IOCReport

loading gif

Files

File Path
Type
Category
Malicious
http://msoffice506.weebly.com
URL
initial url
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\J3GPWO06.htm
HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
downloaded
malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\GJKVX0LQ\msoffice506.weebly[1].xml
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FDCCFF1A-9856-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{03FC83BC-9857-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FDCCFF1C-9856-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
data
modified
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_Of2_ROW-[1].woff
Web Open Font Format, TrueType, length 15236, version 1.1
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\footerSignup[1].js
ASCII text, with very long lines, with no line terminators
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hhhjfhdhjfhfjkvv-ll_orig[1].png
PNG image data, 433 x 65, 8-bit/color RGBA, non-interlaced
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\main_style[1].css
assembler source, ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\plugins[1].js
ASCII text
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lM[1].woff
Web Open Font Format, TrueType, length 14260, version 1.1
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\qkBIXvYC6trAT55ZBi1ueQVIjQTDH52aE0lM[1].woff
Web Open Font Format, TrueType, length 14336, version 1.1
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sites[1].css
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\snowday262[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\MutationObserver[1].js
ASCII text
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\api[1].js
ASCII text, with very long lines, with no line terminators
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\arrow-light[1].svg
SVG Scalable Vector Graphics image
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[2].css
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[3].css
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ga[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery.min[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main-customer-accounts-site[1].js
UTF-8 Unicode text, with very long lines, with LF, NEL line terminators
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrlnANW6Cp8[1].woff
Web Open Font Format, TrueType, length 16816, version 1.1
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrmAB9W6Cp8[1].woff
Web Open Font Format, TrueType, length 16904, version 1.1
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW-[1].woff
Web Open Font Format, TrueType, length 15160, version 1.1
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fancybox[1].css
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\free-footer-v3[1].css
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery.pxuMenu[1].js
HTML document, ASCII text
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery.revealer[1].js
ASCII text
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\recaptcha__en[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\social-icons[1].css
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\custom-1[1].js
ASCII text
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\footer-toast-published-image-1[1].png
PNG image data, 199 x 97, 8-bit colormap, non-interlaced
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\hjfhhjf_orig[1].png
PNG image data, 905 x 141, 8-bit/color RGBA, non-interlaced
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery.trend[1].js
ASCII text
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\main[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaHUlM[1].woff
Web Open Font Format, TrueType, length 16836, version 1.1
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\qkBIXvYC6trAT55ZBi1ueQVIjQTDH52aHUlM[1].woff
Web Open Font Format, TrueType, length 16908, version 1.1
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\qkBKXvYC6trAT7RQNNK2EG7SIwPWMNlCV3lGb7U[1].woff
Web Open Font Format, TrueType, length 17380, version 1.1
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\qkBKXvYC6trAT7RQNNK2EG7SIwPWMNmlUHlGb7U[1].woff
Web Open Font Format, TrueType, length 17652, version 1.1
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\stl[1].js
HTML document, UTF-8 Unicode text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Temp\~DF319CEFDB770DE62E.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DF4850F0FA0D4B6F93.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DFE6847D51F5B54A46.TMP
data
dropped
clean
There are 38 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\internet explorer\iexplore.exe
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5636 CREDAT:17410 /prefetch:2
clean

URLs

Name
IP
Malicious
https://msoffice506.weebly.com/"
unknown
clean