IOC Report

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\index[1].htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{26C0008C-37A3-11EC-90E9-ECF4BB862DED}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{26C0008E-37A3-11EC-90E9-ECF4BB862DED}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E92B668-37A3-11EC-90E9-ECF4BB862DED}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.min[1].js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\DFGA14QX.htm
HTML document, ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\banner.be879265d[1].js
HTML document, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\beacon.min[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sse-hooks.f648b14c15c640a14a557113a991cb8d[1].js
UTF-8 Unicode text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF75153F92E31AE6D4.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF7E54C710E01EB69E.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DFF890F1947A547B5C.TMP
data
dropped
 clean
There are 3 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\internet explorer\iexplore.exe
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6688 CREDAT:17410 /prefetch:2
 clean

URLs

Name
IP
Malicious
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.ismyrotaryclub.org%2f%2fClick%2f%3f_uid%3d800004603%26_ctid%3d1972187%26redirect%3dhttps%3a%2f%2f1n0w8.codesandbox.io%2f%3faf%3dam1lcmNpZXJAbXVyZXhsdGQuY29t&c=E,1,33KLss3YzRWhFedSrTUVgatC3BBMx2L-L4e7_qZWgR8ttsvQZbCsR6smducdjsRz-uGYCcQc5RJAZdgfM9YfGqlADpHhdxTFS_EgtztnR08wn2_60sAU2Wi-&typo=1
malicious
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.ismyrotaryclub.org%2f%2fClick%2f%3f_uid%3d800004603%26_ctid%3d1972187%26redirect%3dhttps%3a%2f%2f1n0w8.codesandbox.io%2f%3faf%3dam1lcmNpZXJAbXVyZXhsdGQuY29t&c=E,1,33KLss3YzRWhFedSrTUVgatC3BBMx2L-L4e7_qZWgR8ttsvQZbCsR6smducdjsRz-uGYCcQc5RJAZdgfM9YfGqlADpHhdxTFS_EgtztnR08wn2_60sAU2Wi-&typo=1
18.192.226.97
 clean
https://codesandbox.io/public/sse-hooks/sse-hooks.f648b14c15c640a14a557113a991cb8d.js
104.18.22.207
 clean
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
104.16.18.94
 clean
https://www.ismyrotaryclub.org//Click/?_uid=800004603&_ctid=1972187&redirect=https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29t
184.175.102.136
 clean
https://codesandbox.io/static/js/banner.be879265d.js
104.18.22.207
 clean
https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#
unknown
 clean
https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#mercier
unknown
 clean
https://beatitbar.com/wp-content/plugins/fatboyoffice/call.php?u=
unknown
 clean
https://beatitbar.com/wp-content/plugins/fatboyoffice/rcform.php
unknown
 clean
https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29t
104.18.22.207
 clean
https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/favicon.ico
52.95.148.134
 clean
https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html:
unknown
 clean
https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com
clean
https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html
52.95.148.134
 clean
https://static.cloudflareinsights.com/beacon.min.js
104.16.95.65
 clean
https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier
unknown
 clean
https://codesandbox.io/
unknown
 clean
https://portal.office.com/servicestatus
unknown
 clean
https://beatitbar.com/wp-content/plugins/fatboyoffice/clearbit.php?d=
unknown
 clean
There are 9 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
1n0w8.codesandbox.io
104.18.22.207
 clean
static.cloudflareinsights.com
104.16.95.65
 clean
codesandbox.io
104.18.22.207
 clean
cdnjs.cloudflare.com
104.16.18.94
 clean
ismyrotaryclub.org
184.175.102.136
 clean
s3-r-w.eu-west-2.amazonaws.com
52.95.148.134
 clean
linkprotect.cudasvc.com
18.192.226.97
 clean
kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com
unknown
 clean
www.ismyrotaryclub.org
unknown
 clean
favicon.ico
unknown
 clean

IPs

IP
Domain
Country
Malicious
184.175.102.136
ismyrotaryclub.org
United States
clean
104.18.22.207
1n0w8.codesandbox.io
United States
clean
52.95.148.134
s3-r-w.eu-west-2.amazonaws.com
United States
clean
18.192.226.97
linkprotect.cudasvc.com
United States
clean
104.16.18.94
cdnjs.cloudflare.com
United States
clean
104.16.95.65
static.cloudflareinsights.com
United States
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{26C0008C-37A3-11EC-90E9-ECF4BB862DED}
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
AdminActive
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Blocked
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Blocked
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
 clean
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f0\52C64B7E
@C:\Windows\System32\ieframe.dll,-912
 clean
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f0\52C64B7E
@C:\Windows\System32\ieframe.dll,-904
 clean
There are 14 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7DF5945E0000
unkown image
page readonly
 clean
7FF586451000
unkown image
page readonly
 clean
1CB84C60000
unkown image
page readonly
 clean
7FF51E6AF000
unkown image
page readonly
 clean
84027E000
stack
page read and write
 clean
7FF586897000
unkown image
page readonly
 clean
1CB84E6F000
unkown
page read and write
 clean
1CB84E4B000
unkown
page read and write
 clean
247FD202000
unkown
page read and write
 clean
83FF8E000
stack
page read and write
 clean
7FF58673D000
unkown image
page readonly
 clean
7FF51E5AF000
unkown image
page readonly
 clean
7DF52C412000
unkown image
page readonly
 clean
7FF51E6CE000
unkown image
page readonly
 clean
1CB84C70000
unkown image
page readonly
 clean
7DF5945D2000
unkown image
page readonly
 clean
7DF4924A0000
unkown image
page readonly
 clean
7DF52C420000
unkown image
page readonly
 clean
7FF58689E000
unkown image
page readonly
 clean
7FF58696A000
unkown image
page readonly
 clean
7FF51DE08000
unkown image
page readonly
 clean
8406FF000
stack
page read and write
 clean
7FF51E6FE000
unkown image
page readonly
 clean
1CB84E53000
unkown
page read and write
 clean
247FCC00000
unkown image
page readonly
 clean
247FCA7F000
unkown
page read and write
 clean
7FF58687D000
unkown image
page readonly
 clean
7FF5868BB000
unkown image
page readonly
 clean
7DF5945F0000
unkown image
page readonly
 clean
7FF51DFD5000
unkown image
page readonly
 clean
247FCA00000
unkown
page read and write
 clean
7FF58675B000
unkown image
page readonly
 clean
83FF0B000
unkown
page read and write
 clean
7FF58695A000
unkown image
page readonly
 clean
247FCA4F000
unkown
page read and write
 clean
1CB84C90000
heap default
page read and write
 clean
1CB84F02000
unkown
page read and write
 clean
7DF5945F0000
unkown image
page readonly
 clean
1CB84F13000
unkown
page read and write
 clean
7FF5868ED000
unkown image
page readonly
 clean
7FF51E79A000
unkown image
page readonly
 clean
7FF586883000
unkown image
page readonly
 clean
7FF51E5FB000
unkown image
page readonly
 clean
1CB85380000
unkown image
page readonly
 clean
7FF51E621000
unkown image
page readonly
 clean
7FF51E56D000
unkown image
page readonly
 clean
7FF586942000
unkown image
page readonly
 clean
7FF586971000
unkown image
page readonly
 clean
710BEFF000
stack
page read and write
 clean
7FF51E6AD000
unkown image
page readonly
 clean
7FF58687F000
unkown image
page readonly
 clean
8403FE000
stack
page read and write
 clean
7FF51E6A9000
unkown image
page readonly
 clean
7FF51E58B000
unkown image
page readonly
 clean
1CB84E65000
unkown
page read and write
 clean
1CB84C20000
unkown image
page read and write
 clean
8407FF000
stack
page read and write
 clean
7FF5867CB000
unkown image
page readonly
 clean
710B70E000
stack
page read and write
 clean
7FF586740000
unkown image
page readonly
 clean
7FF5867F1000
unkown image
page readonly
 clean
7FF51E425000
unkown image
page readonly
 clean
7FF51E697000
unkown image
page readonly
 clean
7FF5865F5000
unkown image
page readonly
 clean
1CB84E4C000
unkown
page read and write
 clean
1CB84F00000
unkown
page read and write
 clean
7FF58677F000
unkown image
page readonly
 clean
247FCF80000
unkown image
page readonly
 clean
247FCA29000
unkown
page read and write
 clean
710BDFF000
stack
page read and write
 clean
1CB84E13000
unkown
page read and write
 clean
7DF5945E2000
unkown image
page readonly
 clean
247FC810000
unkown image
page readonly
 clean
7FF5867C5000
unkown image
page readonly
 clean
1CB84E47000
unkown
page read and write
 clean
7DF5945D0000
unkown image
page readonly
 clean
247FCA4C000
unkown
page read and write
 clean
247FCA8C000
unkown
page read and write
 clean
7FF51E784000
unkown image
page readonly
 clean
710B68C000
unkown
page read and write
 clean
1CB84C40000
unkown image
page readonly
 clean
247FCE00000
unkown image
page readonly
 clean
7FF5868A7000
unkown image
page readonly
 clean
247FCB02000
unkown
page read and write
 clean
7FF5867F5000
unkown image
page readonly
 clean
247FC810000
unkown image
page readonly
 clean
1CB84E4E000
unkown
page read and write
 clean
7FF586893000
unkown image
page readonly
 clean
247FC800000
heap private
page read and write
 clean
7FF5866F6000
unkown image
page readonly
 clean
7FF51E6F3000
unkown image
page readonly
 clean
7FF51E60C000
unkown image
page readonly
 clean
7FF51E287000
unkown image
page readonly
 clean
7FF5868C3000
unkown image
page readonly
 clean
7FF586971000
unkown image
page readonly
 clean
247FCA71000
unkown
page read and write
 clean
1CB85000000
unkown image
page readonly
 clean
7DF5945E2000
unkown image
page readonly
 clean
7FF51E7A1000
unkown image
page readonly
 clean
7FF51E6EB000
unkown image
page readonly
 clean
1CB84F08000
unkown
page read and write
 clean
7DF5945D0000
unkown image
page readonly
 clean
247FC940000
unkown image
page readonly
 clean
7FF586457000
unkown image
page readonly
 clean
8405F7000
stack
page read and write
 clean
7DF42A2D0000
unkown image
page readonly
 clean
7FF586949000
unkown image
page readonly
 clean
247FCA53000
unkown
page read and write
 clean
7DF52C410000
unkown image
page readonly
 clean
7FF51E5F5000
unkown image
page readonly
 clean
1CB84E56000
unkown
page read and write
 clean
710B78E000
stack
page read and write
 clean
7FF51E6C7000
unkown image
page readonly
 clean
247FCA50000
unkown
page read and write
 clean
710BCF7000
stack
page read and write
 clean
1CB84E50000
unkown
page read and write
 clean
7FF586961000
unkown image
page readonly
 clean
1CB84C30000
heap private
page read and write
 clean
1CB84E3C000
unkown
page read and write
 clean
7FF51E6D7000
unkown image
page readonly
 clean
7FF5867DC000
unkown image
page readonly
 clean
7FF586954000
unkown image
page readonly
 clean
1CB84E8A000
unkown
page read and write
 clean
247FCA51000
unkown
page read and write
 clean
7DF52C402000
unkown image
page readonly
 clean
7DF5945E0000
unkown image
page readonly
 clean
7FF586879000
unkown image
page readonly
 clean
1CB84E8D000
unkown
page read and write
 clean
7FF51E772000
unkown image
page readonly
 clean
7DF5945D2000
unkown image
page readonly
 clean
7FF51E791000
unkown image
page readonly
 clean
1CB84C40000
unkown image
page readonly
 clean
247FC830000
unkown image
page readonly
 clean
7FF51E779000
unkown image
page readonly
 clean
7FF5868EA000
unkown image
page readonly
 clean
247FC7F0000
unkown image
page read and write
 clean
7DF52C412000
unkown image
page readonly
 clean
7FF51E7A1000
unkown image
page readonly
 clean
247FCB13000
unkown
page read and write
 clean
7FF51E78A000
unkown image
page readonly
 clean
7FF51E717000
unkown image
page readonly
 clean
247FCB00000
unkown
page read and write
 clean
7DF52C400000
unkown image
page readonly
 clean
710BBFB000
stack
page read and write
 clean
8404FB000
stack
page read and write
 clean
1CB85200000
unkown image
page readonly
 clean
247FCA4D000
unkown
page read and write
 clean
1CB84E29000
unkown
page read and write
 clean
1CB84D70000
unkown image
page readonly
 clean
1CB84E4D000
unkown
page read and write
 clean
7FF586867000
unkown image
page readonly
 clean
7FF51E71D000
unkown image
page readonly
 clean
1CB84E00000
unkown
page read and write
 clean
7FF51E6B3000
unkown image
page readonly
 clean
7DF52C400000
unkown image
page readonly
 clean
7FF5868CE000
unkown image
page readonly
 clean
1CB84E51000
unkown
page read and write
 clean
7FF586890000
unkown image
page readonly
 clean
1CB84E49000
unkown
page read and write
 clean
84037C000
stack
page read and write
 clean
7DF52C410000
unkown image
page readonly
 clean
1CB84E48000
unkown
page read and write
 clean
247FC860000
heap default
page read and write
 clean
1CB84D90000
unkown
page read and write
 clean
7FF586186000
unkown image
page readonly
 clean
7FF51E570000
unkown image
page readonly
 clean
7FF586721000
unkown image
page readonly
 clean
247FCA3C000
unkown
page read and write
 clean
7FF51E625000
unkown image
page readonly
 clean
7FF5868E7000
unkown image
page readonly
 clean
7FF51E551000
unkown image
page readonly
 clean
247FCA02000
unkown
page read and write
 clean
7FF51E71A000
unkown image
page readonly
 clean
7FF51E6C3000
unkown image
page readonly
 clean
7FF51E526000
unkown image
page readonly
 clean
7FF51E6C0000
unkown image
page readonly
 clean
1CB84E55000
unkown
page read and write
 clean
7DF52C402000
unkown image
page readonly
 clean
247FCB08000
unkown
page read and write
 clean
247FCA13000
unkown
page read and write
 clean
247FC960000
unkown
page read and write
 clean
1CB84E65000
unkown
page read and write
 clean
247FC840000
unkown image
page readonly
 clean
7FF51E281000
unkown image
page readonly
 clean
1CB85602000
unkown
page read and write
 clean
7DF52C420000
unkown image
page readonly
 clean
There are 176 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com
 malicious