Analysis Report https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4

Overview

General Information

Sample URL:	https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4
Analysis ID:	433372
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on shot template match)

Yara detected HtmlPhish10

Yara detected HtmlPhish7

Phishing site detected (based on logo template match)

Phishing site detected (based on various OCR indicators)

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

Phishing:

Phishing site detected (based on shot template match)

Source: https://macadavid.cf/000/index.php

Matcher: Template: outlook matched

Yara detected HtmlPhish10

Source: Yara match	File source: 621365.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm, type: DROPPED

Yara detected HtmlPhish7

Source: Yara match	File source: 621365.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm, type: DROPPED

Phishing site detected (based on logo template match)

Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4

Matcher: Template: microsoft matched

Phishing site detected (based on various OCR indicators)

Source: Screenshots	OCR Text: )- Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. k Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe.
Source: Screenshots	OCR Text: ucrvv t .jklvlmH Date jQed: 9/30/2020 8:03 AM ' e :!',:, BNAK:MGSPLO.png, pIvFAGEAAvjpg, PWCCAWLGRE.xIs,C ,,,i S'a"h... .. I Ul - [I X JO- GjCUC1 C secure,campaigner,com Ltcrvv TjrjvlmH Da' 81a'd: 9/30/2020 &03 AM <9 => h;i',; BNAK:MGSPLO.png, pIvFAGEAAvjpg, PWCCAWLGRE.xIs,C ,,,i S'a"h... Fax Massage2x this: f g inob Like 0 - [I X JO- GjCUC1 i Sign in to use your favorite productivity apps from any device q.eE qj ' b J M'c molt' (jUl Office 365' Adobe You Have Received (2) Pdf online Message ID "5467454678948-546" Reference: MLK355344343434-S5894 22/02/2021 This E-mail was sent from Scanner "RNP583879051AFA" CLICK HERE TQ VIEW DQCUMENT>>> V <9 '=>h#ps//secure.campaigner.coWCSB/Pub\|ic/archive.aspx?args= NTIxMzE2M jA%3d&acc= NzY2ODM4 Fax Massage2x [I this: f g inob Like 0 - [3 X C\|Searh...JO-Grtk@ Sign in to use your favorite productivity apps from any device q.eE qj ' b q g Mk'O$Ott' Da.Office365 Abbe You Have Received (2) Pdf online Message ID "5467454678948-546" Reference: MLK355344343434-S5894 22/02/2021 This E-mail was sent from Scanner "RNP583879051AFA" CLICK HERE TQ VIEW DQCIjMENT>>> Adobe pDF-Microson Online 2021 : Microsoft Office Products Resources V TemNln Support My account Buynow e https//macadavid.d/m/indw.php e Share Point Onlinex Hi C Search... )- Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. k Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. X JO-GjCUC1

Found iframes

Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Iframe src: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d8b24e58165c4%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff78ed304d6af44%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMzE2MjA%253d%26acc%3DNzY2ODM4&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Iframe src: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d8b24e58165c4%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff78ed304d6af44%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMzE2MjA%253d%26acc%3DNzY2ODM4&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large

HTML body contains low number of good links

Source: https://macadavid.cf/000/index.php	HTTP Parser: Number of links: 0
Source: https://macadavid.cf/000/index.php	HTTP Parser: Number of links: 0
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Number of links: 1
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Number of links: 1

HTML title does not match URL

Source: https://macadavid.cf/000/index.php	HTTP Parser: Title: Share Point Online does not match URL
Source: https://macadavid.cf/000/index.php	HTTP Parser: Title: Share Point Online does not match URL
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Title: Fax Massage2 does not match URL
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Title: Fax Massage2 does not match URL

Source: https://macadavid.cf/000/index.php	HTTP Parser: No <meta name="author".. found
Source: https://macadavid.cf/000/index.php	HTTP Parser: No <meta name="author".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: No <meta name="author".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: No <meta name="author".. found

Source: https://macadavid.cf/000/index.php	HTTP Parser: No <meta name="copyright".. found
Source: https://macadavid.cf/000/index.php	HTTP Parser: No <meta name="copyright".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: No <meta name="copyright".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.29.132.67:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.29.132.67:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49731 version: TLS 1.2

Source: socialsharinghelper[1].js.2.dr	String found in binary or memory: window.open("http://www.linkedin.com/shareArticle?mini=true&url=" + url + "&title=" + t, "LinkedIn", "width=700,height=500,title='Share this'"); equals www.linkedin.com (Linkedin)
Source: socialsharinghelper[1].js.2.dr	String found in binary or memory: window.open("https://www.facebook.com/sharer/sharer.php?u=" + url, "facebook", "width=650,height=500,title='Share this'"); equals www.facebook.com (Facebook)
Source: like[1].htm.2.dr	String found in binary or memory: 12.7434661,13.2 L6.54470232,13.2 Z"></path></svg><img class="_1pbs inlineBlock img" src="https://www.facebook.com/rsrc.php/v3/y5/r/OqOE21UvWe3.png" alt="" width="16" height="16" /></span></span><span class="_49vh _2pi7">Like</span><span class="_5n6h _2pih" id="u_0_2_IF">0</span></div></button><input type="hidden" autocomplete="off" name="action" value="like" /><input type="hidden" autocomplete="off" name="iframe_referer" value="https://secure.campaigner.com/--redacted--/?--redacted--" /><input type="hidden" autocomplete="off" name="r_ts" value="1623426586" /><input type="hidden" autocomplete="off" name="ref" /><input type="hidden" autocomplete="off" name="xfbml" value="1" /></form></div></td></tr></tbody></table><script nonce="3Mu9y0sE">(function(width, height, id, callback, origin, domain) { if(id){var e=document.getElementById(id);if(width!==-1)e.style.width=width+"px";else{width=e.offsetWidth;if(window.getComputedStyle){var computed=getComputedStyle(e);computed&&(width=Math.ceil(parseFloat(computed.width))\|\|e.offsetWidth)}}height===-1&&(height=e.offsetHeight)}var message="type=resize&cb="+callback+"&width="+width+"&height="+height;; (function(){var a=window.parent;window.opener!=null&&typeof window.opener.postMessage==="function"&&(relation==="opener.parent"?a=window.opener.parent:a=window.opener);var b=!0;function c(a,b){a=window.location.hostname.match(/\.(facebook\.sg\|facebookcorewwwi\.(?:test)?onion\|facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd\.onion)$/);a=a?a[1]:"facebook.com";new Image().src="https://www."+a+"/common/scribe_endpoint.php?c=jssdk_error&m="+encodeURIComponent(JSON.stringify(b))}function d(){if(a===window)window.close(),window.open("","_self",""),window.close(),!window.closed&&closeURI&&window.location.replace(closeURI);else try{a.postMessage(message,origin)}catch(a){b?(b=!1,window.setTimeout(d,200)):c("jssdk_error",{error:"POST_MESSAGE",extra:{message:a.message+", html/js/connect/XDDialogResponsePurePostMessage.js:53"}})}}function e(){__fbNative.postMessage(message,origin)}window==top&&/FBAN\/\w+;/i.test(navigator.userAgent)&&!/FBAN\/mLite;/.test(navigator.userAgent)?window.__fbNative&&__fbNative.postMessage?e():window.addEventListener("fbNativeReady",e):d()})();; })(108, 28, "u_0_0_jA", "f3d8b24e58165c4", "https:\/\/secure.campaigner.com", "secure.campaigner.com");</script><span id="jsbundle-loader"> equals www.facebook.com (Facebook)
Source: all[1].js0.2.dr	String found in binary or memory: } }).call(global);})(window.inDapIF ? parent.window : window, window);} catch (e) {var i = new Image();i.crossOrigin = 'anonymous';i.dataset.testid = 'fbSDKErrorReport';i.src='https://www.facebook.com/platform/scribe_endpoint.php/?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber\|\|e.line)+'","script":"'+(e.fileName\|\|e.sourceURL\|\|e.script\|\|"all.js")+'","stack":"'+(e.stackTrace\|\|e.stack)+'","revision":"1003951477","namespace":"FB","message":"'+e.message+'"}}');document.body.appendChild(i);} equals www.facebook.com (Facebook)
Source: nN7EzeTFXEH[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/09P_rcHKL4D/ equals www.facebook.com (Facebook)
Source: all[1].js0.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: nN7EzeTFXEH[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: nN7EzeTFXEH[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/YzYYrH_bE_k/ equals www.facebook.com (Facebook)
Source: nN7EzeTFXEH[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/ZtTipMAcpq9/ equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe556d613,0x01d75f24</date><accdate>0xe556d613,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe556d613,0x01d75f24</date><accdate>0xe556d613,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe556d613,0x01d75f24</date><accdate>0xe556d613,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe556d613,0x01d75f24</date><accdate>0xe556d613,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe55dfcfb,0x01d75f24</date><accdate>0xe55dfcfb,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe55dfcfb,0x01d75f24</date><accdate>0xe55dfcfb,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: all[1].js0.2.dr	String found in binary or memory: __d("FBPixelEndpoint",["invariant","FBEventsParamList","FBEventsUtils"],(function(a,b,c,d,e,f,g){"use strict";f.sendEvent=a;var h="https://www.facebook.com/tr/",i=location.href,j=window.top!==window,k=document.referrer;function l(a,c,d,e){e===void 0&&(e={});var f=new(b("FBEventsParamList"))();f.append("id",a);f.append("ev",c);f.append("dl",i);f.append("rl",k);f.append("if",j);f.append("ts",new Date().valueOf());f.append("cd",d);f.append("sw",window.screen.width);f.append("sh",window.screen.height);for(var g in e)f.append(g,e[g]);return f}function a(a,b,c,d){a=l(a,b,c,d);b=a.toQueryString();2048>(h+"?"+b).length?m(h,b):n(h,a)}function m(a,b){var c=new Image();c.src=a+"?"+b}function n(a,c){var d="fb"+Math.random().toString().replace(".",""),e=document.createElement("form");e.method="post";e.action=a;e.target=d;e.acceptCharset="utf-8";e.style.display="none";a=!!(window.attachEvent&&!window.addEventListener);a=a?'<iframe name="'+d+'">':"iframe";var f=document.createElement(a);f instanceof HTMLIFrameElement\|\|g(0,20659);f.src="javascript:false";f.id=d;f.name=d;e.appendChild(f);b("FBEventsUtils").listenOnce(f,"load",function(){c.each(function(a,b){var c=document.createElement("input");c.name=a;c.value=b;e.appendChild(c)}),b("FBEventsUtils").listenOnce(f,"load",function(){var a;(a=e.parentNode)==null?void 0:a.removeChild(e)}),e.submit()});(a=document.body)==null?void 0:a.appendChild(e)}}),null); equals www.facebook.com (Facebook)
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d8b24e58165c4%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff78ed304d6af44%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMzE2MjA%253d%26acc%3DNzY2ODM4&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: secure.campaigner.com

Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://benalman.com/about/license/
Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://benalman.com/projects/jquery-throttle-debounce-plugin/
Source: font-awesome[1].eot.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: font-awesome[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: fonticons[1].css.2.dr	String found in binary or memory: http://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUfY6323mHUZFJMgTvxaG2iE.eot);
Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: popper.min[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://www.appcropolis.com)
Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: socialsharinghelper[1].js.2.dr	String found in binary or memory: http://www.linkedin.com/shareArticle?mini=true&url=
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: genericopenwindowfcts[1].js.2.dr	String found in binary or memory: http://www.telerik.com/help/aspnet-ajax/window-programming-setting-client-events-using-javascript.ht
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: index[1].htm.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: index[1].htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: index[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: index[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: index[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: archive[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Arial:400
Source: archive[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:300
Source: archive[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: index[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: fonticons[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff)
Source: fonticons[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/5YB-ifwqHP20Yn46l_BDhA.eot);
Source: fonticons[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/CWB0XYA8bzo0kSThX0UTuA.woff2)
Source: fonticons[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw.woff)
Source: fonticons[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUVtXRa8TVwTICgirnJhmVJw.woff2)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css0.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: hover[1].css.2.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css0.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: all[1].js0.2.dr	String found in binary or memory: https://itunes.apple.com/us/app/messenger/id454638411
Source: 585b051251[2].js.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[2].js.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: index[1].htm.2.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: index[1].htm.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: {11894F36-CB18-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://macadavid.cf/0
Source: ~DFB9B088C2B4A83B25.TMP.1.dr, archive[1].htm.2.dr	String found in binary or memory: https://macadavid.cf/000/index.php
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://macadavid.cf/000/index.php$Share
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://macadavid.cf/000/index.phpblic/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM40
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://macadavid.cf/000/index.phpblic/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4macadavid.cf/000
Source: index[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: index[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=radScriptManager_T
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?d=PMrIT5dOWaVYIcpFWUE4nGT9ocicfa2Xof
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZItUc7uOXVQ_JJSF3nqWHTssVf86I
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/app_themes/lightning/combobox.campformcombo.css
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/app_themes/lightning/common/fonticons.css
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/fonts/brand-icons/brand-icons.min.css
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/fonts/font-awesome/font-awesome.min.css
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/vendor/waves/waves.min.css
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap-e
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap.m
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/campaigner.
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/scripts/custom/socialsharinghelper.js
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/scripts/genericopenwindowfcts.js
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/scripts/thirdparty/jquery-latest.min.js
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/editorassets/themes/soak-it-up/content-background.png
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/media/76/766838/Screen
Source: all[1].js0.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.facebook.orca
Source: {11894F36-CB18-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://secure.campaig
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://secure.campaigner.com/--redacted--/?--redacted--
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3D&acc=NzY2ODM4
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM40
Source: {11894F36-CB18-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4Root
Source: imagestore.dat.2.dr	String found in binary or memory: https://secure.campaigner.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://secure.campaigner.com/favicon.ico~
Source: socialsharinghelper[1].js.2.dr	String found in binary or memory: https://twitter.com/share?url=
Source: all[1].js0.2.dr, nN7EzeTFXEH[1].js.2.dr	String found in binary or memory: https://www.internalfb.com/intern/invariant/

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726

Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.29.132.67:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.29.132.67:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49731 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@3/72@11/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF8357F423EC5F7CBF.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6112 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6112 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
216.24.224.42	secure.campaigner.com	Canada	17358	ETOLL1CA	false
31.13.92.14	scontent.xx.fbcdn.net	Ireland	32934	FACEBOOKUS	false
31.13.92.36	star-mini.c10r.facebook.com	Ireland	32934	FACEBOOKUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
66.29.132.67	macadavid.cf	United States	19538	ADVANTAGECOMUS	false
104.16.19.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
star-mini.c10r.facebook.com	31.13.92.36	true
scontent.xx.fbcdn.net	31.13.92.14	true
cdnjs.cloudflare.com	104.16.19.94	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
secure.campaigner.com	216.24.224.42	true
macadavid.cf	66.29.132.67	true
www.facebook.com	unknown	unknown
media.campaigner.com	unknown	unknown
ka-f.fontawesome.com	unknown	unknown
code.jquery.com	unknown	unknown
kit.fontawesome.com	unknown	unknown
connect.facebook.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	false		high
https://macadavid.cf/000/index.php	true		unknown

Phishing:

Phishing site detected (based on shot template match)

Source: https://macadavid.cf/000/index.php

Matcher: Template: outlook matched

Yara detected HtmlPhish10

Source: Yara match	File source: 621365.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm, type: DROPPED

Yara detected HtmlPhish7

Source: Yara match	File source: 621365.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm, type: DROPPED

Phishing site detected (based on logo template match)

Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4

Matcher: Template: microsoft matched

Phishing site detected (based on various OCR indicators)

Source: Screenshots	OCR Text: )- Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. k Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe.
Source: Screenshots	OCR Text: ucrvv t .jklvlmH Date jQed: 9/30/2020 8:03 AM ' e :!',:, BNAK:MGSPLO.png, pIvFAGEAAvjpg, PWCCAWLGRE.xIs,C ,,,i S'a"h... .. I Ul - [I X JO- GjCUC1 C secure,campaigner,com Ltcrvv TjrjvlmH Da' 81a'd: 9/30/2020 &03 AM <9 => h;i',; BNAK:MGSPLO.png, pIvFAGEAAvjpg, PWCCAWLGRE.xIs,C ,,,i S'a"h... Fax Massage2x this: f g inob Like 0 - [I X JO- GjCUC1 i Sign in to use your favorite productivity apps from any device q.eE qj ' b J M'c molt' (jUl Office 365' Adobe You Have Received (2) Pdf online Message ID "5467454678948-546" Reference: MLK355344343434-S5894 22/02/2021 This E-mail was sent from Scanner "RNP583879051AFA" CLICK HERE TQ VIEW DQCUMENT>>> V <9 '=>h#ps//secure.campaigner.coWCSB/Pub\|ic/archive.aspx?args= NTIxMzE2M jA%3d&acc= NzY2ODM4 Fax Massage2x [I this: f g inob Like 0 - [3 X C\|Searh...JO-Grtk@ Sign in to use your favorite productivity apps from any device q.eE qj ' b q g Mk'O$Ott' Da.Office365 Abbe You Have Received (2) Pdf online Message ID "5467454678948-546" Reference: MLK355344343434-S5894 22/02/2021 This E-mail was sent from Scanner "RNP583879051AFA" CLICK HERE TQ VIEW DQCIjMENT>>> Adobe pDF-Microson Online 2021 : Microsoft Office Products Resources V TemNln Support My account Buynow e https//macadavid.d/m/indw.php e Share Point Onlinex Hi C Search... )- Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. k Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. X JO-GjCUC1

Found iframes

Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Iframe src: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d8b24e58165c4%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff78ed304d6af44%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMzE2MjA%253d%26acc%3DNzY2ODM4&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Iframe src: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d8b24e58165c4%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff78ed304d6af44%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMzE2MjA%253d%26acc%3DNzY2ODM4&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large

HTML body contains low number of good links

Source: https://macadavid.cf/000/index.php	HTTP Parser: Number of links: 0
Source: https://macadavid.cf/000/index.php	HTTP Parser: Number of links: 0
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Number of links: 1
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Number of links: 1

HTML title does not match URL

Source: https://macadavid.cf/000/index.php	HTTP Parser: Title: Share Point Online does not match URL
Source: https://macadavid.cf/000/index.php	HTTP Parser: Title: Share Point Online does not match URL
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Title: Fax Massage2 does not match URL
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: Title: Fax Massage2 does not match URL

Source: https://macadavid.cf/000/index.php	HTTP Parser: No <meta name="author".. found
Source: https://macadavid.cf/000/index.php	HTTP Parser: No <meta name="author".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: No <meta name="author".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: No <meta name="author".. found

Source: https://macadavid.cf/000/index.php	HTTP Parser: No <meta name="copyright".. found
Source: https://macadavid.cf/000/index.php	HTTP Parser: No <meta name="copyright".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: No <meta name="copyright".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.29.132.67:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.29.132.67:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49731 version: TLS 1.2

Source: socialsharinghelper[1].js.2.dr	String found in binary or memory: window.open("http://www.linkedin.com/shareArticle?mini=true&url=" + url + "&title=" + t, "LinkedIn", "width=700,height=500,title='Share this'"); equals www.linkedin.com (Linkedin)
Source: socialsharinghelper[1].js.2.dr	String found in binary or memory: window.open("https://www.facebook.com/sharer/sharer.php?u=" + url, "facebook", "width=650,height=500,title='Share this'"); equals www.facebook.com (Facebook)
Source: like[1].htm.2.dr	String found in binary or memory: 12.7434661,13.2 L6.54470232,13.2 Z"></path></svg><img class="_1pbs inlineBlock img" src="https://www.facebook.com/rsrc.php/v3/y5/r/OqOE21UvWe3.png" alt="" width="16" height="16" /></span></span><span class="_49vh _2pi7">Like</span><span class="_5n6h _2pih" id="u_0_2_IF">0</span></div></button><input type="hidden" autocomplete="off" name="action" value="like" /><input type="hidden" autocomplete="off" name="iframe_referer" value="https://secure.campaigner.com/--redacted--/?--redacted--" /><input type="hidden" autocomplete="off" name="r_ts" value="1623426586" /><input type="hidden" autocomplete="off" name="ref" /><input type="hidden" autocomplete="off" name="xfbml" value="1" /></form></div></td></tr></tbody></table><script nonce="3Mu9y0sE">(function(width, height, id, callback, origin, domain) { if(id){var e=document.getElementById(id);if(width!==-1)e.style.width=width+"px";else{width=e.offsetWidth;if(window.getComputedStyle){var computed=getComputedStyle(e);computed&&(width=Math.ceil(parseFloat(computed.width))\|\|e.offsetWidth)}}height===-1&&(height=e.offsetHeight)}var message="type=resize&cb="+callback+"&width="+width+"&height="+height;; (function(){var a=window.parent;window.opener!=null&&typeof window.opener.postMessage==="function"&&(relation==="opener.parent"?a=window.opener.parent:a=window.opener);var b=!0;function c(a,b){a=window.location.hostname.match(/\.(facebook\.sg\|facebookcorewwwi\.(?:test)?onion\|facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd\.onion)$/);a=a?a[1]:"facebook.com";new Image().src="https://www."+a+"/common/scribe_endpoint.php?c=jssdk_error&m="+encodeURIComponent(JSON.stringify(b))}function d(){if(a===window)window.close(),window.open("","_self",""),window.close(),!window.closed&&closeURI&&window.location.replace(closeURI);else try{a.postMessage(message,origin)}catch(a){b?(b=!1,window.setTimeout(d,200)):c("jssdk_error",{error:"POST_MESSAGE",extra:{message:a.message+", html/js/connect/XDDialogResponsePurePostMessage.js:53"}})}}function e(){__fbNative.postMessage(message,origin)}window==top&&/FBAN\/\w+;/i.test(navigator.userAgent)&&!/FBAN\/mLite;/.test(navigator.userAgent)?window.__fbNative&&__fbNative.postMessage?e():window.addEventListener("fbNativeReady",e):d()})();; })(108, 28, "u_0_0_jA", "f3d8b24e58165c4", "https:\/\/secure.campaigner.com", "secure.campaigner.com");</script><span id="jsbundle-loader"> equals www.facebook.com (Facebook)
Source: all[1].js0.2.dr	String found in binary or memory: } }).call(global);})(window.inDapIF ? parent.window : window, window);} catch (e) {var i = new Image();i.crossOrigin = 'anonymous';i.dataset.testid = 'fbSDKErrorReport';i.src='https://www.facebook.com/platform/scribe_endpoint.php/?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber\|\|e.line)+'","script":"'+(e.fileName\|\|e.sourceURL\|\|e.script\|\|"all.js")+'","stack":"'+(e.stackTrace\|\|e.stack)+'","revision":"1003951477","namespace":"FB","message":"'+e.message+'"}}');document.body.appendChild(i);} equals www.facebook.com (Facebook)
Source: nN7EzeTFXEH[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/09P_rcHKL4D/ equals www.facebook.com (Facebook)
Source: all[1].js0.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: nN7EzeTFXEH[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: nN7EzeTFXEH[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/YzYYrH_bE_k/ equals www.facebook.com (Facebook)
Source: nN7EzeTFXEH[1].js.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/ZtTipMAcpq9/ equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe556d613,0x01d75f24</date><accdate>0xe556d613,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe556d613,0x01d75f24</date><accdate>0xe556d613,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe556d613,0x01d75f24</date><accdate>0xe556d613,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe556d613,0x01d75f24</date><accdate>0xe556d613,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe55dfcfb,0x01d75f24</date><accdate>0xe55dfcfb,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe55dfcfb,0x01d75f24</date><accdate>0xe55dfcfb,0x01d75f24</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: all[1].js0.2.dr	String found in binary or memory: __d("FBPixelEndpoint",["invariant","FBEventsParamList","FBEventsUtils"],(function(a,b,c,d,e,f,g){"use strict";f.sendEvent=a;var h="https://www.facebook.com/tr/",i=location.href,j=window.top!==window,k=document.referrer;function l(a,c,d,e){e===void 0&&(e={});var f=new(b("FBEventsParamList"))();f.append("id",a);f.append("ev",c);f.append("dl",i);f.append("rl",k);f.append("if",j);f.append("ts",new Date().valueOf());f.append("cd",d);f.append("sw",window.screen.width);f.append("sh",window.screen.height);for(var g in e)f.append(g,e[g]);return f}function a(a,b,c,d){a=l(a,b,c,d);b=a.toQueryString();2048>(h+"?"+b).length?m(h,b):n(h,a)}function m(a,b){var c=new Image();c.src=a+"?"+b}function n(a,c){var d="fb"+Math.random().toString().replace(".",""),e=document.createElement("form");e.method="post";e.action=a;e.target=d;e.acceptCharset="utf-8";e.style.display="none";a=!!(window.attachEvent&&!window.addEventListener);a=a?'<iframe name="'+d+'">':"iframe";var f=document.createElement(a);f instanceof HTMLIFrameElement\|\|g(0,20659);f.src="javascript:false";f.id=d;f.name=d;e.appendChild(f);b("FBEventsUtils").listenOnce(f,"load",function(){c.each(function(a,b){var c=document.createElement("input");c.name=a;c.value=b;e.appendChild(c)}),b("FBEventsUtils").listenOnce(f,"load",function(){var a;(a=e.parentNode)==null?void 0:a.removeChild(e)}),e.submit()});(a=document.body)==null?void 0:a.appendChild(e)}}),null); equals www.facebook.com (Facebook)
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d8b24e58165c4%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff78ed304d6af44%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMzE2MjA%253d%26acc%3DNzY2ODM4&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: secure.campaigner.com

Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://benalman.com/about/license/
Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://benalman.com/projects/jquery-throttle-debounce-plugin/
Source: font-awesome[1].eot.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: font-awesome[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: fonticons[1].css.2.dr	String found in binary or memory: http://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUfY6323mHUZFJMgTvxaG2iE.eot);
Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: popper.min[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://www.appcropolis.com)
Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: socialsharinghelper[1].js.2.dr	String found in binary or memory: http://www.linkedin.com/shareArticle?mini=true&url=
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: Telerik.Web.UI.WebResource[1].js.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: genericopenwindowfcts[1].js.2.dr	String found in binary or memory: http://www.telerik.com/help/aspnet-ajax/window-programming-setting-client-events-using-javascript.ht
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: index[1].htm.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: index[1].htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: index[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: index[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: index[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: archive[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Arial:400
Source: archive[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:300
Source: archive[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: index[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: fonticons[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff)
Source: fonticons[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/5YB-ifwqHP20Yn46l_BDhA.eot);
Source: fonticons[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/CWB0XYA8bzo0kSThX0UTuA.woff2)
Source: fonticons[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw.woff)
Source: fonticons[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUVtXRa8TVwTICgirnJhmVJw.woff2)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css0.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: hover[1].css.2.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css0.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: all[1].js0.2.dr	String found in binary or memory: https://itunes.apple.com/us/app/messenger/id454638411
Source: 585b051251[2].js.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[2].js.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: index[1].htm.2.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: index[1].htm.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: {11894F36-CB18-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://macadavid.cf/0
Source: ~DFB9B088C2B4A83B25.TMP.1.dr, archive[1].htm.2.dr	String found in binary or memory: https://macadavid.cf/000/index.php
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://macadavid.cf/000/index.php$Share
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://macadavid.cf/000/index.phpblic/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM40
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://macadavid.cf/000/index.phpblic/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4macadavid.cf/000
Source: index[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: index[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=radScriptManager_T
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?d=PMrIT5dOWaVYIcpFWUE4nGT9ocicfa2Xof
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZItUc7uOXVQ_JJSF3nqWHTssVf86I
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/app_themes/lightning/combobox.campformcombo.css
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/app_themes/lightning/common/fonticons.css
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/fonts/brand-icons/brand-icons.min.css
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/fonts/font-awesome/font-awesome.min.css
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/vendor/waves/waves.min.css
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap-e
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap.m
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/campaigner.
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/scripts/custom/socialsharinghelper.js
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/scripts/genericopenwindowfcts.js
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/csb/scripts/thirdparty/jquery-latest.min.js
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/editorassets/themes/soak-it-up/content-background.png
Source: archive[1].htm.2.dr	String found in binary or memory: https://media.campaigner.com/media/76/766838/Screen
Source: all[1].js0.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.facebook.orca
Source: {11894F36-CB18-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://secure.campaig
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://secure.campaigner.com/--redacted--/?--redacted--
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3D&acc=NzY2ODM4
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4
Source: ~DFB9B088C2B4A83B25.TMP.1.dr	String found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM40
Source: {11894F36-CB18-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4Root
Source: imagestore.dat.2.dr	String found in binary or memory: https://secure.campaigner.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://secure.campaigner.com/favicon.ico~
Source: socialsharinghelper[1].js.2.dr	String found in binary or memory: https://twitter.com/share?url=
Source: all[1].js0.2.dr, nN7EzeTFXEH[1].js.2.dr	String found in binary or memory: https://www.internalfb.com/intern/invariant/

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726

Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.29.132.67:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.29.132.67:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49731 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@3/72@11/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF8357F423EC5F7CBF.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6112 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6112 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	433372
Product:	CloudBasic
Start time:	17:48:53
Start date:	11.06.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\6AOSI0IH\secure.campaigner[1].xml	ASCII text, with no line terminators	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{11894F34-CB18-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	8282550E06DBB98616F2FFEA5E1F2317	6C6CB6294FC81E05F9983A3F6DB4E973C9844628	77BF25DE44162A49B1A1AA2A5B41562F3ECA13BDFC26C52CF08A759FA050BEC7
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{11894F36-CB18-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	9EAF57F3B37FB0E2EAE690E37D394E4C	E9924B56B692526DB8A0DC7197639CED8E558B2C	82890B16558282E98059AE4F49DF46358B68E34B249CE2232F6F3817FEAD6718
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{180F7E13-CB18-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	52FB9C666DE08A6437EB131B48D4B0FF	537BC0F5ACBDA2A56AA2FBAC3E0C7389F36EFB4B	6A28AE36980222CB41B3B255A248F9609C5178FA66A1C8EE94F47761CD8D1A76
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	1DC540C2FD076E38A49504DA24685E55	7FFB4E5D2B55648396855F5E0898BBAD49CF091F	9DEF857CB517840ED7774DB5D904EA17DABCBA03FC371CF1FD0D554B5D7990E5
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	8F02BD001D937479F7BBBAD2CCC9752C	966F0E5D69F1D57F9B7BF336EF2E12367A26D108	D616ABEF55E6761A998EE36A4552FCB5DCB6271590B1A91D448E03FACF8D3ECF
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	AAA634D73D7B2ABA56FDD34EB1F6D6B9	42AFBD945CEB063D6FDA126F4729BBBF59D30DC7	A600305DE3CF926783459D1495CAFBFDDB07364D967DDE841E4FBB01C35520D6
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	4F53945A51D3A872B3AA3DDAC5BE7D64	058D86103231F4388BD84E62A0E3DF0A1EC562D5	0D0A52AB1280E8E3A956FD652EE343AEF89E06DFDFC7CF767E63C2C983468AE8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	7B6E98A7A5C35306F9073443CD4FC8E1	5163C930EE72928B44581D8BB4B6770B7CFC43F4	185148849BCE1EF2C7D22A57E37E94D777EC351FF2836F7F1EDBB43C32DF1A77
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	BE8F7715097EF932AF1C1CFEEEE50C50	5C89297B7B1280E6E5516E67D3ECD90A5E02D94A	76AC52419FA4C2D9C6DD4482B67877319D9216DC7D376A27CB4361D0772E1699
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	52D037AA078AC77FBA10272DC0393583	3EB5E44FB08F3D130E69B8CF6C94EEDE618EC7C1	8458C13283856E623F5D62DA600F73648B622127DAE0FEDD6B6F4A3E1A78D285
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	F53CC400CE255AE8F29E181C43519EF0	60BF6EC3FC746C722C0B7CEE6C09B024A0EEB7B9	F4B271A79A19B306C13D80D5DAA8F889A4EC84946D57447846BD199040724F68
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	C23A5FBC069337C4737405F8A5A11482	3E34E7EEA9D985C6DD19655BA38174CD204C1CE1	C8149191BC3556D849E8BA266B868FD55C8BF20C8918B1AB6F83CBC32F06AAD0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	51D0F27E039E90F513C3FAFED8D5B189	A2CBECA562031C260B1AF9441ACA2F2A3061D2F2	58DE710D722DE893565CAD08DC0EBA80530A6D71FF9366FAFD8B7D69B4DD4749
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Screen%20Shot%202021-03-04%20at%209.10.51%20PM[1].png	PNG image data, 700 x 742, 8-bit/color RGBA, non-interlaced	AB162FCB4910DB53D9CBBEA72AF54E44	8786119E313B50CAC5335329DCA141B3B15B47FF	9F237C90CC3F13ACB455144E428383065A21BE9678BB1FCC720B55A8D723C25E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Telerik.Web.UI.WebResource[1].js	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	96E892352A706077CA4F0CC78FD62A3E	8ED1E7EEB60E6FD6D5902F836C05581422816E6D	6536E723603C358246ED61633EEB159CBC6A96C4143ACCE9D40F9AAD281CF2F1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\all[1].js	ASCII text, with very long lines	3F5AC906F2D19512BABC05DF2534BB73	D9FA5BD80E7597F1BF5F7E7DA24338D2BA520521	3B5423B600B5EBCD4C5FAAACB2F8FEFB14E7D6F00BA3E9461DA2F53CD401D365
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bootstrap.min[1].css	ASCII text, with very long lines	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css	ASCII text	896A43879DA6874AB94B9EF2B8522FAA	2D7CDE20E3D6CEA4C5396A60D1D1D53DC6BE0AF9	0D36AB1F4829402E9E3BFBCD71AA0E967B1E376B0CA9033A97AF876D498CC1D4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[2].css	ASCII text	7D735032BA95B018E621A63B5E90B575	EBA452D17316B6B3D7587373AFB3915E8C48F020	3474E85DA1AA9D40177FC35201F82740832FC311DCCBB1D0B4538F8E74FD054E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\genericopenwindowfcts[1].js	UTF-8 Unicode (with BOM) text, with CRLF line terminators	CE0D685C7FBC01050B8A48C62CAE7BB7	0DF38F490AF1EA4E50CCCDE9D1814FDF4B41A82E	EA6FD74480EEFD16F265F8E096E25CC95C6359E0944574A0E485D0D92DA1C571
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-3.1.1.min[1].js	ASCII text, with very long lines	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-3.2.1.slim.min[1].js	ASCII text, with very long lines	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-latest.min[1].js	ASCII text, with very long lines, with CRLF line terminators	DCE288F95FBF9F1DA7B4A971D6B5D5DB	654CF8125C4929542F1699776A38AC6DD8E153C9	30D6CC2F08F3E3C540ECEF09C5833AFB939CE01AD1E971D693CEFB31F716A54D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.min[1].js	ASCII text, with very long lines	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\nN7EzeTFXEH[1].js	ASCII text, with very long lines	4502D6242E3856F4F2278E8F30F40AA3	8AC410ECAE52E7A4647A49A8FC5D2D2029F53A19	5D890C20875889464FCE1692C6F40CE23FF22F6FCAB8A670761327E3204E0125
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\socialsharinghelper[1].js	UTF-8 Unicode (with BOM) text, with CRLF line terminators	48B7D1E9D67591FFE897002CC9891193	E6AAC6544697B2225BCC5C926DF43B1FF3A6AB26	8953390791A948A028DB2ED333A6AA6057C3D541FCD872B96C41270DD9C8DFA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woff	Web Open Font Format, TrueType, length 22280, version 1.1	6E949B62AF2E8B6F705E35EE4DBC17F4	31BC06C0C932EC0176F42C6864C58D7450BBF97E	917A5159BE44DE9A82072F6A1C52EF645844D6BEDF42F8FD1549CD99D6DB2CC5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff	Web Open Font Format, TrueType, length 20532, version 1.1	DA2721C68B4BC80DB8D4C404F76B118C	3A32E8B7EFBC9DFB52F024D657B8C8C0A80E5804	BD811625271ACCA47F7DAC48B460F13E08EE947B2A8E17E278C4D5CCB5D9323C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff	Web Open Font Format, TrueType, length 20404, version 1.1	BF0F407102FAF3A0B521D3B545F547A5	CA357CD0DE5DD0242E8EFACFB8D24AB60FDC86AB	855A06974032BB69157D469ABA6F63440E8BE47C421F45C3F396F4E0B87B6DE8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\OqOE21UvWe3[1].png	PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced	B85D112F813E876DC294B4263CE4D333	CA55B0C604D89034EE0249024983F7570EA2F8BB	ED91FBB0CD9308F91F8E1FD93942C94EE850FC4161ED788B16F801B743C70B9B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\WebResource[1].js	ASCII text, with CRLF line terminators	90EA7274F19755002360945D54C2A0D7	647B5D8BF7D119A2C97895363A07A0C6EB8CD284	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\adobe[1].jpg	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, frames 3	BE5274AF7D8BD25B8148A190FF515399	B8D0850FD92EE935287E17988B89E53607808C8C	26C62DBDF527B8DCBF378EA62F129CBBBA3B244730687909BA21ECD729C9D2E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\all[1].js	ASCII text, with very long lines	11DEB3CE7C8C571A6C58A951F39C36E6	D80B9E4EE2A9AE685380B9BB3D074A211FAD9DD1	17A5CEC3C4AA80C848D8A079802FA7FFE679B3389EFFFA2C0FD4403E7E9E16C7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\font-awesome[1].eot	Embedded OpenType (EOT), FontAwesome family	674F50D287A8C48DC19BA404D20FE713	D980C2CE873DC43AF460D4D572D441304499F400	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fonticons[1].css	ASCII text	D5A77A550E6D041F3C674C6D000D96BC	BD02DFFDCEFBCEDF943518CF6FD62DB63A578842	7298AC333BEC1E6E6CDBCCFB3688F900510770EC58FA83DB582430C624E3B609
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	6D1D3C4FD92B63CC534BE0EDF3AF18DC	5F5442FEB5BE60239F185E969C45050A7DBADE2A	65ADCB045AEFB4D0028A6AF36EC9D42BBD4DAE9AFF2CF85810BB4A6F44D4B25C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\like[1].htm	HTML document, UTF-8 Unicode text, with very long lines	EDA31691A276AACEEED5B06879C96312	D4CD262940973C93BFE960F7B931D455BB71F0D4	87C743AA191AAD6BF984A6D8DE113F6902A63B5F0E18CD932BFB94B84DDD2A80
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\office3651[1].png	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced	FE22440D79FFA34950F512EF4A718B2A	0E147E59544EE6580D3095353D4420849FA5EB8A	A2F26B68A6C8810C1AEB4048C938F835A86BA83756A7A440F989B967E78F3BA8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\other1[1].png	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced	6843A244E12FAB158AA189680B5E7049	0E1C691F87CC4FA35C88344974F2829C40176B70	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\outlook1[1].png	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced	C3FC46C5799C76F9107504028F39190F	519096AD3F03410CF9CE3C9B9FCCA6B439D97B23	57898461712A639D119BDF88B7145919DCC8956C7A271D2E4A1084B29EAE6785
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\2UX7WLTfW3W8TclTUvlFyQ[1].woff	Web Open Font Format, TrueType, length 18520, version 1.1	16E1D930CF13FB7A956372044B6D02D0	940B859E4F02BD3E7CF7B6CE245C197B5470302A	97BB9863429AE97FCC0CD6C80D30C3F7454D0B218D4758E24C30BDA441BD39D3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\585b051251[1].js	ASCII text, with very long lines	D8CA71772D1E86D5FB9D5E2F6CC1AE70	9B043E60997FE552D652E4474E16AFF923D7AA76	7D840153F02AD6D91D652354E35B590721916D16C33956631EEF0E7D3B5613EE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\585b051251[2].js	ASCII text, with very long lines	D8CA71772D1E86D5FB9D5E2F6CC1AE70	9B043E60997FE552D652E4474E16AFF923D7AA76	7D840153F02AD6D91D652354E35B590721916D16C33956631EEF0E7D3B5613EE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw[1].woff	Web Open Font Format, TrueType, length 18576, version 1.1	57AF64FC644194101C1593ABEA164433	C5E19CDC9C784C0362E7D2B7B5BE26418B07FD89	08CA17DB0A1CEA494B3010B6410696744D5B6DB541EF3218C2C4860905D44868
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	F55371AE84173282F8995E205428B76E	39BEE99CE7418470937F106EEA42BB988607CB9C	8AEF10D887509642937ECB6B9319505A4D3BB03F60F4FAC8006CC60BCED5C26D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].js	ASCII text, with very long lines	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\brand-icons.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	25D66FC1FE76E57689F3868FAC16C33D	3AC978C8B76E329EED18AA4B5AD7A66A051B38E2	409C806531699A47E585C9C4F18FA04293776D6A3E22F260DADDEDAD5BCD1049
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\campaigner.min[1].css	ASCII text, with very long lines, with no line terminators	7F81F27865AE5CAAF5157D5C72CAF463	18EB145F7244CC1D4B609E13A859E3FE30E70FD8	68EA12246455E77EE1365F1D49A102F8EE58F89BC76E354A01A7AD6F1117A0FB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	F896EB105D74F9E9F8F69ED1FDE1F8E3	E7A1DEBC6AD02BD48AAD1C4ED788842FF3F6B209	34662843D486EFDC07BF3D7B6FFA08EE89D187BAB3E99DF2B798766A0E0C701F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\font-awesome.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	361D939436923061B1C2189B0FFF7B9E	D4453D342EC083C9C3090B700FC97F1AF45ACB01	9AFC8642689B84EB0306CC3947B009634B5B350A8E3F027FA24776E73ED056AF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\gmail[1].png	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced	DCE2F2B0E50CB1DBB0246D152791CB46	D0A69C159304EDC08DB005163E7A0DAF5A1E98A6	ACF087C1757F08B0CFD53D59066544D7EF0BFCC50999E77C5813739CD9DC1479
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hover[1].css	ASCII text	FAC4178C15E5A86139C662DAFC809501	EF1481841399156A880EC31B07DDA9CFAA1ACE39	BB88454962767EB6F2DDB1AABAAF844D8A57DE7E8F848D7F6928F81B54998452
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\index[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	6D1D3C4FD92B63CC534BE0EDF3AF18DC	5F5442FEB5BE60239F185E969C45050A7DBADE2A	65ADCB045AEFB4D0028A6AF36EC9D42BBD4DAE9AFF2CF85810BB4A6F44D4B25C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\waves.min[1].css	ASCII text, with very long lines, with no line terminators	C8300A2DFDEE9FAF2599A19BB0005AD9	F53AB824F686C38070429D9627002CE110E42A8D	125A82B3D393B34F1C57983398E6ECB6A845EC87F4E29FBAB98F65C25674D000
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\8[1].jpg	[TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, frames 3	F17B5B1163EFB6D2D47DE6BAE6D3A9CD	6D6964B34BC44C6D2B106ADE1AE675985B96D012	7829F065E0E10C8466F3D57766E0719421B7B652F6A1082F21B98702F1B28A30
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff	Web Open Font Format, TrueType, length 22080, version 1.1	FA8878D8872A2AC4BEB377CDAE15566A	34EE72B0E553C3EFA41A7E0DF4EB710596469A10	8411023A027610AEB3DC333438E12A17222163AE78817C5395DA04548ED30150
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOjCnqEu92Fr1Mu51TzBic6CsI[1].woff	Web Open Font Format, TrueType, length 21656, version 1.1	147F4E11CE73A22AAC9C6C2822290953	EEFEA89A9C36F8B1A7CA99372A7E0E05C92EADD6	A22585CFD64238EF14B1B383B5B9A8BAD7C89E354C09FC0886067E876687A38C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff	Web Open Font Format, TrueType, length 20396, version 1.1	68D6DABFE54E245E7D5D5C16C3C4B1A9	7FDAB895EAEBECEDB3FB5473EAB94A1B292CEF19	A01A632E56731A854F35701AA8C3A6A19A113290D9032FF9048F8064C45383BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 20332, version 1.1	DC3E086FC0C5ADDC09702E111D2ADB42	B1138B84FF19EAC5F43C4202297529D389BD09B7	EA50AC7FDDB61A5CE248A7F8B3A31A98FE16285E076B16E6DA6B4E10910724BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Telerik.Web.UI.WebResource[1].css	ASCII text, with very long lines, with CRLF line terminators	94B23F7CCA443A0E9C3E57E86E648DB1	B79ED79A11494DA1ABD911ABFC5AA5C0F3B7547C	E2610CAA52577A2E9C0D5687917B50DB29910F1C87450579825DE9D71ECF9937
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\archive[1].htm	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators	A997CCCC520C1654D96D81B3F6594C5A	49A26166048725C46E8D03C3D6A425BB63ABB919	48AC55C928300D04B5D8577959A4477EBE04DFA7389C131B7E1D8D7579E1FEE5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap-extended.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	4F62EF2F96809A353146173F765C94BA	E1AE433077C32C1ECDF4ACC9A252036457C0A7CE	DE3E5368C90F1FE431FB2DDC40AB83DD46FBE69F837507E7CDC402801A721519
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\combobox.campformcombo[1].css	ASCII text, with CRLF line terminators	344B88C4A8D2591B68DB2448CE632EE9	F56D6F1523398EBD70A98D80CA8C0ADD074BE0A7	3E8F432938BB68E2D2EE6CFB81DAE2885267C58B1ABC04F663266EB0EE028D5B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\content-background[1].png	PNG image data, 4 x 4, 8-bit/color RGBA, non-interlaced	196C2971B40B6E81E0C423689E54FAF8	35D4A81023F92531A066D1BC4C0FB876C7C3C310	BCDB31B3B52F7C3F18EFB0934F0CCCD3256ECD773A4FB0C9AD99D8421E41D846
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css	ASCII text	04F7435B2672FBE66984EA436E7087C6	44896875E69B297EB979CC0D3E8522D872656BA8	F9088C15A062F0C7708C3864C5E261A2E4961DFEB0F150DF744FAEC2E3B74AD6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\free-v4-shims.min[1].css	ASCII text, with very long lines	8A99CE81EC2F89FBCA03F2C8CF1A3679	58F9EF32D12A5DA52CBAB7BD518BCC998FC59EF9	362DAEAF1F7E05FEE9A609E549F148AACBE518C166FBD96EAD69057E295742AF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\free.min[1].css	ASCII text, with very long lines	390B4210E10C744C3C597500BCF0B31A	2600C7C2F25D7DBCBC668231601E426010DC6489	C2819CA1F7AD1AF7BA53C4EDFDFD395C547BCB16D29892A234D7860C689ED929
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\popper.min[1].js	ASCII text, with very long lines	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
C:\Users\user\AppData\Local\Temp\~DF8357F423EC5F7CBF.TMP	data	74DA459EBF114AAE9330B89EE48F0E36	B30A548F9627C9958ECB88DC873E37D4BE7755C5	D07DDDC864066782AA8664F0DA667904E3E645CBC63DC3EA24DFCCC703485267
C:\Users\user\AppData\Local\Temp\~DFB9B088C2B4A83B25.TMP	data	3E46AD48745D3123A166BD2D5EE5CC07	86023C18EB77E89A815F3CE01D2AE9C2DC0AEB83	A2E36C5610BD8F1D36AE7ACEE225C0571F86849893CE10DEAEDFF3C468C5A950
C:\Users\user\AppData\Local\Temp\~DFDC4F66DA4FD5A51A.TMP	data	CB66D5A187E60DD8C6DE8C04BF806576	89B1BF26A465627E9F248F82EAE0166AA8C62B76	B2786488E87038B71C4DB196C2799D992565C8AF4BE7F8B42CBFCCF6A82E7152

Analysis Report https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs