IOCReport

loading gif

Files

File Path
Type
Category
Malicious
cd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F14FAF2F-15AF-11EC-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
modified
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat
data
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\0V71R0V5.htm
HTML document, ASCII text, with CRLF, LF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\d4a6d4bd[1].htm
HTML document, ASCII text, with very long lines
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js
ASCII text, with very long lines
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1G7O03DV.htm
HTML document, ASCII text
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\favicon[1].ico
MS Windows icon resource - 1 icon, 39x34, 32 bits/pixel
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\googlelogo_color_84x28dp[1].png
PNG image data, 84 x 28, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\LM1X3BMT.htm
HTML document, UTF-8 Unicode text, with very long lines
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\rs=AA2YrTt5urjnc1-as0vV15aU6T-f2ANE9g[1].css
ASCII text, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\desktop_searchbox_sprites318_hr[1].png
PNG image data, 40 x 124, 8-bit colormap, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\googlelogo_color_272x92dp[1].png
PNG image data, 544 x 184, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\index[1].htm
ASCII text, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
modified
clean
C:\Users\user\AppData\Local\Temp\~DF1C6E09CA4CF5EBDD.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DFFAD0E470126C2D77.TMP
data
dropped
clean
There are 17 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\cd.exe
'C:\Users\user\Desktop\cd.exe'
malicious
C:\Program Files\internet explorer\iexplore.exe
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4568 CREDAT:17410 /prefetch:2
clean

URLs

Name
IP
Malicious
http://menehleibe.com/images/bjM3gVEtKlUeWm2NnKw3/UycpbcugJuZhqNGVGh8/kwk4esZ_2F2xjDYD_2BSa_/2F328cjxY6AQM/kA5SneVc/JKL1AVTBXoV77D1JaKVgbri/d8lSYHOR5C/_2FOPoUzuMMso_2Bp/A_2Ffbx4wppa/aSm6IWIjM6R/Y44GbYY.avi
173.239.8.164
malicious
http://menehleibe.com/
173.239.8.164
malicious
http://google.com/
142.250.203.110
clean
https://www.zotero.org/
unknown
clean
https://ims-prod06.adobelogin.com
unknown
clean
https://policies.google.com/privacy?hl=en-GB&fg=1&utm_source=ucbs
unknown
clean
https://ogs.google.com/widget/app/so?bc=1
unknown
clean
https://www.mendeley.com?dgcid=Mendeley_Desktop_Help-menu-website
unknown
clean
http://www.broofa.com
unknown
clean
https://service.elsevier.com/app/home/supporthub/mendeley/?dgcid=Mendeley_Desktop_Help-menu-FAQ
unknown
clean
https://accounts.google.com/ServiceLogin?hl
unknown
clean
https://crashpad.chromium.org/bug/new
unknown
clean
https://www.gmu.edu/
unknown
clean
https://www.google.co.uk/intl/en/about/products
unknown
clean
https://www.google.com/index.php?url_bnm_redirect=http://google.com/?gws_rd=ssl_bnm_redirect=http://
unknown
clean
https://p226681.mybetterdl.com/adServe/domainClick?ai=qR193HoKV_skvRDJ1Xl7Z2EMSqLSlBmindZv5NojCHOwn03uCMUnWWP1f_rG7YbjKg1peh-_obzBIj3uZHPpnj9EVoFzCvr6nUsZVZhWVPP-29LJmEHdmZ7b6Qy9a1mHTiLNxNNj-331YCaynPT02WREUdU8hBvdAVtzW-BnG_JiVnQIGgxQDiU7ugF2M-yuSZspRWMKjI0oZaL4_NY6BA8B78vhYDGtjMUdyxHqWTbxnarhY6PRQCoyupr1mhPBjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57Pgpt-TBvcxCEwrLEAaOW_go6oM85zEqQcFJgSFbjHo8VjLddbnKrYw&ui=PmRMc57CnhbNSfHhL5kCGmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FkXI0PDyooqap4CS6zytrLbvtEDBZZLJWA-odODn3W3LTPqV0hvm1VqP--qZkGGf_8AXd3hExnhV&si=1&oref=a606ca39dc85b39bdaa2bf88832fa198&optunit=SZspRWMKjI3Y6yHw-JV9WQ&rb=mhdAWEBiphk&rr=1&abtg=0
173.192.101.24
clean
http://www.sysinternals.com
unknown
clean
https://www.google.com/log?format=json&hasfast=true
unknown
clean
http://www.amazon.com/
unknown
clean
https://www.mendeley.com/guides/using-citation-editor?dgcid=Mendeley_Desktop_Onboarding-Help-Cite
unknown
clean
https://www.virustotal.com/about/terms-of-service%s
unknown
clean
http://google.com
unknown
clean
http://www.twitter.com/
unknown
clean
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
unknown
clean
https://rrchnm.org/
unknown
clean
https://artsandculture.google.com/partner/museo-reina-sofia
unknown
clean
http://schema.org/WebPage
unknown
clean
https://www.elsevier.com/legal/elsevier-website-terms-and-conditions
unknown
clean
https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guides
unknown
clean
https://clients2.google.com/service/update2/crxupdate_urlBrowser
unknown
clean
https://github.com/Juris-M/citeproc-js
unknown
clean
http://www.sysinternals.comWindowPositionSOFTWARE
unknown
clean
https://www.google.com
unknown