Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[1].htm

HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[2].htm

HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\secure.campaigner[1].xml

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CE8904AD-CA3D-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4CFBD2D-CA3D-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\585b051251[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff

Web Open Font Format, TrueType, length 22080, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woff

Web Open Font Format, TrueType, length 22280, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOjCnqEu92Fr1Mu51TzBic6CsI[1].woff

Web Open Font Format, TrueType, length 21656, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff

Web Open Font Format, TrueType, length 20404, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff

Web Open Font Format, TrueType, length 20396, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw[1].woff

Web Open Font Format, TrueType, length 18576, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\WebResource[1].js

ASCII text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\adobe[1].jpg

JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, frames 3

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\archive[1].htm

HTML document, ASCII text, with very long lines, with CRLF, LF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\css[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fonticons[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\genericopenwindowfcts[1].js

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\office3651[1].png

PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\outlook1[1].png

PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\8[1].jpg

[TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, frames 3

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\all[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\background_gradient[1]

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap-extended.min[1].css

UTF-8 Unicode text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap.min[1].css

UTF-8 Unicode text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap.min[2].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\brand-icons.min[1].css

UTF-8 Unicode text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\campaigner.min[1].css

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\font-awesome.min[1].css

UTF-8 Unicode text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\forbidframing[1]

HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\httpErrorPagesScripts[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-3.1.1.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\waves.min[1].css

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\1px[1].png

PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\2UX7WLTfW3W8TclTUvlFyQ[1].woff

Web Open Font Format, TrueType, length 18520, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ErrorPageTemplate[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

Web Open Font Format, TrueType, length 20532, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOmCnqEu92Fr1Mu4mxM[1].woff

Web Open Font Format, TrueType, length 20332, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\combobox.campformcombo[1].css

ASCII text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\font-awesome[1].eot

Embedded OpenType (EOT), FontAwesome family

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\free-v4-shims.min[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery-3.2.1.slim.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery-latest.min[1].js

ASCII text, with very long lines, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\popper.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\red_x[1]

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Screen%20Shot%202021-06-09%20at%209.18.46%20PM[1].png

PNG image data, 700 x 739, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Telerik.Web.UI.WebResource[1].css

ASCII text, with very long lines, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Telerik.Web.UI.WebResource[1].js

UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\all[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bullet[1]

PNG image data, 15 x 15, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[1].css

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[2].css

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\errorPageStrings[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[1].ico

MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\free.min[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\gmail[1].png

PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\hover[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\other1[1].png

PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\socialsharinghelper[1].js

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Temp\~DF62E9192A01DCB66D.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFE457EFFB1E604CFA.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFF2BC313809C8DF54.TMP

data

dropped

There are 66 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	6740
Target ID:	2
Parent PID:	800
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	00:47:17
Date:	11/06/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7009f0000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6740 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	6792
Target ID:	3
Parent PID:	6740
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6740 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	00:47:18
Date:	11/06/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xc80000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://jityerk.ml/000/r.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5nes

unknown

https://jityerk.ml/000/

unknown

https://jityerk.ml/000/$Share

unknown

https://jityerk.ml/000/

https://jityerk.ml/000/r.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5P

unknown

https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap-e

unknown

https://twitter.com/share?url=

unknown

http://fontawesome.io

unknown

https://ka-f.fontawesome.com

unknown

https://code.jquery.com/jquery-3.2.1.slim.min.js

unknown

http://www.appcropolis.com)

unknown

http://www.amazon.com/

unknown

http://www.telerik.com/help/aspnet-ajax/window-programming-setting-client-events-using-javascript.ht

unknown

https://media.campaigner.com/editorassets/1px.png

unknown

http://www.twitter.com/

unknown

http://benalman.com/about/license/

unknown

https://fontawesome.com/license/free

unknown

https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/campaigner.

unknown

https://fontawesome.com

unknown

https://www.internalfb.com/intern/invariant/

unknown

http://www.opensource.org/licenses/mit-license.php

unknown

https://secure.campaigner.com/favicon.ico~

unknown

https://github.com/twbs/bootstrap/graphs/contributors)

unknown

https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=radScriptManager_T

unknown

https://media.campaigner.com/csb/content/ui-theme/global/fonts/brand-icons/brand-icons.min.css

unknown

https://secure.campaig

unknown

https://secure.campaigner.com/favicon.ico

unknown

https://media.campaigner.com/csb/scripts/genericopenwindowfcts.js

unknown

https://media.campaigner.com/csb/scripts/thirdparty/jquery-latest.min.js

unknown

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5Root

unknown

http://opensource.org/licenses/MIT).

unknown

https://kit.fontawesome.com/585b051251.js

unknown

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

unknown

https://media.campaigner.com/media/76/766849/Screen

unknown

http://www.reddit.com/

unknown

https://media.campaigner.com/csb/content/ui-theme/global/fonts/font-awesome/font-awesome.min.css

unknown

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5

http://ianlunn.github.io/Hover/)

unknown

http://www.nytimes.com/

unknown

http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens

unknown

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5

unknown

https://code.jquery.com/jquery-3.1.1.min.js

unknown

https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?d=PMrIT5dOWaVYIcpFWUE4nGT9ocicfa2Xof

unknown

http://www.linkedin.com/shareArticle?mini=true&url=

unknown

https://jityerk.ml/000

unknown

https://code.jquery.com/jquery-3.3.1.js

unknown

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

unknown

http://benalman.com/projects/jquery-throttle-debounce-plugin/

unknown

http://gsgd.co.uk/sandbox/jquery/easing/

unknown

http://fontawesome.io/license/

unknown

https://kit.fontawesome.com

unknown

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

unknown

https://login.microsoftonline.com/common/login

unknown

https://getbootstrap.com)

unknown

https://media.campaigner.com/csb/app_themes/lightning/common/fonticons.css

unknown

https://media.campaigner.com/csb/app_themes/lightning/combobox.campformcombo.css

unknown

https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap.m

unknown

http://www.youtube.com/

unknown

http://ianlunn.co.uk/

unknown

https://media.campaigner.com/csb/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZItUc7uOXVQ_JJSF3nqWHTssVf86I

unknown

https://github.com/twbs/bootstrap/blob/master/LICENSE)

unknown

http://www.gnu.org/licenses/gpl.html

unknown

http://www.wikipedia.com/

unknown

https://github.com/IanLunn/Hover

unknown

http://www.live.com/

unknown

https://media.campaigner.com/csb/content/ui-theme/global/vendor/waves/waves.min.css

unknown

https://media.campaigner.com/csb/scripts/custom/socialsharinghelper.js

unknown

There are 57 hidden URLs, click here to show them.

Domains

Name

Malicious

jityerk.ml

198.54.115.106

star-mini.c10r.facebook.com

31.13.92.36

scontent.xx.fbcdn.net

31.13.92.14

cdnjs.cloudflare.com

104.16.18.94

maxcdn.bootstrapcdn.com

104.18.11.207

secure.campaigner.com

216.24.224.42

www.facebook.com

unknown

media.campaigner.com

unknown

ka-f.fontawesome.com

unknown

code.jquery.com

unknown

kit.fontawesome.com

unknown

connect.facebook.net

unknown

There are 2 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

198.54.115.106

jityerk.ml

United States

Details

IP:	198.54.115.106
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	22612
ASN name:	NAMECHEAP-NETUS
Private:	false
Domain:	jityerk.ml

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

216.24.224.42

secure.campaigner.com

Canada

Details

IP:	216.24.224.42
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	Canada
Countrycode:	CAN
ASN number:	17358
ASN name:	ETOLL1CA
Private:	false
Domain:	secure.campaigner.com

192.168.2.1

unknown

31.13.92.14

scontent.xx.fbcdn.net

Ireland

Details

IP:	31.13.92.14
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	Ireland
Countrycode:	IRL
ASN number:	32934
ASN name:	FACEBOOKUS
Private:	false
Domain:	scontent.xx.fbcdn.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

31.13.92.36

star-mini.c10r.facebook.com

Ireland

Details

IP:	31.13.92.36
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	Ireland
Countrycode:	IRL
ASN number:	32934
ASN name:	FACEBOOKUS
Private:	false
Domain:	star-mini.c10r.facebook.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.18.11.207

maxcdn.bootstrapcdn.com

United States

Details

IP:	104.18.11.207
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	maxcdn.bootstrapcdn.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.16.18.94

cdnjs.cloudflare.com

United States

Details

IP:	104.16.18.94
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	cdnjs.cloudflare.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{CE8904AD-CA3D-11EB-90EB-ECF4BBEA1588}

C:\Program Files\internet explorer\iexplore.exe

MFV

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

MFV

C:\Program Files\internet explorer\iexplore.exe

CVListPingLastYMD

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NumberOfSubdomains

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

There are 19 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF57CFE8000

unkown

page readonly

1D60903C000

unkown

page read and write

7FF584D74000

unkown

page readonly

1A29EA6C000

unkown

page read and write

1D6092D0000

unkown

page readonly

7FF584E10000

unkown

page readonly

7FF57CF97000

unkown

page readonly

7FF505F68000

unkown

page readonly

1A29EA13000

unkown

page read and write

8F5527F000

unkown

page read and write

7FF5E700E000

unkown

page readonly

7FF505F7D000

unkown

page readonly

8F55077000

unkown

page read and write

7FF5E6B75000

unkown

page readonly

7FF57CFAF000

unkown

page readonly

1D60907D000

unkown

page read and write

7FF584D0B000

unkown

page readonly

1D60904B000

unkown

page read and write

7FF5E708A000

unkown

page readonly

7FF584CF1000

unkown

page readonly

7FF5E6FF4000

unkown

page readonly

7FF505E03000

unkown

page readonly

1A29EA3F000

unkown

page read and write

1A29EB00000

unkown

page read and write

7FF57CF85000

unkown

page readonly

7FF57CF6C000

unkown

page readonly

1D608FF0000

unkown

page readonly

29DE3F7000

unkown

page read and write

1D608FE0000

unkown

page readonly

7FF584D63000

unkown

page readonly

7FF505F4A000

unkown

page readonly

7FF505FF2000

unkown

page readonly

7316BFB000

unkown

page read and write

7FF584B90000

unkown

page readonly

21F57930000

heap default

page read and write

7FF5E6EF3000

unkown

page readonly

7FF5E6FFF000

unkown

page readonly

7FF57CF8B000

unkown

page readonly

7FF505BD7000

unkown

page readonly

7FF505D21000

unkown

page readonly

7FF505CC6000

unkown

page readonly

7FF584EF4000

unkown

page readonly

7FF505CBB000

unkown

page readonly

21F58740000

unkown

page readonly

7FF57CFDF000

unkown

page readonly

21F57B02000

unkown

page read and write

7FF584F01000

unkown

page readonly

7FF584E8D000

unkown

page readonly

1A29EA67000

unkown

page read and write

7FF57CFFD000

unkown

page readonly

7FF57CFC4000

unkown

page readonly

1D609102000

unkown

page read and write

7FF5E6FCC000

unkown

page readonly

29DE1FC000

unkown

page read and write

7FF505F71000

unkown

page readonly

1A29EA6C000

unkown

page read and write

370967E000

unkown

page read and write

7FF57CE7E000

unkown

page readonly

7FF584E5A000

unkown

page readonly

7FF5E6FA5000

unkown

page readonly

7FF5E6D17000

unkown

page readonly

7FF505EFE000

unkown

page readonly

7FF57CFAC000

unkown

page readonly

1A29ECD0000

unkown

page readonly

29DE0FE000

unkown

page read and write

1D609070000

unkown

page read and write

13272602000

unkown

page read and write

7FF584B87000

unkown

page readonly

37096FE000

unkown

page read and write

1A29EC00000

unkown

page readonly

1A29EA6C000

unkown

page read and write

7FF57C7E1000

unkown

page readonly

13272590000

unkown

page readonly

7FF505FE4000

unkown

page readonly

7FF5E7091000

unkown

page readonly

7FF584E3F000

unkown

page readonly

7FF5849D6000

unkown

page readonly

7FF5E6EED000

unkown

page readonly

7FF5E6F04000

unkown

page readonly

7FF57CEEC000

unkown

page readonly

1327267B000

unkown

page read and write

7FF5E6672000

unkown

page readonly

1D608FD0000

heap default

page read and write

21F58202000

unkown

page read and write

29DE4FF000

unkown

page read and write

1A29E930000

heap default

page read and write

7FF57D064000

unkown

page readonly

1A29EA6D000

unkown

page read and write

21F57B13000

unkown

page read and write

7FF57CE61000

unkown

page readonly

7FF584D5D000

unkown

page readonly

7FF505F2F000

unkown

page readonly

7FF584F02000

unkown

page readonly

13273000000

unkown

page readonly

132728D0000

unkown

page readonly

1A29EB13000

unkown

page read and write

1D609050000

unkown

page read and write

13272580000

unkown

page readonly

7FF5E6D20000

unkown

page readonly

7FF584E27000

unkown

page readonly

1A29EB02000

unkown

page read and write

8F54C7B000

unkown

page read and write

1A29E940000

unkown

page write copy

21F57A70000

unkown

page read and write

7FF5E7092000

unkown

page readonly

1D60908A000

unkown

page read and write

1D609802000

unkown

page read and write

1D609A00000

unkown

page readonly

7FF5E7008000

unkown

page readonly

7FF584E89000

unkown

page readonly

1D60904D000

unkown

page read and write

1D609100000

unkown

page read and write

7FF505F5E000

unkown

page readonly

7FF505F76000

unkown

page readonly

7FF5E6F9E000

unkown

page readonly

7FF584CB3000

unkown

page readonly

1A29EA00000

unkown

page read and write

1A2A0570000

unkown

page readonly

7FF5E6E81000

unkown

page readonly

7FF57CEE4000

unkown

page readonly

1D609730000

unkown

page read and write

8F5517F000

unkown

page read and write

7FF5E6F8C000

unkown

page readonly

7FF584E0A000

unkown

page readonly

7FF505F44000

unkown

page readonly

1A29EA02000

unkown

page read and write

7FF584DFC000

unkown

page readonly

7FF505F00000

unkown

page readonly

7FF57CED3000

unkown

page readonly

7FF505F2C000

unkown

page readonly

1A29EA6E000

unkown

page read and write

1D609D40000

unkown

page readonly

7FF584E54000

unkown

page readonly

13272702000

unkown

page read and write

37093DB000

unkown

page read and write

7FF5E6FB7000

unkown

page readonly

8F54F7B000

unkown

page read and write

7FF57CFF9000

unkown

page readonly

7FF57CB46000

unkown

page readonly

21F57A8C000

unkown

page read and write

7FF505FEA000

unkown

page readonly

1327263C000

unkown

page read and write

7FF5E6F0C000

unkown

page readonly

7FF5E6B66000

unkown

page readonly

7FF5E6FAB000

unkown

page readonly

7FF505EC3000

unkown

page readonly

7FF505E08000

unkown

page readonly

7FF57CF6A000

unkown

page readonly

1D60904F000

unkown

page read and write

7FF584E0E000

unkown

page readonly

7FF505EA0000

unkown

page readonly

7FF584C61000

unkown

page readonly

7FF584D7C000

unkown

page readonly

7FF505F38000

unkown

page readonly

7FF5E6DF1000

unkown

page readonly

21F57A53000

unkown

page read and write

7FF57CFF6000

unkown

page readonly

7FF57CDD1000

unkown

page readonly

7FF505DFB000

unkown

page readonly

7FF584E47000

unkown

page readonly

21F57950000

unkown

page readonly

7FF57CFCA000

unkown

page readonly

1A29EA29000

unkown

page read and write

7FF584DFA000

unkown

page readonly

7FF505BCF000

unkown

page readonly

7FF5E7016000

unkown

page readonly

13272800000

unkown

page readonly

7FF5849E5000

unkown

page readonly

3709C7F000

unkown

page read and write

29DE07E000

unkown

page read and write

21F58400000

unkown

page readonly

29DE5FC000

unkown

page read and write

1D609052000

unkown

page read and write

7FF584E3C000

unkown

page readonly

7FF57CB40000

unkown

page readonly

7FF5E6E9B000

unkown

page readonly

7FF57CFEE000

unkown

page readonly

21F57960000

unkown

page read and write

7FF5E7084000

unkown

page readonly

1D609200000

unkown

page readonly

132725A0000

unkown

page read and write

21F57CD0000

unkown

page readonly

1A29EA67000

unkown

page read and write

7FF505EA2000

unkown

page readonly

13272713000

unkown

page read and write

7FF584E6F000

unkown

page readonly

7316D79000

unkown

page read and write

7FF505F17000

unkown

page readonly

7FF505F54000

unkown

page readonly

1A29EA6D000

unkown

page read and write

1A29EA6E000

unkown

page read and write

1A29EA6C000

unkown

page read and write

1A29E990000

unkown

page readonly

21F57A13000

unkown

page read and write

7316A7B000

unkown

page read and write

7FF584E7E000

unkown

page readonly

7FF5844E2000

unkown

page readonly

3709A77000

unkown

page read and write

7FF5E6F8A000

unkown

page readonly

13272652000

unkown

page read and write

7FF505F6E000

unkown

page readonly

7FF584E1B000

unkown

page readonly

7FF584E15000

unkown

page readonly

13272600000

unkown

page read and write

8F54CFF000

unkown

page read and write

7FF5E7019000

unkown

page readonly

13272E02000

unkown

page read and write

7FF505D59000

unkown

page readonly

7FF57D071000

unkown

page readonly

1A29EA55000

unkown

page read and write

1A29EA6C000

unkown

page read and write

7FF584D0E000

unkown

page readonly

7FF57D06A000

unkown

page readonly

13272629000

unkown

page read and write

7FF5849D0000

unkown

page readonly

7FF5E6FE4000

unkown

page readonly

7FF5E6F9A000

unkown

page readonly

29DE2FB000

unkown

page read and write

13272570000

heap default

page read and write

7FF5E6B60000

unkown

page readonly

1A29EA6E000

unkown

page read and write

21F57C00000

unkown

page readonly

7FF505D25000

unkown

page readonly

13272C60000

unkown

page readonly

7FF57CECD000

unkown

page readonly

21F57A29000

unkown

page read and write

7316B7E000

unkown

page read and write

8F54D7F000

unkown

page read and write

7FF57CF7A000

unkown

page readonly

7FF505F79000

unkown

page readonly

1D608F70000

heap private

page read and write

7FF57CCF7000

unkown

page readonly

7FF505F0B000

unkown

page readonly

7FF57CFD4000

unkown

page readonly

7FF505EFA000

unkown

page readonly

21F57940000

unkown

page readonly

21F57B08000

unkown

page read and write

7FF584E64000

unkown

page readonly

37097F5000

unkown

page read and write

21F57A3C000

unkown

page read and write

1327268C000

unkown

page read and write

1D609108000

unkown

page read and write

7FF5E6FCF000

unkown

page readonly

7FF57CE23000

unkown

page readonly

7FF584E86000

unkown

page readonly

1D609002000

unkown

page read and write

7FF5E701D000

unkown

page readonly

7FF57D072000

unkown

page readonly

29DDDDB000

unkown

page read and write

7316C7A000

unkown

page read and write

7FF505BBC000

unkown

page readonly

7FF505F05000

unkown

page readonly

7FF57CFB7000

unkown

page readonly

37098FB000

unkown

page read and write

7316AFF000

unkown

page read and write

370997E000

unkown

page read and write

21F57A4D000

unkown

page read and write

13272613000

unkown

page read and write

7FF57CF80000

unkown

page readonly

1A29E8D0000

heap private

page read and write

21F578D0000

heap private

page read and write

7FF5E6E43000

unkown

page readonly

21F57A00000

unkown

page read and write

1D609013000

unkown

page read and write

7FF57CB55000

unkown

page readonly

1A2A0470000

unkown

page read and write

7FF5E6FA0000

unkown

page readonly

7FF505FF1000

unkown

page readonly

7FF57CF7E000

unkown

page readonly

7FF5E6FEA000

unkown

page readonly

13272510000

heap private

page read and write

1D609029000

unkown

page read and write

3709B7E000

unkown

page read and write

7FF584E78000

unkown

page readonly

7FF505BCA000

unkown

page readonly

7FF584EFA000

unkown

page readonly

7FF505DE1000

unkown

page readonly

1D609000000

unkown

page read and write

7FF50575D000

unkown

page readonly

1A29EA67000

unkown

page read and write

7FF5E6FD7000

unkown

page readonly

7316CFE000

unkown

page read and write

7FF57CE7B000

unkown

page readonly

21F57B00000

unkown

page read and write

1D609113000

unkown

page read and write

There are 275 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://jityerk.ml/000/

Details

Filename:	226533.0.links.html.dom
Url:	https://jityerk.ml/000/
Target ID:	3
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6740 CREDAT:17410 /prefetch:2

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish10	Phishing
Yara detected HtmlPhish7	Phishing

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML