IOCReport

loading gif

Files

File Path
Type
Category
Malicious
One Note shergott@vivaldicap.com.html
HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5371553-758E-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5371555-758E-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5371556-758E-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\font-awesome.min[1].css
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fontawesome-webfont[1].eot
Embedded OpenType (EOT), FontAwesome family
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fontawesome-webfont[2].eot
Embedded OpenType (EOT), FontAwesome family
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].css
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-3.1.1.min[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\font-awesome[1].css
troff or preprocessor input, ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\popper.min[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Temp\~DF21DEBDFF8AE13ED9.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DF3DB5A53056DE5405.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DF973A53439F94DBC8.TMP
data
dropped
clean
There are 14 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\internet explorer\iexplore.exe
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6148 CREDAT:17410 /prefetch:2
clean

URLs

Name
IP
Malicious
file:///C:/Users/user/Desktop/One%20Note%20shergott@vivaldicap.com.html
malicious
http://fontawesome.io
unknown
clean
http://fontawesome.io/license/
unknown
clean
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
unknown
clean
http://www.nytimes.com/
unknown
clean
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
unknown
clean
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
unknown
clean
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
unknown
clean
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
unknown
clean
http://www.youtube.com/
unknown
clean
https://code.jquery.com/jquery-3.1.1.min.js
unknown
clean
http://getbootstrap.com)
unknown
clean
https://login.microsoftonline.com/jsdisabled
unknown
clean
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
clean
https://code.jquery.com/jquery-3.3.1.slim.min.js
unknown
clean
http://www.wikipedia.com/
unknown
clean
http://www.amazon.com/
unknown
clean
http://www.live.com/
unknown
clean
http://opensource.org/licenses/MIT).
unknown
clean
http://www.reddit.com/
unknown
clean
http://www.twitter.com/
unknown
clean
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
unknown
clean
http://fontawesome.io/license
unknown
clean
There are 13 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cdnjs.cloudflare.com
104.16.18.94
clean
stackpath.bootstrapcdn.com
unknown
clean
code.jquery.com
unknown
clean
maxcdn.bootstrapcdn.com
unknown
clean

IPs

IP
Domain
Country
Active
Malicious
104.16.18.94
unknown
United States
unknown
clean

Registry

Path
Value
Malicious
C:\Program Files\internet explorer\iexplore.exe
{F5371553-758E-11EB-90E4-ECF4BB862DED}
clean
C:\Program Files\internet explorer\iexplore.exe
AdminActive
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
clean
C:\Program Files\internet explorer\iexplore.exe
CVListPingLastYMD
clean
C:\Program Files\internet explorer\iexplore.exe
DecayDateQueue
clean
C:\Program Files\internet explorer\iexplore.exe
LastProcessed
clean
C:\Program Files\internet explorer\iexplore.exe
DecayDateQueue
clean
C:\Program Files\internet explorer\iexplore.exe
LastProcessed