Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

https://ccaeperu.com/?real-estate-agent2938423

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\3GXKZCM3.htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\G1MK1W1S.htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\HTQSVEM0.htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RqQo1U5NOq1[1].htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Z4A97TMF.htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\r[1].htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RUFPPAMX.htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6LTWT96P.htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\A5FVZRWT.htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\B0LQ5SBH.htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\O7nelmd9XSI[1].htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\9HQ2AZB5.htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\VBLSBCBU.htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\m.facebook[1].xml

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6767ACED-9935-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6767ACEF-9935-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6767ACF0-9935-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\GonuXiY4BzC[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\MNiY97WzXPw[1].js

C source, ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\SWQSh8s8jr2[1].css

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\VEs5hzVWt5B[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\gB76kJXPYJV[1].png

PNG image data, 196 x 196, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sO8pFbm5AdZ[1].png

PNG image data, 124 x 279, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\22KpFFJQuZn[1].css

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2b4ptAQoeCF[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BwjU4B_qfpp[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\IxxDAbiZepi[1].css

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\JopZtdti8dq[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\NOmsNpPjqKN[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\QrKwBeCiZyv[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RpTFjVvO4D0[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\TAH3WlPZB8H[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\h3jijAStzKK[1].css

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\n4bGLjGRWrl[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\vjVEyrdqGK6[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\1487645_6012475414660_1439393861_n[1].png

PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6jPqzzsJS-8[1].png

PNG image data, 25 x 50, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\B9RXHZ5I.htm

HTML document, UTF-8 Unicode text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\TRX669RO.htm

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Z2s1olWKEnZ[1].css

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ahNSxu_HONL[1].css

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].htm

HTML document, UTF-8 Unicode (with BOM) text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\fzkbB_w4sxK[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\kPkP7qOaPwj[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\qMrE4RFJBoQ[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\vdzjXL4eT5D[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\4MFjarAmouj[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Af0wuS8syLV[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\U3QfFrS_cgV[1].css

assembler source, ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\W5StuHxENhR[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\c2cKQyepvf-[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dF5SId3UHWd[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\hsts-pixel[1].gif

GIF image data, version 89a, 1 x 1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\mnwJrbabqoh[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\rBNJvj38u9T[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\toipMWCRTEo[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Temp\~DF0C626AC06D5E2361.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF77662EBE27437295.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFA111B94D5E8C7290.TMP

data

dropped

There are 52 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	4828
Target ID:	1
Parent PID:	800
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	15:13:41
Date:	09/04/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff765300000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4828 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	1576
Target ID:	2
Parent PID:	4828
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4828 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	15:13:42
Date:	09/04/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x2d0000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://ccaeperu.com/?real-estate-agent2938423

unknown

https://ccaeperu.com/?real-estate-agent2938423//-estate-agent2938423Root

unknown

https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s

unknown

https://ccaeperu.com/?real-estate-agent2938423om/-estate-agent2938423Root

unknown

https://ccaeperu.com/?real-estate-agent2938423cmd=9tyym8t91xbt8b81mt81smbbm1s.

unknown

https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny

unknown

https://ccaeperu.com/?real-estate-agent2938423cmd=bnvtbtxmsbx1vy11snsm8nx8smbb

unknown

https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv

unknown

https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1

unknown

https://ccaeperu.com/?real-estate-agent2938423cmd=m9xvsybnvn1sv.bsnmnsyx119yb8

unknown

https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t

https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1

https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms

https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8

https://ccaeperu.com/?real-estate-agent2938423cmd=vt9n.n11981t1t8b1t1xm1msm.s9

unknown

https://ccaeperu.com/?real-estate-agent2938423cmd=stmn8bymn1v1.18svn81tv1ymtxt

unknown

https://ccaeperu.com/?real-estate-agent2938423~

unknown

https://ccaeperu.com/?real-estate-agent2938423Root

unknown

https://ccaeperu.com/?real-estate-agent2938423cmd=svnv9tsbx9tbsttsnxbtbnt.mynx

unknown

https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b

https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8

unknown

https://ccaeperu.com/?real-estate-agent2938423cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n

unknown

https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny

https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8

https://ccaeperu.com/?real-estate-agent2938423cmd=xbsmyynyy.8y18y8tvmsstm1ntys

unknown

https://ccaeperu.com/?real-estate-agent2938423cmd=snstmsbsvtx.s1.smysttx.sv11m

unknown

https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms

unknown

https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b

unknown

https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8

unknown

https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv

https://ccaeperu.com/?real-estate-agent2938423

https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/yR/r/kPkP7qOaPwj.js?_nc_x=Ij3Wp8lg5Kz

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0

unknown

https://ccaeperu.com/?

unknown

https://www.fb.com/rsrc.php/yl/r/H3nktOa7ZMg.ico

unknown

https://www.internalfb.com/intern/invariant/

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/yj/l/0

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/y5/l/0

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/fzkbB_w4sxK.js?_nc_x=Ij3Wp8lg5Kz

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/y6/l/0

unknown

https://fb.com/

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/qMrE4RFJBoQ.js?_nc_x=Ij3Wp8lg5Kz

unknown

https://developers.fb.com/?ref=pf

unknown

https://static.xx.fbcdn.net/rsrc.php/v3iK-b4/yR/l/en_US/W5StuHxENhR.js?_nc_x=Ij3Wp8lg5Kz

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0

unknown

https://www.facebook.creal-estate-agent2938423~

unknown

https://ccaeperu.com/r

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/yb/l/0

unknown

https://www.facebook.c

unknown

https://m.facebook.com/

https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/vdzjXL4eT5D.js?_nc_x=Ij3Wp8lg5Kz

unknown

There are 44 hidden URLs, click here to show them.

Domains

Name

Malicious

star-mini.c10r.facebook.com

157.240.17.35

fbsbx.com

157.240.17.35

scontent.xx.fbcdn.net

157.240.219.13

fb.com

157.240.17.35

facebook.com

157.240.17.35

fbcdn.net

157.240.17.35

ccaeperu.com

68.66.226.79

www.fb.com

unknown

www.facebook.com

unknown

m.facebook.com

unknown

static.xx.fbcdn.net

unknown

There are 1 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

157.240.17.15

unknown

United States

Details

IP:	157.240.17.15
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	32934
ASN name:	FACEBOOKUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

68.66.226.79

ccaeperu.com

United States

Details

IP:	68.66.226.79
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	55293
ASN name:	A2HOSTINGUS
Private:	false
Domain:	ccaeperu.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

157.240.219.13

scontent.xx.fbcdn.net

United States

Details

IP:	157.240.219.13
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	32934
ASN name:	FACEBOOKUS
Private:	false
Domain:	scontent.xx.fbcdn.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

157.240.17.35

star-mini.c10r.facebook.com

United States

Details

IP:	157.240.17.35
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	32934
ASN name:	FACEBOOKUS
Private:	false
Domain:	star-mini.c10r.facebook.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{6767ACED-9935-11EB-90EB-ECF4BBEA1588}

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

CVListPingLastYMD

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NumberOfSubdomains

There are 35 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

21AA5502000

unkown

page read and write

7FF52FA4C000

unkown

page readonly

7FF52F9EF000

unkown

page readonly

1F8E1140000

unkown

page write copy

7FF52FA96000

unkown

page readonly

7FF52F845000

unkown

page readonly

7FF50987A000

unkown

page readonly

7FF52F27D000

unkown

page readonly

768BBF000

unkown

page read and write

21AA32F0000

unkown

page readonly

21AA4EF0000

unkown

page readonly

7FF509C94000

unkown

page readonly

2FFB37A000

unkown

page read and write

7FF52FA8E000

unkown

page readonly

7FF509411000

unkown

page readonly

7FF52FA7E000

unkown

page readonly

7FF50940D000

unkown

page readonly

1F8E1130000

heap default

page read and write

21AA52C0000

unkown

page readonly

7FF52F879000

unkown

page readonly

7FF509C26000

unkown

page readonly

7FF52F6EF000

unkown

page readonly

7FF509AB3000

unkown

page readonly

7FF52FB0A000

unkown

page readonly

7FF509B52000

unkown

page readonly

7FF50996B000

unkown

page readonly

21AA34DA000

unkown

page read and write

7FF52F861000

unkown

page readonly

7FF509BFA000

unkown

page readonly

7FF509BAE000

unkown

page readonly

7FF52FB04000

unkown

page readonly

1F8E1200000

unkown

page read and write

76907D000

unkown

page read and write

768EFF000

unkown

page read and write

21AA5250000

heap private

page read and write

21AA34B6000

unkown

page read and write

21AA3440000

unkown

page read and write

21AA3429000

unkown

page read and write

7FF52FB12000

unkown

page readonly

7FF509AB8000

unkown

page readonly

21AA34A3000

unkown

page read and write

21AA52E0000

unkown

page readonly

7FF52F9C0000

unkown

page readonly

21AA34FA000

unkown

page read and write

7FF509887000

unkown

page readonly

2FFB27A000

unkown

page read and write

7FF52F841000

unkown

page readonly

7FF52F6F7000

unkown

page readonly

7FF52F923000

unkown

page readonly

7FF509B50000

unkown

page readonly

7FF509A91000

unkown

page readonly

7FF52FA1A000

unkown

page readonly

7FF52F9C2000

unkown

page readonly

2FFB1FA000

unkown

page read and write

21AA5500000

unkown

page read and write

21AA34BE000

unkown

page read and write

21AA3600000

unkown

page write copy

7FF52F854000

unkown

page readonly

1F8E2D70000

unkown

page readonly

1F8E1229000

unkown

page read and write

7FF509AAB000

unkown

page readonly

21AA52B0000

unkown

page read and write

768FFF000

unkown

page read and write

7FF52F871000

unkown

page readonly

7FF509BB0000

unkown

page readonly

7FF52FA0A000

unkown

page readonly

7FF52FA1E000

unkown

page readonly

1F8E1400000

unkown

page readonly

7FF52F96D000

unkown

page readonly

7FF509976000

unkown

page readonly

7FF52FA25000

unkown

page readonly

7FF509C0E000

unkown

page readonly

768E7A000

unkown

page read and write

7FF509BBB000

unkown

page readonly

7FF52F6EA000

unkown

page readonly

7FF52F856000

unkown

page readonly

21AA5549000

unkown

page read and write

21AA5600000

unkown

page readonly

1F8E1190000

unkown

page readonly

7FF509BB5000

unkown

page readonly

21AA3481000

unkown

page read and write

7FF52F966000

unkown

page readonly

7FF52FA37000

unkown

page readonly

2FFB4FD000

unkown

page read and write

7FF52F9EB000

unkown

page readonly

21AA52B0000

unkown

page read and write

21AA5518000

unkown

page read and write

1F8E1302000

unkown

page read and write

1F8E1202000

unkown

page read and write

21AA3400000

unkown

page read and write

21AA3413000

unkown

page read and write

2FFB57E000

unkown

page read and write

7FF52FA74000

unkown

page readonly

7FF509C21000

unkown

page readonly

2FFB2FF000

unkown

page read and write

7FF509C29000

unkown

page readonly

7FF52FA88000

unkown

page readonly

7FF52F9B2000

unkown

page readonly

7FF509BF4000

unkown

page readonly

7FF52F9FF000

unkown

page readonly

7FF52F6DC000

unkown

page readonly

21AA5402000

unkown

page read and write

21AA52B0000

unkown

page read and write

1F8E1240000

unkown

page read and write

7FF52F901000

unkown

page readonly

7FF5099D1000

unkown

page readonly

2FFB0FE000

unkown

page read and write

7FF52FA57000

unkown

page readonly

7FF509BDF000

unkown

page readonly

21AA3502000

unkown

page read and write

7FF52F582000

unkown

page readonly

7FF52F928000

unkown

page readonly

7FF52FA4F000

unkown

page readonly

7FF52FA64000

unkown

page readonly

7FF52F7F8000

unkown

page readonly

7FF509BDC000

unkown

page readonly

7FF509C04000

unkown

page readonly

2FFB3F9000

unkown

page read and write

1F8E2C70000

unkown

page read and write

7FF509BC7000

unkown

page readonly

21AA3454000

unkown

page read and write

7FF509C9A000

unkown

page readonly

7FF509C1E000

unkown

page readonly

21AA5230000

unkown

page read and write

7FF52F7E6000

unkown

page readonly

7FF50987F000

unkown

page readonly

7FF52F91B000

unkown

page readonly

7FF52FA20000

unkown

page readonly

21AA34EE000

unkown

page read and write

21AA5240000

unkown

page readonly

7FF509BAA000

unkown

page readonly

7FF52FA91000

unkown

page readonly

21AA6010000

unkown

page read and write

768B3B000

unkown

page read and write

7FF50986C000

unkown

page readonly

7FF52FA2B000

unkown

page readonly

7FF52F7FF000

unkown

page readonly

7FF52F5F9000

unkown

page readonly

7FF52FA6A000

unkown

page readonly

21AA52B0000

unkown

page read and write

21AA4DF0000

unkown

page read and write

21AA3513000

unkown

page read and write

7FF509CA2000

unkown

page readonly

7FF509BE8000

unkown

page readonly

21AA3650000

unkown

page readonly

7FF52F9BC000

unkown

page readonly

1F8E1213000

unkown

page read and write

21AA34C3000

unkown

page read and write

1F8E1254000

unkown

page read and write

2FFB17E000

unkown

page read and write

21AA33C0000

unkown

page readonly

1F8E14D0000

unkown

page readonly

7FF52FA99000

unkown

page readonly

21AA3473000

unkown

page read and write

21AA52A0000

unkown

page readonly

21AA554A000

unkown

page read and write

2FFB47D000

unkown

page read and write

21AA3280000

heap private

page read and write

1F8E10D0000

heap private

page read and write

7FF52F9F4000

unkown

page readonly

7FF509A09000

unkown

page readonly

7FF509B73000

unkown

page readonly

7FF52FB11000

unkown

page readonly

2FFB07B000

unkown

page read and write

7FF52F281000

unkown

page readonly

768F7A000

unkown

page read and write

7FF509C2D000

unkown

page readonly

21AA32E0000

heap default

page read and write

7FF52F7DB000

unkown

page readonly

7FF5099D5000

unkown

page readonly

7FF52F321000

unkown

page readonly

21AA34F3000

unkown

page read and write

21AA3516000

unkown

page read and write

7FF509CA1000

unkown

page readonly

21AA554B000

unkown

page read and write

7FF52F9E3000

unkown

page readonly

7FF509C18000

unkown

page readonly

7FF52FA0C000

unkown

page readonly

There are 168 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://ccaeperu.com/?cmd=svnv9tsbx9tbsttsnxbtbnt.mynxy1vytby81nv1mb1v.b1ms9s

https://ccaeperu.com/r.php?locale=en_US

https://ccaeperu.com/?cmd=bnvtbtxmsbx1vy11snsm8nx8smbbmy8x8snns.8tm99yn88xtvv

https://ccaeperu.com/?real-estate-agent2938423

https://ccaeperu.com/?cmd=9tyym8t91xbt8b81mt81smbbm1s.9vtn8ytms1v9vvy8198118b

https://ccaeperu.com/?cmd=xbsmyynyy.8y18y8tvmsstm1ntysyxmx.ty.1xtxsm9bs8s88n8

https://ccaeperu.com/?cmd=m9xvsybnvn1sv.bsnmnsyx119yb8mx1yv88sst1s8sxsv11nt.t

https://ccaeperu.com/?cmd=vt9n.n11981t1t8b1t1xm1msm.s9tsxxssy9tstt1t8nsb.y1ms

https://ccaeperu.com/?cmd=t8ntyxt9mnn.9.t9t1ns9tnb11.n9tttbstxsmt91bmnsb8xts1

https://ccaeperu.com/?cmd=stmn8bymn1v1.18svn81tv1ymtxtxy1ymns8y1vt81b.9nty9s8

https://ccaeperu.com/?cmd=snstmsbsvtx.s1.smysttx.sv11m9ss9xbtb1mvmmytn9t1tyny

https://m.facebook.com/

There are 2 hidden doms, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML