Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\index[1].htm

HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\6AOSI0IH\secure.campaigner[1].xml

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{11894F34-CB18-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{11894F36-CB18-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{180F7E13-CB18-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Screen%20Shot%202021-03-04%20at%209.10.51%20PM[1].png

PNG image data, 700 x 742, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Telerik.Web.UI.WebResource[1].js

UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\all[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bootstrap.min[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[2].css

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\genericopenwindowfcts[1].js

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-3.1.1.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-3.2.1.slim.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-latest.min[1].js

ASCII text, with very long lines, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\nN7EzeTFXEH[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\socialsharinghelper[1].js

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woff

Web Open Font Format, TrueType, length 22280, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

Web Open Font Format, TrueType, length 20532, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff

Web Open Font Format, TrueType, length 20404, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\OqOE21UvWe3[1].png

PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\WebResource[1].js

ASCII text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\adobe[1].jpg

JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, frames 3

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\all[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\font-awesome[1].eot

Embedded OpenType (EOT), FontAwesome family

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fonticons[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\like[1].htm

HTML document, UTF-8 Unicode text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\office3651[1].png

PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\other1[1].png

PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\outlook1[1].png

PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\2UX7WLTfW3W8TclTUvlFyQ[1].woff

Web Open Font Format, TrueType, length 18520, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\585b051251[1].js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\585b051251[2].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw[1].woff

Web Open Font Format, TrueType, length 18576, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].css

UTF-8 Unicode text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\brand-icons.min[1].css

UTF-8 Unicode text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\campaigner.min[1].css

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico

MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\font-awesome.min[1].css

UTF-8 Unicode text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\gmail[1].png

PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hover[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\index[1].htm

HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\waves.min[1].css

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\8[1].jpg

[TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, frames 3

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff

Web Open Font Format, TrueType, length 22080, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOjCnqEu92Fr1Mu51TzBic6CsI[1].woff

Web Open Font Format, TrueType, length 21656, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff

Web Open Font Format, TrueType, length 20396, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOmCnqEu92Fr1Mu4mxM[1].woff

Web Open Font Format, TrueType, length 20332, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Telerik.Web.UI.WebResource[1].css

ASCII text, with very long lines, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\archive[1].htm

HTML document, ASCII text, with very long lines, with CRLF, LF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap-extended.min[1].css

UTF-8 Unicode text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\combobox.campformcombo[1].css

ASCII text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\content-background[1].png

PNG image data, 4 x 4, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\free-v4-shims.min[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\free.min[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\popper.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Temp\~DF8357F423EC5F7CBF.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFB9B088C2B4A83B25.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFDC4F66DA4FD5A51A.TMP

data

dropped

There are 63 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	6112
Target ID:	1
Parent PID:	792
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	17:49:40
Date:	11/06/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff696fa0000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6112 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	2476
Target ID:	2
Parent PID:	6112
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6112 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	17:49:41
Date:	11/06/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1180000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://macadavid.cf/000/index.php

unknown

https://macadavid.cf/000/index.phpblic/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4macadavid.cf/000

unknown

https://macadavid.cf/000/index.php$Share

unknown

https://macadavid.cf/000/index.phpblic/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM40

unknown

https://macadavid.cf/000/index.php

https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap-e

unknown

https://secure.campaigner.com/--redacted--/?--redacted--

unknown

https://twitter.com/share?url=

unknown

http://fontawesome.io

unknown

https://macadavid.cf/0

unknown

https://ka-f.fontawesome.com

unknown

https://code.jquery.com/jquery-3.2.1.slim.min.js

unknown

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4Root

unknown

http://www.appcropolis.com)

unknown

http://www.amazon.com/

unknown

http://www.telerik.com/help/aspnet-ajax/window-programming-setting-client-events-using-javascript.ht

unknown

http://www.twitter.com/

unknown

http://benalman.com/about/license/

unknown

https://fontawesome.com/license/free

unknown

https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/campaigner.

unknown

https://fontawesome.com

unknown

https://www.internalfb.com/intern/invariant/

unknown

http://www.opensource.org/licenses/mit-license.php

unknown

https://secure.campaigner.com/favicon.ico~

unknown

https://github.com/twbs/bootstrap/graphs/contributors)

unknown

https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=radScriptManager_T

unknown

https://media.campaigner.com/csb/content/ui-theme/global/fonts/brand-icons/brand-icons.min.css

unknown

https://secure.campaig

unknown

https://secure.campaigner.com/favicon.ico

unknown

https://media.campaigner.com/csb/scripts/genericopenwindowfcts.js

unknown

https://media.campaigner.com/csb/scripts/thirdparty/jquery-latest.min.js

unknown

https://media.campaigner.com/editorassets/themes/soak-it-up/content-background.png

unknown

http://opensource.org/licenses/MIT).

unknown

https://kit.fontawesome.com/585b051251.js

unknown

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

unknown

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4

unknown

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM40

unknown

http://www.reddit.com/

unknown

https://media.campaigner.com/csb/content/ui-theme/global/fonts/font-awesome/font-awesome.min.css

unknown

https://media.campaigner.com/media/76/766838/Screen

unknown

http://ianlunn.github.io/Hover/)

unknown

http://www.nytimes.com/

unknown

http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens

unknown

https://code.jquery.com/jquery-3.1.1.min.js

unknown

https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?d=PMrIT5dOWaVYIcpFWUE4nGT9ocicfa2Xof

unknown

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3D&acc=NzY2ODM4

unknown

http://www.linkedin.com/shareArticle?mini=true&url=

unknown

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4

https://code.jquery.com/jquery-3.3.1.js

unknown

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

unknown

http://benalman.com/projects/jquery-throttle-debounce-plugin/

unknown

http://gsgd.co.uk/sandbox/jquery/easing/

unknown

http://fontawesome.io/license/

unknown

https://kit.fontawesome.com

unknown

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

unknown

https://login.microsoftonline.com/common/login

unknown

https://getbootstrap.com)

unknown

https://media.campaigner.com/csb/app_themes/lightning/common/fonticons.css

unknown

https://media.campaigner.com/csb/app_themes/lightning/combobox.campformcombo.css

unknown

https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap.m

unknown

http://www.youtube.com/

unknown

http://ianlunn.co.uk/

unknown

https://media.campaigner.com/csb/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZItUc7uOXVQ_JJSF3nqWHTssVf86I

unknown

https://github.com/twbs/bootstrap/blob/master/LICENSE)

unknown

http://www.gnu.org/licenses/gpl.html

unknown

http://www.wikipedia.com/

unknown

https://github.com/IanLunn/Hover

unknown

http://www.live.com/

unknown

https://media.campaigner.com/csb/content/ui-theme/global/vendor/waves/waves.min.css

unknown

https://media.campaigner.com/csb/scripts/custom/socialsharinghelper.js

unknown

There are 60 hidden URLs, click here to show them.

Domains

Name

Malicious

star-mini.c10r.facebook.com

31.13.92.36

scontent.xx.fbcdn.net

31.13.92.14

cdnjs.cloudflare.com

104.16.19.94

maxcdn.bootstrapcdn.com

104.18.11.207

secure.campaigner.com

216.24.224.42

macadavid.cf

66.29.132.67

www.facebook.com

unknown

media.campaigner.com

unknown

ka-f.fontawesome.com

unknown

code.jquery.com

unknown

kit.fontawesome.com

unknown

connect.facebook.net

unknown

There are 2 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

216.24.224.42

secure.campaigner.com

Canada

Details

IP:	216.24.224.42
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	Canada
Countrycode:	CAN
ASN number:	17358
ASN name:	ETOLL1CA
Private:	false
Domain:	secure.campaigner.com

31.13.92.14

scontent.xx.fbcdn.net

Ireland

Details

IP:	31.13.92.14
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	Ireland
Countrycode:	IRL
ASN number:	32934
ASN name:	FACEBOOKUS
Private:	false
Domain:	scontent.xx.fbcdn.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

31.13.92.36

star-mini.c10r.facebook.com

Ireland

Details

IP:	31.13.92.36
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	Ireland
Countrycode:	IRL
ASN number:	32934
ASN name:	FACEBOOKUS
Private:	false
Domain:	star-mini.c10r.facebook.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.18.11.207

maxcdn.bootstrapcdn.com

United States

Details

IP:	104.18.11.207
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	maxcdn.bootstrapcdn.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

66.29.132.67

macadavid.cf

United States

Details

IP:	66.29.132.67
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	19538
ASN name:	ADVANTAGECOMUS
Private:	false
Domain:	macadavid.cf

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.16.19.94

cdnjs.cloudflare.com

United States

Details

IP:	104.16.19.94
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	cdnjs.cloudflare.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{11894F34-CB18-11EB-90E4-ECF4BB862DED}

C:\Program Files\internet explorer\iexplore.exe

AdminActive

C:\Program Files\internet explorer\iexplore.exe

MFV

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

MFV

C:\Program Files\internet explorer\iexplore.exe

CVListPingLastYMD

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NumberOfSubdomains

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

There are 20 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF5E18D7000

unkown

page readonly

1F3B3513000

unkown

page read and write

1F3B4310000

unkown

page read and write

2A253950000

heap private

page read and write

7FF5E1A9C000

unkown

page readonly

7FF5E1A67000

unkown

page readonly

7FF5E1980000

unkown

page readonly

1F3B349E000

unkown

page read and write

7FF5E17EA000

unkown

page readonly

7FF5E1B21000

unkown

page readonly

1F3B3D59000

unkown

page read and write

1F3B3D02000

unkown

page read and write

7FF5E16F1000

unkown

page readonly

C916B7A000

unkown

page read and write

1F3B4203000

unkown

page read and write

1F3B8810000

unkown

page read and write

7FF5E1A87000

unkown

page readonly

7FF5E1AF5000

unkown

page readonly

1F3B43F0000

unkown

page readonly

C916CFF000

unkown

page read and write

1F3B87F0000

unkown

page read and write

7FF5E1B36000

unkown

page readonly

7FF5E1AA8000

unkown

page readonly

1F3B32B0000

heap default

page read and write

1F3B8A70000

unkown

page read and write

1F3B8C2B000

unkown

page read and write

7FF5E1971000

unkown

page readonly

7FF53E8ED000

unkown

page readonly

1F3B89E0000

unkown

page read and write

C9166F7000

unkown

page read and write

1F3B4400000

unkown

page readonly

7FF53E8C6000

unkown

page readonly

1F3B343F000

unkown

page read and write

7FF53E941000

unkown

page readonly

1F3B8800000

unkown

page read and write

1F3B3D13000

unkown

page read and write

1F3B3250000

heap private

page read and write

7FF5E186E000

unkown

page readonly

1F3B3390000

unkown

page readonly

1F3B3477000

unkown

page read and write

C916DFE000

unkown

page read and write

C91630E000

unkown

page read and write

1F3B3490000

unkown

page read and write

2A25559F000

heap private

page read and write

1F3B3C02000

unkown

page read and write

1F3B89F4000

unkown

page readonly

1F3B8AB0000

unkown

page readonly

1F3B8CB3000

unkown

page read and write

1F3B8A70000

unkown

page read and write

1F3B3D18000

unkown

page read and write

7FF5E1AB2000

unkown

page readonly

1F3B8CB5000

unkown

page read and write

1F3B3C00000

unkown

page read and write

1F3B3473000

unkown

page read and write

7FF5E1867000

unkown

page readonly

1F3B348C000

unkown

page read and write

7FF53E856000

unkown

page readonly

F0EFC7D000

unkown

page read and write

F0EFB7E000

unkown

page read and write

7FF53E87E000

unkown

page readonly

7FF53E7E2000

unkown

page readonly

7FF53E885000

unkown

page readonly

1F3B3D00000

unkown

page read and write

1F3B89E4000

unkown

page readonly

2A2552D0000

heap private

page read and write

C91687A000

unkown

page read and write

1F3B8931000

unkown

page read and write

7FF53E93E000

unkown

page readonly

1F3B33A0000

unkown

page readonly

7FF5E1AC6000

unkown

page readonly

7FF53E8B1000

unkown

page readonly

1F3B3413000

unkown

page read and write

1F3B4410000

unkown

page readonly

C916EFF000

unkown

page read and write

1F3B33B0000

unkown

page read and write

1F3B8C8B000

unkown

page read and write

7FF53E7EE000

unkown

page readonly

7FF5E1A37000

unkown

page readonly

7FF5E16F5000

unkown

page readonly

7FF5E1BB9000

unkown

page readonly

1F3B8CA0000

unkown

page read and write

C91707D000

unkown

page read and write

1F3B34B8000

unkown

page read and write

1F3B8B60000

unkown

page read and write

7FF5E13F5000

unkown

page readonly

7FF53E55C000

unkown

page readonly

7FF5E1875000

unkown

page readonly

C91697D000

unkown

page read and write

7FF5E195E000

unkown

page readonly

7FF5E18EC000

unkown

page readonly

7FF5E1ADA000

unkown

page readonly

1F3B8C3F000

unkown

page read and write

2A253CF0000

unkown

page readonly

1F3B8C7A000

unkown

page read and write

7FF5E1A25000

unkown

page readonly

1F3B3D18000

unkown

page read and write

7FF5E18DB000

unkown

page readonly

7FF53E8E0000

unkown

page readonly

7FF5E1A7B000

unkown

page readonly

1F3B3990000

unkown

page readonly

F0EFD7E000

unkown

page read and write

7FF5E17CC000

unkown

page readonly

1F3B3E01000

unkown

page read and write

1F3B89E0000

unkown

page write copy

7FF5E1B09000

unkown

page readonly

7FF5E1880000

unkown

page readonly

1F3B8A70000

unkown

page read and write

7FF5E154A000

unkown

page readonly

7FF5E1A71000

unkown

page readonly

1F3B8A20000

unkown

page read and write

2A2536E0000

unkown

page read and write

1F3B3400000

unkown

page read and write

7FF5E17CF000

unkown

page readonly

C91717C000

unkown

page read and write

1F3B8AC0000

unkown

page readonly

2A2538F0000

unkown

page readonly

7FF5E1BB0000

unkown

page readonly

7FF5E1AB0000

unkown

page readonly

7FF53E8AD000

unkown

page readonly

1F3B4230000

unkown

page read and write

7FF53E842000

unkown

page readonly

7FF5E1730000

unkown

page readonly

7FF5E1540000

unkown

page readonly

2A253730000

heap default

page read and write

C91638D000

unkown

page read and write

7FF5E1808000

unkown

page readonly

2A253610000

unkown

page readonly

1F3B8A0C000

unkown

page readonly

C916F7F000

unkown

page read and write

1F3B89F0000

unkown

page readonly

2A2535B0000

unkown

page readonly

2A253700000

unkown

page read and write

7FF5E1BB9000

unkown

page readonly

1F3B4440000

unkown

page readonly

2A25373C000

heap default

page read and write

1F3B4450000

unkown

page readonly

7FF53E8F2000

unkown

page readonly

7FF5E191E000

unkown

page readonly

1F3B8A60000

unkown

page read and write

7FF5E1B2C000

unkown

page readonly

7FF53E7F4000

unkown

page readonly

7FF5E17BD000

unkown

page readonly

C91727F000

unkown

page read and write

1F3B3429000

unkown

page read and write

2A25376C000

heap default

page read and write

1F3B8A30000

unkown

page read and write

C91677E000

unkown

page read and write

7FF5E1B50000

unkown

page readonly

7FF5E1AC2000

unkown

page readonly

1F3B348A000

unkown

page read and write

7FF5E1AC8000

unkown

page readonly

7FF5E174E000

unkown

page readonly

7FF5E1A97000

unkown

page readonly

7FF5E1811000

unkown

page readonly

1F3B4220000

unkown

page read and write

1F3B3456000

unkown

page read and write

7FF53E949000

unkown

page readonly

7FF5E1816000

unkown

page readonly

C916A7F000

unkown

page read and write

1F3B8B90000

unkown

page readonly

F0EFBFE000

unkown

page read and write

1F3B8C62000

unkown

page read and write

2A253930000

unkown

page readonly

2A253830000

unkown

page readonly

1F3B8950000

unkown

page read and write

7FF5E1B54000

unkown

page readonly

7FF53E5A7000

unkown

page readonly

7FF53E85A000

unkown

page readonly

1F3B8918000

unkown

page read and write

1F3B8A40000

unkown

page read and write

C916C7B000

unkown

page read and write

1F3B34FA000

unkown

page read and write

7FF5E18F8000

unkown

page readonly

7FF5E1B45000

unkown

page readonly

7FF5E1B3C000

unkown

page readonly

1F3B8C9E000

unkown

page read and write

1F3B349B000

unkown

page read and write

7FF5E1A93000

unkown

page readonly

7FF5E1989000

unkown

page readonly

1F3B8910000

unkown

page read and write

1F3B891E000

unkown

page read and write

1F3B8930000

unkown

page read and write

2A253940000

unkown

page readonly

7FF5E196C000

unkown

page readonly

7FF5E1BAE000

unkown

page readonly

1F3B3BE1000

unkown

page read and write

1F3B4420000

unkown

page readonly

1F3B3487000

unkown

page read and write

2A253720000

unkown

page readonly

2A2554A0000

heap private

page read and write

7FF5E193F000

unkown

page readonly

7FF5E1A2C000

unkown

page readonly

7FF53E858000

unkown

page readonly

7FF53E949000

unkown

page readonly

1F3B87C0000

unkown

page readonly

1F3B8934000

unkown

page read and write

1F3B8B70000

unkown

page readonly

7FF5E1B1D000

unkown

page readonly

7FF53E8D5000

unkown

page readonly

2A255400000

heap private

page read and write

1F3B8C0B000

unkown

page read and write

C916E7F000

unkown

page read and write

1F3B8A70000

unkown

page readonly

1F3B8940000

unkown

page read and write

1F3B8C4C000

unkown

page read and write

7FF53E5C3000

unkown

page readonly

7FF5E17C6000

unkown

page readonly

C91628C000

unkown

page read and write

1F3B8954000

unkown

page read and write

1F3B8A70000

unkown

page read and write

1F3B8C00000

unkown

page read and write

2A255190000

heap private

page read and write

1F3B3600000

unkown

page readonly

7FF5E183C000

unkown

page readonly

7FF53E8CC000

unkown

page readonly

F0EFAFE000

unkown

page read and write

1F3B8B50000

unkown

page readonly

1F3B8AD0000

unkown

page readonly

1F3B3D59000

unkown

page read and write

1F3B8A50000

unkown

page read and write

1F3B8C1E000

unkown

page read and write

7FF5E1B26000

unkown

page readonly

7FF5E1788000

unkown

page readonly

1F3B8910000

unkown

page read and write

7FF53E8BC000

unkown

page readonly

1F3B32C0000

unkown

page readonly

7FF5E1747000

unkown

page readonly

7FF5E1978000

unkown

page readonly

7FF5E1B57000

unkown

page readonly

7FF53E8E4000

unkown

page readonly

1F3B8940000

unkown

page read and write

1F3B4790000

unkown

page read and write

F0EFA7C000

unkown

page read and write

F0EFDFC000

unkown

page read and write

1F3B3C15000

unkown

page read and write

7FF53E840000

unkown

page readonly

C916D7E000

unkown

page read and write

7FF53E5CC000

unkown

page readonly

1F3B346E000

unkown

page read and write

2A253955000

heap private

page read and write

7FF5E1AEE000

unkown

page readonly

2A255100000

unkown

page readonly

7FF5E1AFF000

unkown

page readonly

1F3B33C0000

unkown

page read and write

7FF53E7EA000

unkown

page readonly

7FF53E899000

unkown

page readonly

1F3B4200000

unkown

page read and write

1F3B3502000

unkown

page read and write

1F3B4430000

unkown

page readonly

7FF53E8B6000

unkown

page readonly

1F3B8A08000

unkown

page write copy

1F3B4210000

unkown

page read and write

2A253960000

unkown

page readonly

7FF53E8E7000

unkown

page readonly

7FF5E180D000

unkown

page readonly

7FF53E86A000

unkown

page readonly

There are 246 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://macadavid.cf/000/index.php

Details

Filename:	621365.0.links.html.dom
Url:	https://macadavid.cf/000/index.php
Target ID:	2
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6112 CREDAT:17410 /prefetch:2

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish10	Phishing
Yara detected HtmlPhish7	Phishing

https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMzE2MjA%3d&acc=NzY2ODM4

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML