Loading ...

Play interactive tourEdit tour

Analysis Report https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5

Overview

General Information

Sample URL:https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5
Analysis ID:432951
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Phishing site detected (based on shot template match)
Yara detected HtmlPhish10
Yara detected HtmlPhish7
Phishing site detected (based on logo template match)
Phishing site detected (based on various OCR indicators)
Found iframes
HTML body contains low number of good links
HTML title does not match URL

Classification

Process Tree

  • System is w10x64
  • iexplore.exe (PID: 6740 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6792 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6740 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[1].htmJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[1].htmJoeSecurity_HtmlPhish_7Yara detected HtmlPhish_7Joe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[2].htmJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[2].htmJoeSecurity_HtmlPhish_7Yara detected HtmlPhish_7Joe Security

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: https://jityerk.ml/000/SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

          Phishing:

          barindex
          Phishing site detected (based on shot template match)Show sources
          Source: https://jityerk.ml/000/Matcher: Template: outlook matched
          Yara detected HtmlPhish10Show sources
          Source: Yara matchFile source: 226533.0.links.csv, type: HTML
          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[1].htm, type: DROPPED
          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[2].htm, type: DROPPED
          Yara detected HtmlPhish7Show sources
          Source: Yara matchFile source: 226533.0.links.csv, type: HTML
          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[1].htm, type: DROPPED
          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[2].htm, type: DROPPED
          Phishing site detected (based on logo template match)Show sources
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5Matcher: Template: microsoft matched
          Phishing site detected (based on various OCR indicators)Show sources
          Source: ScreenshotsOCR Text: \G")'C9M O secure.campaigner.com - [I X - X|'earh...JO-Grtk@ u L <9 '=>https//secure.campaigner.com/CSB/Pub|ic/archive,aspx?ar! " a CSearch,,, FAX.0909X [I k - [I X JO- GjCUC1 Share this: f g in w ^ sgn m to use your favonte product vity JPPG from any devke 'aai uCjM'ce365jZ You Have Received (2) Pdf online Message ID "5467454678948-546" Reference: MLK355344343434-S5894 22/02/2021 This E-mail was sent from Scanner "RNP583879051AFA" CLICK HERE TO VIEW DOC(jMENT>>> V - [3 X C|Searh...JO-Grtk@ sgn m to use your favonte product vity JPPG from any devke 'aai Gaaike365 You Have Received (2) Pdf online Message ID "5467454678948-546" Reference: MLK355344343434-S5894 22/02/2021 This E-mail was sent from Scanner "RNP583879051AFA' Adobe PDF-Mlcromft Onllne 2021 : Microsoft Office PKxhKK V Rhocxc V Trmpben &ppce Mya<cmnt 0'=>e https//jityerk.ml/000/ e Share Point Onlinex [I C Search... d'- Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. k Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. X JO-GjCUC1
          Source: ScreenshotsOCR Text: d'- Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. k Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe.
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5HTTP Parser: Iframe src: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbaf636c8514a1%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff3336d48d974bce%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMjkwODU%253d%26acc%3DNzY2ODQ5&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5HTTP Parser: Iframe src: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbaf636c8514a1%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff3336d48d974bce%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMjkwODU%253d%26acc%3DNzY2ODQ5&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large
          Source: https://jityerk.ml/000/HTTP Parser: Number of links: 0
          Source: https://jityerk.ml/000/HTTP Parser: Number of links: 0
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5HTTP Parser: Number of links: 1
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5HTTP Parser: Number of links: 1
          Source: https://jityerk.ml/000/HTTP Parser: Title: Share Point Online does not match URL
          Source: https://jityerk.ml/000/HTTP Parser: Title: Share Point Online does not match URL
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5HTTP Parser: Title: FAX. 0909 does not match URL
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5HTTP Parser: Title: FAX. 0909 does not match URL
          Source: https://jityerk.ml/000/HTTP Parser: No <meta name="author".. found
          Source: https://jityerk.ml/000/HTTP Parser: No <meta name="author".. found
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5HTTP Parser: No <meta name="author".. found
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5HTTP Parser: No <meta name="author".. found
          Source: https://jityerk.ml/000/HTTP Parser: No <meta name="copyright".. found
          Source: https://jityerk.ml/000/HTTP Parser: No <meta name="copyright".. found
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5HTTP Parser: No <meta name="copyright".. found
          Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5HTTP Parser: No <meta name="copyright".. found
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
          Source: unknownHTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49754 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49753 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.4:49756 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.4:49757 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 198.54.115.106:443 -> 192.168.2.4:49771 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 198.54.115.106:443 -> 192.168.2.4:49772 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49776 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49777 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49781 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49782 version: TLS 1.2
          Source: socialsharinghelper[1].js.3.drString found in binary or memory: window.open("http://www.linkedin.com/shareArticle?mini=true&url=" + url + "&title=" + t, "LinkedIn", "width=700,height=500,title='Share this'"); equals www.linkedin.com (Linkedin)
          Source: socialsharinghelper[1].js.3.drString found in binary or memory: window.open("https://www.facebook.com/sharer/sharer.php?u=" + url, "facebook", "width=650,height=500,title='Share this'"); equals www.facebook.com (Facebook)
          Source: all[1].js0.3.drString found in binary or memory: } }).call(global);})(window.inDapIF ? parent.window : window, window);} catch (e) {var i = new Image();i.crossOrigin = 'anonymous';i.dataset.testid = 'fbSDKErrorReport';i.src='https://www.facebook.com/platform/scribe_endpoint.php/?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber||e.line)+'","script":"'+(e.fileName||e.sourceURL||e.script||"all.js")+'","stack":"'+(e.stackTrace||e.stack)+'","revision":"1003944383","namespace":"FB","message":"'+e.message+'"}}');document.body.appendChild(i);} equals www.facebook.com (Facebook)
          Source: all[1].js0.3.drString found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
          Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.drString found in binary or memory: #https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbaf636c8514a1%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff3336d48d974bce%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMjkwODU%253d%26acc%3DNzY2ODQ5&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large equals www.facebook.com (Facebook)
          Source: msapplication.xml0.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa1f570ce,0x01d75e4a</date><accdate>0xa1f570ce,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
          Source: msapplication.xml0.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa1f570ce,0x01d75e4a</date><accdate>0xa1f570ce,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
          Source: msapplication.xml5.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa1f570ce,0x01d75e4a</date><accdate>0xa1f570ce,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
          Source: msapplication.xml5.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa1f570ce,0x01d75e4a</date><accdate>0xa1f570ce,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
          Source: msapplication.xml7.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa1fc9783,0x01d75e4a</date><accdate>0xa1fc9783,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
          Source: msapplication.xml7.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa1fc9783,0x01d75e4a</date><accdate>0xa1fc9783,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
          Source: all[1].js0.3.drString found in binary or memory: __d("FBPixelEndpoint",["invariant","FBEventsParamList","FBEventsUtils"],(function(a,b,c,d,e,f,g){"use strict";f.sendEvent=a;var h="https://www.facebook.com/tr/",i=location.href,j=window.top!==window,k=document.referrer;function l(a,c,d,e){e===void 0&&(e={});var f=new(b("FBEventsParamList"))();f.append("id",a);f.append("ev",c);f.append("dl",i);f.append("rl",k);f.append("if",j);f.append("ts",new Date().valueOf());f.append("cd",d);f.append("sw",window.screen.width);f.append("sh",window.screen.height);for(var g in e)f.append(g,e[g]);return f}function a(a,b,c,d){a=l(a,b,c,d);b=a.toQueryString();2048>(h+"?"+b).length?m(h,b):n(h,a)}function m(a,b){var c=new Image();c.src=a+"?"+b}function n(a,c){var d="fb"+Math.random().toString().replace(".",""),e=document.createElement("form");e.method="post";e.action=a;e.target=d;e.acceptCharset="utf-8";e.style.display="none";a=!!(window.attachEvent&&!window.addEventListener);a=a?'<iframe name="'+d+'">':"iframe";var f=document.createElement(a);f instanceof HTMLIFrameElement||g(0,20659);f.src="javascript:false";f.id=d;f.name=d;e.appendChild(f);b("FBEventsUtils").listenOnce(f,"load",function(){c.each(function(a,b){var c=document.createElement("input");c.name=a;c.value=b;e.appendChild(c)}),b("FBEventsUtils").listenOnce(f,"load",function(){var a;(a=e.parentNode)==null?void 0:a.removeChild(e)}),e.submit()});(a=document.body)==null?void 0:a.appendChild(e)}}),null); equals www.facebook.com (Facebook)
          Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.drString found in binary or memory: res://ieframe.dll/forbidframing.htm#https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbaf636c8514a1%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff3336d48d974bce%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMjkwODU%253d%26acc%3DNzY2ODQ5&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large equals www.facebook.com (Facebook)
          Source: unknownDNS traffic detected: queries for: secure.campaigner.com
          Source: Telerik.Web.UI.WebResource[1].js.3.drString found in binary or memory: http://benalman.com/about/license/
          Source: Telerik.Web.UI.WebResource[1].js.3.drString found in binary or memory: http://benalman.com/projects/jquery-throttle-debounce-plugin/
          Source: font-awesome[1].eot.3.drString found in binary or memory: http://fontawesome.io
          Source: font-awesome[1].eot.3.drString found in binary or memory: http://fontawesome.io/license/
          Source: font-awesome[1].eot.3.drString found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
          Source: fonticons[1].css.3.drString found in binary or memory: http://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUfY6323mHUZFJMgTvxaG2iE.eot);
          Source: Telerik.Web.UI.WebResource[1].js.3.drString found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
          Source: hover[1].css.3.drString found in binary or memory: http://ianlunn.co.uk/
          Source: hover[1].css.3.drString found in binary or memory: http://ianlunn.github.io/Hover/)
          Source: popper.min[1].js.3.drString found in binary or memory: http://opensource.org/licenses/MIT).
          Source: msapplication.xml.2.drString found in binary or memory: http://www.amazon.com/
          Source: Telerik.Web.UI.WebResource[1].js.3.drString found in binary or memory: http://www.appcropolis.com)
          Source: Telerik.Web.UI.WebResource[1].js.3.drString found in binary or memory: http://www.gnu.org/licenses/gpl.html
          Source: msapplication.xml1.2.drString found in binary or memory: http://www.google.com/
          Source: socialsharinghelper[1].js.3.drString found in binary or memory: http://www.linkedin.com/shareArticle?mini=true&url=
          Source: msapplication.xml2.2.drString found in binary or memory: http://www.live.com/
          Source: msapplication.xml3.2.drString found in binary or memory: http://www.nytimes.com/
          Source: Telerik.Web.UI.WebResource[1].js.3.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
          Source: msapplication.xml4.2.drString found in binary or memory: http://www.reddit.com/
          Source: genericopenwindowfcts[1].js.3.drString found in binary or memory: http://www.telerik.com/help/aspnet-ajax/window-programming-setting-client-events-using-javascript.ht
          Source: msapplication.xml5.2.drString found in binary or memory: http://www.twitter.com/
          Source: msapplication.xml6.2.drString found in binary or memory: http://www.wikipedia.com/
          Source: msapplication.xml7.2.drString found in binary or memory: http://www.youtube.com/
          Source: 000[1].htm.3.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
          Source: 000[1].htm.3.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
          Source: 000[1].htm.3.drString found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
          Source: 000[1].htm.3.drString found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
          Source: 000[1].htm.3.drString found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
          Source: free.min[1].css.3.drString found in binary or memory: https://fontawesome.com
          Source: free.min[1].css.3.drString found in binary or memory: https://fontawesome.com/license/free
          Source: archive[1].htm.3.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:300
          Source: archive[1].htm.3.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
          Source: 000[1].htm.3.drString found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
          Source: fonticons[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff)
          Source: fonticons[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/5YB-ifwqHP20Yn46l_BDhA.eot);
          Source: fonticons[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/CWB0XYA8bzo0kSThX0UTuA.woff2)
          Source: fonticons[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw.woff)
          Source: fonticons[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUVtXRa8TVwTICgirnJhmVJw.woff2)
          Source: css[2].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
          Source: css[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
          Source: css[2].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
          Source: css[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
          Source: css[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
          Source: css[2].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
          Source: css[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
          Source: css[1].css0.3.drString found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff)
          Source: bootstrap.min[2].css.3.dr, bootstrap.min[1].js.3.drString found in binary or memory: https://getbootstrap.com)
          Source: hover[1].css.3.drString found in binary or memory: https://github.com/IanLunn/Hover
          Source: bootstrap.min[2].css.3.dr, bootstrap.min[1].js.3.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
          Source: bootstrap.min[1].js.3.drString found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
          Source: all[1].js0.3.drString found in binary or memory: https://itunes.apple.com/us/app/messenger/id454638411
          Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.drString found in binary or memory: https://jityerk.ml/000
          Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.drString found in binary or memory: https://jityerk.ml/000/
          Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.drString found in binary or memory: https://jityerk.ml/000/$Share
          Source: ~DFF2BC313809C8DF54.TMP.2.drString found in binary or memory: https://jityerk.ml/000/r.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5P
          Source: ~DFF2BC313809C8DF54.TMP.2.drString found in binary or memory: https://jityerk.ml/000/r.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5nes
          Source: 585b051251[1].js.3.drString found in binary or memory: https://ka-f.fontawesome.com
          Source: 585b051251[1].js.3.drString found in binary or memory: https://kit.fontawesome.com
          Source: 000[1].htm.3.drString found in binary or memory: https://kit.fontawesome.com/585b051251.js
          Source: 000[1].htm.3.drString found in binary or memory: https://login.microsoftonline.com/common/login
          Source: 000[1].htm.3.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
          Source: 000[1].htm.3.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=radScriptManager_T
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?d=PMrIT5dOWaVYIcpFWUE4nGT9ocicfa2Xof
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZItUc7uOXVQ_JJSF3nqWHTssVf86I
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/app_themes/lightning/combobox.campformcombo.css
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/app_themes/lightning/common/fonticons.css
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/fonts/brand-icons/brand-icons.min.css
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/fonts/font-awesome/font-awesome.min.css
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/vendor/waves/waves.min.css
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap-e
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap.m
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/campaigner.
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/scripts/custom/socialsharinghelper.js
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/scripts/genericopenwindowfcts.js
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/csb/scripts/thirdparty/jquery-latest.min.js
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/editorassets/1px.png
          Source: archive[1].htm.3.drString found in binary or memory: https://media.campaigner.com/media/76/766849/Screen
          Source: all[1].js0.3.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.facebook.orca
          Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.drString found in binary or memory: https://secure.campaig
          Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.dr, ~DFF2BC313809C8DF54.TMP.2.drString found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5
          Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.drString found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5Root
          Source: imagestore.dat.3.drString found in binary or memory: https://secure.campaigner.com/favicon.ico
          Source: imagestore.dat.3.drString found in binary or memory: https://secure.campaigner.com/favicon.ico~
          Source: socialsharinghelper[1].js.3.drString found in binary or memory: https://twitter.com/share?url=
          Source: all[1].js0.3.drString found in binary or memory: https://www.internalfb.com/intern/invariant/
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownHTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49754 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49753 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.4:49756 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.4:49757 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 198.54.115.106:443 -> 192.168.2.4:49771 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 198.54.115.106:443 -> 192.168.2.4:49772 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49776 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49777 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49781 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49782 version: TLS 1.2
          Source: classification engineClassification label: mal80.phis.win@3/75@11/7