IOCReport

loading gif

Files

File Path
Type
Category
Malicious
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.pt
URL
initial url
 malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CA75C6AA-9848-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA75C6AC-9848-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA75C6AD-9848-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\585b051251[1].js
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\free-fa-regular-400[1].eot
Embedded OpenType (EOT), Font Awesome 5 Free Regular family
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\popper.min[1].js
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\css[1].css
ASCII text
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\free-v4-shims.min[1].css
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\free.min[1].css
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery.min[1].js
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\novobanco[1].png
PNG image data, 128 x 25, 8-bit/color RGBA, non-interlaced
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\0D32LFUH.xml
XML 1.0 document, ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bootstrap.min[1].js
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\free-fa-solid-900[1].eot
Embedded OpenType (EOT), Font Awesome 5 Free Solid family
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery.session.min[1].js
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bootstrap.min[1].js
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery-3.1.1.min[1].js
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery-3.2.1.slim.min[1].js
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Temp\~DF17F6BCCB5E0E2F7E.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DFABF45A6CBA8A246E.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DFDAB3B5E6E07A4087.TMP
data
dropped
 clean
There are 13 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\internet explorer\iexplore.exe
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:64 CREDAT:17410 /prefetch:2
 clean

URLs

Name
IP
Malicious
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#
malicious
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.pt
malicious
https://ka-f.fontawesome.com
unknown
 clean
https://code.jquery.com/jquery-3.2.1.slim.min.js
unknown
 clean
https://www.jsdelivr.com/using-sri-with-dynamic-files
unknown
 clean
https://code.jquery.com/jquery-3.1.1.min.js
unknown
 clean
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%2
unknown
 clean
http://s3.amazonaws.com/doc/2006-03-01/
unknown
 clean
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
unknown
 clean
https://getbootstrap.com/)
unknown
 clean
https://fontawesome.comhttps://fontawesome.comFont
unknown
 clean
https://code.jquery.com/jquery-3.3.1.js
unknown
 clean
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
unknown
 clean
https://fontawesome.com/license/free
unknown
 clean
https://fontawesome.com
unknown
 clean
https://kit.fontawesome.com
unknown
 clean
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
 clean
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
unknown
 clean
https://getbootstrap.com)
unknown
 clean
http://getbootstrap.com)
unknown
 clean
https://cdn.jsdelivr.net/npm/jquery.session
unknown
 clean
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
 clean
http://opensource.org/licenses/MIT).
unknown
 clean
https://kit.fontawesome.com/585b051251.js
unknown
 clean
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
unknown
 clean
There are 15 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
stackpath.bootstrapcdn.com
104.18.10.207
 clean
d26p066pn2w0s0.cloudfront.net
13.32.25.101
 clean
cdnjs.cloudflare.com
104.16.18.94
 clean
maxcdn.bootstrapcdn.com
104.18.10.207
 clean
s3.eu-de.cloud-object-storage.appdomain.cloud
158.177.118.97
 clean
ka-f.fontawesome.com
unknown
 clean
code.jquery.com
unknown
 clean
cdn.jsdelivr.net
unknown
 clean
pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud
unknown
 clean
kit.fontawesome.com
unknown
 clean
logo.clearbit.com
unknown
 clean
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.18.10.207
stackpath.bootstrapcdn.com
United States
clean
13.32.25.101
d26p066pn2w0s0.cloudfront.net
United States
clean
104.16.18.94
cdnjs.cloudflare.com
United States
clean
158.177.118.97
s3.eu-de.cloud-object-storage.appdomain.cloud
United States
clean

Registry

Path
Value
Malicious
C:\Program Files\internet explorer\iexplore.exe
{CA75C6AA-9848-11EB-90EB-ECF4BBEA1588}
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
DecayDateQueue
 clean
C:\Program Files\internet explorer\iexplore.exe
LastProcessed
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
@C:\Windows\System32\ieframe.dll,-912
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
@C:\Windows\System32\ieframe.dll,-904
 clean
There are 13 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
23AB0E55000
unkown
page read and write
 clean
23AB0E67000
unkown
page read and write
 clean
18F77200000
unkown
page read and write
 clean
23AB0E29000
unkown
page read and write
 clean
1D99EF08000
unkown
page read and write
 clean
7FF520E57000
unkown
page readonly
 clean
7FF55D98F000
unkown
page readonly
 clean
7FF520FA1000
unkown
page readonly
 clean
7FF55D1C7000
unkown
page readonly
 clean
7FF57A24D000
unkown
page readonly
 clean
7FF57A22E000
unkown
page readonly
 clean
6E395FA000
unkown
page read and write
 clean
7FF521272000
unkown
page readonly
 clean
23AB0E67000
unkown
page read and write
 clean
18F7726F000
unkown
page read and write
 clean
7FF521083000
unkown
page readonly
 clean
7FF579E9A000
unkown
page readonly
 clean
7FF57A170000
unkown
page readonly
 clean
18F7726D000
unkown
page read and write
 clean
7FF55D9CE000
unkown
page readonly
 clean
18F77100000
heap private
page read and write
 clean
477BA7B000
unkown
page read and write
 clean
7FF55D95A000
unkown
page readonly
 clean
23AB0F13000
unkown
page read and write
 clean
F0E2BBF000
unkown
page read and write
 clean
7FF5209DD000
unkown
page readonly
 clean
7FF520F3B000
unkown
page readonly
 clean
23AB0E67000
unkown
page read and write
 clean
18F77170000
unkown
page write copy
 clean
7FF579EA7000
unkown
page readonly
 clean
23AB0F00000
unkown
page read and write
 clean
7FF55D526000
unkown
page readonly
 clean
6E3957F000
unkown
page read and write
 clean
6E390BB000
unkown
page read and write
 clean
F0E2ABB000
unkown
page read and write
 clean
18F7726F000
unkown
page read and write
 clean
7FF55D6E0000
unkown
page readonly
 clean
7FF52117A000
unkown
page readonly
 clean
7FF521197000
unkown
page readonly
 clean
1D99EE4A000
unkown
page read and write
 clean
7FF55D9BF000
unkown
page readonly
 clean
1D99EF13000
unkown
page read and write
 clean
23AB0E68000
unkown
page read and write
 clean
7FF57A1CE000
unkown
page readonly
 clean
23AB28C0000
unkown
page readonly
 clean
F0E2FFE000
unkown
page read and write
 clean
7FF57A0D3000
unkown
page readonly
 clean
23AB0E6A000
unkown
page read and write
 clean
7FF520FD9000
unkown
page readonly
 clean
23AB0E00000
unkown
page read and write
 clean
7FF57A208000
unkown
page readonly
 clean
7FF579FF1000
unkown
page readonly
 clean
23AB0E6C000
unkown
page read and write
 clean
F0E2F7E000
unkown
page read and write
 clean
7FF5211EE000
unkown
page readonly
 clean
18F7723F000
unkown
page read and write
 clean
1D99EE66000
unkown
page read and write
 clean
18F7726E000
unkown
page read and write
 clean
477BC75000
unkown
page read and write
 clean
F0E2E7A000
unkown
page read and write
 clean
7FF521120000
unkown
page readonly
 clean
6E3913E000
unkown
page read and write
 clean
1D99EDA0000
unkown
page read and write
 clean
7FF5211DE000
unkown
page readonly
 clean
1D99EE50000
unkown
page read and write
 clean
18F77268000
unkown
page read and write
 clean
7FF521061000
unkown
page readonly
 clean
7FF55D7B1000
unkown
page readonly
 clean
7FF57A1CA000
unkown
page readonly
 clean
18F771C0000
unkown
page readonly
 clean
7FF55D8CC000
unkown
page readonly
 clean
7FF55D977000
unkown
page readonly
 clean
7FF55D960000
unkown
page readonly
 clean
7FF520F46000
unkown
page readonly
 clean
23AB0E66000
unkown
page read and write
 clean
7FF5211FD000
unkown
page readonly
 clean
7FF57A2B4000
unkown
page readonly
 clean
7FF55D94C000
unkown
page readonly
 clean
7FF520E3C000
unkown
page readonly
 clean
1D99EE70000
unkown
page read and write
 clean
7FF57A193000
unkown
page readonly
 clean
7FF55D8B3000
unkown
page readonly
 clean
7FF57A0CB000
unkown
page readonly
 clean
6E391BF000
unkown
page read and write
 clean
F0E2EF9000
unkown
page read and write
 clean
477BD7B000
unkown
page read and write
 clean
1D99F800000
unkown
page readonly
 clean
6E3947A000
unkown
page read and write
 clean
7FF5211F9000
unkown
page readonly
 clean
7FF57A2BA000
unkown
page readonly
 clean
23AB0E6C000
unkown
page read and write
 clean
7FF57A1D5000
unkown
page readonly
 clean
7FF55D803000
unkown
page readonly
 clean
23AB0E02000
unkown
page read and write
 clean
23AB0E6A000
unkown
page read and write
 clean
1D99EF00000
unkown
page read and write
 clean
7FF52126A000
unkown
page readonly
 clean
23AB0E3F000
unkown
page read and write
 clean
18F774D0000
unkown
page readonly
 clean
23AB0E6A000
unkown
page read and write
 clean
7FF57A1D0000
unkown
page readonly
 clean
18F7726E000
unkown
page read and write
 clean
7FF55D6D7000
unkown
page readonly
 clean
1D99EE29000
unkown
page read and write
 clean
7FF55D535000
unkown
page readonly
 clean
23AB0E6A000
unkown
page read and write
 clean
18F77300000
unkown
page read and write
 clean
7FF57A1FC000
unkown
page readonly
 clean
7FF55D9D6000
unkown
page readonly
 clean
7FF579F8B000
unkown
page readonly
 clean
18F77229000
unkown
page read and write
 clean
18F77400000
unkown
page readonly
 clean
18F77255000
unkown
page read and write
 clean
7FF55D841000
unkown
page readonly
 clean
7FF521143000
unkown
page readonly
 clean
7FF52117E000
unkown
page readonly
 clean
7FF55DA52000
unkown
page readonly
 clean
18F77268000
unkown
page read and write
 clean
477BB7E000
unkown
page read and write
 clean
18F7726D000
unkown
page read and write
 clean
1D99EE00000
unkown
page read and write
 clean
7FF5211F6000
unkown
page readonly
 clean
1D99EE7B000
unkown
page read and write
 clean
18F77313000
unkown
page read and write
 clean
23AB0E6C000
unkown
page read and write
 clean
1D99EE02000
unkown
page read and write
 clean
7FF55D85E000
unkown
page readonly
 clean
18F78C70000
unkown
page read and write
 clean
1D99ECA0000
heap default
page read and write
 clean
477BF7E000
unkown
page read and write
 clean
6E394FA000
unkown
page read and write
 clean
7FF55D94A000
unkown
page readonly
 clean
7FF57A0B1000
unkown
page readonly
 clean
23AB0E69000
unkown
page read and write
 clean
7FF57A246000
unkown
page readonly
 clean
7FF52107B000
unkown
page readonly
 clean
7FF55D96B000
unkown
page readonly
 clean
23AB0E6C000
unkown
page read and write
 clean
7FF579A2D000
unkown
page readonly
 clean
7FF55D9C8000
unkown
page readonly
 clean
7FF520E4A000
unkown
page readonly
 clean
23AB0CD0000
heap default
page read and write
 clean
1D99EE4E000
unkown
page read and write
 clean
23AB0F02000
unkown
page read and write
 clean
7FF521088000
unkown
page readonly
 clean
7FF579FF5000
unkown
page readonly
 clean
7FF55D98C000
unkown
page readonly
 clean
7FF55D9A4000
unkown
page readonly
 clean
7FF5211B8000
unkown
page readonly
 clean
7FF55D8AD000
unkown
page readonly
 clean
7FF57A029000
unkown
page readonly
 clean
7FF55D8C4000
unkown
page readonly
 clean
7FF55D9AA000
unkown
page readonly
 clean
18F7726D000
unkown
page read and write
 clean
1D99EE8C000
unkown
page read and write
 clean
7FF55DA51000
unkown
page readonly
 clean
7FF57A214000
unkown
page readonly
 clean
18F7726D000
unkown
page read and write
 clean
23AB0E66000
unkown
page read and write
 clean
1D99EE13000
unkown
page read and write
 clean
23AB0E13000
unkown
page read and write
 clean
1D99EE66000
unkown
page read and write
 clean
477BAFE000
unkown
page read and write
 clean
1D99EE3C000
unkown
page read and write
 clean
23AB0E6C000
unkown
page read and write
 clean
23AB1000000
unkown
page readonly
 clean
23AB0E6E000
unkown
page read and write
 clean
23AB0E68000
unkown
page read and write
 clean
23AB0E69000
unkown
page read and write
 clean
23AB0E6A000
unkown
page read and write
 clean
1D99ECB0000
unkown
page readonly
 clean
23AB0E69000
unkown
page read and write
 clean
23AB0E68000
unkown
page read and write
 clean
7FF57A2C2000
unkown
page readonly
 clean
7FF57A0D8000
unkown
page readonly
 clean
7FF5211AC000
unkown
page readonly
 clean
7FF579E8C000
unkown
page readonly
 clean
7FF5211C4000
unkown
page readonly
 clean
7FF521180000
unkown
page readonly
 clean
F0E2B3F000
unkown
page read and write
 clean
18F77202000
unkown
page read and write
 clean
1D99EE8F000
unkown
page read and write
 clean
7FF55D997000
unkown
page readonly
 clean
7FF57A224000
unkown
page readonly
 clean
1D99F602000
unkown
page read and write
 clean
1D99EE55000
unkown
page read and write
 clean
7FF521271000
unkown
page readonly
 clean
7FF57A21A000
unkown
page readonly
 clean
7FF5211F1000
unkown
page readonly
 clean
23AB0E6C000
unkown
page read and write
 clean
18F77234000
unkown
page read and write
 clean
1D99F000000
unkown
page readonly
 clean
7FF57A249000
unkown
page readonly
 clean
7FF52118B000
unkown
page readonly
 clean
7FF57A23E000
unkown
page readonly
 clean
23AB0E69000
unkown
page read and write
 clean
7FF57A1FF000
unkown
page readonly
 clean
7FF5211AF000
unkown
page readonly
 clean
7FF521264000
unkown
page readonly
 clean
7FF520FA5000
unkown
page readonly
 clean
7FF579F96000
unkown
page readonly
 clean
1D99F460000
unkown
page readonly
 clean
7FF521185000
unkown
page readonly
 clean
1D99ED90000
unkown
page readonly
 clean
23AB0CE0000
unkown
page readonly
 clean
7FF55D965000
unkown
page readonly
 clean
7FF57A2C1000
unkown
page readonly
 clean
23AB0E6C000
unkown
page read and write
 clean
23AB0C70000
heap private
page read and write
 clean
7FF5211D4000
unkown
page readonly
 clean
7FF55D9B4000
unkown
page readonly
 clean
7FF521122000
unkown
page readonly
 clean
18F77268000
unkown
page read and write
 clean
477BE77000
unkown
page read and write
 clean
1D99ED80000
unkown
page readonly
 clean
23AB0E6C000
unkown
page read and write
 clean
7FF520E4F000
unkown
page readonly
 clean
18F7726F000
unkown
page read and write
 clean
7FF57A238000
unkown
page readonly
 clean
18F77302000
unkown
page read and write
 clean
7FF55D85B000
unkown
page readonly
 clean
23AB0E69000
unkown
page read and write
 clean
7FF57A172000
unkown
page readonly
 clean
477C07F000
unkown
page read and write
 clean
7FF55D9D9000
unkown
page readonly
 clean
18F78D70000
unkown
page readonly
 clean
1D99EC40000
heap private
page read and write
 clean
7FF57A1E7000
unkown
page readonly
 clean
7FF57A1DB000
unkown
page readonly
 clean
1D99EF02000
unkown
page read and write
 clean
7FF55D9DD000
unkown
page readonly
 clean
18F7726D000
unkown
page read and write
 clean
23AB27C0000
unkown
page read and write
 clean
7FF5211E8000
unkown
page readonly
 clean
7FF57A241000
unkown
page readonly
 clean
18F77213000
unkown
page read and write
 clean
7FF55D95E000
unkown
page readonly
 clean
7FF55D520000
unkown
page readonly
 clean
23AB0E69000
unkown
page read and write
 clean
23AB0DB0000
unkown
page write copy
 clean
7FF55DA4A000
unkown
page readonly
 clean
23AB1200000
unkown
page readonly
 clean
7FF579E9F000
unkown
page readonly
 clean
7FF55DA44000
unkown
page readonly
 clean
18F77160000
heap default
page read and write
 clean
7FF5211CA000
unkown
page readonly
 clean
There are 236 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.pt
 malicious
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#
 malicious