Windows Analysis Report http://feedproxy.google.com/~r/uvdobo/~3/eoiawoh0hcy/spelled.php

Overview

General Information

Sample URL:	http://feedproxy.google.com/~r/uvdobo/~3/eoiawoh0hcy/spelled.php
Analysis ID:	438533
Infos:
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found iframes

Unusual large HTML page

Classification

Signatures

Phishing:

Found iframes

Source: https://accounts.google.com/signin/v2/identifier?service=feedburner&continue=https%3A%2F%2Ffeedburner.google.com%2Ffb%2Fa%2Fmyfeeds&gsessionid=77y3LeSuyUIpV-kh6eqVNsOZy6TmR1kNF_JnmINRIuE&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1450784670&timestamp=1624378256865
Source: https://accounts.google.com/signin/v2/identifier?service=feedburner&continue=https%3A%2F%2Ffeedburner.google.com%2Ffb%2Fa%2Fmyfeeds&gsessionid=77y3LeSuyUIpV-kh6eqVNsOZy6TmR1kNF_JnmINRIuE&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1450784670&timestamp=1624378256865

Unusual large HTML page

Source: https://accounts.google.com/signin/v2/identifier?service=feedburner&continue=https%3A%2F%2Ffeedburner.google.com%2Ffb%2Fa%2Fmyfeeds&gsessionid=77y3LeSuyUIpV-kh6eqVNsOZy6TmR1kNF_JnmINRIuE&flowName=GlifWebSignIn&flowEntry=ServiceLogin

HTTP Parser: Total size: 1668761

Source: https://accounts.google.com/signin/v2/identifier?service=feedburner&continue=https%3A%2F%2Ffeedburner.google.com%2Ffb%2Fa%2Fmyfeeds&gsessionid=77y3LeSuyUIpV-kh6eqVNsOZy6TmR1kNF_JnmINRIuE&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?service=feedburner&continue=https%3A%2F%2Ffeedburner.google.com%2Ffb%2Fa%2Fmyfeeds&gsessionid=77y3LeSuyUIpV-kh6eqVNsOZy6TmR1kNF_JnmINRIuE&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found

Source: https://accounts.google.com/signin/v2/identifier?service=feedburner&continue=https%3A%2F%2Ffeedburner.google.com%2Ffb%2Fa%2Fmyfeeds&gsessionid=77y3LeSuyUIpV-kh6eqVNsOZy6TmR1kNF_JnmINRIuE&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?service=feedburner&continue=https%3A%2F%2Ffeedburner.google.com%2Ffb%2Fa%2Fmyfeeds&gsessionid=77y3LeSuyUIpV-kh6eqVNsOZy6TmR1kNF_JnmINRIuE&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: ServiceLogin[1].htm.3.dr

String found in binary or memory: break;case "Zauyzf":f+="https://families.google.com/intl/"+_.Ms(g)+"/familylink/privacy/child-policy/embedded?langCountry="+_.Ms(g);break;case "oG93te":f+="https://families.google.com/intl/"+_.Ms(g)+"/familylink/privacy/notice/embedded?langCountry="+_.Ms(g);break;case "PuZJUb":f+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.Ms(e);break;case "prAmvd":f+="https://www.google.com/intl/"+_.Ms(e)+"/chromebook/termsofservice.html?languageCode="+_.Ms(c)+"&regionCode="+_.Ms(b);break;case "NfnTze":f+= equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: accounts.youtube.com

Source: {5EB6A9E8-D374-11EB-90EB-ECF4BBEA1588}.dat.2.dr, ~DFC13BC963B5A42CA7.TMP.2.dr	String found in binary or memory: http://feedproxy.google.com/~r/uvdobo/~3/eoiawoh0hcy/spelled.php
Source: {5EB6A9E8-D374-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: http://feedproxy.google.com/~r/uvdobo/~3/eoiawoh0hcy/spelled.phpRoot
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: {5EB6A9E8-D374-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://accounts.googl
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://accounts.google.com/
Source: m=sy7g,sy7h,sy7i,sy7k,sy7l,sy9h,pwd_view[1].js.3.dr	String found in binary or memory: https://accounts.google.com/Logout
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Ffeedburner.google.com%2Ffb%2Fa%2Fmyf
Source: ~DFC13BC963B5A42CA7.TMP.2.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?service=feedburner&continue=https%3A%2F%2Ffeedburner.google
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=DE&hl=de
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=DE&hl=de&privacy=true
Source: ~DFC13BC963B5A42CA7.TMP.2.dr	String found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=feedburner&continue=https%3A%2F%2Ffeedburne
Source: {5EB6A9E8-D374-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://accounts.google.com/~r/uvdobo/~3/eoiawoh0hcy/spelled.phpe.com/ServiceLogin?service=feedburne
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://apis.google.com/js/base.js
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://families.google.com/intl/
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/web-48dp/logo_drive_2020q4_color_2x_web_
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/web-48dp/logo_maps_color_2x_web_48dp.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://g.co/YourFamily
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://g.co/recover
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://myaccount.google.com/permissions
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://play.google.com/intl/
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://policies.google.com/privacy
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://policies.google.com/privacy/additional/embedded
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://policies.google.com/terms
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://policies.google.com/terms/location/embedded
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidprofileupgrade_all_set.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_accounts.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_familylink.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_privacy.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_two_bikes.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/account.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/family.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/personal.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/privacy.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/safe.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify-email.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify.svg
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.de.bVVDH-EMgwU.O/am=B0BxhgUFABkAAOAA
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/activityindicator/loading.svg
Source: m=sy7g,sy7h,sy7i,sy7k,sy7l,sy9h,pwd_view[1].js.3.dr	String found in binary or memory: https://support.google.com/accounts/answer/7162782
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://support.google.com/accounts?hl=de
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://support.google.com/accounts?p=oauth_consent
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://support.google.com/accounts?p=signin_privatebrowsing
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://support.google.com/accounts?p=signin_privatebrowsing&hl=de
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://support.google.com/chrome/answer/6130773
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.google.com
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.google.com/favicon.ico~
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.google.com/intl/
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.google.com/settings/hatsv2
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: ServiceLogin[1].htm.3.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=

Source: classification engine

Classification label: clean1.win@3/26@1/0

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5EB6A9E6-D374-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF2D90F4100E2FE8B0.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5424 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5424 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

Contacted Domains

Name	IP	Active
accounts.youtube.com	unknown	unknown

ID:	438533
Product:	CloudBasic
Start time:	18:09:49
Start date:	22.06.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\accounts.google[1].xml	ASCII text, with no line terminators	4920B6944D5119D8065CC9C41599A9BD	A2A472AE5B8407EC706AD1295B23103F9D27BCC4	6B00DE1CA0B26F55D3C22E869E9AB9B0D1C76572F89BE07B4C6C9EFE8E1531EF
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5EB6A9E6-D374-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	36A70AD46592701B360289883938F202	A1F34BB740114397ACF11FCA9F58DA90B421102E	3F1C7E7F1D508C7A9277143FD4ACF433F12348043ACB2974FADCAFC432D11D4E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5EB6A9E8-D374-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	8DA5BE88986569E769811845832D2379	9D9D48117E97E5AFBDF96FDB83A248C1F10119A6	725CB6233BDB143572E07624269BC4B35B2D73B07605800CFA2D8131D508D912
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5EB6A9E9-D374-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	2CA979218B73C9026585ADBE9D0AB877	04CB319DB55D24D32415CB3091D82C6DFC0C8493	FDA0FE6D445373B7C36B3CFB53FE79E29A236AFB1A99CDDC6774A2EB5621D0F4
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	16602D270E5232389B67C6CF040E05D8	EBAF5133848159BC57F844D05148BFC5E9DED133	5524F7EF371A703839F21B6F564BFF06BF3C9B6511645A23CE1101B69287EEEB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff	Web Open Font Format, TrueType, length 20012, version 1.1	DE8B7431B74642E830AF4D4F4B513EC9	F549F1FE8A0B86EF3FBDCB8D508440AFF84C385C	3BFE46BB1CA35B205306C5EC664E99E4A816F48A417B6B42E77A1F43F0BC4E7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 19824, version 1.1	BAFB105BAEB22D965C70FE52BA6B49D9	934014CC9BBE5883542BE756B3146C05844B254F	1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=i5H9N,sy6v,sy70,PHUIyb,qNG0Fc,ywOR5c[1].js	ASCII text, with very long lines	04CD2CFD1C7DD6447768A9AB86D3FEE2	E5713D67B24402B5D5F8E38A0240C2EFCE980D88	222AAE30C474BFBED2943CAAED885A8F205625830FE2723C276240AC2322720A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=sy6w,i5dxUd,m9oV,RAnnUd,sy6q,sy6r,sy6s,uu7UOe,sy6t,sy6u,soHxf[1].js	ASCII text, with very long lines	061948C2DFEEDC2E4AFC91EA5BB422B8	555610CD88A072DD628B16B041037C96FE6126CC	A5772554DAEFF688BA22F9E93121C23BB7C1529FE10ACAC42CA9556799C21DBA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\v2logo_white[1].gif	GIF image data, version 89a, 230 x 42	FE2D4E977BC38C16CE8302142AA8C53E	E2579946A0222E4F811514C008A340F103145748	DDC2AEDFCFEBDAC60B011AA814289CFB8DB2FD23449531BF9B2EE9273CC0CB42
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOkCnqEu92Fr1MmgVxIIzQ[1].woff	Web Open Font Format, TrueType, length 19936, version 1.1	E9DBBE8A693DD275C16D32FEB101F1C1	B99D87E2F031FB4E6986A747E36679CB9BC6BD01	48433679240732ED1A9B98E195A75785607795037757E3571FF91878A20A93B2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff	Web Open Font Format, TrueType, length 19916, version 1.1	A1471D1D6431C893582A5F6A250DB3F9	FF5673D89E6C2893D24C87BC9786C632290E150E	3AB30E780C8B0BCC4998B838A5B30C3BFE28EDEAD312906DC3C12271FAE0699A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bscframe[1].htm	HTML document, ASCII text, with no line terminators	FE364450E1391215F596D043488F989F	D1848AA7B5CFD853609DB178070771AD67D351E9	C77E5168DFFDA66B8DC13F1425B4D3630A6656A3E5ACF707F4393277BA3C8B5E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\m=sy71,wg1P6b[1].js	ASCII text, with very long lines	47E86314795B1738D16CFAE07E5CD416	2B82318F4FC1537CB1B163C786122BA6267D7F15	3C988B5F72D46DD5DF476AB7E85398BD441DA816B32DF6E0B10B8404A2D8CB59
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff	Web Open Font Format, TrueType, length 26180, version 1.1	4F2E00FBE567FA5C5BE4AB02089AE5F7	5EB9054972461D93427ECAB39FA13AE59A2A19D5	1F75065DFB36706BA3DC0019397FCA1A3A435C9A0437DB038DAAADD3459335D7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff	Web Open Font Format, TrueType, length 19888, version 1.1	CF6613D1ADF490972C557A8E318E0868	B2198C3FC1C72646D372F63E135E70BA2C9FED8E	468E579FE1210FA55525B1C470ED2D1958404512A2DD4FB972CAC5CE0FF00B1F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ServiceLogin[1].htm	HTML document, UTF-8 Unicode text, with very long lines	F502815C5C9CBD0728302939C82A023A	C9536E5BBDF7A08C7C40DAB9EB848C4E8F1829B7	4084DB6950D711D4581AFB267CDBBC2D2BBDAD7ADA751B70136027759C5CAEFB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].ico	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=sy7g,sy7h,sy7i,sy7k,sy7l,sy9h,pwd_view[1].js	ASCII text, with very long lines	05AC5EEC1972B65AB4308968B9448D22	86F3195ACBB3BD952722D2E4599E4CB3A77074BD	A43E255BEC89B4460FB2FD26758B24A7B327962863AF75A4CB8B2FE3429BD01C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\2F05QQI3.htm	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	65679A994CB5C379C535C14B598E69F9	C6E481C6D49C3B504D30B0FA1CA9B57B05053D87	CABC7FC601EB2A00A8BF61ACB5F6DEAF059305DDCE8196BD4721A87180E01F78
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff	Web Open Font Format, TrueType, length 26412, version 1.1	142CAD8531B3C073B7A3CA9C5D6A1422	A33B906ECF28D62EFE4941521FDA567C2B417E4E	F8F2046A2847F22383616CF8A53620E6CECDD29CF2B6044A72688C11370B2FF8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\CheckConnection[1].htm	HTML document, ASCII text, with very long lines	6F29FCC1070D2A54B3135DE5DC5EE813	BE4FBD119087F1E1C7C84D867AEB9056A6F1F7BD	D1C51E9DA002BFAB702CE94A3FB84A30CDEAC33EEB03C725570CA87A9D2D9110
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\m=n73qwf,MpJwZc,NpD4ec,SF3gsd,O8k1Cd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,otPmVb,rlNAl[1].js	ASCII text, with very long lines	D4ABDA400898A6A5BE25BB78C0622EC8	BCBE0279FC22749561D93A1DD3CDFF5C3229CF4D	AC6A880909A7198C329747945CFD8D0E25457A3FCBF561B36668773F06E9D410
C:\Users\user\AppData\Local\Temp\~DF2D90F4100E2FE8B0.TMP	data	B879099BA3253E38DE4C8FCC58CB5F75	1805BD0522C71C9AEDD926DE8AAE88570E60D354	1EB0F5603B7AD7220A1A66BF6B2EEC086F96C9B91C355A0FB37AFA1A2E0512E2
C:\Users\user\AppData\Local\Temp\~DFC13BC963B5A42CA7.TMP	data	CAEA2FFE3595F683B682905C15BB1318	FE7406A25ABE8DD006497B8FB9CD5EEE8783FEC7	5A4C064CAA6A9CD7E9B3797449F8257C723CDA8AC81247BD918F397BB2A1CA09
C:\Users\user\AppData\Local\Temp\~DFCD36760A8D17F84A.TMP	data	27538E13BEDB88AB0FCCA548A0FD04F6	05F2FD78A7E012CA1ECD8652B82405C820A47ED8	AB466919C797AB5DB64FBB996E55EFFEAACB3804D19E85DE73AE2F15E64DC263

Windows Analysis Report http://feedproxy.google.com/~r/uvdobo/~3/eoiawoh0hcy/spelled.php

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Domains