Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
http://45.147.229.199:4444
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{750CA488-77F2-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{750CA48A-77F2-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{750CA48B-77F2-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bullet[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\background_gradient[1]
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http_404[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\info_48[1]
|
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF1E8AB9167246D8B5.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFA3F02AE3705DA3AE.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFAD2EAEA6D1E49FEB.TMP
|
data
|
dropped
|
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5652 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.147.229.199:4444/
|
45.147.229.199
|
|
|
|
http://45.147.229.199:4444/Root
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
|---|---|---|---|---|---|
|
45.147.229.199
|
unknown
|
Germany
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{750CA488-77F2-11EB-90E4-ECF4BB862DED}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
AdminActive
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1D4DAC22000
|
unkown
|
page read and write
|
|
|
|
1D4DABC0000
|
unkown
|
page read and write
|
|
|
|
7FF4EF290000
|
unkown
|
page readonly
|
|
|
|
7FF4EF1AD000
|
unkown
|
page readonly
|
|
|
|
1D4DAA60000
|
heap private
|
page read and write
|
|
|
|
7FF4EF2A8000
|
unkown
|
page readonly
|
|
|
|
7FF4EF2CE000
|
unkown
|
page readonly
|
|
|
|
7FF4EF306000
|
unkown
|
page readonly
|
|
|
|
7FF4EF316000
|
unkown
|
page readonly
|
|
|
|
1D4DAC2A000
|
unkown
|
page read and write
|
|
|
|
7FF4EF2FD000
|
unkown
|
page readonly
|
|
|
|
4CBBBEE000
|
unkown
|
page read and write
|
|
|
|
7FF4EF20C000
|
unkown
|
page readonly
|
|
|
|
1D4DABA0000
|
unkown
|
page readonly
|
|
|
|
1D4DAC13000
|
unkown
|
page read and write
|
|
|
|
7FF4EF334000
|
unkown
|
page readonly
|
|
|
|
7FF4EF391000
|
unkown
|
page readonly
|
|
|
|
7FF4EF1A3000
|
unkown
|
page readonly
|
|
|
|
7FF4EF2A2000
|
unkown
|
page readonly
|
|
|
|
7FF4EF0BA000
|
unkown
|
page readonly
|
|
|
|
1D4DAC55000
|
unkown
|
page read and write
|
|
|
|
1D4DAD13000
|
unkown
|
page read and write
|
|
|
|
7FF4EEE8A000
|
unkown
|
page readonly
|
|
|
|
1D4DAC49000
|
unkown
|
page read and write
|
|
|
|
7FF4EEEA0000
|
unkown
|
page readonly
|
|
|
|
1D4DB270000
|
unkown
|
page readonly
|
|
|
|
1D4DAD08000
|
unkown
|
page read and write
|
|
|
|
7FF4EF2D5000
|
unkown
|
page readonly
|
|
|
|
7FF4EEA73000
|
unkown
|
page readonly
|
|
|
|
1D4DABB0000
|
unkown
|
page readonly
|
|
|
|
7FF4EF1D1000
|
unkown
|
page readonly
|
|
|
|
4CBC2FE000
|
unkown
|
page read and write
|
|
|
|
1D4DB600000
|
unkown
|
page readonly
|
|
|
|
7FF4EF1D7000
|
unkown
|
page readonly
|
|
|
|
1D4DAC50000
|
unkown
|
page read and write
|
|
|
|
1D4DAE00000
|
unkown
|
page readonly
|
|
|
|
1D4DAC00000
|
unkown
|
page read and write
|
|
|
|
1D4DAD02000
|
unkown
|
page read and write
|
|
|
|
7FF4EF2E9000
|
unkown
|
page readonly
|
|
|
|
1D4DAC3C000
|
unkown
|
page read and write
|
|
|
|
4CBC0FE000
|
unkown
|
page read and write
|
|
|
|
4CBBF75000
|
unkown
|
page read and write
|
|
|
|
7FF4EF15E000
|
unkown
|
page readonly
|
|
|
|
4CBC1F7000
|
unkown
|
page read and write
|
|
|
|
1D4DB402000
|
unkown
|
page read and write
|
|
|
|
7FF4EF399000
|
unkown
|
page readonly
|
|
|
|
7FF4EF2BA000
|
unkown
|
page readonly
|
|
|
|
1D4DAD00000
|
unkown
|
page read and write
|
|
|
|
1D4DAAC0000
|
heap default
|
page read and write
|
|
|
|
1D4DAAD0000
|
unkown
|
page readonly
|
|
|
|
4CBC07B000
|
unkown
|
page read and write
|
|
|
|
7FF4EF399000
|
unkown
|
page readonly
|
|
|
|
7FF4EF16A000
|
unkown
|
page readonly
|
|
|
|
7FF4EEE90000
|
unkown
|
page readonly
|
|
|
|
7FF4EF2DF000
|
unkown
|
page readonly
|
|
|
|
7FF4EF292000
|
unkown
|
page readonly
|
|
|
|
1D4DAC9F000
|
unkown
|
page read and write
|
|
|
|
7FF4EF30C000
|
unkown
|
page readonly
|
|
|
|
4CBBE7E000
|
unkown
|
page read and write
|
|
|
|
1D4DAC70000
|
unkown
|
page read and write
|
|
|
|
7FF4EF38E000
|
unkown
|
page readonly
|
|
|
|
7FF4EF188000
|
unkown
|
page readonly
|
|
|
|
7FF4EF11F000
|
unkown
|
page readonly
|
|
|
|
1D4DAC4D000
|
unkown
|
page read and write
|
|
|
|
1D4DAC4B000
|
unkown
|
page read and write
|
|
|
|
4CBBB6B000
|
unkown
|
page read and write
|
|
|
|
1D4DAC9B000
|
unkown
|
page read and write
|
|
|
|
7FF4EF325000
|
unkown
|
page readonly
|
|
|
|
7FF4EF2A6000
|
unkown
|
page readonly
|
|
|
|
7FF4EF337000
|
unkown
|
page readonly
|
|
|
|
4CBC3FE000
|
unkown
|
page read and write
|
|
|
|
7FF4EF330000
|
unkown
|
page readonly
|
|
|
|
7FF4EF31C000
|
unkown
|
page readonly
|
|
There are 63 hidden memdumps, click here to show them.