IOCReport

loading gif

Files

File Path
Type
Category
Malicious
https://dostavkaolx.site
URL
initial url
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8B3A00B3-CAAC-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B3A00B5-CAAC-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B3A00B6-CAAC-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
downloaded
 clean
C:\Users\user\AppData\Local\Temp\~DF4120580C273D26FB.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF5933E4E87066F407.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF7288BFC3A839848E.TMP
data
dropped
 clean
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\internet explorer\iexplore.exe
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5576 CREDAT:17410 /prefetch:2
 clean

URLs

Name
IP
Malicious
https://dostavkaolx.site/Root
unknown
 clean
https://dostavkaolx.site/
unknown
 clean

Domains

Name
IP
Malicious
dostavkaolx.site
unknown
 clean

Registry

Path
Value
Malicious
C:\Program Files\internet explorer\iexplore.exe
{8B3A00B3-CAAC-11EB-90E4-ECF4BB862DED}
 clean
C:\Program Files\internet explorer\iexplore.exe
AdminActive
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
There are 10 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
8311475000
unkown
page read and write
 clean
7FF579145000
unkown
page readonly
 clean
7FF570161000
unkown
page readonly
 clean
7FF56FB0A000
unkown
page readonly
 clean
192B175B000
heap default
page read and write
 clean
7FF57028D000
unkown
page readonly
 clean
7FF5700EE000
unkown
page readonly
 clean
7FF56FE1A000
unkown
page readonly
 clean
7FF56FE20000
unkown
page readonly
 clean
83112FE000
unkown
page read and write
 clean
872474E000
unkown
page read and write
 clean
27815C63000
unkown
page read and write
 clean
27815C71000
unkown
page read and write
 clean
7FF570279000
unkown
page readonly
 clean
192B16E0000
unkown
page read and write
 clean
7FF570329000
unkown
page readonly
 clean
192B1775000
unkown
page read and write
 clean
27815C4E000
unkown
page read and write
 clean
192B1776000
unkown
page read and write
 clean
27815C4F000
unkown
page read and write
 clean
192B1AF0000
unkown
page readonly
 clean
7FF5702C7000
unkown
page readonly
 clean
7FF579118000
unkown
page readonly
 clean
7FF57918C000
unkown
page readonly
 clean
27815D02000
unkown
page read and write
 clean
7FF57029C000
unkown
page readonly
 clean
27815C4D000
unkown
page read and write
 clean
7FF5700AF000
unkown
page readonly
 clean
831187F000
unkown
page read and write
 clean
7FF57013D000
unkown
page readonly
 clean
7FF570238000
unkown
page readonly
 clean
27815C29000
unkown
page read and write
 clean
7FF5702B5000
unkown
page readonly
 clean
7FF57025E000
unkown
page readonly
 clean
7FF5702C4000
unkown
page readonly
 clean
192B1AE5000
heap private
page read and write
 clean
192B177D000
unkown
page read and write
 clean
7FF570265000
unkown
page readonly
 clean
7FF57026F000
unkown
page readonly
 clean
7FF579195000
unkown
page readonly
 clean
7FF570321000
unkown
page readonly
 clean
7FF570222000
unkown
page readonly
 clean
831157B000
unkown
page read and write
 clean
27815E00000
unkown
page readonly
 clean
27815C60000
unkown
page read and write
 clean
7FF5700FA000
unkown
page readonly
 clean
7FF57031E000
unkown
page readonly
 clean
7FF579186000
unkown
page readonly
 clean
192B177D000
unkown
page read and write
 clean
8311677000
unkown
page read and write
 clean
7FF57911A000
unkown
page readonly
 clean
27815D08000
unkown
page read and write
 clean
7FF579201000
unkown
page readonly
 clean
7FF5702C0000
unkown
page readonly
 clean
27816402000
unkown
page read and write
 clean
192B1777000
unkown
page read and write
 clean
831137E000
unkown
page read and write
 clean
27815C00000
unkown
page read and write
 clean
7FF570329000
unkown
page readonly
 clean
7FF579176000
unkown
page readonly
 clean
7FF570236000
unkown
page readonly
 clean
7FF570232000
unkown
page readonly
 clean
27815D13000
unkown
page read and write
 clean
27815C60000
unkown
page read and write
 clean
831127B000
unkown
page read and write
 clean
7FF5791A2000
unkown
page readonly
 clean
7FF5702A6000
unkown
page readonly
 clean
27815C13000
unkown
page read and write
 clean
7FF57913E000
unkown
page readonly
 clean
7FF57019C000
unkown
page readonly
 clean
7FF579159000
unkown
page readonly
 clean
7FF570118000
unkown
page readonly
 clean
7FF57917C000
unkown
page readonly
 clean
7FF579209000
unkown
page readonly
 clean
7FF579209000
unkown
page readonly
 clean
8724BFE000
unkown
page read and write
 clean
87247CE000
unkown
page read and write
 clean
192B1700000
unkown
page readonly
 clean
27815BF0000
unkown
page read and write
 clean
7FF57024A000
unkown
page readonly
 clean
192B1AE0000
heap private
page read and write
 clean
7FF57004A000
unkown
page readonly
 clean
192B1750000
heap default
page read and write
 clean
192B177D000
unkown
page read and write
 clean
7FF570133000
unkown
page readonly
 clean
192B16C0000
unkown
page read and write
 clean
7FF570296000
unkown
page readonly
 clean
278162A0000
unkown
page readonly
 clean
27815AF0000
heap default
page read and write
 clean
27815A90000
heap private
page read and write
 clean
87246CC000
unkown
page read and write
 clean
192B176A000
unkown
page read and write
 clean
27815BE0000
unkown
page readonly
 clean
7FF570220000
unkown
page readonly
 clean
192B1850000
unkown
page readonly
 clean
7FF56FA02000
unkown
page readonly
 clean
192B1660000
unkown
page readonly
 clean
7FF5702AC000
unkown
page readonly
 clean
27815C3C000
unkown
page read and write
 clean
27815C48000
unkown
page read and write
 clean
192B1774000
unkown
page read and write
 clean
27815C47000
unkown
page read and write
 clean
831177E000
unkown
page read and write
 clean
7FF570167000
unkown
page readonly
 clean
27815D00000
unkown
page read and write
 clean
27816600000
unkown
page readonly
 clean
27815C51000
unkown
page read and write
 clean
7FF5791FE000
unkown
page readonly
 clean
27815C8A000
unkown
page read and write
 clean
27815BD0000
unkown
page readonly
 clean
27815B00000
unkown
page readonly
 clean
27815C4A000
unkown
page read and write
 clean
7FF57916D000
unkown
page readonly
 clean
8724B7F000
unkown
page read and write
 clean
27815C4B000
unkown
page read and write
 clean
8724AFF000
unkown
page read and write
 clean
7FF56FE30000
unkown
page readonly
 clean
192B1765000
unkown
page read and write
 clean
27815C63000
unkown
page read and write
 clean
There are 109 hidden memdumps, click here to show them.