IOCReport

https://wayfairapp.onelink.me/2420802157?pid=Email&c=Triggered&af_sub5=AppEmailCA&af_dp=wayfairapp%3A%2F%2Fhome&af_web_dp=h%20ttp%3A%2F%2Fedubuddie.com/vsot/aK6hhbi8933Qq%2FVerizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=0

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F550CFCF-B3F1-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F550CFD1-B3F1-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F550CFD2-B3F1-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5836 CREDAT:17410 /prefetch:2

http://www.wikipedia.com/

unknown

http://www.amazon.com/

unknown

https://wayfairapp.onelink.me/h%20ttp://edubuddie.com/vsot/aK6hhbi8933Qq/Verizon?tid=121811&vno=5&tx

unknown

http://www.nytimes.com/

unknown

http://www.live.com/

unknown

https://wayfairapp.onelink.me/favicon.ico

unknown

https://wayfairapp.onelink.me/h%20ttp://edubuddie.com/vsot/aK6hhbi8933Qq/Verizon?tid=121811&vno=5&txid=B20200331_1488798683&lid=18207&c=Triggered&pid=Email&ltid=0&af_sub5=AppEmailCA

http://www.reddit.com/

unknown

http://www.twitter.com/

unknown

http://www.youtube.com/

unknown

wayfairapp.onelink.me

13.224.193.93

13.224.193.93

wayfairapp.onelink.me

United States

C:\Program Files\internet explorer\iexplore.exe

{F550CFCF-B3F1-11EB-90E4-ECF4BB862DED}

C:\Program Files\internet explorer\iexplore.exe

AdminActive

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

7FF54CBDC000

unkown

page readonly

293A304A000

unkown

page read and write

C61473E000

unkown

page read and write

756A9FF000

unkown

page read and write

7FF545C91000

unkown

page readonly

7FF5A834E000

unkown

page readonly

7FF54C9EF000

unkown

page readonly

B03F6FB000

unkown

page read and write

7FF545B8C000

unkown

page readonly

7FF5A86CC000

unkown

page readonly