Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://gabriellarodriguezart.com/Dr
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Dr[1].htm
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E5D7668-CA19-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E5D766A-CA19-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E5D766B-CA19-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\585b051251[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\free-v4-shims.min[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\free.min[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\outlook1[1].png
|
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\adobe[1].jpg
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\hover[1].css
|
ASCII text
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-3.1.1.min[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-3.2.1.slim.min[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\8[1].jpg
|
[TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200],
baseline, precision 8, 1200x646, frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bootstrap.min[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bootstrap.min[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery.min[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Dr[1].htm
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[1].css
|
ASCII text
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\gmail[1].png
|
PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\office3651[1].png
|
PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\other1[1].png
|
PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\popper.min[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF4C0C6A7F8B5D7714.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF5FAEF6CCA28DFD69.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF726652DFE275AF17.TMP
|
data
|
dropped
|
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6828 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://gabriellarodriguezart.com/Dr/
|
|
||
|
https://gabriellarodriguezart.com/Dr/$Share
|
unknown
|
|
|
|
https://gabriellarodriguezart.com/Dr/l
|
unknown
|
|
|
|
https://gabriellarodriguezart.com/Dr/
|
unknown
|
|
|
|
https://gabriellarodriguezart.com/Dr/Root
|
unknown
|
|
|
|
https://fontawesome.com
|
unknown
|
|
|
|
https://kit.fontawesome.com
|
unknown
|
|
|
|
http://ianlunn.github.io/Hover/)
|
unknown
|
|
|
|
https://github.com/twbs/bootstrap/graphs/contributors)
|
unknown
|
|
|
|
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
|
unknown
|
|
|
|
https://login.microsoftonline.com/common/login
|
unknown
|
|
|
|
https://getbootstrap.com)
|
unknown
|
|
|
|
https://ka-f.fontawesome.com
|
unknown
|
|
|
|
https://code.jquery.com/jquery-3.2.1.slim.min.js
|
unknown
|
|
|
|
https://code.jquery.com/jquery-3.1.1.min.js
|
unknown
|
|
|
|
http://ianlunn.co.uk/
|
unknown
|
|
|
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
|
|
|
https://github.com/IanLunn/Hover
|
unknown
|
|
|
|
http://opensource.org/licenses/MIT).
|
unknown
|
|
|
|
https://kit.fontawesome.com/585b051251.js
|
unknown
|
|
|
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
|
unknown
|
|
|
|
https://code.jquery.com/jquery-3.3.1.js
|
unknown
|
|
|
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
|
unknown
|
|
|
|
https://fontawesome.com/license/free
|
unknown
|
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gabriellarodriguezart.com
|
162.241.114.112
|
|
|
|
cdnjs.cloudflare.com
|
104.16.18.94
|
|
|
|
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
|
|
|
ka-f.fontawesome.com
|
unknown
|
|
|
|
code.jquery.com
|
unknown
|
|
|
|
kit.fontawesome.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.18.11.207
|
maxcdn.bootstrapcdn.com
|
United States
|
|
|
|
162.241.114.112
|
gabriellarodriguezart.com
|
United States
|
|
|
|
104.16.18.94
|
cdnjs.cloudflare.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{5E5D7668-CA19-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-912
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-904
|
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF5E30F7000
|
unkown
|
page readonly
|
|
|
|
7FF53D699000
|
unkown
|
page readonly
|
|
|
|
7FF53D637000
|
unkown
|
page readonly
|
|
|
|
1BB7688B000
|
unkown
|
page read and write
|
|
|
|
1A955A8E000
|
unkown
|
page read and write
|
|
|
|
7FF53D68E000
|
unkown
|
page readonly
|
|
|
|
7FF5E33CA000
|
unkown
|
page readonly
|
|
|
|
7FF5E32D3000
|
unkown
|
page readonly
|
|
|
|
7FF5E2F40000
|
unkown
|
page readonly
|
|
|
|
1A9559E0000
|
unkown
|
page read and write
|
|
|
|
7FF5E32CD000
|
unkown
|
page readonly
|
|
|
|
1BB76802000
|
unkown
|
page read and write
|
|
|
|
1BB76E60000
|
unkown
|
page readonly
|
|
|
|
7FF53D501000
|
unkown
|
page readonly
|
|
|
|
7FF53D1F5000
|
unkown
|
page readonly
|
|
|
|
7FF5E327E000
|
unkown
|
page readonly
|
|
|
|
7FF53D657000
|
unkown
|
page readonly
|
|
|
|
7FF53D64C000
|
unkown
|
page readonly
|
|
|
|
3BA3FD000
|
unkown
|
page read and write
|
|
|
|
1BB76640000
|
heap private
|
page read and write
|
|
|
|
7FF5E3472000
|
unkown
|
page readonly
|
|
|
|
1BB76800000
|
unkown
|
page read and write
|
|
|
|
7FF5E338B000
|
unkown
|
page readonly
|
|
|
|
1BB76826000
|
unkown
|
page read and write
|
|
|
|
3BA27E000
|
unkown
|
page read and write
|
|
|
|
7FF53D625000
|
unkown
|
page readonly
|
|
|
|
7FF53D4C3000
|
unkown
|
page readonly
|
|
|
|
1BB76908000
|
unkown
|
page read and write
|
|
|
|
3BA7FF000
|
unkown
|
page read and write
|
|
|
|
7FF53D471000
|
unkown
|
page readonly
|
|
|
|
7FF53D51B000
|
unkown
|
page readonly
|
|
|
|
7FF5E33AF000
|
unkown
|
page readonly
|
|
|
|
7FF53D61E000
|
unkown
|
page readonly
|
|
|
|
1A955B13000
|
unkown
|
page read and write
|
|
|
|
7FF53D584000
|
unkown
|
page readonly
|
|
|
|
1A955A13000
|
unkown
|
page read and write
|
|
|
|
7FF5E32EC000
|
unkown
|
page readonly
|
|
|
|
7FF5E336C000
|
unkown
|
page readonly
|
|
|
|
7FF5E33DF000
|
unkown
|
page readonly
|
|
|
|
7FF53D712000
|
unkown
|
page readonly
|
|
|
|
1BB76790000
|
unkown
|
page readonly
|
|
|
|
7FF5E3380000
|
unkown
|
page readonly
|
|
|
|
7DF50F7000
|
unkown
|
page read and write
|
|
|
|
3BA6FF000
|
unkown
|
page read and write
|
|
|
|
7FF5E2BED000
|
unkown
|
page readonly
|
|
|
|
7FF5E33E8000
|
unkown
|
page readonly
|
|
|
|
1BB76813000
|
unkown
|
page read and write
|
|
|
|
1BB766B0000
|
unkown
|
page readonly
|
|
|
|
7FF53D60C000
|
unkown
|
page readonly
|
|
|
|
7FF5E33FD000
|
unkown
|
page readonly
|
|
|
|
1A9559C0000
|
unkown
|
page readonly
|
|
|
|
7FF53D674000
|
unkown
|
page readonly
|
|
|
|
1BB7683C000
|
unkown
|
page read and write
|
|
|
|
1A955950000
|
heap private
|
page read and write
|
|
|
|
3BA4FB000
|
unkown
|
page read and write
|
|
|
|
1BB76913000
|
unkown
|
page read and write
|
|
|
|
3B9FEB000
|
unkown
|
page read and write
|
|
|
|
7FF5E33AC000
|
unkown
|
page readonly
|
|
|
|
1BB76870000
|
unkown
|
page read and write
|
|
|
|
7FF53D58C000
|
unkown
|
page readonly
|
|
|
|
1BB76900000
|
unkown
|
page read and write
|
|
|
|
1A955B02000
|
unkown
|
page read and write
|
|
|
|
7FF53D397000
|
unkown
|
page readonly
|
|
|
|
7FF53D1E6000
|
unkown
|
page readonly
|
|
|
|
1A9559B0000
|
heap default
|
page read and write
|
|
|
|
7FF5E3261000
|
unkown
|
page readonly
|
|
|
|
7FF5E3471000
|
unkown
|
page readonly
|
|
|
|
1BB767A0000
|
unkown
|
page read and write
|
|
|
|
1BB7687E000
|
unkown
|
page read and write
|
|
|
|
7FF5E33D4000
|
unkown
|
page readonly
|
|
|
|
1BB76780000
|
unkown
|
page readonly
|
|
|
|
7FF5E33B7000
|
unkown
|
page readonly
|
|
|
|
1A956202000
|
unkown
|
page read and write
|
|
|
|
1A955A2A000
|
unkown
|
page read and write
|
|
|
|
7FF5E33EE000
|
unkown
|
page readonly
|
|
|
|
1A955A3C000
|
unkown
|
page read and write
|
|
|
|
7DF4BEE000
|
unkown
|
page read and write
|
|
|
|
1A955CD0000
|
unkown
|
page readonly
|
|
|
|
7FF5E33F9000
|
unkown
|
page readonly
|
|
|
|
1BB76902000
|
unkown
|
page read and write
|
|
|
|
1BB7684B000
|
unkown
|
page read and write
|
|
|
|
7FF53D69D000
|
unkown
|
page readonly
|
|
|
|
7FF53D573000
|
unkown
|
page readonly
|
|
|
|
7FF5E33F6000
|
unkown
|
page readonly
|
|
|
|
1BB76A00000
|
unkown
|
page readonly
|
|
|
|
7FF53D704000
|
unkown
|
page readonly
|
|
|
|
3BA2FE000
|
unkown
|
page read and write
|
|
|
|
1A956060000
|
unkown
|
page readonly
|
|
|
|
7FF53D60A000
|
unkown
|
page readonly
|
|
|
|
7FF53D70A000
|
unkown
|
page readonly
|
|
|
|
7FF5E337A000
|
unkown
|
page readonly
|
|
|
|
7FF5E336A000
|
unkown
|
page readonly
|
|
|
|
1A955A00000
|
unkown
|
page read and write
|
|
|
|
7FF53D64F000
|
unkown
|
page readonly
|
|
|
|
7DF51FE000
|
unkown
|
page read and write
|
|
|
|
7DF4FFB000
|
unkown
|
page read and write
|
|
|
|
7FF5E32E4000
|
unkown
|
page readonly
|
|
|
|
7FF53D696000
|
unkown
|
page readonly
|
|
|
|
1BB77002000
|
unkown
|
page read and write
|
|
|
|
7FF53D620000
|
unkown
|
page readonly
|
|
|
|
7FF5E3385000
|
unkown
|
page readonly
|
|
|
|
7FF5E31D1000
|
unkown
|
page readonly
|
|
|
|
7FF5E3223000
|
unkown
|
page readonly
|
|
|
|
1BB76850000
|
unkown
|
page read and write
|
|
|
|
3BA5F7000
|
unkown
|
page read and write
|
|
|
|
7FF53D1E0000
|
unkown
|
page readonly
|
|
|
|
7FF53D711000
|
unkown
|
page readonly
|
|
|
|
7FF53D66A000
|
unkown
|
page readonly
|
|
|
|
7FF5E346A000
|
unkown
|
page readonly
|
|
|
|
7FF5E3397000
|
unkown
|
page readonly
|
|
|
|
7FF53D664000
|
unkown
|
page readonly
|
|
|
|
7DF4AEB000
|
unkown
|
page read and write
|
|
|
|
1A955C00000
|
unkown
|
page readonly
|
|
|
|
7FF5E337E000
|
unkown
|
page readonly
|
|
|
|
7FF5E2F55000
|
unkown
|
page readonly
|
|
|
|
1A956400000
|
unkown
|
page readonly
|
|
|
|
7FF53D61A000
|
unkown
|
page readonly
|
|
|
|
1BB76829000
|
unkown
|
page read and write
|
|
|
|
7FF5E3464000
|
unkown
|
page readonly
|
|
|
|
1BB76856000
|
unkown
|
page read and write
|
|
|
|
7FF53CE37000
|
unkown
|
page readonly
|
|
|
|
7FF5E2F46000
|
unkown
|
page readonly
|
|
|
|
7FF53D67F000
|
unkown
|
page readonly
|
|
|
|
7FF53D688000
|
unkown
|
page readonly
|
|
|
|
7DF4EF5000
|
unkown
|
page read and write
|
|
|
|
7FF53D56D000
|
unkown
|
page readonly
|
|
|
|
1A955A86000
|
unkown
|
page read and write
|
|
|
|
1A9559D0000
|
unkown
|
page readonly
|
|
|
|
1BB77200000
|
unkown
|
page readonly
|
|
|
|
7FF5E327B000
|
unkown
|
page readonly
|
|
|
|
7DF4B6E000
|
unkown
|
page read and write
|
|
|
|
1BB766A0000
|
heap default
|
page read and write
|
|
|
|
7FF53D3A0000
|
unkown
|
page readonly
|
|
|
|
7FF53CE3D000
|
unkown
|
page readonly
|
|
|
|
1A955A6F000
|
unkown
|
page read and write
|
|
|
|
7FF5E33C4000
|
unkown
|
page readonly
|
|
|
|
7DF52FE000
|
unkown
|
page read and write
|
|
|
|
7FF53D62B000
|
unkown
|
page readonly
|
|
There are 128 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://gabriellarodriguezart.com/Dr/
|
|