Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://testcovidrrddyy1v1ydOppse1Osv1ysr.ams3.cdn.digitaloceanspaces.com/
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5C597E4E-6703-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C597E50-6703-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C597E51-6703-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\http_400[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\info_48[1]
|
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\down[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\background_gradient[1]
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bullet[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFA71BDA2BE398EEAD.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFC7C1BF063F481040.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFF8937DCD4090A9AC.TMP
|
data
|
dropped
|
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6812 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://testcovidrrddyy1v1ydoppse1osv1ysr.ams3.cdn.digitaloceanspaces.com/
|
unknown
|
|
|
|
https://testcovidrrddyy1v1ydoppse1osv1ysr.ams3.cdn.digitaloceanspaces.com/Root
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
testcovidrrddyy1v1ydoppse1osv1ysr.ams3.cdn.digitaloceanspaces.com
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{5C597E4E-6703-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF500B35000
|
unkown
|
page readonly
|
|
|
|
1F314100000
|
heap default
|
page read and write
|
|
|
|
1229F660000
|
unkown
|
page readonly
|
|
|
|
122A0B70000
|
unkown
|
page readonly
|
|
|
|
7FF500BA6000
|
unkown
|
page readonly
|
|
|
|
7FF556BA1000
|
unkown
|
page readonly
|
|
|
|
7FF50B9E3000
|
unkown
|
page readonly
|
|
|
|
7FF500BAD000
|
unkown
|
page readonly
|
|
|
|
7FF50BABF000
|
unkown
|
page readonly
|
|
|
|
F381DFE000
|
unkown
|
page read and write
|
|
|
|
7FF50B665000
|
unkown
|
page readonly
|
|
|
|
7FF556E6A000
|
unkown
|
page readonly
|
|
|
|
88A0F7B000
|
unkown
|
page read and write
|
|
|
|
7FF556B46000
|
unkown
|
page readonly
|
|
|
|
7FF556DFD000
|
unkown
|
page readonly
|
|
|
|
7FF500B1C000
|
unkown
|
page readonly
|
|
|
|
20C507B000
|
unkown
|
page read and write
|
|
|
|
7FF50B810000
|
unkown
|
page readonly
|
|
|
|
7FF50BAD4000
|
unkown
|
page readonly
|
|
|
|
7FF50BADA000
|
unkown
|
page readonly
|
|
|
|
122A0A70000
|
unkown
|
page read and write
|
|
|
|
88A11FE000
|
unkown
|
page read and write
|
|
|
|
7FF500AC2000
|
unkown
|
page readonly
|
|
|
|
7FF556E71000
|
unkown
|
page readonly
|
|
|
|
1F314A02000
|
unkown
|
page read and write
|
|
|
|
7FF50BA7A000
|
unkown
|
page readonly
|
|
|
|
7FF5565E1000
|
unkown
|
page readonly
|
|
|
|
295A20A0000
|
heap private
|
page read and write
|
|
|
|
20C527A000
|
unkown
|
page read and write
|
|
|
|
7FF50BAA7000
|
unkown
|
page readonly
|
|
|
|
7FF50B290000
|
unkown
|
page readonly
|
|
|
|
20C51F9000
|
unkown
|
page read and write
|
|
|
|
F381E7E000
|
unkown
|
page read and write
|
|
|
|
88A0CFD000
|
unkown
|
page read and write
|
|
|
|
F38190C000
|
unkown
|
page read and write
|
|
|
|
295A1F30000
|
unkown
|
page readonly
|
|
|
|
7FF556D7A000
|
unkown
|
page readonly
|
|
|
|
295A2540000
|
unkown
|
page readonly
|
|
|
|
295A20ED000
|
heap default
|
page read and write
|
|
|
|
1F314C00000
|
unkown
|
page readonly
|
|
|
|
7FF556E72000
|
unkown
|
page readonly
|
|
|
|
1F31423C000
|
unkown
|
page read and write
|
|
|
|
7FF50B933000
|
unkown
|
page readonly
|
|
|
|
7FF556C7B000
|
unkown
|
page readonly
|
|
|
|
7FF556DF6000
|
unkown
|
page readonly
|
|
|
|
1F314202000
|
unkown
|
page read and write
|
|
|
|
1F314110000
|
unkown
|
page readonly
|
|
|
|
7FF556DAC000
|
unkown
|
page readonly
|
|
|
|
1229F000000
|
unkown
|
page read and write
|
|
|
|
7FF500B7A000
|
unkown
|
page readonly
|
|
|
|
7FF500C14000
|
unkown
|
page readonly
|
|
|
|
1F314860000
|
unkown
|
page read and write
|
|
|
|
1F314200000
|
unkown
|
page read and write
|
|
|
|
295A2035000
|
heap private
|
page read and write
|
|
|
|
7FF500B5C000
|
unkown
|
page readonly
|
|
|
|
F381C7E000
|
unkown
|
page read and write
|
|
|
|
7FF500B1A000
|
unkown
|
page readonly
|
|
|
|
295A1ED0000
|
unkown
|
page readonly
|
|
|
|
F381D7C000
|
unkown
|
page read and write
|
|
|
|
1229F065000
|
unkown
|
page read and write
|
|
|
|
7FF50BB06000
|
unkown
|
page readonly
|
|
|
|
7FF556DB8000
|
unkown
|
page readonly
|
|
|
|
295A3950000
|
unkown
|
page readonly
|
|
|
|
1F314229000
|
unkown
|
page read and write
|
|
|
|
7FF556D20000
|
unkown
|
page readonly
|
|
|
|
7FF50BB09000
|
unkown
|
page readonly
|
|
|
|
295A3A30000
|
unkown
|
page readonly
|
|
|
|
88A0C7C000
|
unkown
|
page read and write
|
|
|
|
7FF556D43000
|
unkown
|
page readonly
|
|
|
|
7FF500BA9000
|
unkown
|
page readonly
|
|
|
|
7FF556D7E000
|
unkown
|
page readonly
|
|
|
|
7FF556DDE000
|
unkown
|
page readonly
|
|
|
|
7FF50B807000
|
unkown
|
page readonly
|
|
|
|
7FF50BB7A000
|
unkown
|
page readonly
|
|
|
|
7FF500ACC000
|
unkown
|
page readonly
|
|
|
|
7FF556DAF000
|
unkown
|
page readonly
|
|
|
|
7FF50BA95000
|
unkown
|
page readonly
|
|
|
|
1F31428E000
|
unkown
|
page read and write
|
|
|
|
7FF500B9E000
|
unkown
|
page readonly
|
|
|
|
1229EF50000
|
unkown
|
page write copy
|
|
|
|
7FF50B656000
|
unkown
|
page readonly
|
|
|
|
88A0FFE000
|
unkown
|
page read and write
|
|
|
|
7FF50B650000
|
unkown
|
page readonly
|
|
|
|
295A20B0000
|
heap default
|
page read and write
|
|
|
|
7FF556C61000
|
unkown
|
page readonly
|
|
|
|
7FF500B47000
|
unkown
|
page readonly
|
|
|
|
7FF556DCA000
|
unkown
|
page readonly
|
|
|
|
1229F2D0000
|
unkown
|
page readonly
|
|
|
|
7FF50B971000
|
unkown
|
page readonly
|
|
|
|
1229EEE0000
|
heap private
|
page read and write
|
|
|
|
295A2020000
|
unkown
|
page readonly
|
|
|
|
7FF50BAC7000
|
unkown
|
page readonly
|
|
|
|
1229F029000
|
unkown
|
page read and write
|
|
|
|
7FF50B9FC000
|
unkown
|
page readonly
|
|
|
|
7FF50BA90000
|
unkown
|
page readonly
|
|
|
|
7FF500B2E000
|
unkown
|
page readonly
|
|
|
|
7FF500B84000
|
unkown
|
page readonly
|
|
|
|
7FF50BAF8000
|
unkown
|
page readonly
|
|
|
|
7FF556C88000
|
unkown
|
page readonly
|
|
|
|
1F314790000
|
unkown
|
page readonly
|
|
|
|
1F314213000
|
unkown
|
page read and write
|
|
|
|
295A2000000
|
unkown
|
page read and write
|
|
|
|
7FF556DF9000
|
unkown
|
page readonly
|
|
|
|
1F31428B000
|
unkown
|
page read and write
|
|
|
|
295A2060000
|
unkown
|
page readonly
|
|
|
|
7FF50B9DD000
|
unkown
|
page readonly
|
|
|
|
88A12FF000
|
unkown
|
page read and write
|
|
|
|
7FF50B98B000
|
unkown
|
page readonly
|
|
|
|
7FF556DE8000
|
unkown
|
page readonly
|
|
|
|
7FF50BAFE000
|
unkown
|
page readonly
|
|
|
|
7FF556C83000
|
unkown
|
page readonly
|
|
|
|
1F3141E0000
|
unkown
|
page readonly
|
|
|
|
1229F03F000
|
unkown
|
page read and write
|
|
|
|
7FF50BAE4000
|
unkown
|
page readonly
|
|
|
|
20C517F000
|
unkown
|
page read and write
|
|
|
|
7FF500925000
|
unkown
|
page readonly
|
|
|
|
7FF556DC4000
|
unkown
|
page readonly
|
|
|
|
7FF500C22000
|
unkown
|
page readonly
|
|
|
|
7FF500BC3000
|
unkown
|
page readonly
|
|
|
|
7FF50BB74000
|
unkown
|
page readonly
|
|
|
|
7FF556D8B000
|
unkown
|
page readonly
|
|
|
|
295A2040000
|
unkown
|
page read and write
|
|
|
|
1F314313000
|
unkown
|
page read and write
|
|
|
|
7FF500B98000
|
unkown
|
page readonly
|
|
|
|
1F3140A0000
|
heap private
|
page read and write
|
|
|
|
7FF500C1A000
|
unkown
|
page readonly
|
|
|
|
20C52FE000
|
unkown
|
page read and write
|
|
|
|
295A3A20000
|
unkown
|
page readonly
|
|
|
|
7FF556A3C000
|
unkown
|
page readonly
|
|
|
|
7FF500B3B000
|
unkown
|
page readonly
|
|
|
|
7FF556DD4000
|
unkown
|
page readonly
|
|
|
|
7FF556E64000
|
unkown
|
page readonly
|
|
|
|
7FF50BA7C000
|
unkown
|
page readonly
|
|
|
|
7FF556D80000
|
unkown
|
page readonly
|
|
|
|
1229EF40000
|
heap default
|
page read and write
|
|
|
|
7FF500B68000
|
unkown
|
page readonly
|
|
|
|
7FF500AC6000
|
unkown
|
page readonly
|
|
|
|
1F314251000
|
unkown
|
page read and write
|
|
|
|
7FF50BB81000
|
unkown
|
page readonly
|
|
|
|
295A20B8000
|
heap default
|
page read and write
|
|
|
|
7FF556DEE000
|
unkown
|
page readonly
|
|
|
|
295A3CCF000
|
heap private
|
page read and write
|
|
|
|
88A10F7000
|
unkown
|
page read and write
|
|
|
|
7FF50080A000
|
unkown
|
page readonly
|
|
|
|
7FF556D85000
|
unkown
|
page readonly
|
|
|
|
7FF5565DD000
|
unkown
|
page readonly
|
|
|
|
7FF50BAEF000
|
unkown
|
page readonly
|
|
|
|
295A2030000
|
heap private
|
page read and write
|
|
|
|
7FF500C21000
|
unkown
|
page readonly
|
|
|
|
F38198E000
|
unkown
|
page read and write
|
|
|
|
1229F102000
|
unkown
|
page read and write
|
|
|
|
7FF556DF1000
|
unkown
|
page readonly
|
|
|
|
1229F002000
|
unkown
|
page read and write
|
|
|
|
7FF50B28A000
|
unkown
|
page readonly
|
|
|
|
1229F013000
|
unkown
|
page read and write
|
|
|
|
7FF50BB0D000
|
unkown
|
page readonly
|
|
|
|
7FF50080D000
|
unkown
|
page readonly
|
|
|
|
295A3A10000
|
unkown
|
page readonly
|
|
|
|
7FF556A4A000
|
unkown
|
page readonly
|
|
|
|
7FF556D97000
|
unkown
|
page readonly
|
|
|
|
7FF50B9F4000
|
unkown
|
page readonly
|
|
|
|
7FF556BA5000
|
unkown
|
page readonly
|
|
|
|
7FF556A57000
|
unkown
|
page readonly
|
|
|
|
88A0D7E000
|
unkown
|
page read and write
|
|
|
|
7FF50BB82000
|
unkown
|
page readonly
|
|
|
|
7FF50BA8A000
|
unkown
|
page readonly
|
|
|
|
7FF50B8E1000
|
unkown
|
page readonly
|
|
|
|
295A21B0000
|
unkown
|
page readonly
|
|
|
|
7FF500B8E000
|
unkown
|
page readonly
|
|
|
|
7FF556A4F000
|
unkown
|
page readonly
|
|
|
|
1F3141F0000
|
unkown
|
page readonly
|
|
|
|
7FF556B3B000
|
unkown
|
page readonly
|
|
|
|
1229F200000
|
unkown
|
page readonly
|
|
|
|
F381CFD000
|
unkown
|
page read and write
|
|
|
|
7FF50BA8E000
|
unkown
|
page readonly
|
|
|
|
7FF50BABC000
|
unkown
|
page readonly
|
|
|
|
20C50FE000
|
unkown
|
page read and write
|
|
|
|
295A3A90000
|
heap private
|
page read and write
|
|
|
|
295A3BD0000
|
heap private
|
page read and write
|
|
|
|
7FF556BD9000
|
unkown
|
page readonly
|
|
|
|
1F314302000
|
unkown
|
page read and write
|
|
|
|
7FF500B30000
|
unkown
|
page readonly
|
|
|
|
88A0E7D000
|
unkown
|
page read and write
|
|
|
|
1229EFA0000
|
unkown
|
page readonly
|
|
|
|
1F314400000
|
unkown
|
page readonly
|
|
|
|
7FF500B74000
|
unkown
|
page readonly
|
|
|
|
7FF50BA9B000
|
unkown
|
page readonly
|
|
|
|
7FF556D22000
|
unkown
|
page readonly
|
|
|
|
295A3E90000
|
heap private
|
page read and write
|
|
There are 179 hidden memdumps, click here to show them.