United States	27647	WEEBLYUS	false

Contacted Domains

Name	IP	Active
pages-wildcard.weebly.com	199.34.228.54	true
sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com	44.241.55.43	true
weebly.map.fastly.net	151.101.1.46	true
msoffice506.weebly.com	unknown	unknown
ec.editmysite.com	unknown	unknown
cdn2.editmysite.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://msoffice506.weebly.com/	false	SlashNext: Fake Login Page type: Phishing & Social Engineering	high
http://msoffice506.weebly.com/	false		high

ID:	383629
Product:	CloudBasic
Start time:	03:40:50
Start date:	08.04.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\GJKVX0LQ\msoffice506.weebly[1].xml	ASCII text, with very long lines, with no line terminators	AA533694C167B5FBE655C15A8509BAED	0981D0666C11447C1F2BA0EEA76D3F557264BA17	C709FD54F655A7E6F3A8126E27707FF8942CE602FD05C48537A1D9090D413AA0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FDCCFF1A-9856-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	A8BB57AC92AE7E02F653D422DDD23149	16BA470CE858AEB83ACC4030C35FE142FF21CABF	871976AC8B2DB7A090EF95C4F8E2D27F8E50A2BD4B8B04B9A592C3A268CCC5B5
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{03FC83BC-9857-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	55A81C4E8C3871C180FFB00310B3B101	3DB62B787B75FCDC2F1BEACA783C68C9DF207F19	D71D746E2944A3E3527EC318E662E3EF3B6AA2807341E8960911D274E2394D49
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FDCCFF1C-9856-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	B55E5E6798E6A11440C2E21E00C19A6A	B458AC9D941A54E0301F5101D4CA3D079566676A	FAC2D3CE86BEE1683A395ABF6C8482882BFD466CA43F5AF3DBAC514EFE07E6AC
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	BE11A8D505DB2F42E25F97D4DC986B14	7E09368EF553A20E93DA6CA442A3068DEEA5C530	733761DAF93978E822BDCF0DF45412A357F6E461A27021CA5251DDDD016DB3FF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_Of2_ROW-[1].woff	Web Open Font Format, TrueType, length 15236, version 1.1	9D793A8D492EE02DF891E473D9267325	90F7C3665DAD15564CBB01EF5B31BB909EE517CA	8545FDDD567039B81C7224949B5D930212762BF7B93124EB86905D6F8B5299A2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	4D27526198AC873CCEC96935198E0FB9	B98D8B73AD6A0F7477C3397561B4AAB37BF262AA	40A2146151863BCF46C786D596E81A308D1B0D26D74635BE441E92656F29B1B4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\footerSignup[1].js	ASCII text, with very long lines, with no line terminators	40B81B2D52BA9D2E2C64C31FF6A24CD7	6B5689250661646ECBB841F2475F1556A113373C	E06BACA13F25DF9C7D684FC1B1FDFBBBB95070A1D5A9CD648632DA7BCCC90B96
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hhhjfhdhjfhfjkvv-ll_orig[1].png	PNG image data, 433 x 65, 8-bit/color RGBA, non-interlaced	D42D52955A1117E9A4D83B654328DDBC	3D7F9A203486324B2E867E29FACA20C49F483AF3	12E8BCC7E3095A83875C054E1B5C0A12C4FD848745468F6439EFE795582BABD8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\main_style[1].css	assembler source, ASCII text, with very long lines	CF47EFCD84C5A866905BF2562552382E	82C0CE8AA978B09F94DFD974C603504B732326D4	937F0EBCA1624BEF3B52099244BF5AEEDF541469379DB32DCA5B1B6AD9351118
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\plugins[1].js	ASCII text	2B8D85F1EA01D2C3E8B962EAC8D76A5C	936987A7E08DAA4A916C77D86937EDEE42D657DA	B6353CA52760ABA4E7547AE9861DB68158DC2AF0F4FEBECE55E5C775EE4449F5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lM[1].woff	Web Open Font Format, TrueType, length 14260, version 1.1	6EE84F63EF54DC2F82EAC18A81E18503	D2FE4F772BE85D76D50A4B6308FB2660879EC215	1803E8587D79FB3755BE85803B10D2A642B67E7F547E75654B919F598AEC9461
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\qkBIXvYC6trAT55ZBi1ueQVIjQTDH52aE0lM[1].woff	Web Open Font Format, TrueType, length 14336, version 1.1	B2CD4A140A2B39890DC726B9F96E4DE1	D0C6ACC7E507FDA049AE4A4FA7EF1E65C36AB94D	78A5EB7E60B53AE1A8D9627BA251E8A8E281CC2ED955153A59A87CF7AC181C48
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sites[1].css	ASCII text, with very long lines	9B0CEA89EFE53D91D78D11FFD47932D9	4923AB33295645E85508386F7B6B884BA671C25A	004224D90390C7CD683C2B1911C8FF02DA3C2F1DD84DB133333F3D704ADB7355
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\snowday262[1].js	ASCII text, with very long lines	99BBE560926E583B8E99036251DEB783	8D81B73AE06F664F9D9E53DD5829A799BF434491	648E766BF519673F9A90CC336CBECEDE80DCBE3419B43D36ECBB25D88F5584A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\MutationObserver[1].js	ASCII text	E52201E96AF18DD02C85EB627C843491	5BCDD1480B9BEBCDDB0D82083BDF03A7435D59A1	397452D9F6A2EA6A2135B45C9E40139C68AC6661F3BAB4413E7299586CCB408A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\api[1].js	ASCII text, with very long lines, with no line terminators	D7734620B0481E6B18FD96A7656AE73A	EF2B44C41FAD07AAD5BAA67C73AA30ACB418B9C6	2717DCC1DDD778F68223461EBD53610370E7617B6C74366BFC16A1E6E979CC58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\arrow-light[1].svg	SVG Scalable Vector Graphics image	552EB2E04260FC0733E5633D15C6AEAA	0A9EFCC3B0EBABB23A49A00061FD8200EDED1613	705FF3240DE004523FF9D628B28AAD705AD3F0CEB046312495265A4042C67570
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css	ASCII text	4B7CC2B62FE3A473AF48EE3B40BC4C5A	8C0C6FD93B8DFA0E5B3397936FACCCD21CB8478B	E59592D5CAE8BAF1D26083E8528BE34313750F6E6A2F2944B30337F8DA4C0C0E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[2].css	ASCII text	9202A5CB055AAECEA2C5608666B12A82	545D521A3D4A63D3F96E124392285D226AE4E712	91BD47DF90E8B247DCB60360173C75BE1E825833B9454A6D35E5D8E6652B3C59
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[3].css	ASCII text	936289D85DFC0C483C7FACBB4B5B4EF0	DE79428618D76536C0D021BC05778B9D971E9AC2	089131070F90020BE376087C2AC2117A96057BFF81E87C3376202BF5E406C92D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ga[1].js	ASCII text, with very long lines	E9372F0EBBCF71F851E3D321EF2A8E5A	2C7D19D1AF7D97085C977D1B69DCB8B84483D87C	1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery.min[1].js	ASCII text, with very long lines	3576A6E73C9DCCDBBC4A2CF8FF544AD7	06E872300088B9BA8A08427D28ED0EFCDF9C6FF5	61C6CAEBD23921741FB5FFE6603F16634FCA9840C2BF56AC8201E9264D6DACCF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main-customer-accounts-site[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	C9BBAAF891F7586E986B0D62704AC0C2	7BDB0B3EE4653276A286E0E2A9475EF244A9D9A3	0BB9086A171438BC18C4F6EC5440D36F2F5EAF3664B086A3DCE24C7FF58EC375
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrlnANW6Cp8[1].woff	Web Open Font Format, TrueType, length 16816, version 1.1	A1CC60361C99F033672F308F0398A6D0	7744101997EAA0C3A8A8CDBA518780FFAE662FA4	6B7ECCAF20B191C69B769802BD09D73DE2D8133168C94EF482F6B0015946601A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrmAB9W6Cp8[1].woff	Web Open Font Format, TrueType, length 16904, version 1.1	4F6A4879558CA07BF08F179B3C82B587	8543507404E4A03F5B5423497F7A5354E2F5CF39	84C8F09BDEEF4788E949A78C576CED2BE9578CE238FB405D7CAFB03F4484D08B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW-[1].woff	Web Open Font Format, TrueType, length 15160, version 1.1	0F03F6F8FEDFDF7B895F8E633A76A511	3F1BDD2CB69992C6CBF901C013C80302F4F6D54E	2DFC0E868CF7AE3A57FC6C7B5C87B0D5685EBF64548430AB41DE99904B01D9B6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fancybox[1].css	ASCII text, with very long lines	1DCEBBB5A1EB8B028310CEEB72A339B3	E254B7A35AC189FD1CE9CF8BD78593BEBFE27D7D	865CB87DE9FC4D6530EDCE21F0103107ABAE6ABE45CABDFF2AD9AF067B3D8E0A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\free-footer-v3[1].css	ASCII text, with very long lines	B09E83D2AEAC55C0D3B67186CD5009FF	FA87CEC84CC36FC2E70804867DA24578EA331999	251A983A1B4B2CC76542AA398AE6B3499978A788860B54A8081D35D7A843303C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery.pxuMenu[1].js	HTML document, ASCII text	AC373D716AFE4270DF40F60417B0F418	ABA148148C771BB66B0B4AEAB6EAC8EB40352745	F75570C56743E8C705CB06F5F1F9B1F8F2CC13119F5E2ACDA2F3BB8D987DE94A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery.revealer[1].js	ASCII text	C22AB67199A33D876512504CDA4FF55B	36E96EAE4644B6028532974FE5186A072792CB37	C4CD233D3D6B0F184E99D5017E521B4C6F9106D3E546864A8BA516189B934311
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\recaptcha__en[1].js	ASCII text, with very long lines	990A78DDC8D4AF00B815B22B9FE6969B	2290719554831087C0F44ADD516F80164F76F929	EC361BCE3349B6CBB5E414DF65C58151BF4AD12078C6FC15FFD9DFFCFBFA92D6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\social-icons[1].css	ASCII text, with very long lines	4A1BD7B9E8CEF7B84F832DD3420F184D	683A7742F6F80724CE46D8E60F0C0EE70C497B43	946BEE26321BCE9FBED11A73E4B9B1F3E68249D88890FB2C8FCC96190F620DBA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\J3GPWO06.htm	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators	308B5AC086FDA521FC76DE21B6161B93	F7AF314C513A27F821755CDA53FC8FFB7BDA0F47	5455B265B89D75207710DC2D451F5243148AC5772B564E455035184E1F6EAF41
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\custom-1[1].js	ASCII text	214DDE43CEBF15418CDCC76F9677EE46	6E93ACEBFA271D3FCE9626034D03F942D3B628A8	CFBF67A85C039719090CFF2C4718DE99203B1CED78CFB8FAE5F7240D2F1570B7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\footer-toast-published-image-1[1].png	PNG image data, 199 x 97, 8-bit colormap, non-interlaced	6E0F7AD31BF187E0D88FC5787573BA71	14E8B85CC32A01C8901E4AC0160582D29A45E9E6	580EF6409E067A4EC4A427400C7D6216184869E2DA53343DF20753CC1F8A46CD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\hjfhhjf_orig[1].png	PNG image data, 905 x 141, 8-bit/color RGBA, non-interlaced	224A23F96BF556392B4C1F120A74ED88	B0097C5A161F480803C5841E5EE780730FA25B80	9702A85CC3200BE40501D8A421BD7EED64E8484D1178C2DE1A9B8463BCE747A5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery.trend[1].js	ASCII text	4BECCEBE0A060B2B2C43DE5C2D4512EF	250A779DD017877B9F360B264CF072D9E87974FF	446F48F512ECC0B771AF3C21A3036DE3A1C5740D1E6BDBB61448834326D0C738
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\main[1].js	ASCII text, with very long lines	09D4CB03BE0267ECBEB4AE8DDD487B62	109EB8B9389CA7CE01DC4E2359202499FFC40CFE	19B90311DBAD1482704DC6F2FBADA9D7511050FA296C5205CD8AB5D0D7F7CAC6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaHUlM[1].woff	Web Open Font Format, TrueType, length 16836, version 1.1	06D6D35949A50C1BF5422AA4D0673375	C69691EA2AC85EE808436FC94D3D50B48BD701D2	6023B778EBBF9E20115974FBDEC5780D569829D3C3ED6229EE408A804F17D8C6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\qkBIXvYC6trAT55ZBi1ueQVIjQTDH52aHUlM[1].woff	Web Open Font Format, TrueType, length 16908, version 1.1	ACC86FB2D8D0E9EE4E358D53DC9BFBB9	693BF5A230867D4258A6135E879A755F33CD92CE	E321BC5A23D86675146B809421106E0EB21A1E374E6D1141FAA7C3386B5BD9D8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\qkBKXvYC6trAT7RQNNK2EG7SIwPWMNlCV3lGb7U[1].woff	Web Open Font Format, TrueType, length 17380, version 1.1	47242894FDCE6238F8C9A86F1253BF8E	EB47032AF64B6735C115B6CEC9D296EA650BBFE9	2B0C28A0FA7CD0B83ACEB02E12D8607BF045C4B06D734C06BC0D4F5F1B215540
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\qkBKXvYC6trAT7RQNNK2EG7SIwPWMNmlUHlGb7U[1].woff	Web Open Font Format, TrueType, length 17652, version 1.1	43E4351B978AC9A34431E049161EFC37	5CF5B1069188B228AB94DE4EBC947C9F41376187	76710356049BECC409C017835AB6E8B4E4A33C7BEDE1E72EBF02C0FE53E8E291
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\stl[1].js	HTML document, UTF-8 Unicode text, with very long lines	F6966E6E2BBFC8F13AE3646A7DC08AB8	5998F72D5A74820F67A99F7B6A8BAB7FB5D95F9A	95B22A3AFA640CA60372A7B0D9318F3F4E66FDD83DFC62150EB6992C05E9B570
C:\Users\user\AppData\Local\Temp\~DF319CEFDB770DE62E.TMP	data	EA9CE530AC66116F6E2DC25E4BF50F23	AE393B7E964D72211A5A9559CEA38D3D55662024	C63FBC9105113FD5F0916C2F1DC0B898B114D379AAD7AA23A72B994DFC885133
C:\Users\user\AppData\Local\Temp\~DF4850F0FA0D4B6F93.TMP	data	92BE8E59C2B8F91EA7EB56C9CC995613	7A5721F74FAD190501A3F7065BAED7AE62FE39E9	1CB743C9FA9F85AE6CA29B335770FF749254DFEBC2297510B90F714D4A225E32
C:\Users\user\AppData\Local\Temp\~DFE6847D51F5B54A46.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA

Analysis Report http://msoffice506.weebly.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs