Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
http://ning.chen.joydevs.com/#bmluZy5jaGVuQHR4ZG90Lmdvdg==
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\authorize_client_id_syje4bf0-sj1q-bmhq-d2u3-9lgqsdyaf2mc_mnr9dxwtcoh2q6p8ey14uljg7kfia3sv50zblupyteqj3gvidr5xsfbnc271z6k8ahm0ow94cag1owdxztik93vu05lhjrsny6f8eqmb47p2[1].htm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F0C07076-60CE-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0C07078-60CE-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F7265FE7-60CE-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\A6FDRX35.htm
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ellipsis_white[1].svg
|
SVG Scalable Vector Graphics image
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\forgpass[1].png
|
PNG image data, 121 x 20, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\enterpass[1].png
|
PNG image data, 170 x 29, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\sigin[1].png
|
PNG image data, 108 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\style[1].css
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ellipsis_grey[1].svg
|
SVG Scalable Vector Graphics image
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\firstmsg1[1].png
|
PNG image data, 353 x 41, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\arrow_left[1].svg
|
SVG Scalable Vector Graphics image
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[1].ico
|
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\inv-big-background[1].png
|
PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\passwrd[1].png
|
PNG image data, 69 x 34, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF767230B87732AF12.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF8F7A3B09211FC4BE.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFC8DFC69DEA962F30.TMP
|
data
|
dropped
|
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6728 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://crabpeacock.com/.,/authorize_client_id:syje4bf0-sj1q-bmhq-d2u3-9lgqsdyaf2mc_mnr9dxwtcoh2q6p8ey14uljg7kfia3sv50zblupyteqj3gvidr5xsfbnc271z6k8ahm0ow94cag1owdxztik93vu05lhjrsny6f8eqmb47p2?data=bmluZy5jaGVuQHR4ZG90Lmdvdg==
|
|
||
|
http://ning.chen.joydevs.com/#bmluZy5jaGVuQHR4ZG90Lmdvdg==
|
unknown
|
|
|
|
http://ning.chen.joydevs.com/#bmluZy5jaGVuQHR4ZG90Lmdvdg==Root
|
unknown
|
|
|
|
http://ning.chen.joydevs.com/
|
198.187.29.179
|
|
|
|
https://crabpeacock.covs.com/#bmluZy5jaGVuQHR4ZG90Lmdvdg==m/.
|
unknown
|
|
|
|
https://crabpeacock.com/.
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ning.chen.joydevs.com
|
198.187.29.179
|
|
|
|
crabpeacock.com
|
45.136.244.223
|
|
IPs
|
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
|---|---|---|---|---|---|
|
45.136.244.223
|
unknown
|
Russian Federation
|
unknown
|
|
|
|
198.187.29.179
|
unknown
|
United States
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{F0C07076-60CE-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-912
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-904
|
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
16B1CFB000
|
unkown
|
page read and write
|
|
|
|
21606273000
|
unkown
|
page read and write
|
|
|
|
16B17FC000
|
unkown
|
page read and write
|
|
|
|
21606190000
|
heap private
|
page read and write
|
|
|
|
7FF54D6BC000
|
unkown
|
page readonly
|
|
|
|
16B207F000
|
unkown
|
page read and write
|
|
|
|
2160623C000
|
unkown
|
page read and write
|
|
|
|
21606302000
|
unkown
|
page read and write
|
|
|
|
7FF54D749000
|
unkown
|
page readonly
|
|
|
|
21606313000
|
unkown
|
page read and write
|
|
|
|
7FF54D7B4000
|
unkown
|
page readonly
|
|
|
|
7FF54D634000
|
unkown
|
page readonly
|
|
|
|
16B1BFC000
|
unkown
|
page read and write
|
|
|
|
216066D0000
|
unkown
|
page readonly
|
|
|
|
7FF54D296000
|
unkown
|
page readonly
|
|
|
|
16B1F7F000
|
unkown
|
page read and write
|
|
|
|
7FF54D61D000
|
unkown
|
page readonly
|
|
|
|
7FF54D6DB000
|
unkown
|
page readonly
|
|
|
|
7FF54D573000
|
unkown
|
page readonly
|
|
|
|
7FF54D71A000
|
unkown
|
page readonly
|
|
|
|
16B1AFE000
|
unkown
|
page read and write
|
|
|
|
7FF54D6FC000
|
unkown
|
page readonly
|
|
|
|
7FF54D290000
|
unkown
|
page readonly
|
|
|
|
21606213000
|
unkown
|
page read and write
|
|
|
|
7FF54D72F000
|
unkown
|
page readonly
|
|
|
|
7FF54D6BA000
|
unkown
|
page readonly
|
|
|
|
21606202000
|
unkown
|
page read and write
|
|
|
|
7FF54D5CB000
|
unkown
|
page readonly
|
|
|
|
7FF54D714000
|
unkown
|
page readonly
|
|
|
|
7FF54D63C000
|
unkown
|
page readonly
|
|
|
|
216064D0000
|
unkown
|
page readonly
|
|
|
|
7FF54D623000
|
unkown
|
page readonly
|
|
|
|
7FF54D521000
|
unkown
|
page readonly
|
|
|
|
7FF54D73E000
|
unkown
|
page readonly
|
|
|
|
21606C00000
|
unkown
|
page readonly
|
|
|
|
7FF54CEE1000
|
unkown
|
page readonly
|
|
|
|
21606940000
|
unkown
|
page readonly
|
|
|
|
7FF54D7C1000
|
unkown
|
page readonly
|
|
|
|
7FF54D724000
|
unkown
|
page readonly
|
|
|
|
7FF54D447000
|
unkown
|
page readonly
|
|
|
|
7FF54D7C2000
|
unkown
|
page readonly
|
|
|
|
216061F0000
|
heap default
|
page read and write
|
|
|
|
7FF54D74D000
|
unkown
|
page readonly
|
|
|
|
2160628C000
|
unkown
|
page read and write
|
|
|
|
21606253000
|
unkown
|
page read and write
|
|
|
|
7FF54D707000
|
unkown
|
page readonly
|
|
|
|
7FF54D5B1000
|
unkown
|
page readonly
|
|
|
|
21606870000
|
unkown
|
page readonly
|
|
|
|
7FF54D6FF000
|
unkown
|
page readonly
|
|
|
|
7FF54D6D5000
|
unkown
|
page readonly
|
|
|
|
21606400000
|
unkown
|
page readonly
|
|
|
|
7FF54D738000
|
unkown
|
page readonly
|
|
|
|
7FF54D6CE000
|
unkown
|
page readonly
|
|
|
|
21606950000
|
unkown
|
page read and write
|
|
|
|
16B1A7E000
|
unkown
|
page read and write
|
|
|
|
7FF54D6D0000
|
unkown
|
page readonly
|
|
|
|
7FF54D7BA000
|
unkown
|
page readonly
|
|
|
|
7FF54D6E7000
|
unkown
|
page readonly
|
|
|
|
2160628A000
|
unkown
|
page read and write
|
|
|
|
7FF54D746000
|
unkown
|
page readonly
|
|
|
|
2160622A000
|
unkown
|
page read and write
|
|
|
|
16B1D7E000
|
unkown
|
page read and write
|
|
|
|
7FF54D450000
|
unkown
|
page readonly
|
|
|
|
21606A02000
|
unkown
|
page read and write
|
|
|
|
7FF54D2A5000
|
unkown
|
page readonly
|
|
|
|
21606200000
|
unkown
|
page read and write
|
|
|
|
16B1E77000
|
unkown
|
page read and write
|
|
|
|
7FF54D6CA000
|
unkown
|
page readonly
|
|
There are 58 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://crabpeacock.com/.,/authorize_client_id:syje4bf0-sj1q-bmhq-d2u3-9lgqsdyaf2mc_mnr9dxwtcoh2q6p8ey14uljg7kfia3sv50zblupyteqj3gvidr5xsfbnc271z6k8ahm0ow94cag1owdxztik93vu05lhjrsny6f8eqmb47p2?data=bmluZy5jaGVuQHR4ZG90Lmdvdg==
|
|