Analysis Report http://bit.ly/33yXOqz

Overview

General Information

Sample URL:	http://bit.ly/33yXOqz
Analysis ID:	434152
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: https://accounts.binance.com/en/register?ref=FMWFHEVC	HTTP Parser: No <meta name="author".. found
Source: https://accounts.binance.com/en/register?ref=FMWFHEVC	HTTP Parser: No <meta name="author".. found

Source: https://accounts.binance.com/en/register?ref=FMWFHEVC	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.binance.com/en/register?ref=FMWFHEVC	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.84.150.20:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.84.150.20:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.72:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.72:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 47.246.43.252:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 47.246.43.252:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.140.155:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.140.155:443 -> 192.168.2.3:49749 version: TLS 1.2

Source: global traffic

HTTP traffic detected: GET /33yXOqz HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: bit.lyConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: bit.ly

Source: DINPro[1].otf.3.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://s2.symcb.com0
Source: IBMPlexSans-Regular[1].otf.3.dr	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLHow
Source: IBMPlexSans-Medium[1].otf.3.dr	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLIBM
Source: IBMPlexSans-Regular[1].otf.3.dr	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLsimple
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://sv.symcd.com0&
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: IBMPlexSans-Regular[1].otf.3.dr	String found in binary or memory: http://www.boldmonday.comhttp://www.ibm.comThis
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: DINPro[1].otf.3.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: {67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.binan
Source: terms[1].htm.3.dr	String found in binary or memory: https://accounts.binance.com/##/terms
Source: register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://accounts.binance.com/en
Source: ~DF979CAEB4102324A6.TMP.1.dr	String found in binary or memory: https://accounts.binance.com/en/login
Source: ~DF979CAEB4102324A6.TMP.1.dr	String found in binary or memory: https://accounts.binance.com/en/logincon.icoo
Source: ~DF979CAEB4102324A6.TMP.1.dr	String found in binary or memory: https://accounts.binance.com/en/loginer?ref=FMWFHEVC
Source: ~DF979CAEB4102324A6.TMP.1.dr	String found in binary or memory: https://accounts.binance.com/en/loginer?ref=FMWFHEVCl
Source: ~DF979CAEB4102324A6.TMP.1.dr	String found in binary or memory: https://accounts.binance.com/en/loginer?ref=FMWFHEVCn.ico
Source: register[1].htm.3.dr	String found in binary or memory: https://accounts.binance.com/en/register
Source: {67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.binance.com/en/register?ref=FMWF=FMWFHEVC
Source: ~DF979CAEB4102324A6.TMP.1.dr, {67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.binance.com/en/register?ref=FMWFHEVC
Source: {67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.binance.com/en/register?ref=FMWFHEVCRoot
Source: {67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.binance.com/en/register?ref=FMWFRoot
Source: {67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.binance.com/en/register?ref=FMWFce.com/en/loginRoot
Source: {67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.binance.com/en/register?ref=FMWFce.com/en/loginer?ref=FMWFHEVCRoot
Source: {67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.binance.com/en/register?ref=FMWFm/en/termsginer?ref=FMWFHEVCRoot
Source: {67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.binance.com/en/register?refRoot
Source: gtm[1].js.3.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.3.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: terms[1].js.3.dr	String found in binary or memory: https://api.binance.com
Source: register[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com
Source: register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/
Source: register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/chunks/2edb282b.60630a6f.js
Source: register[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/chunks/a29ae703.f5bfeb41.js
Source: register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/chunks/commons.b6d5e21f.js
Source: register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/chunks/framework.8cb8f4fc.js
Source: login[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/chunks/page-0042.d90db68e.js
Source: register[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/chunks/page-ef7e.9bb9a00d.js
Source: login[1].htm.3.dr, terms[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/fonts/font.min.css
Source: login[1].htm.3.dr, terms[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/fonts/index.min.css
Source: imagestore.dat.3.dr, register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/images/common/favicon.ico
Source: register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/runtime/main-97444d71f02a482212cb.js
Source: register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/runtime/polyfill-bd1f24bc533fed68f49d.js
Source: register[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/runtime/react-dom/react-dom.production.16.13.0.js
Source: register[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/runtime/react/react.production.16.13.0.js
Source: register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/runtime/sentry-6bfba67d84557d2e7c37.js
Source: register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://bin.bnbstatic.com/static/runtime/webpack-b677f776931420eaa812.js
Source: register[1].htm.3.dr	String found in binary or memory: https://binance.us/
Source: terms[1].htm.3.dr	String found in binary or memory: https://binance.zendesk.com/hc/en-us/articles/115003784871-How-to-Change-Account-Email
Source: gtm[1].js.3.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: DINPro[1].otf.3.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: DINPro[1].otf.3.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: react.production.16.13.0[1].js.3.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: common.7ffbfe3dc7591a8c5e8d[1].js.3.dr	String found in binary or memory: https://ipa.optillel.com/default.html
Source: gtm[1].js.3.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: register[1].htm.3.dr	String found in binary or memory: https://public.bnbstatic.com
Source: login[1].htm.3.dr	String found in binary or memory: https://public.bnbstatic.com/static/images/common/ogImage.jpg
Source: react.production.16.13.0[1].js.3.dr, react-dom.production.16.13.0[1].js.3.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: terms[1].htm.3.dr	String found in binary or memory: https://research.binance.com/
Source: register[1].htm.3.dr	String found in binary or memory: https://sensors.binance.cloud/sa?project=binance
Source: webpack-b677f776931420eaa812[1].js.3.dr	String found in binary or memory: https://static.devfdg.net/
Source: analytics[1].js.3.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: analytics[1].js.3.dr	String found in binary or memory: https://tagassistant.google.com/
Source: terms[1].htm.3.dr	String found in binary or memory: https://www.binance.charity/
Source: {67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.binance.co
Source: terms[1].htm.3.dr	String found in binary or memory: https://www.binance.com
Source: terms[1].htm.3.dr	String found in binary or memory: https://www.binance.com.
Source: terms[1].htm.3.dr	String found in binary or memory: https://www.binance.com/cn/markets
Source: terms[1].htm.3.dr	String found in binary or memory: https://www.binance.com/en/fee/schedule
Source: terms[1].htm.3.dr	String found in binary or memory: https://www.binance.com/en/privacy
Source: 33yXOqz[1].htm.3.dr	String found in binary or memory: https://www.binance.com/en/register?ref=FMWFHEVC
Source: ~DF979CAEB4102324A6.TMP.1.dr, register[1].htm.3.dr	String found in binary or memory: https://www.binance.com/en/terms
Source: ~DF979CAEB4102324A6.TMP.1.dr	String found in binary or memory: https://www.binance.com/en/termsginer?ref=FMWFHEVC
Source: terms[1].htm.3.dr	String found in binary or memory: https://www.binance.vision/
Source: register[1].htm.3.dr, login[1].htm.3.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: gtm[1].js.3.dr	String found in binary or memory: https://www.google.com
Source: gtm[1].js.3.dr	String found in binary or memory: https://www.googletagmanager.com/a?id=
Source: gtm[1].js.3.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: register[1].htm.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: register[1].htm.3.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-M86QHGF
Source: terms[1].htm.3.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/new/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.84.150.20:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.84.150.20:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.72:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.72:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.83:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 47.246.43.252:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 47.246.43.252:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.140.155:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.140.155:443 -> 192.168.2.3:49749 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/50@7/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF7A18F9AB30A84FC3.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5776 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5776 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: agree
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Accept
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: agree
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Accept

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.140.155	stats.l.doubleclick.net	United States	15169	GOOGLEUS	false
52.84.150.20	dobbmei4jnjlh.cloudfront.net	United States	16509	AMAZON-02US	false
13.224.99.72	d2dbdn71e1vorj.cloudfront.net	United States	16509	AMAZON-02US	false
13.224.99.83	d350tlfey47vr7.cloudfront.net	United States	16509	AMAZON-02US	false
47.246.43.252	at.alicdn.com.danuoyi.alicdn.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
67.199.248.10	bit.ly	United States	396982	GOOGLE-PRIVATE-CLOUDUS	false

Contacted Domains

Name	IP	Active
at.alicdn.com.danuoyi.alicdn.com	47.246.43.252	true
stats.l.doubleclick.net	74.125.140.155	true
d350tlfey47vr7.cloudfront.net	13.224.99.83	true
bit.ly	67.199.248.10	true
d2dbdn71e1vorj.cloudfront.net	13.224.99.72	true
dobbmei4jnjlh.cloudfront.net	52.84.150.20	true
www.binance.com	unknown	unknown
at.alicdn.com	unknown	unknown
bin.bnbstatic.com	unknown	unknown
accounts.binance.com	unknown	unknown
stats.g.doubleclick.net	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
http://bit.ly/33yXOqz	false	high
https://www.binance.com/en/terms	false	high
https://accounts.binance.com/en/register?ref=FMWFHEVC	false	high
https://accounts.binance.com/en/login	false	high

ID:	434152
Product:	CloudBasic
Start time:	13:44:22
Start date:	14.06.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{67D0C6B8-CD51-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	CBB650745F4E94D8493643B8316DA650	9389CD90AA8C9AE491B8DAF6B21DB2BD0ACD818C	4C60AC3D06B939CEE9BFE2B42FD7FB30160EAA11F5DE2B28412EBC127F5C6A3F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67D0C6BA-CD51-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	96169DCE14949335C4BD8709A1997907	6BAFC1D915FBE7D07046F609BE08FEEBF9B6D159	25E801B3871CB3C1566E55A427D2269298AE1FB656999016E2E9650970E6F487
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6E30374A-CD51-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	4F37894F22940B99F0F418BE3FCA7B4C	10DEB3C0E99AC955C9BC7D5DC2DE05E10984DA78	B8352AC9A1D6A45DAC1C1B77731EF466626ACC0FDF5252BF45F246F64C6E285A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	91BD114E01FDE3D3729F272811198396	BE5A9644C870191E735EF495D5D0243CB7199B7B	85F2C77762F64E9AD36AD6FA3830B067F57DC9B39E34180CD1167C25B158A96D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BinancePlex-Light[1].otf	OpenType font data	EA33CFA4CEE19BB92E4A35A2CAD8CA51	7552CB9837E6ED5ED877F2CA24CFC1A9C312B13F	B57351C9057D720855F5E01CE6949B507BA3AB3F0D862EED12E3920138C82CFF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BinancePlex-Medium[1].otf	OpenType font data	E62616B17992C06E206C26E8C77C4527	28B1571B7EC4A01ABAB5112CDA887D863CB0006B	2FCAA10BFBBD655C38893D0EEDAE224485B86996A727D4C2C000B6EEBE2AB63A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BinancePlex-Regular[1].otf	OpenType font data	04490825E9C5C0A9121EA343727BBA6D	DCF9CD7F1399B73F974452E7F206A11C4D9148F5	B57676888C12C1C5FE37CB3B46297C3FD455E0F80473AEAB535EDC25BE1FF304
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\DINPro-Medium[1].otf	OpenType font data	7ADD596F6B305F3FA164545E0408F91E	447928D7F57BCBBC042989D9012C317CB9A429FF	97FEE43485A1D0BC83F02D17A0DD485AAB2E462260A493E677FC4FA62E911158
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\IBMPlexSans-Regular[1].otf	OpenType font data	177A43AC4FC0A37D2A513F485415DF99	B757C7BAFE09932C4B85A4DD7595D9237AC49278	C2D471ED566D2B4CA41EDD775812EDB1139FE9378398778A3C22DD1B1EF09203
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\IBMPlexSans-SemiBold[1].otf	OpenType font data	1F4B8BE3CD1279667D74469B65FC2BD4	264D28C262CF9EDD6809173AE9F86A24D4933069	74BA88956E15CDE5833BED692A7A489DBEF358804148BC282DAB95A66C49172E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\font_965384_ywm0tdz79y[1].css	ASCII text, with very long lines	279E27BE1475031CC70133F42674632A	86DE4FC3FA553006C8B6C8BC5C87E3C031D9B40F	25A11AE19DF9B03C683E821198EC1F7C360F6DFDDFE4CDC66676B788CDF098F7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\login[1].htm	HTML document, UTF-8 Unicode text, with very long lines	D388E7A20377A11C9F585E7408B92550	EFC03A620C2EA31E20604CFFC6A13AE4394FCB1A	9A1ACB52BF3377054D5FDC559197C3BE43AB16E61575208E7E248DCC3D8FE323
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\nav-logo[1].svg	SVG Scalable Vector Graphics image	6E8A376027D154EF6829C91593DAEE14	4B72B50D92AC41ED3DBCFEA19C41D6F35D9F97F3	14DB4CA6B522FF67B02D2132A94CE107339E2F99B393BA5C847A7DBCDC705128
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\qr[1].png	PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced	9558E6F3AF38A182C719E117C1E0A924	60F041B9F85583F4D8D43283645F2081C346B938	A9F935EE2230110B536FCBE1A3829E1C6A49172ABEEA899A5D82F6B1F7DE6DA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\react-dom.production.16.13.0[1].js	ASCII text, with very long lines	A5A4DE9578054F7FB44DD553574D0931	58F38160F6FA0EC928A87F09F41481FB9DCA8BE3	6E3438D9A73710DD06A8AE34A42F601A2FD88B1BCAC99DB8A8C3FFF478865BBC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\single-react-virtualized.6a58c904c8b882ec1bcd[1].js	UTF-8 Unicode text, with very long lines	F4833709AC53818ABBCEB3DBBF1690AB	4BEB86E2F56148B6ACBD66D1FE03472C58FACCD2	F4BD54C24AE3E143668A0AD524FBA33A23079481D42EFC8EEBFF9D1FE5304BEC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BinancePlex-SemiBold[1].otf	OpenType font data	5B46049F6AC5E0EDC5C3208EC5BD08DA	41A561F5A28A023DEA2563BFA2AF49CE822FF22D	7AFFB9ABEF8FAA60DDBF1DCA59EE237801B4EA8FFF9AB5283EDF00D469168200
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\_app[1].js	UTF-8 Unicode text, with very long lines	5BCAD4CF0440DABFF0E0FDED1B15E592	0C11F6EED72B2F68AA70D97DB4830D11E2245327	BA21061E29B733A1D4DF745580AEA77625207184BFBCEC028D0FE18B3721BE53
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\common.7ffbfe3dc7591a8c5e8d[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	92F5A7D3766AAF9CB20CDBE8E75AD0D4	57A83F88F237CEE00C9FA5D51ACE60300BEAC041	DB561C57906D0D3ACA5D52637781C003139C116756546AA63410A376B6AD0211
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon[1].ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	43365839589FC348172246E108C1297C	007371E7D77D2E18516E6D394FF7A84A8DE6D374	8318EBBCB1CB4729EB0F78BB058DC618C3B63F9F9F0070A1A7A3265FDC79B833
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\font.min[1].css	ASCII text, with very long lines, with no line terminators	4A26CAEC5231BCA89355FE677287852B	13368820ED3A75B63AE75B946BD2B0F652FA9F01	739F5B8AFB10A2C9C8BF79AD1F79752745DDF3B336ACC8F717AC167AEA7B76DB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index.min[1].css	ASCII text, with very long lines, with no line terminators	BE9F189AE23508F9DDD04FAE65010F79	8BC8553105E198141537B28697E9F36A1CCFDE12	7619529D2ECDD660AD9D274119649BD2BDAE601DAC4420690E65CDAAEF83EEB5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main-6681b1a2a371a6182a31[1].js	ASCII text, with very long lines	5D16D08CA43235A17CD821D35C0C3DF7	5EB577388ABB943F3FEBAD4ABD0E81009B7181CC	5E076A13DF401CBB8650435AF12CC0AE5B9D53E9E3351486FE674351F99C68F5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\react.production.16.13.0[1].js	ASCII text, with very long lines	0A82F766CC2D7330A971407E82C4E4A1	3DD41E46FE56AEBFA6CCF0A5170738134D65E8AD	DF61A6C39AC10D7C8C8E0FFBDC5829BA4A1365D32BC6E616EED8FC69D6CDF33E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\register[1].htm	HTML document, UTF-8 Unicode text, with very long lines	7A3B58C9D73B6CCE2F2474BC28169DA6	89A6D8A4F5C35B8ECFDA0B7A90A03423B34097E2	058811903124277380EB683800352BE917D69362EA5012E1F9F3971C735271A0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\terms[1].js	UTF-8 Unicode text, with very long lines	65D29E062C8409F90A15F955F3B8B1B5	5A792B5FB78072A32E7883D17CB376C52B80AE0E	295458BE35A535CD6A6EEF6DE89108A400471FCB14F3723BD990433982D86474
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\webpack-b0e8e466f94c69e6d0df[1].js	ASCII text, with very long lines	38CFEC1AA1092A8E29651BB480D7F528	0BE233469827153986573B58A2847C2BD2485278	C3F78E6DDFE7B9A15FF9CAC9DD68551A3FFE0F4CE04414364CBD1C800DE89D0E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\2edb282b.60630a6f[1].js	ASCII text, with very long lines, with no line terminators	73F0D846A4141D4EBC90A01AAE8F5890	FB334B2740EA4985B94264942D9E69A4F3423136	D9D20EBB5A1655CF08741C38AAA26FF5991AB358D4AED88398E29505A739D1AF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\analytics[1].js	ASCII text, with very long lines	6DF1787C4BE82D1BB24F8BFFA10C7738	3634E839429E462E49C5F42B75FBFB4BA318AF6D	2CB09C7B3E19BFC41743CA3624EF81C3258D56525647FEAC76AA757E0292627A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\base64js[1].js	ASCII text, with very long lines	B395840FE5E8E68480140CA99BC75A0D	3FD12FA2058220DFBF275A2F7B1A1E0E388DB86E	5FAAA4238E733233CE34B1E921A402A091A3DD033F76DB1A85D1A12960B6FF72
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\base64url[1].js	ASCII text	6D6174A3E7AC812129031B326817B0FE	093E47B5B5D399DF23093C6953712DE102D02F0E	48432E70B6C0679ABDD2BD6BDB70618B5542FF35FFF10258C9E650761C666DDE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\framework.8cb8f4fc[1].js	ASCII text, with very long lines, with no line terminators	90334780D83DDED59289D75CA7DFBB63	AF390D6DCDF8EEDFACF0634E778E6547BE506D3B	C72CD440E6C001C34D7C306F2505574CC736A206E80C9B3C4CEAA5A4CEE1BAAC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\login[1].htm	HTML document, UTF-8 Unicode text, with very long lines	D388E7A20377A11C9F585E7408B92550	EFC03A620C2EA31E20604CFFC6A13AE4394FCB1A	9A1ACB52BF3377054D5FDC559197C3BE43AB16E61575208E7E248DCC3D8FE323
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\polyfill-bd1f24bc533fed68f49d[1].js	ASCII text, with very long lines, with no line terminators	7896CB28C578531FE981C82FE464FCD0	8E226A0056AD84AE7E67823DCBA925E364FE9B1C	0CE539406E6F499F869B3FFA42EB85C814C16CC1E07E41879059F091FC276810
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\terms[1].htm	HTML document, UTF-8 Unicode text, with very long lines	3D7F497A88C51BC242D2823A62A4D944	12B3A8BFA157D1EA03E0C149106A56654E40FCC4	8434B882362D9716728F20B4E29A8D92709C6A3E21A45336AD370566F24C91DE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\webauthn[1].js	ASCII text	5A476C2C0986390D8D2FB6BDFEBB09A1	A0A7DAD849B8487745F02814B7AF438938A28396	D66301B26D8A13251652758D92E9EE59049FC1A3C8895A86EC65FAF2F443074D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\webpack-b677f776931420eaa812[1].js	ASCII text, with very long lines, with no line terminators	59F30D822BB88211CFCE621F83D326EF	3E10D95CD80CD751AA01707D44C46F35C8BDA449	F6AF24F7515DAA39B338A37B0AA405A0E455E928A54150E4A018AB6BCA7BE2CC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\33yXOqz[1].htm	HTML document, ASCII text	C9D040F0329899A5E4B012294552FEEB	36A9FB288F02E0B2540717C5E50A4C5F0A82555B	12E70239357E008146E81891E9AC0B638542736CBC8889C3FAE5C08F100BF1BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\DINPro[1].otf	OpenType font data	417573464028546F66ED7C6C75DCB7FC	AB7FCE480BAFB34739CA267AA8F8B1EB027CC12B	E47B684083568492D92BF3D4B882DF031079ED20BC54187593D2689926515F5E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\IBMPlexSans-Medium[1].otf	OpenType font data	749823864C923056A30EC5C89BB40119	812F7BC5D3F01CFC874B37CB4D295C8B2FD31A36	1766A94EB7BD514ECC13C4A2E9511F37A999FE28F29A0848BA1C0EFD4FF90523
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\common.bb87e7b8.chunk[1].css	ASCII text, with very long lines, with no line terminators	5DB7E6490CA4A2E35CA19D8338428E64	399C1F8679CC923BABE893CDC61E171758E992EF	6892105622C817F300B7DFE6B5A5D801C6013950E4CD900EE1DFA2CC786589FA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\commons.b6d5e21f[1].js	ASCII text, with very long lines, with no line terminators	EAA13F013202A71BDCEDF4DD1E99D455	8588A5A7C3C1B7486F1DC1A919866ECD01191B03	A366A584121879CF16E211448FD1D8036546C24FA17416779B17357CE7839D39
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\en[1].htm	HTML document, ASCII text, with CRLF line terminators	67194376EC810B1466000B45B043AB94	B5B0840425F5602244750801336E7E8B9EFD022F	39E3595D59216B98E54C6F089954D1397D9EB7F75A2A85914881CEC2EEF07164
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\gtm[1].js	UTF-8 Unicode text, with very long lines	7FF86F9592E09F1EC6954F3F32D23656	B859046A9BA3E48937A9E8CE91B3502794DFA85D	1CA1FAF45BB5A0AFB26F50BDB92529456A77720319DECC0A349978667BFE7148
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\main-97444d71f02a482212cb[1].js	ASCII text, with very long lines, with no line terminators	82EE7854E66C7CBE1D38B9ED1D9FB0EB	956A9E24BE4D7411A493C4FC32F059AD93626A9B	BB1B96C71EC4352E4A824DE1BF0E39B3F9E4CF1E1E35E37D6A1775B0DDCE1225
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\sentry-6bfba67d84557d2e7c37[1].js	ASCII text, with no line terminators	A81EAF17706F297F796AFC6BFFC90A34	419B7FCF15106B5AF84BB0939092052D882EF66E	1BF4F3037F4BA06CF9785CAF053901B435EED7950231FA043F04B8EAF2DD2BB9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\single-react-virtualized.f15cf25e.chunk[1].css	ASCII text, with very long lines, with no line terminators	08E94D970396F79DA6E539FA42EF30A0	6E6DCA962855CFA98341F284C4931339A25F6876	60230F529D891D5BF1B8C31814892D5656A5939135A1C97DCAE9F748A55173BF
C:\Users\user\AppData\Local\Temp\~DF7A18F9AB30A84FC3.TMP	data	C95720B538C0C89B98FD9D9E74A65522	3DA15EBAFA3017E01AD7A7DB15044A6067598111	A9DCFFBB4A6A8FA28EF7621E7097402047B1F1D3B0F7A17F933419664053675E
C:\Users\user\AppData\Local\Temp\~DF979CAEB4102324A6.TMP	data	571BA9FFE418296F6BCA2A890AF57F33	AE56CFCF786502CADAB800B3685F44E108F9EC03	A522901B076625900EBCA1CFCF45515AEAF7B98662C02F3FEDE2F78CFC8A2073
C:\Users\user\AppData\Local\Temp\~DFBDB99838C6FAF90E.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA

Analysis Report http://bit.ly/33yXOqz

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs