Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://ulfn.us7.list-manage.com/pages/track/click?u=f02410e509aa7acfb89f905d5&id=b236d506e0/#cm9iLmJlcm5zdGVpbkBoa2xhdy5jb20=
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Login0[1].htm
|
HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B93302E7-60CA-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B93302E9-60CA-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BFB58E36-60CA-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NUU992W7.htm
|
HTML document, ASCII text
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\converged[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bb64a86f40e39f8b5655ebe5a4a1ca3d[1].htm
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Login0[1].htm
|
HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\33_a5dbd4393ff6a725c7e62b61df7e72f0[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico
|
MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\office[1].htm
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF4FE58238F246D7FF.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF882B6DAF3B157BE0.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF93C14B5DF9B0F9E3.TMP
|
data
|
dropped
|
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6096 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://school-resources.co.uk/office/bb64a86f40e39f8b5655ebe5a4a1ca3d/Login0.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=32&id=3805042069&email=rob.bernstein@hklaw.com#&^&&787778377vhefhhgfnvshnHBsZS5jb20vc2hvcHwxYW9zNGJjMKJHlkgiutgKHklgklu66GY4MTI3ZGZhMWKJHKLGHGDJHKJNvbS9zaG9wL2FjY291bnQvc2V0dXAvc3RhcnQ_c=
|
|
||
|
https://school-resources.co.uk/office/bb64a86f40e39f8b5655ebe5a4a1ca3d/Login0.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=40&id=2677652988&email=
|
|
||
|
https://school-rees.co.uk/office/bb64a86f40e39f8b5655ebe5a4a1ca3d/Login0.php?websrc=59c275dc2e97dd3b
|
unknown
|
|
|
|
https://school-resources.co.uk/office/bb64a86f40e39f8b5655ebe5a4a1ca3d/Login0.php?websrc=59c275dc2e9
|
unknown
|
|
|
|
https://school-resourcm/#cm9iLmJlcm5zdGVpbkBoa2xhdy5jb20=es.co.uk/office/bb64a86f40e39f8b5655ebe5a4a
|
unknown
|
|
|
|
https://school-resources.co.uk/office/?email=cm9iLmJlcm5zdGVpbkBoa2xhdy5jb20=
|
unknown
|
|
|
|
https://jcabale.com/account/token/referrer=
|
unknown
|
|
|
|
https://school-resources.co.uk/office?email=
|
unknown
|
|
|
|
https://school-resources.co.uk/office/bb64a86f40e39f8b5655ebe5a4a1ca3d/?email=rob.bernstein
|
unknown
|
|
|
|
https://dvvn.xyz/accounts/token/referrer=
|
unknown
|
|
|
|
https://budgegrowth.com/
|
unknown
|
|
|
|
https://school-reched=32&id=3805042069&email=rob.bernstein
|
unknown
|
|
|
|
https://budgegrowth.com/#cm9iLmJlcm5zdGVpbkBoa2xhdy5jb20=
|
unknown
|
|
|
|
https://school-resources.co.uk/office/bb64a86f40e39f8b5655ebe5a4a1ca3d/images/favicon_a_eupayfgghqia
|
unknown
|
|
|
|
https://budgegrowth.com/#cm9iLmJlcm5zdGVpbkBoa2xhdy5jb20=Root
|
unknown
|
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
budgegrowth.com
|
69.49.229.38
|
|
|
|
school-resources.co.uk
|
51.91.19.20
|
|
|
|
ulfn.us7.list-manage.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
|---|---|---|---|---|---|
|
51.91.19.20
|
unknown
|
France
|
unknown
|
|
|
|
69.49.229.38
|
unknown
|
United States
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{B93302E7-60CA-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-912
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-904
|
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
235AE8E0000
|
heap private
|
page read and write
|
|
|
|
7FF583FF6000
|
unkown
|
page readonly
|
|
|
|
7FF5840AA000
|
unkown
|
page readonly
|
|
|
|
7FF583D3A000
|
unkown
|
page readonly
|
|
|
|
7FF5838B9000
|
unkown
|
page readonly
|
|
|
|
7FF584077000
|
unkown
|
page readonly
|
|
|
|
7FF5840A4000
|
unkown
|
page readonly
|
|
|
|
C1EA8AC000
|
unkown
|
page read and write
|
|
|
|
235AFF00000
|
unkown
|
page readonly
|
|
|
|
7FF583E55000
|
unkown
|
page readonly
|
|
|
|
235AE4B0000
|
unkown
|
page read and write
|
|
|
|
235AE4D0000
|
unkown
|
page read and write
|
|
|
|
C1EA9AE000
|
unkown
|
page read and write
|
|
|
|
7FF583D3D000
|
unkown
|
page readonly
|
|
|
|
235B0360000
|
heap private
|
page read and write
|
|
|
|
7FF58406B000
|
unkown
|
page readonly
|
|
|
|
7FF584098000
|
unkown
|
page readonly
|
|
|
|
7FF58404A000
|
unkown
|
page readonly
|
|
|
|
C1EAD7E000
|
unkown
|
page read and write
|
|
|
|
7FF58405E000
|
unkown
|
page readonly
|
|
|
|
235AE550000
|
unkown
|
page readonly
|
|
|
|
7FF583FF2000
|
unkown
|
page readonly
|
|
|
|
7FF5840DD000
|
unkown
|
page readonly
|
|
|
|
235AE560000
|
heap default
|
page read and write
|
|
|
|
235B00D0000
|
heap private
|
page read and write
|
|
|
|
235AE4F0000
|
unkown
|
page readonly
|
|
|
|
C1EACFC000
|
unkown
|
page read and write
|
|
|
|
7FF584152000
|
unkown
|
page readonly
|
|
|
|
7FF584065000
|
unkown
|
page readonly
|
|
|
|
7FF58408C000
|
unkown
|
page readonly
|
|
|
|
7FF5840D6000
|
unkown
|
page readonly
|
|
|
|
235AE660000
|
unkown
|
page readonly
|
|
|
|
235AE8C0000
|
unkown
|
page readonly
|
|
|
|
235AE56B000
|
heap default
|
page read and write
|
|
|
|
7FF583FFC000
|
unkown
|
page readonly
|
|
|
|
7FF5840BE000
|
unkown
|
page readonly
|
|
|
|
235B045F000
|
heap private
|
page read and write
|
|
|
|
7FF584151000
|
unkown
|
page readonly
|
|
|
|
7FF5840D9000
|
unkown
|
page readonly
|
|
|
|
235AE540000
|
unkown
|
page readonly
|
|
|
|
235AE500000
|
unkown
|
page readonly
|
|
|
|
235AE8E5000
|
heap private
|
page read and write
|
|
|
|
7FF584144000
|
unkown
|
page readonly
|
|
|
|
7FF5840C8000
|
unkown
|
page readonly
|
|
|
|
7FF5840CE000
|
unkown
|
page readonly
|
|
|
|
7FF58414A000
|
unkown
|
page readonly
|
|
|
|
C1EAC7D000
|
unkown
|
page read and write
|
|
|
|
235B0610000
|
heap private
|
page read and write
|
|
|
|
235AE450000
|
unkown
|
page readonly
|
|
|
|
7FF5840F3000
|
unkown
|
page readonly
|
|
|
|
235AE59D000
|
heap default
|
page read and write
|
|
|
|
7FF58404C000
|
unkown
|
page readonly
|
|
|
|
7FF584060000
|
unkown
|
page readonly
|
|
|
|
7FF5840B4000
|
unkown
|
page readonly
|
|
|
|
C1EA92E000
|
unkown
|
page read and write
|
|
|
|
235B0290000
|
heap private
|
page read and write
|
|
|
|
235AE8F0000
|
unkown
|
page readonly
|
|
|
|
235AEAF0000
|
unkown
|
page readonly
|
|
There are 48 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://school-resources.co.uk/office/bb64a86f40e39f8b5655ebe5a4a1ca3d/Login0.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=40&id=2677652988&email=
|
|
|
|
https://school-resources.co.uk/office/bb64a86f40e39f8b5655ebe5a4a1ca3d/Login0.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=32&id=3805042069&email=rob.bernstein@hklaw.com#&^&&787778377vhefhhgfnvshnHBsZS5jb20vc2hvcHwxYW9zNGJjMKJHlkgiutgKHklgklu66GY4MTI3ZGZhMWKJHKLGHGDJHKJNvbS9zaG9wL2FjY291bnQvc2V0dXAvc3RhcnQ_c=
|
|