Windows Analysis Report https://sites.google.com/view/settlements213/home

Overview

General Information

Sample URL:	https://sites.google.com/view/settlements213/home
Analysis ID:	438538
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on shot template match)

Yara detected HtmlPhish10

Yara detected HtmlPhish20

Yara detected HtmlPhish7

HTML body contains low number of good links

HTML title does not match URL

Yara signature match

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://sites.google.com/view/settlements213/home

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on shot template match)

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html

Matcher: Template: office matched

Yara detected HtmlPhish10

Source: Yara match

File source: 468325.4.links.csv, type: HTML

Yara detected HtmlPhish20

Source: Yara match	File source: 468325.0.links.csv, type: HTML
Source: Yara match	File source: 468325.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\home[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\home[1].htm, type: DROPPED

Yara detected HtmlPhish7

Source: Yara match

File source: 468325.4.links.csv, type: HTML

HTML body contains low number of good links

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: Number of links: 0
Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: Title: Share Point Online does not match URL
Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: Title: Share Point Online does not match URL

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: No <meta name="author".. found
Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: No <meta name="author".. found

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: No <meta name="copyright".. found
Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 172.217.23.97:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.97:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49774 version: TLS 1.2

Source: base[1].js.2.dr	String found in binary or memory: (g.lk(b,"www.youtube.com"),c=b.toString()):c=Ez(c);b=new g.rB(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: so[1].htm.2.dr	String found in binary or memory: ,[36,"YouTube","0 -2622px","https://www.youtube.com/?gl\u003dDE","_blank",false,null,""] equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: Yka=function(a,b){if(g.eF(a.experiments,"html5_qoe_intercept"))return g.eF(a.experiments,"html5_qoe_intercept");a.Gk?(b=b.vss_host\|\|"s.youtube.com",a.Z("www_for_videostats")&&"s.youtube.com"===b&&(b=ela(a.Ea)\|\|"www.youtube.com")):b="video.google.com";return b}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: ZK.prototype.createUnpluggedLocationInfo=function(a){var b={};a=a.coords;if(null===a\|\|void 0===a?0:a.latitude)b.latitudeE7=Math.floor(1E7a.latitude);if(null===a\|\|void 0===a?0:a.longitude)b.longitudeE7=Math.floor(1E7a.longitude);if(null===a\|\|void 0===a?0:a.accuracy)b.locationRadiusMeters=Math.round(a.accuracy);return b};var bL;g.v(aL,uv);aL.prototype.uw=function(a,b){a=uv.prototype.uw.call(this,a,b);return Object.assign(Object.assign({},a),this.vp)};var xpa=/[&\?]action_proxy=1/,wpa=/[&\?]token=([\w-])/,ypa=/[&\?]video_id=([\w-])/,zpa=/[&\?]index=([\d-])/,Apa=/[&\?]m_pos_ms=([\d-])/,Dpa=/[&\?]vvt=([\w-]*)/,rpa="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),Bpa="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "),tpa={android:"ANDROID", equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.BG=function(a){a=ela(a.Ea);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.Ha("Goog_AdSense_Lidar_getUrlSignalsList",VJa,void 0);var jha=(new Date).getTime();var zq="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),Gga=/\bocr\b/;var Hga=/(?:\[\|%5B)([a-zA-Z0-9_]+)(?:\]\|%5D)/g;Cq.prototype.set=function(a,b){b=void 0===b?!0:b;0<=a&&52>a&&0===a%1&&this.data_[a]!=b&&(this.data_[a]=b,this.i=-1)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.RG=function(a){var b=g.CG(a);!a.Z("yt_embeds_disable_new_error_lozenge_url")&&ila.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.iO.prototype.l=function(a){var b=this;Ssa(this);var c=a.SA,d=this.api.T();"GENERIC_WITHOUT_LINK"!==c\|\|d.C?"TOO_MANY_REQUESTS"===c?(d=this.api.getVideoData(),this.Vc(lO(this,"TOO_MANY_REQUESTS_WITH_LINK",d.Gm(),void 0,void 0,void 0,!1))):"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!==c\|\|d.C?this.Vc(g.jO(a.errorMessage)):this.Vc(lO(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c= equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.CG(this);d&&"www.youtube.com"===c?d="https://youtu.be/"+a:g.oG(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,tt&&(a=Kr())&&(b.ebc=a));return g.si(d,b)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: gka=function(a,b){if(!a.i["0"]){var c=new TD("0","fakesb",{video:new PD(0,0,0,void 0,void 0,"auto")});a.i["0"]=b?new aD(new g.rB("http://www.youtube.com/videoplayback"),c,"fake"):new LD(new g.rB("http://www.youtube.com/videoplayback"),c,new GC(0,0),new GC(0,0))}}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: this.xa=HF(!1,a.privembed);this.protocol=0===this.Jb.indexOf("http:")?"http":"https";this.Ea=zz((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)\|\|"")\|\|zz(this.Jb)\|\|this.protocol+"://www.youtube.com/";this.Da=Uka(this,b?b.eventLabel:a.el);mu();var l=null,m=b?b.playerStyle:a.ps,n=g.lb(Vka,m);!m\|\|n&&!this.u\|\|(l=m);this.playerStyle=l;this.K=(this.C=g.lb(Vka,this.playerStyle))&&"area120-boutique"!==this.playerStyle&&"play"!==this.playerStyle&&"jamboard"!==this.playerStyle;this.Gk=!this.K;this.ma=HF(!1,a.disableplaybackui); equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: {lD:!0}),Zma(this.videoData),this.W("highrepfallback");else if(a.i){b=this.l?this.l.l.u:null;if(mBa(a)&&b&&b.isLocked())var d="FORMAT_UNAVAILABLE";else if(!this.i.C&&"auth"===a.errorCode&&"429"===a.details.rc){d="TOO_MANY_REQUESTS";var e="6"}this.W("playererror",a.errorCode,d,g.qE(a.details),e)}else this.W("nonfatalerror",a),d=/^pp/.test(this.videoData.clientPlaybackNonce),jW(this,a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(a="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+ equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: lh5.googleusercontent.com

Source: cb=gapi[1].js.2.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: popper.min[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: history[1].htm.2.dr, home[1].htm0.2.dr, home[1].htm.2.dr, faq[1].htm.2.dr, team[1].htm.2.dr	String found in binary or memory: http://schema.org/WebPage
Source: m=view[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js.2.dr	String found in binary or memory: http://www.broofa.com
Source: base[1].js.2.dr	String found in binary or memory: http://www.youtube.com/videoplayback
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: history[1].htm.2.dr	String found in binary or memory: https://1322829165-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-
Source: team[1].htm.2.dr	String found in binary or memory: https://1494549356-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-
Source: faq[1].htm.2.dr	String found in binary or memory: https://631929361-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-f
Source: home[1].htm.2.dr	String found in binary or memory: https://844328678-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-f
Source: home[1].htm0.2.dr	String found in binary or memory: https://90022991-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-fr
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://abanoub1121524.s3.au-syd.cloud-object-stoRoot
Source: url[1].htm.2.dr	String found in binary or memory: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html$Share
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.htmldomain.clo
Source: cookies[2].htm.2.dr	String found in binary or memory: https://about.google/
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: history[1].htm.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: base[1].js.2.dr	String found in binary or memory: https://admin.youtube.com
Source: so[1].htm.2.dr	String found in binary or memory: https://ads.google.com/home/?subid
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: cookies[2].htm.2.dr	String found in binary or memory: https://analytics.google.com/analytics/academy/
Source: rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js.2.dr, client[1].js.2.dr, cb=gapi[1].js.2.dr, so[1].htm.2.dr	String found in binary or memory: https://apis.google.com
Source: m=_b,_tp[1].js.2.dr, so[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: history[1].htm.2.dr, home[1].htm0.2.dr, home[1].htm.2.dr, faq[1].htm.2.dr, team[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/client.js?onload=gapiLoaded
Source: so[1].htm.2.dr	String found in binary or memory: https://artsandculture.google.com/?hl
Source: so[1].htm.2.dr	String found in binary or memory: https://books.google.de/?hl
Source: so[1].htm.2.dr	String found in binary or memory: https://calendar.google.com/calendar
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: so[1].htm.2.dr	String found in binary or memory: https://chat.google.com/
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://clients6.google.com
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://console.developers.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://contacts.google.com/?hl
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://content.googleapis.com
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: history[1].htm.2.dr	String found in binary or memory: https://docs.google.com
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/document/?usp
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/forms/?usp
Source: base[1].js.2.dr	String found in binary or memory: https://docs.google.com/get_video_info
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/presentation/?usp
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/spreadsheets/?usp
Source: history[1].htm.2.dr	String found in binary or memory: https://domains.google.com
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: history[1].htm.2.dr	String found in binary or memory: https://drive.google.com
Source: so[1].htm.2.dr	String found in binary or memory: https://drive.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://duo.google.com/?usp
Source: so[1].htm.2.dr	String found in binary or memory: https://earth.google.com/web/
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-fCZK.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52xwNZWMf8.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KEww.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tKw.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcecodepro/v14/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcecodepro/v14/HI_XiYsKILxRpg3hIP6sJ7fM7Pqths7Ds-cs.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff)
Source: cookies[2].htm.2.dr	String found in binary or memory: https://g.co/adsettings
Source: cookies[2].htm.2.dr	String found in binary or memory: https://g.co/privacytools
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: hover[1].css.2.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: so[1].htm.2.dr	String found in binary or memory: https://hangouts.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://jamboard.google.com/?usp
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: so[1].htm.2.dr	String found in binary or memory: https://keep.google.com
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: so[1].htm.2.dr	String found in binary or memory: https://mail.google.com/mail/
Source: so[1].htm.2.dr	String found in binary or memory: https://maps.google.de/maps?hl
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: so[1].htm.2.dr	String found in binary or memory: https://meet.google.com?hs
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://myaccount.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://myaccount.google.com/?utm_source
Source: so[1].htm.2.dr	String found in binary or memory: https://news.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/widget/app/so
Source: base[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: so[1].htm.2.dr	String found in binary or memory: https://photos.google.com/?pageId
Source: so[1].htm.2.dr	String found in binary or memory: https://play.google.com/?hl
Source: base[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://plus.google.com
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: so[1].htm.2.dr	String found in binary or memory: https://podcasts.google.com/
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://policies.googl
Source: so[1].htm.2.dr	String found in binary or memory: https://policies.google.com
Source: ~DFFF23116C5CA0207F.TMP.1.dr, cookies[2].htm.2.dr	String found in binary or memory: https://policies.google.com/
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://policies.google.com/technologies/cookiesdHow
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://policies.google.com/technologies/cookieses/appdomain.cloud/distanced/index.htmldomain.cloud%
Source: base[1].js.2.dr	String found in binary or memory: https://redux.js.org/api/store#subscribelistener
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.Root
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.c
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/
Source: history[1].htm.2.dr	String found in binary or memory: https://sites.google.com/new/
Source: history[1].htm.2.dr	String found in binary or memory: https://sites.google.com/new/?usp
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/faq
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/faqry
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/hiRoot
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/history
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/history1SPS
Source: ~DFFF23116C5CA0207F.TMP.1.dr, {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/home
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/home.s3.au-syd.cloud-object-storage.m/view/settlements2
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/home/policies/technologies/cookies/m/view/settlements21
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/home/url?q=https%3A%2F%2Fabanoub1121m/view/settlements2
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeI
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeP%
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeRoot
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homecom/
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homee.com/technologies/cookieses/m/view/settlements213/
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeom/view/settlements213/faqryRoot
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeom/view/settlements213/historyRoot
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeom/view/settlements213/homeRoot
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeom/view/settlements213/teamryRoot
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/team
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/team$Settlements
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/teamrySPS
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/teamrygle.com/view/settlements213/history
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/css/hover.css
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/8.jpg
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/adobe.jpg
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/aol.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/gmail.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/office365.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/office3651.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/other1.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/othermail.ico
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/outlook.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/outlook1.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/yahoo.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/onedrive25/finish.php
Source: so[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: YBIY3K09.js.2.dr	String found in binary or memory: https://ssl.gstatic.com/atari/images/no_results_error.png
Source: history[1].htm.2.dr, home[1].htm0.2.dr, home[1].htm.2.dr, faq[1].htm.2.dr, team[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/atari/images/public/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://ssl.gstatic.com/atari/images/public/favicon.ico~
Source: so[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/images/p1_c9bc74a1.png
Source: so[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/images/p2_4b3829c9.png
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: imagestore.dat.2.dr	String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico~
Source: so[1].htm.2.dr	String found in binary or memory: https://stadia.google.com/
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://support.google.com/
Source: cookies[2].htm.2.dr	String found in binary or memory: https://support.google.com/chrome/answer/95464
Source: YBIY3K09.js.2.dr	String found in binary or memory: https://support.google.com/cloudsearch/answer/6172299
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: remote[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/answer/7640706
Source: analytics[1].js.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://translate.google.de/?hl
Source: m=view[1].js.2.dr, m=_b,_tp[1].js.2.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: base[1].js.2.dr	String found in binary or memory: https://viacon.corp.google.com
Source: base[1].js.2.dr	String found in binary or memory: https://waa-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Source: base[1].js.2.dr	String found in binary or memory: https://waa-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: so[1].htm.2.dr	String found in binary or memory: https://workspace.google.com/marketplace?pann
Source: so[1].htm.2.dr	String found in binary or memory: https://www.blogger.com/
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://www.google.
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.google.com
Source: cookies[2].htm.2.dr	String found in binary or memory: https://www.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.com/chrome/?brand
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.google.com/favicon.ico~
Source: AXST5WH2.js.2.dr, base[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://www.google.com/policies/technologies/cookies/appdomain.cloud/distanced/index.htmldomain.clou
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.com/travel/?dest_src
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://www.google.com/url?q=https%3A%2F%2Fabanoub1121524.s3.au-syd.cloud-object-storage.appdomain.c
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.de/intl/en/about/products
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.de/save
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.de/shopping?hl
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.de/webhp
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: base[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://www.gstatic.
Source: so[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com
Source: cookies[2].htm.2.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en_US.HkTejxkgdFU.
Source: so[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.VoGllg0TnUA.
Source: history[1].htm.2.dr, home[1].htm0.2.dr, home[1].htm.2.dr, faq[1].htm.2.dr, team[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/atari/embeds/5de913a2354e93acf4d43c4db53928e5/intermediate-frame-minified.ht
Source: remote[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: cookies[2].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/TBR-xtJVq7E?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: so[1].htm.2.dr	String found in binary or memory: https://www.youtube.com/?gl
Source: base[1].js.2.dr	String found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: base[1].js.2.dr	String found in binary or memory: https://youtu.be/
Source: base[1].js.2.dr	String found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: base[1].js.2.dr	String found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: base[1].js.2.dr	String found in binary or memory: https://yurt.corp.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769

Source: unknown	HTTPS traffic detected: 172.217.23.97:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.97:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49774 version: TLS 1.2

System Summary:

Yara signature match

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm, type: DROPPED

Matched rule: SUSP_Base64_Encoded_Hex_Encoded_Code date = 2019-04-29, author = Florian Roth, description = Detects hex encoded code that has been base64 encoded, score = https://www.nextron-systems.com/2019/04/29/spotlight-threat-hunting-yara-rule-example/

Source: classification engine

Classification label: mal88.phis.win@3/93@11/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF309FEA8605C84965.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4636 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4636 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
172.217.23.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
130.198.118.97	s3.au-syd.cloud-object-storage.appdomain.cloud	United States	36351	SOFTLAYERUS	false
216.58.212.161	unknown	United States	15169	GOOGLEUS	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
172.67.194.129	smtpro101.com	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
smtpro101.com	172.67.194.129	true
cdnjs.cloudflare.com	104.16.18.94	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
googlehosted.l.googleusercontent.com	172.217.23.97	true
s3.au-syd.cloud-object-storage.appdomain.cloud	130.198.118.97	true
lh5.googleusercontent.com	unknown	unknown
abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud	unknown	unknown
ka-f.fontawesome.com	unknown	unknown
code.jquery.com	unknown	unknown
lh6.googleusercontent.com	unknown	unknown
kit.fontawesome.com	unknown	unknown
lh4.googleusercontent.com	unknown	unknown
www.youtube-nocookie.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://sites.google.com/view/settlements213/home

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on shot template match)

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html

Matcher: Template: office matched

Yara detected HtmlPhish10

Source: Yara match

File source: 468325.4.links.csv, type: HTML

Yara detected HtmlPhish20

Source: Yara match	File source: 468325.0.links.csv, type: HTML
Source: Yara match	File source: 468325.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\home[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\home[1].htm, type: DROPPED

Yara detected HtmlPhish7

Source: Yara match

File source: 468325.4.links.csv, type: HTML

HTML body contains low number of good links

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: Number of links: 0
Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: Title: Share Point Online does not match URL
Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: Title: Share Point Online does not match URL

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: No <meta name="author".. found
Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: No <meta name="author".. found

Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: No <meta name="copyright".. found
Source: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 172.217.23.97:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.97:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49774 version: TLS 1.2

Source: base[1].js.2.dr	String found in binary or memory: (g.lk(b,"www.youtube.com"),c=b.toString()):c=Ez(c);b=new g.rB(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: so[1].htm.2.dr	String found in binary or memory: ,[36,"YouTube","0 -2622px","https://www.youtube.com/?gl\u003dDE","_blank",false,null,""] equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: Yka=function(a,b){if(g.eF(a.experiments,"html5_qoe_intercept"))return g.eF(a.experiments,"html5_qoe_intercept");a.Gk?(b=b.vss_host\|\|"s.youtube.com",a.Z("www_for_videostats")&&"s.youtube.com"===b&&(b=ela(a.Ea)\|\|"www.youtube.com")):b="video.google.com";return b}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: ZK.prototype.createUnpluggedLocationInfo=function(a){var b={};a=a.coords;if(null===a\|\|void 0===a?0:a.latitude)b.latitudeE7=Math.floor(1E7a.latitude);if(null===a\|\|void 0===a?0:a.longitude)b.longitudeE7=Math.floor(1E7a.longitude);if(null===a\|\|void 0===a?0:a.accuracy)b.locationRadiusMeters=Math.round(a.accuracy);return b};var bL;g.v(aL,uv);aL.prototype.uw=function(a,b){a=uv.prototype.uw.call(this,a,b);return Object.assign(Object.assign({},a),this.vp)};var xpa=/[&\?]action_proxy=1/,wpa=/[&\?]token=([\w-])/,ypa=/[&\?]video_id=([\w-])/,zpa=/[&\?]index=([\d-])/,Apa=/[&\?]m_pos_ms=([\d-])/,Dpa=/[&\?]vvt=([\w-]*)/,rpa="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),Bpa="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "),tpa={android:"ANDROID", equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.BG=function(a){a=ela(a.Ea);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.Ha("Goog_AdSense_Lidar_getUrlSignalsList",VJa,void 0);var jha=(new Date).getTime();var zq="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),Gga=/\bocr\b/;var Hga=/(?:\[\|%5B)([a-zA-Z0-9_]+)(?:\]\|%5D)/g;Cq.prototype.set=function(a,b){b=void 0===b?!0:b;0<=a&&52>a&&0===a%1&&this.data_[a]!=b&&(this.data_[a]=b,this.i=-1)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.RG=function(a){var b=g.CG(a);!a.Z("yt_embeds_disable_new_error_lozenge_url")&&ila.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.iO.prototype.l=function(a){var b=this;Ssa(this);var c=a.SA,d=this.api.T();"GENERIC_WITHOUT_LINK"!==c\|\|d.C?"TOO_MANY_REQUESTS"===c?(d=this.api.getVideoData(),this.Vc(lO(this,"TOO_MANY_REQUESTS_WITH_LINK",d.Gm(),void 0,void 0,void 0,!1))):"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!==c\|\|d.C?this.Vc(g.jO(a.errorMessage)):this.Vc(lO(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c= equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.CG(this);d&&"www.youtube.com"===c?d="https://youtu.be/"+a:g.oG(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,tt&&(a=Kr())&&(b.ebc=a));return g.si(d,b)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: gka=function(a,b){if(!a.i["0"]){var c=new TD("0","fakesb",{video:new PD(0,0,0,void 0,void 0,"auto")});a.i["0"]=b?new aD(new g.rB("http://www.youtube.com/videoplayback"),c,"fake"):new LD(new g.rB("http://www.youtube.com/videoplayback"),c,new GC(0,0),new GC(0,0))}}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: this.xa=HF(!1,a.privembed);this.protocol=0===this.Jb.indexOf("http:")?"http":"https";this.Ea=zz((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)\|\|"")\|\|zz(this.Jb)\|\|this.protocol+"://www.youtube.com/";this.Da=Uka(this,b?b.eventLabel:a.el);mu();var l=null,m=b?b.playerStyle:a.ps,n=g.lb(Vka,m);!m\|\|n&&!this.u\|\|(l=m);this.playerStyle=l;this.K=(this.C=g.lb(Vka,this.playerStyle))&&"area120-boutique"!==this.playerStyle&&"play"!==this.playerStyle&&"jamboard"!==this.playerStyle;this.Gk=!this.K;this.ma=HF(!1,a.disableplaybackui); equals www.youtube.com (Youtube)
Source: base[1].js.2.dr	String found in binary or memory: {lD:!0}),Zma(this.videoData),this.W("highrepfallback");else if(a.i){b=this.l?this.l.l.u:null;if(mBa(a)&&b&&b.isLocked())var d="FORMAT_UNAVAILABLE";else if(!this.i.C&&"auth"===a.errorCode&&"429"===a.details.rc){d="TOO_MANY_REQUESTS";var e="6"}this.W("playererror",a.errorCode,d,g.qE(a.details),e)}else this.W("nonfatalerror",a),d=/^pp/.test(this.videoData.clientPlaybackNonce),jW(this,a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(a="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+ equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: lh5.googleusercontent.com

Source: cb=gapi[1].js.2.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: popper.min[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: history[1].htm.2.dr, home[1].htm0.2.dr, home[1].htm.2.dr, faq[1].htm.2.dr, team[1].htm.2.dr	String found in binary or memory: http://schema.org/WebPage
Source: m=view[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js.2.dr	String found in binary or memory: http://www.broofa.com
Source: base[1].js.2.dr	String found in binary or memory: http://www.youtube.com/videoplayback
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: base[1].js.2.dr	String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: history[1].htm.2.dr	String found in binary or memory: https://1322829165-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-
Source: team[1].htm.2.dr	String found in binary or memory: https://1494549356-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-
Source: faq[1].htm.2.dr	String found in binary or memory: https://631929361-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-f
Source: home[1].htm.2.dr	String found in binary or memory: https://844328678-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-f
Source: home[1].htm0.2.dr	String found in binary or memory: https://90022991-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-fr
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://abanoub1121524.s3.au-syd.cloud-object-stoRoot
Source: url[1].htm.2.dr	String found in binary or memory: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.html$Share
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://abanoub1121524.s3.au-syd.cloud-object-storage.appdomain.cloud/distanced/index.htmldomain.clo
Source: cookies[2].htm.2.dr	String found in binary or memory: https://about.google/
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: history[1].htm.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: base[1].js.2.dr	String found in binary or memory: https://admin.youtube.com
Source: so[1].htm.2.dr	String found in binary or memory: https://ads.google.com/home/?subid
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: cookies[2].htm.2.dr	String found in binary or memory: https://analytics.google.com/analytics/academy/
Source: rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js.2.dr, client[1].js.2.dr, cb=gapi[1].js.2.dr, so[1].htm.2.dr	String found in binary or memory: https://apis.google.com
Source: m=_b,_tp[1].js.2.dr, so[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: history[1].htm.2.dr, home[1].htm0.2.dr, home[1].htm.2.dr, faq[1].htm.2.dr, team[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/client.js?onload=gapiLoaded
Source: so[1].htm.2.dr	String found in binary or memory: https://artsandculture.google.com/?hl
Source: so[1].htm.2.dr	String found in binary or memory: https://books.google.de/?hl
Source: so[1].htm.2.dr	String found in binary or memory: https://calendar.google.com/calendar
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: so[1].htm.2.dr	String found in binary or memory: https://chat.google.com/
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://clients6.google.com
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://console.developers.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://contacts.google.com/?hl
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://content.googleapis.com
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: history[1].htm.2.dr	String found in binary or memory: https://docs.google.com
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/document/?usp
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/forms/?usp
Source: base[1].js.2.dr	String found in binary or memory: https://docs.google.com/get_video_info
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/presentation/?usp
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/spreadsheets/?usp
Source: history[1].htm.2.dr	String found in binary or memory: https://domains.google.com
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: history[1].htm.2.dr	String found in binary or memory: https://drive.google.com
Source: so[1].htm.2.dr	String found in binary or memory: https://drive.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://duo.google.com/?usp
Source: so[1].htm.2.dr	String found in binary or memory: https://earth.google.com/web/
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-fCZK.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52xwNZWMf8.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KEww.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tKw.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcecodepro/v14/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcecodepro/v14/HI_XiYsKILxRpg3hIP6sJ7fM7Pqths7Ds-cs.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff)
Source: cookies[2].htm.2.dr	String found in binary or memory: https://g.co/adsettings
Source: cookies[2].htm.2.dr	String found in binary or memory: https://g.co/privacytools
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: hover[1].css.2.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: so[1].htm.2.dr	String found in binary or memory: https://hangouts.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://jamboard.google.com/?usp
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: so[1].htm.2.dr	String found in binary or memory: https://keep.google.com
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: so[1].htm.2.dr	String found in binary or memory: https://mail.google.com/mail/
Source: so[1].htm.2.dr	String found in binary or memory: https://maps.google.de/maps?hl
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: so[1].htm.2.dr	String found in binary or memory: https://meet.google.com?hs
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://myaccount.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://myaccount.google.com/?utm_source
Source: so[1].htm.2.dr	String found in binary or memory: https://news.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/widget/app/so
Source: base[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: so[1].htm.2.dr	String found in binary or memory: https://photos.google.com/?pageId
Source: so[1].htm.2.dr	String found in binary or memory: https://play.google.com/?hl
Source: base[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://plus.google.com
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: so[1].htm.2.dr	String found in binary or memory: https://podcasts.google.com/
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://policies.googl
Source: so[1].htm.2.dr	String found in binary or memory: https://policies.google.com
Source: ~DFFF23116C5CA0207F.TMP.1.dr, cookies[2].htm.2.dr	String found in binary or memory: https://policies.google.com/
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://policies.google.com/technologies/cookiesdHow
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://policies.google.com/technologies/cookieses/appdomain.cloud/distanced/index.htmldomain.cloud%
Source: base[1].js.2.dr	String found in binary or memory: https://redux.js.org/api/store#subscribelistener
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.Root
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.c
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/
Source: history[1].htm.2.dr	String found in binary or memory: https://sites.google.com/new/
Source: history[1].htm.2.dr	String found in binary or memory: https://sites.google.com/new/?usp
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/faq
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/faqry
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/hiRoot
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/history
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/history1SPS
Source: ~DFFF23116C5CA0207F.TMP.1.dr, {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/home
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/home.s3.au-syd.cloud-object-storage.m/view/settlements2
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/home/policies/technologies/cookies/m/view/settlements21
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/home/url?q=https%3A%2F%2Fabanoub1121m/view/settlements2
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeI
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeP%
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeRoot
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homecom/
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homee.com/technologies/cookieses/m/view/settlements213/
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeom/view/settlements213/faqryRoot
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeom/view/settlements213/historyRoot
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeom/view/settlements213/homeRoot
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/homeom/view/settlements213/teamryRoot
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/team
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/team$Settlements
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/teamrySPS
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://sites.google.com/view/settlements213/teamrygle.com/view/settlements213/history
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/css/hover.css
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/8.jpg
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/adobe.jpg
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/aol.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/gmail.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/office365.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/office3651.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/other1.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/othermail.ico
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/outlook.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/outlook1.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/mnb/images/yahoo.png
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/onedrive25/finish.php
Source: so[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: YBIY3K09.js.2.dr	String found in binary or memory: https://ssl.gstatic.com/atari/images/no_results_error.png
Source: history[1].htm.2.dr, home[1].htm0.2.dr, home[1].htm.2.dr, faq[1].htm.2.dr, team[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/atari/images/public/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://ssl.gstatic.com/atari/images/public/favicon.ico~
Source: so[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/images/p1_c9bc74a1.png
Source: so[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/images/p2_4b3829c9.png
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: imagestore.dat.2.dr	String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico~
Source: so[1].htm.2.dr	String found in binary or memory: https://stadia.google.com/
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://support.google.com/
Source: cookies[2].htm.2.dr	String found in binary or memory: https://support.google.com/chrome/answer/95464
Source: YBIY3K09.js.2.dr	String found in binary or memory: https://support.google.com/cloudsearch/answer/6172299
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: base[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: remote[1].js.2.dr	String found in binary or memory: https://support.google.com/youtube/answer/7640706
Source: analytics[1].js.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://translate.google.de/?hl
Source: m=view[1].js.2.dr, m=_b,_tp[1].js.2.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: base[1].js.2.dr	String found in binary or memory: https://viacon.corp.google.com
Source: base[1].js.2.dr	String found in binary or memory: https://waa-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Source: base[1].js.2.dr	String found in binary or memory: https://waa-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: so[1].htm.2.dr	String found in binary or memory: https://workspace.google.com/marketplace?pann
Source: so[1].htm.2.dr	String found in binary or memory: https://www.blogger.com/
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://www.google.
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: {DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.google.com
Source: cookies[2].htm.2.dr	String found in binary or memory: https://www.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.com/chrome/?brand
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.google.com/favicon.ico~
Source: AXST5WH2.js.2.dr, base[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://www.google.com/policies/technologies/cookies/appdomain.cloud/distanced/index.htmldomain.clou
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.com/travel/?dest_src
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://www.google.com/url?q=https%3A%2F%2Fabanoub1121524.s3.au-syd.cloud-object-storage.appdomain.c
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.de/intl/en/about/products
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.de/save
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.de/shopping?hl
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.de/webhp
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: base[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://www.gstatic.
Source: so[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com
Source: cookies[2].htm.2.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en_US.HkTejxkgdFU.
Source: so[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.VoGllg0TnUA.
Source: history[1].htm.2.dr, home[1].htm0.2.dr, home[1].htm.2.dr, faq[1].htm.2.dr, team[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/atari/embeds/5de913a2354e93acf4d43c4db53928e5/intermediate-frame-minified.ht
Source: remote[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: cookies[2].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: AXST5WH2.js.2.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/
Source: ~DFFF23116C5CA0207F.TMP.1.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/TBR-xtJVq7E?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: so[1].htm.2.dr	String found in binary or memory: https://www.youtube.com/?gl
Source: base[1].js.2.dr	String found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: base[1].js.2.dr	String found in binary or memory: https://youtu.be/
Source: base[1].js.2.dr	String found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: base[1].js.2.dr	String found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: base[1].js.2.dr	String found in binary or memory: https://yurt.corp.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769

Source: unknown	HTTPS traffic detected: 172.217.23.97:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.97:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49774 version: TLS 1.2

System Summary:

Yara signature match

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm, type: DROPPED

Source: classification engine

Classification label: mal88.phis.win@3/93@11/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF309FEA8605C84965.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4636 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4636 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	438538
Product:	CloudBasic
Start time:	18:17:16
Start date:	22.06.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\6A1C8KEL\www.youtube-nocookie[1].xml	ASCII text, with very long lines, with no line terminators	B7A4D004AE48A7AAA32420AB58080E5A	473E6727922CE656AD9394B44A813875E38B0D05	0A57F5BA5E7E1E28CFEBDEB076C303CF40DA00B8FEC120C418A9C68BE71A756F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DAF902A1-D3C0-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	D206A870C3DD1CB346D9385BA35F1754	E2855A49EF7279BF6AC1759202CB450D5CCB000F	26CAB704B1383793FF851066C592F2197513DA43B8CC75518D3D46E46F8F258E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAF902A3-D3C0-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	A02ACBE6ED45EC255768ACBA75D16ED9	E55BF50BC8B8F63B07FA650833C84059D6507A51	1AA9D076AAD9F1FBF37A858E46B6C9059B3E8FF17DAE0F317E71D1625BEDC432
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAF902A4-D3C0-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	E6627DFEFCB24434924F7EAC8CFAA91D	DC658E131820D2ABA61D024229DDE5887D36392F	5CE47D76B79AE889B4C2DB453179F3446D3F774BEB508D9C152434CA64A6595D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	DF242F6B7FC0D79FCBD98F9ECEDAF273	D43CD75B41F133EBFA003968962D9178551466B7	3CE3BFB0E52F3F1E6616AE8691C070B5A035FA2B6015136BC5F2AA4278124CA8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff	Web Open Font Format, TrueType, length 26180, version 1.1	4F2E00FBE567FA5C5BE4AB02089AE5F7	5EB9054972461D93427ECAB39FA13AE59A2A19D5	1F75065DFB36706BA3DC0019397FCA1A3A435C9A0437DB038DAAADD3459335D7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff	Web Open Font Format, TrueType, length 26412, version 1.1	142CAD8531B3C073B7A3CA9C5D6A1422	A33B906ECF28D62EFE4941521FDA567C2B417E4E	F8F2046A2847F22383616CF8A53620E6CECDD29CF2B6044A72688C11370B2FF8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4UabrENHsxJlGDuGo1OIlLV154tzCwA[1].woff	Web Open Font Format, TrueType, length 26164, version 1.1	CCDA7B53E281A638F36ED62514815268	CF6D39BAB2A012D008EC9EDF95F4F4BDACF93770	673F112749C21E5BE0D1338E1709A1D981053E239E98CE09D0BB849BB34FCD98
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\585b051251[1].js	ASCII text, with very long lines	D8CA71772D1E86D5FB9D5E2F6CC1AE70	9B043E60997FE552D652E4474E16AFF923D7AA76	7D840153F02AD6D91D652354E35B590721916D16C33956631EEF0E7D3B5613EE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AXST5WH2.js	ASCII text, with very long lines	58FF0BCF4F69EFC4E2E56EBC41B02195	0DB040CA51C43DA0D875BFC7E0CD09FC70808883	8581ABEA23A2523E5283481E683299E6A7309A818A2D36BD7854DCAD4BA10CCB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff	Web Open Font Format, TrueType, length 20404, version 1.1	BF0F407102FAF3A0B521D3B545F547A5	CA357CD0DE5DD0242E8EFACFB8D24AB60FDC86AB	855A06974032BB69157D469ABA6F63440E8BE47C421F45C3F396F4E0B87B6DE8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\adobe-pdf-icon-logo-png-transparent-285x300[1].png	PNG image data, 285 x 300, 8-bit/color RGBA, non-interlaced	2499C2758E9581401BDA79616C11BC23	3484F31C3E550A20BC52E9D124038E24869D3253	3CF94D7F901B97A6697F2E7AC4B4688779B0C705F48939A2E09BC86D7C24E350
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cb=gapi[1].js	ASCII text, with very long lines	D10DB2BFD46EAD8AF75114165BB241A2	3C7C289EFD12779AB1CD5671182001F2FC5CB061	9CF4DF76A10BBE97CEAAA6248F514497EB1A579AB579EEF5FCAEAEB7514AEBA8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cookies[1].htm	HTML document, ASCII text, with very long lines	1236E8C47E36E284FCE5F1DF55DB8061	A2C64FDE5B146CA1EAED2602ECA2893CDA8690A1	1A0B4259D334FC5DC1F1E908A5A99B5AFEA594BCDF0BAE2BA0DC394216508621
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cookies[2].htm	HTML document, UTF-8 Unicode text, with very long lines	A29920839B7CEB78CE5A604A7C118FB5	BCFE8DEE5BD380B90A80DFE88828933D3AE3A433	B7189AF6E6B9B569DAA58D0594B8D2503E3BF35E9E3BDE183631C9D63DA5C7A7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\embed[1].js	ASCII text, with very long lines	F2282EB34707750C8E83A9DC1618E543	47AEED231D95E15068367EFCF4F553B8E6295858	C9DDE92C72995D2A5636D09BA649D73E9D000023BEC4AF5DD6F0FAF51A9452C4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\googlelogo_clr_74x24px[1].svg	SVG Scalable Vector Graphics image	554640F465EB3ED903B543DAE0A1BCAC	E0E6E2C8939008217EB76A3B3282CA75F3DC401A	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.min[1].js	ASCII text, with very long lines	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\m=Ae65rd,Y9atKf,NTMZac,CuaHnc,sy1m,gJzDyc,sy1g,uY3Nvd,syh,syj,HYv29e,mxS5xe[1].js	ASCII text, with very long lines	26C047D82CAB58662CBF5FD19FC65939	6487CB3E46BD2F14E336FDA316F8CF164E007E18	717E2E60F072DDDED82BD1BB62493DBBB5B0DE3406857A31C54AB41AD5D2FFAE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\m=FqLSBc,krBSJd[1].js	ASCII text, with very long lines	A295A1F00CCD38A66F63D15E6EB28D7D	C08BDAFFA733EC3E1E19D702573061C585889D89	8A3170528491BF18698CCE4C64555B6BB0E0EE93B355842212C1B69DAD96E3D5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\m=_b,_tp[1].js	ASCII text, with very long lines	E84EEDDD0DDA66EF696727DE36B8E528	0711939424917CD4D8CA682C3B2097E3C79BD0E7	A319B7030856341FA455D36FF4AA1B884B313FD6EA49D932FB9F10F0396CE1D7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\office3651[1].png	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced	FE22440D79FFA34950F512EF4A718B2A	0E147E59544EE6580D3095353D4420849FA5EB8A	A2F26B68A6C8810C1AEB4048C938F835A86BA83756A7A440F989B967E78F3BA8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\outlook1[1].png	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced	C3FC46C5799C76F9107504028F39190F	519096AD3F03410CF9CE3C9B9FCCA6B439D97B23	57898461712A639D119BDF88B7145919DCC8956C7A271D2E4A1084B29EAE6785
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\u-440qyriQwlOrhSvowK_l5-fCZK[1].woff	Web Open Font Format, TrueType, length 23600, version 1.1	69F09800F4F6479D06E44EBA837DF872	5C889B1BEE3D4E75A5FC0749617A15C0E6922072	8E0F8D862D80DB8B358C03FCCD1FCEB993DEA6A22569620BCD0959806D3D1D12
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\u-4n0qyriQwlOrhSvowK_l52xwNZWMf8[1].woff	Web Open Font Format, TrueType, length 23260, version 1.1	BA56EA84B8084B7FF9677F50D3CD81BD	799C0C07912F6996B80459937AC097813B6B461C	649C6472A611C5BCFEBB341109E5754F205EE57550F5614577C6B6CB963D17AE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\url[1].htm	HTML document, ASCII text, with CRLF, LF line terminators	23EE223FF257DC316FB3228A8DCB304A	0F8D24F963C1FAA895311E933C406207412F1245	6B264FA9E896E51C91C7EEE62C2336F2520E543595DD4D780C676793E49D49CC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\EmbeddedImage[1].jpg	[TIFF image data, little-endian, direntries=2, software=Picasa], baseline, precision 8, 1280x740, frames 3	7163EA61402B5A78AF49CF9A35F47733	2E424471873B349280A62BCC964D6BC9D0F137DC	3D8AFD9036E89FDC543B20D109314C9B282104465B640CCCED689C8A0E1D5BC4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff	Web Open Font Format, TrueType, length 20532, version 1.1	DA2721C68B4BC80DB8D4C404F76B118C	3A32E8B7EFBC9DFB52F024D657B8C8C0A80E5804	BD811625271ACCA47F7DAC48B460F13E08EE947B2A8E17E278C4D5CCB5D9323C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmEU9fBBc-[2].woff	Web Open Font Format, TrueType, length 20012, version 1.1	DE8B7431B74642E830AF4D4F4B513EC9	F549F1FE8A0B86EF3FBDCB8D508440AFF84C385C	3BFE46BB1CA35B205306C5EC664E99E4A816F48A417B6B42E77A1F43F0BC4E7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff	Web Open Font Format, TrueType, length 19916, version 1.1	A1471D1D6431C893582A5F6A250DB3F9	FF5673D89E6C2893D24C87BC9786C632290E150E	3AB30E780C8B0BCC4998B838A5B30C3BFE28EDEAD312906DC3C12271FAE0699A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff	Web Open Font Format, TrueType, length 19888, version 1.1	CF6613D1ADF490972C557A8E318E0868	B2198C3FC1C72646D372F63E135E70BA2C9FED8E	468E579FE1210FA55525B1C470ED2D1958404512A2DD4FB972CAC5CE0FF00B1F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 20332, version 1.1	DC3E086FC0C5ADDC09702E111D2ADB42	B1138B84FF19EAC5F43C4202297529D389BD09B7	EA50AC7FDDB61A5CE248A7F8B3A31A98FE16285E076B16E6DA6B4E10910724BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOmCnqEu92Fr1Mu4mxM[2].woff	Web Open Font Format, TrueType, length 19824, version 1.1	BAFB105BAEB22D965C70FE52BA6B49D9	934014CC9BBE5883542BE756B3146C05844B254F	1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\YBIY3K09.js	ASCII text, with very long lines	36A929D88FA93366249EBAF736BB1B77	40AE4FB9C3C4D665862CF7530A1C088CE5A01AB2	895D303979FE64FB6D4F5BABDEA8A8A8000A8FBEB4701684FE2D88B0ED930F30
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ZwAIity5OytDQOj__cc8fuNOAUOVNWteP-Sel1v9cww[1].js	ASCII text, with very long lines, with no line terminators	DABD8E5BD27C13287EB071E5B9CE3B23	3039251CDF539B81EE882ABF902070AA19E3BFCB	6700088ADCB93B2B4340E8FFFDC73C7EE34E014395356B5E3FE49E975BFD730C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\adobe[1].jpg	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, frames 3	BE5274AF7D8BD25B8148A190FF515399	B8D0850FD92EE935287E17988B89E53607808C8C	26C62DBDF527B8DCBF378EA62F129CBBBA3B244730687909BA21ECD729C9D2E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].js	ASCII text, with very long lines	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css	ASCII text	271F7F08583B0FF51B875073985EEF7A	F0CF1FFCD071B020D761C8B3B19FA27A811CB694	CD2AB98D26494918A67D4D439CD43BFAC5040D52A2EA9995624AB9358EEE4513
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[2].css	ASCII text	04F7435B2672FBE66984EA436E7087C6	44896875E69B297EB979CC0D3E8522D872656BA8	F9088C15A062F0C7708C3864C5E261A2E4961DFEB0F150DF744FAEC2E3B74AD6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\history[1].htm	HTML document, UTF-8 Unicode text, with very long lines	6FA9AA7AE2F1FAEDE64A055056E62EA8	CB2708B3C0260B7C4462022C1FDAF3F225A1DB55	F5B604DEF6514F8AF5475B4862A963857DC793DC52ECDF91B18F47A818EB50EF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\home[1].htm	HTML document, UTF-8 Unicode text, with very long lines	8E3C52CC7052CE00CB614120D63FFA8A	8DB10454FEA77DC7D9920DF97246206AD83CE05E	75C9402ABE083ABEF91723171E469293A8C08293634D284F7159DC4666EC22F9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm	HTML document, ASCII text, with very long lines, with no line terminators	2C9C28BF50387166745E58C40D198C90	E488C9C188FD43AFF6BC408F27537713D9BEE8F5	5904B8A202319BBE36CEA2731F4958588D2A3012BB11F74833FE2199BC8C4D9D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery-3.2.1.slim.min[1].js	ASCII text, with very long lines	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\m=Ae65rd,Y9atKf,NTMZac,CuaHnc,sy1m,gJzDyc,sy1g,uY3Nvd,kTx9td,syh,syj,HYv29e,mxS5xe[1].js	ASCII text, with very long lines	62E7D249335E63284BF0A43AEA7EE2D9	0E5EEC8BDE0833029E9E717EA18DF32114F4595F	90BD3E200D09E78039DE3B8EF69D9D6563F63F2A2E583B2B710E639FFE7A8C02
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\m=Y9atKf,NTMZac,sy1m,gJzDyc,sy1g,uY3Nvd,syh,syj,HYv29e[1].js	ASCII text, with very long lines	399C3A01939A669E4AFDE3FF981E3D0D	3DB32E02C324579C0E90FAA0481045276CFEE9DE	F81B8AEF88551659B024087D25C3B333050E139B2D1EF0E5A0F574F7D583E94F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\m=wmlPKb[1].js	ASCII text, with very long lines	CAE83797C80890DC57DD11AAFD2A79E8	4BE626DF629928F59DC1498F87552CBF10191A0D	E172EDCAE46D87001421A70B2EC7C0859302F448DB708C6681A47CB25931BB9A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\pxiDypQkot1TnFhsFMOfGShVF9eI[1].woff	Web Open Font Format, TrueType, length 38064, version 1.1	E7BBF7E9E89975E144CBC167F2293FDE	0CB43D4E0ECF79C8AF6629CA1C386EA23FA02C02	A87A298223B431522629F284F2D237773F8257B2DB427904CA95EC20DFC34CDD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\EmbeddedImage[1].jpg	[TIFF image data, little-endian, direntries=3, description=Mockup image of male hands using a laptop computer and holing a smart phone both with blank whi, software=Picasa], baseline, precision 8, 5472x3648, frames 3	087A6238EC6F45E5DDF220A02D97B01D	14762F8D4BF4A168812FC425914BA41AC16CCA58	35823A90041E7E13F75C535AA7EAED0EA89EAFA9530B51556FBEA532727C5988
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\EmbeddedImage[2].jpg	[TIFF image data, little-endian, direntries=3, software=Picasa], baseline, precision 8, 1280x720, frames 3	22FA2342F9A5D8DB9C50302304C7298B	219B50CB469D088502875E57F51C4438F07B0C10	9723C7ECCB08342641FDF7D40E8F35288BDCCDC40FE6314FC54CEFDF30803D2F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\EmbeddedImage[3].jpg	[TIFF image data, little-endian, direntries=3, software=Picasa], baseline, precision 8, 1280x720, frames 3	0B7C67960E94094684E6AECEFC2E11C4	6D8376B0711E801B39499BF32F43982B161640A3	5752B65F3EB5E4603C3665ECD2F5C71398FA61EBA9F0F8D71303C458347FCA2C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff	Web Open Font Format, TrueType, length 20396, version 1.1	68D6DABFE54E245E7D5D5C16C3C4B1A9	7FDAB895EAEBECEDB3FB5473EAB94A1B292CEF19	A01A632E56731A854F35701AA8C3A6A19A113290D9032FF9048F8064C45383BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\TBR-xtJVq7E[1].htm	HTML document, UTF-8 Unicode text, with very long lines	B5AEFE35ABB23AFDE6757CCC86F6A44F	60137F54654CECB2AA4ADFD4E0CB32AEE7D8884C	55AE75D832AC2567D5C531FB311992FCBDB20E3B3617220529C53F268818294F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\analytics[1].js	ASCII text, with very long lines	042B7183D8645F5CF9D0D6ACD5FF8358	447A98467EA31E253ECB63EE8564C8B5E1E77D58	73D6A5EA11FB7BF6E6A6CCD44B1635D52C79B0A00623D0387C9DDDD4B7C68E89
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\cb=gapi[1].js	ASCII text, with very long lines	3820CFC9F68599B4BAAF02AEAC4D3729	E5F482617CC50F25F729A5EFC1CDD68797A9FDFB	29CD624CEF7BE1A2197EE367300E65708F199E3370B9CD83685243CC5696A71D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\free-v4-shims.min[1].css	ASCII text, with very long lines	8A99CE81EC2F89FBCA03F2C8CF1A3679	58F9EF32D12A5DA52CBAB7BD518BCC998FC59EF9	362DAEAF1F7E05FEE9A609E549F148AACBE518C166FBD96EAD69057E295742AF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\free.min[1].css	ASCII text, with very long lines	390B4210E10C744C3C597500BCF0B31A	2600C7C2F25D7DBCBC668231601E426010DC6489	C2819CA1F7AD1AF7BA53C4EDFDFD395C547BCB16D29892A234D7860C689ED929
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\gmail[1].png	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced	DCE2F2B0E50CB1DBB0246D152791CB46	D0A69C159304EDC08DB005163E7A0DAF5A1E98A6	ACF087C1757F08B0CFD53D59066544D7EF0BFCC50999E77C5813739CD9DC1479
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\googlelogo_color_74x24dp[1].png	PNG image data, 74 x 24, 8-bit/color RGBA, non-interlaced	DE327BF69212B7255BBB0C8F40F52A3C	8C9E7517E6456E13F3F4640E39743B74F98B8F39	0793CEFA320C6C622E8B143B35FAFB577BD7584C26796D3B5E1321463494FE76
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jizfRExUiTo99u79B_mh0O6tKw[1].woff	Web Open Font Format, TrueType, length 57524, version 1.1	09D43F89EE9F28893C5D175F5EFF5045	27DF60E5879AA568876F747F3CFACF28564F9B09	A1F431E4973D434EAD97B86815B31BB4553A7A3588FCD6D60D863C6150918F64
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-3.1.1.min[1].js	ASCII text, with very long lines	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\m=byfTOb,lsjVmc,LEikZe[1].js	ASCII text, with very long lines	D3F76272B62F2B5E927238325C10EF77	A8B5352FCCDA1AB903EB0EC23C9FB2B6819C5158	14067159CF59504CCF05C278722158449D6F13474B0E92254B93403FD9B2B823
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\m=pB6Zqd,syu,IZT63,SF3gsd,vfuNJf,syq,syo,syv,O8k1Cd,sy15,siKnQd,syp,syt,syz,YNjGDd,syy,sy10,PrPYRd,xs1Gy,hc6Ubd,o02Jie,SpsfSb,sy17,sy16,syl,zbML3c[1].js	ASCII text, with very long lines	C97299BD33CAD8BA835679D81D538E61	7D3A9555CE6ABA7E1A3755F3C9BC833F4AA0AC1E	8ACE00BF353B1097512FF4400DF65BB8DA9C69C9DAB8451287DB05961DD50B8C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\m=sy26,sy20,sy2g,sy2i,fuVYe,vVEdxc,sy2b,CG0Qwb[1].js	ASCII text, with very long lines	6DA3579C3B2220517F07D38E24E94018	065CBDE1147FE9EA867EB4DF4CB0A4D715DEC405	2E9FF576322BC3B84CD57D3CC28C5A81DF523C9F057C05B14E5CEE1F85794419
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\rs=AA2YrTvhqESG86SancEQRa0zo3UDA8gUsw[1].js	ASCII text, with very long lines	F54ADDB6A82F4DA750DEB23068801903	8E3B158EFD814E33F0808A39AAD91CDDC328BCF8	24CAB23B95F72DBC8B7C405A7BF860AF79BA4A2BDBC3DE71B975350F036C7485
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\so[1].htm	HTML document, ASCII text, with very long lines	A844F131DE8CE5CB2400BC544B35E697	F609D9948ACB02A6C0A0231A76052195E77EEA6F	AB717A4C482B5FCA09CF7B5246BD1DB67E87D58BD0ADF885084984791A3A9A53
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\team[1].htm	HTML document, UTF-8 Unicode text, with very long lines	33EA778155EBAE98F5D8372C3CDB9991	24052A1AE3D01FC6BF677AFE430D066850B15100	97E399120AD1B5F69D5C1EC50B602FFB344A7B9B2B5A2D5E3ED6AE0B3FE1EADD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\www-player[1].css	ASCII text, with very long lines, with no line terminators	F7EB95600EC9342B761AB35D56F0F4B1	E13B47C0E51E8523BBCA4AFF0E929C8DDE214410	0956EC23CD20E20D93B256B8ADDE56E725D276B8878C0F19FF22ABE2F529C02F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\8[1].jpg	[TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, frames 3	F17B5B1163EFB6D2D47DE6BAE6D3A9CD	6D6964B34BC44C6D2B106ADE1AE675985B96D012	7829F065E0E10C8466F3D57766E0719421B7B652F6A1082F21B98702F1B28A30
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\adobe-pdf-icon-logo-png-transparent-285x300[1].png	PNG image data, 285 x 300, 8-bit/color RGBA, non-interlaced	2499C2758E9581401BDA79616C11BC23	3484F31C3E550A20BC52E9D124038E24869D3253	3CF94D7F901B97A6697F2E7AC4B4688779B0C705F48939A2E09BC86D7C24E350
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\base[1].js	ASCII text, with very long lines	F05ED7516760B11D702A52698F48741B	014263516C0615DB3FA58EF9014420E8B54FE2A9	3834FAAD744E53AA5F64EC5D70A1F18B1EE549B20CB2D6E60841783D2C1A3F05
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap.min[1].css	ASCII text, with very long lines	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\client[1].js	ASCII text, with very long lines	82A90F0E1811E62E3A5E292C04F38DA5	C49C83BC553523E3B57893C50BDA4EBF3F6608B5	5E73CBD5BB11FED64C160136D9F06BEDCF8CA0279FDE3FEC28E04677559B7B22
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css	ASCII text	EB0CD88A60302BF95C95366E2C82FF29	47FF9E436F413113B215513E0EF08ED150AA3C2A	1CDD30E7B0C4E941967839C5DD5671F1A95648EE30E61B554513B3692F8D1640
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\faq[1].htm	HTML document, UTF-8 Unicode text, with very long lines	E308D1F564ADB725603ABD00AF82F6C0	DFB6C871282F4000F03EF46832759953B1B3DC76	994A72D5D7BD4EC9CB47A0976C0F96EC2BFC46C6846B21217FF3F5CAB60BC66F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].ico	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	EA69A3F95DD5484853D128186DB7E13D	5FDB5FE05108FD6E5386BBDA06778AF4B446DC6A	8179E80BCFEF62154D1FF7371A1C60BD2C6C1E71C3DA2F4A8B1DB518A1900EC2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[2].ico	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\fetch-polyfill[1].js	Pascal source, ASCII text, with very long lines	04E3CC8A9641B3F9F9C9370F4E9B5BDD	9602A891F583094BB04FD407B253ABCAFFB8C8D0	DE6C4FFA2BD9FD283610E28D0DB2EC48607AAB39D213A51AEF248673A0A7E980
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\home[1].htm	HTML document, UTF-8 Unicode text, with very long lines	CE4EBEA9F2EE43434CFBE3F8D4DD556E	F4A01C2BB6CDEDFB8D3E92F58928292287A32B3F	5DF3EEEC5A22099D6D580A72B6ECAE8D031EE861BC2C7BC0338054C49F28C32D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\hover[1].css	ASCII text	FAC4178C15E5A86139C662DAFC809501	EF1481841399156A880EC31B07DDA9CFAA1ACE39	BB88454962767EB6F2DDB1AABAAF844D8A57DE7E8F848D7F6928F81B54998452
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jizaRExUiTo99u79D0KEww[1].woff	Web Open Font Format, TrueType, length 55340, version 1.1	7A9A412D3B5F0FCF44A43035EF5749EB	0515F781A37C8775C466577EC40AEF136CBCF3CB	1EC30E5248358ADF73BA90108EB2978F9E3A4855EE52BB64BCF3FB1CEF68DE7C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\m=IavLJc[1].js	ASCII text, with very long lines	8F24B5ADC1F383297F93E8EC560D912A	AB452934A03471658D3105772D9908BC04D9D677	73912EAAA00EC200B0513C5E4C00BFE3F02AEB7FE3760D3C484FDE2BBBD846DA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\m=Wt6vjf,_latency,FCpbqb,WhJNk[1].js	ASCII text, with very long lines	7D0A4EC347D199D13E0D7C678DA2E221	8904573160FA4B530BDCF2913B9BE39AEAFABB1D	30B898B142CB8E1FFECF9BA0DD64D7F548A05D8E5E775572B9959769D85B0A18
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\m=view[1].js	ASCII text, with very long lines	9A24BDB8D21AE242FE5BE7A961CC8C07	FF4DD3C406CCE58E8CC5C50492076C4B1BB9687B	186C9A702B0A8FBF23ED08CB5EC47309AC1B087B5E96C426FAAF4315ED7B67E2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\other1[1].png	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced	6843A244E12FAB158AA189680B5E7049	0E1C691F87CC4FA35C88344974F2829C40176B70	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\popper.min[1].js	ASCII text, with very long lines	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\remote[1].js	ASCII text, with very long lines	5C06B6F51B8E7097522EFF73A26242AC	BDE419B8DF1FF22D1B7A28E534F0E3CF81C39494	4AC66C25615894C4154C349FF7A2D8501F46881622CD9C27F482424940F45A0C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\rs=AA2YrTtPtU9izWoJXQVEkjBV77Qhz74j5g[1].css	ASCII text, with very long lines, with no line terminators	1B72E69FDEF1E3682A3EAFE2F5D81BDE	D4F2DAA025C2CF92332E5F5A2E692C6AC1C0512C	296B72791199FCA038A621E32B7C6AD4EF056FE5C361BCA2797A06D6A0CC0AAA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\rs=AGEqA5np4GsaSgpKcbRjMJpEQzhhkjtoZg[1].css	ASCII text, with very long lines, with no line terminators	1F20FCA510B69A2345F1815CFC24CB55	3B9BEC45F729318C55DF6296BA0FAEE3202CD4C6	1BF644C152CD5F7FF5A133E76F5A267C9E61F52329D488A5F96BC9BB8D648EF5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\www-embed-player[1].js	ASCII text, with very long lines	E00DB8FD59BE0FF369649B489C48FE5E	CEDE95F3DCA0509C7F0D6DCD113666F27F15EA1D	357666C70339CF6A94535DB39DE633477890624B7C75CE0CE34D65B47AF167F0
C:\Users\user\AppData\Local\Temp\~DF309FEA8605C84965.TMP	data	5B312F9559F7F91EFF04163EFABBAFC2	03FEC6075F012D55E2C2BACE880A82040EF753B2	BCA9EAAB813738337B6160B53B35998D3245799A208E2F43FF77BF5005FC4E8D
C:\Users\user\AppData\Local\Temp\~DFB3F85CD5A509D60B.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DFFF23116C5CA0207F.TMP	data	371A14BAEECAC969036FFDAE6513D8FF	0A26D0926DC93084FE94E6A556EBA377C8549E16	6E98F9D9B5DFB96DAF8380EDB3C107F9E544C408C43AF90DF23B380938E1BD21

Windows Analysis Report https://sites.google.com/view/settlements213/home

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs