Analysis Report https://goldenislesskincare.com/office365/index.php

Overview

General Information

Sample URL:	https://goldenislesskincare.com/office365/index.php
Analysis ID:	385431
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://goldenislesskincare.com/office365/index.php

UrlScan: detection malicious, Label: phishing brand: microsoft

Perma Link

Antivirus detection for URL or domain

Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://goldenislesskincare.com/office365/login.php#	UrlScan: Label: phishing brand: microsoft	Perma Link
Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	UrlScan: Label: phishing brand: microsoft	Perma Link

Phishing:

Phishing site detected (based on favicon image match)

Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match	File source: 936905.0.links.csv, type: HTML
Source: Yara match	File source: 936905.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\login[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://goldenislesskincare.com/office365/assets/images/logo.svg	Matcher: Found strong image similarity, brand: Microsoft			Jump to dropped file
Source: https://goldenislesskincare.com/office365/assets/images/background.jpg	Matcher: Found strong image similarity, brand: Microsoft			Jump to dropped file

Phishing site detected (based on logo template match)

Source: https://goldenislesskincare.com/office365/login.php#	Matcher: Template: microsoft matched
Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://goldenislesskincare.com/office365/login.php#	HTTP Parser: Number of links: 0
Source: https://goldenislesskincare.com/office365/login.php#	HTTP Parser: Number of links: 0
Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	HTTP Parser: Number of links: 0
Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://goldenislesskincare.com/office365/login.php#	HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://goldenislesskincare.com/office365/login.php#	HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	HTTP Parser: Title: Sign in to your Microsoft account does not match URL

Source: https://goldenislesskincare.com/office365/login.php#	HTTP Parser: No <meta name="author".. found
Source: https://goldenislesskincare.com/office365/login.php#	HTTP Parser: No <meta name="author".. found
Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	HTTP Parser: No <meta name="author".. found
Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	HTTP Parser: No <meta name="author".. found

Source: https://goldenislesskincare.com/office365/login.php#	HTTP Parser: No <meta name="copyright".. found
Source: https://goldenislesskincare.com/office365/login.php#	HTTP Parser: No <meta name="copyright".. found
Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	HTTP Parser: No <meta name="copyright".. found
Source: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 64.187.225.237:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.187.225.237:443 -> 192.168.2.5:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.187.225.237:443 -> 192.168.2.5:49712 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: goldenislesskincare.com

Source: popper.min[1].js.4.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: login[1].htm.4.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Source: login[1].htm.4.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js
Source: bootstrap.min[1].css.4.dr, bootstrap.min[1].js.4.dr	String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].css.4.dr, bootstrap.min[1].js.4.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.4.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: imagestore.dat.4.dr	String found in binary or memory: https://goldenislesskincare.com/office365/assets/images/favicon.ico
Source: imagestore.dat.4.dr	String found in binary or memory: https://goldenislesskincare.com/office365/assets/images/favicon.ico~
Source: imagestore.dat.4.dr	String found in binary or memory: https://goldenislesskincare.com/office365/assets/images/favicon.ico~(
Source: ~DFF4F623BDEC391A40.TMP.2.dr	String found in binary or memory: https://goldenislesskincare.com/office365/index.php
Source: {1B20509C-9BD2-11EB-90E5-ECF4BB570DC9}.dat.2.dr	String found in binary or memory: https://goldenislesskincare.com/office365/index.phpRoot
Source: {1B20509C-9BD2-11EB-90E5-ECF4BB570DC9}.dat.2.dr	String found in binary or memory: https://goldenislesskincare.com/office365/index.phpncare.com/office365/login.phpRoot
Source: {1B20509C-9BD2-11EB-90E5-ECF4BB570DC9}.dat.2.dr	String found in binary or memory: https://goldenislesskincare.com/office365/login.p=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&
Source: {1B20509C-9BD2-11EB-90E5-ECF4BB570DC9}.dat.2.dr	String found in binary or memory: https://goldenislesskincare.com/office365/login.pd1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679
Source: ~DFF4F623BDEC391A40.TMP.2.dr	String found in binary or memory: https://goldenislesskincare.com/office365/login.php
Source: ~DFF4F623BDEC391A40.TMP.2.dr	String found in binary or memory: https://goldenislesskincare.com/office365/login.php#=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737
Source: {1B20509C-9BD2-11EB-90E5-ECF4BB570DC9}.dat.2.dr	String found in binary or memory: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnhp
Source: ~DFF4F623BDEC391A40.TMP.2.dr, {1B20509C-9BD2-11EB-90E5-ECF4BB570DC9}.dat.2.dr	String found in binary or memory: https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.67
Source: {1B20509C-9BD2-11EB-90E5-ECF4BB570DC9}.dat.2.dr	String found in binary or memory: https://goldenislesskincare.com/office365/login.phpncare.com/office365/login.php#wa=wsignin1.0&rpsnv
Source: login[1].htm.4.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
Source: login[1].htm.4.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 64.187.225.237:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.187.225.237:443 -> 192.168.2.5:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.187.225.237:443 -> 192.168.2.5:49712 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@3/18@4/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B20509A-9BD2-11EB-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFB5A58295C3633009.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2548 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2548 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
64.187.225.237	goldenislesskincare.com	United States	46261	QUICKPACKETUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
cdnjs.cloudflare.com	104.16.18.94	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
goldenislesskincare.com	64.187.225.237	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://goldenislesskincare.com/office365/login.php#	true	100%, UrlScan, Browse	unknown
https://goldenislesskincare.com/office365/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015	true	100%, UrlScan, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

ID:	385431
Product:	CloudBasic
Start time:	13:59:41
Start date:	12.04.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B20509A-9BD2-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	235E5B89939C706028045641C14A570E	E3D4C2646FD8F1975A41D70DFB719EEA4728AFAA	83D1AC5705C1FAC4052F79BA7FBB0394E5E9EECD2A8D611B0C1DF745C432A61A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B20509C-9BD2-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	7FCDD662A6C74C7DB3F274D558473C7C	7C9A6B0692F85D73E0E700B9F35116FD1399C891	A6369DE9B199D8078BC1C8D9538694080ABA9732910EB05E39F6EE0C2A75010F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B20509D-9BD2-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	C731FE517AEB46AC98F9331952E24B4C	4379E9A01D0DC7FB22CB8A4DBF7C56038AF7F0DF	A7C1BDE62777371865875F87523302D1A0E8579ABFE7120C37E1B3ED411FA04A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat	data	81DB11B46127012D9B04435A3FE488C1	0BADCA112E68E8B33574CE7ABCB029A2AF1C2087	7B20DB063037533833CFB49F9AA98A9A609C85103AEE51907C206905827E22C6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\background[1].jpg	JPEG image data, baseline, precision 8, 1920x1080, frames 3	A5DBD4393FF6A725C7E62B61DF7E72F0	55B292F885FFC92ABCE18750B07AA4ACFA4E903E	211A907DE2DA0FF4A0E90917AC8054E2F35C351180977550C26E51B4909F2BEB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\ellipsis_white[1].svg	SVG Scalable Vector Graphics image	5AC590EE72BFE06A7CECFD75B588AD73	DDA2CB89A241BC424746D8CF2A22A35535094611	6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\bootstrap.min[1].css	ASCII text, with very long lines	04ACA1F4CD3EC3C05A75A879F3BE75A3	675FCF28F9FBF37139D3B2C0B676F96F601A4203	7928B5AB63C6E89EE0EE26F5EF201A58C72BAF91ABB688580A1AA26EB57B3C11
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\bootstrap.min[1].js	ASCII text, with very long lines	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\index[1].htm	HTML document, ASCII text, with no line terminators	52145482C54E01965498BA29C5663DEF	768727DEA70749808298FB8D6B6673B1BC8AB187	98B9853069073BF3E403B40CCD5359408C9DE05CDC5F990CB41AA5DB0F3A08AE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\login[1].htm	HTML document, UTF-8 Unicode text	B745EC1F12F6E15E16D9B8AFFF76C616	7276F7ABEA2F66C707E9DDEE2932A0C78C954805	2BE3EDAA000D8CF4860FDE1E500A25E89B32E65C883682968F93E3527C585C87
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\logo[1].svg	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\favicon[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\popper.min[1].js	ASCII text, with very long lines	83FB8C4D9199DCE0224DA0206423106F	D8503645C17F9856868A7DEF3DC0505E19A95EC7	F7CBC01A310318DEFD4E31E4616543E2CF3BAEF5A47562C73ECE4C0B716F157E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\jquery.min[1].js	ASCII text, with very long lines	A09E13EE94D51C524B7E2A728C7D4039	0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE	160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\login[1].css	ASCII text, with CRLF line terminators	B8C8C2DD60E847A55847F9469A138078	936BA10971C42CB21C1733E9D18577D9705FC32C	35C946CBC580E838B6B3255EE94576AD8C31A741AF87EE42A9FC27CCDB852F54
C:\Users\user\AppData\Local\Temp\~DF39D4EBCCA584C79D.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DFB5A58295C3633009.TMP	data	13FF70D9E690FD7B0788FF69A57353CA	979C325361783F4260DF529271CF8E6C14D97CCD	73D209BD023D16A2CF47716A52D673412CD142979884C02510BD547A9B970850
C:\Users\user\AppData\Local\Temp\~DFF4F623BDEC391A40.TMP	data	8B560FDC2C8589B672D37D09959D3B19	122D2433063C04CAE202030D4E4BBDBC08E5C321	BDFDBBE8131A60060A457EF0FE9A74048BA6D875EB798145F4936282D2134FE9

Analysis Report https://goldenislesskincare.com/office365/index.php

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs