Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://pbox.photobox.co.uk/dynclick/photobox-uk/?eml-publisher=photobox-uk&eml-name=phx_t_uk_new_crn_e2_bau_all&uid=67912768&eurl=http://photobox-mkt-prod1-t.campaign.adobe.com/r/?id=h4e5ec0b9,69a17086,5eb6e68f&utm_source=photobox&utm_medium=email&utm_campaign=t_all_w26_20200623_uk_crn_tips-and-trading-plan_2_bau_ac1982206_web_1772187782&_c1v=crm&_c2v=trigger&_c3v=creation&_c4id=1982206&_c5id=1772187782&_c6id=all&_c7id=acc&_cdt=2020-06-23&_ceh=b79bed2958568ab17f18979440690c16a1c6f09f5afc870aacd7ecb1e408488c&_cleh=b79bed2958568ab17f18979440690c16a1c6f09f5afc870aacd7ecb1e408488c&p1=db.h-jie.shop/?e=dnBva2hhbkBpY29uZWN0aXYuY29t%23/my/creations
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{88BCF8D3-CA61-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{88BCF8D5-CA61-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{88BCF8D6-CA61-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\background_gradient[1]
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bullet[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\down[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\http_403[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\info_48[1]
|
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF94746B35FAB6864B.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFFA6B77A4099A5213.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFFDCA819CECA1B0DD.TMP
|
data
|
dropped
|
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6712 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://db.h-jie.shop/?e=dnBva2hhbkBpY29uZWN0aXYuY29t&ectrans=1&utm_campaign=t_all_w26_20200623_uk_c
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
db.h-jie.shop
|
192.119.65.250
|
|
|
|
pb.eulerian.net
|
109.232.195.140
|
|
|
|
pbox.photobox.co.uk
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
|
|
|
109.232.195.140
|
pb.eulerian.net
|
France
|
|
|
|
192.119.65.250
|
db.h-jie.shop
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{88BCF8D3-CA61-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
17716400000
|
unkown
|
page readonly
|
|
|
|
7FF58BF42000
|
unkown
|
page readonly
|
|
|
|
17715A4B000
|
unkown
|
page read and write
|
|
|
|
7FF5D6C23000
|
unkown
|
page readonly
|
|
|
|
7FF5D6D8B000
|
unkown
|
page readonly
|
|
|
|
7FF5D6458000
|
unkown
|
page readonly
|
|
|
|
17715A29000
|
unkown
|
page read and write
|
|
|
|
17715CD0000
|
unkown
|
page readonly
|
|
|
|
17715C00000
|
unkown
|
page readonly
|
|
|
|
7FF5D6AF7000
|
unkown
|
page readonly
|
|
|
|
7FF5D6DF9000
|
unkown
|
page readonly
|
|
|
|
7FF5D6BD1000
|
unkown
|
page readonly
|
|
|
|
7FF5D6D80000
|
unkown
|
page readonly
|
|
|
|
17715A62000
|
unkown
|
page read and write
|
|
|
|
17715A70000
|
unkown
|
page read and write
|
|
|
|
17715A46000
|
unkown
|
page read and write
|
|
|
|
47708F7000
|
unkown
|
page read and write
|
|
|
|
7FF5D6D7A000
|
unkown
|
page readonly
|
|
|
|
47703EF000
|
unkown
|
page read and write
|
|
|
|
7FF5D6DCA000
|
unkown
|
page readonly
|
|
|
|
7FF5D6CCD000
|
unkown
|
page readonly
|
|
|
|
7FF5D6DB7000
|
unkown
|
page readonly
|
|
|
|
7FF5D6D97000
|
unkown
|
page readonly
|
|
|
|
17716740000
|
unkown
|
page readonly
|
|
|
|
7FF5D6DF6000
|
unkown
|
page readonly
|
|
|
|
17715B13000
|
unkown
|
page read and write
|
|
|
|
17715B08000
|
unkown
|
page read and write
|
|
|
|
17715A67000
|
unkown
|
page read and write
|
|
|
|
17715A4F000
|
unkown
|
page read and write
|
|
|
|
7FF5D6C61000
|
unkown
|
page readonly
|
|
|
|
7FF5D6955000
|
unkown
|
page readonly
|
|
|
|
47706F5000
|
unkown
|
page read and write
|
|
|
|
7FF5D6E71000
|
unkown
|
page readonly
|
|
|
|
7FF5D6E64000
|
unkown
|
page readonly
|
|
|
|
7FF5D6CEC000
|
unkown
|
page readonly
|
|
|
|
7FF5D6940000
|
unkown
|
page readonly
|
|
|
|
47709FF000
|
unkown
|
page read and write
|
|
|
|
17715A3C000
|
unkown
|
page read and write
|
|
|
|
17715B00000
|
unkown
|
page read and write
|
|
|
|
7FF5D6DC4000
|
unkown
|
page readonly
|
|
|
|
7FF5D6D7E000
|
unkown
|
page readonly
|
|
|
|
4770AFF000
|
unkown
|
page read and write
|
|
|
|
7FF5D6946000
|
unkown
|
page readonly
|
|
|
|
17715B02000
|
unkown
|
page read and write
|
|
|
|
17715A82000
|
unkown
|
page read and write
|
|
|
|
17715A4C000
|
unkown
|
page read and write
|
|
|
|
7FF5D6DFD000
|
unkown
|
page readonly
|
|
|
|
7FF5D6C7B000
|
unkown
|
page readonly
|
|
|
|
7FF5D6DD4000
|
unkown
|
page readonly
|
|
|
|
7FF5D6DAF000
|
unkown
|
page readonly
|
|
|
|
477036F000
|
unkown
|
page read and write
|
|
|
|
7FF5D6D6A000
|
unkown
|
page readonly
|
|
|
|
7FF5D6D85000
|
unkown
|
page readonly
|
|
|
|
7FF5D6CE4000
|
unkown
|
page readonly
|
|
|
|
7FF5D6DAC000
|
unkown
|
page readonly
|
|
|
|
17715A13000
|
unkown
|
page read and write
|
|
|
|
7FF5D6C7E000
|
unkown
|
page readonly
|
|
|
|
7FF5D6DEE000
|
unkown
|
page readonly
|
|
|
|
17715990000
|
heap default
|
page read and write
|
|
|
|
17715A4D000
|
unkown
|
page read and write
|
|
|
|
7FF5D6D6C000
|
unkown
|
page readonly
|
|
|
|
7FF5D6E72000
|
unkown
|
page readonly
|
|
|
|
17715A62000
|
unkown
|
page read and write
|
|
|
|
17715A78000
|
unkown
|
page read and write
|
|
|
|
17715930000
|
heap private
|
page read and write
|
|
|
|
17716202000
|
unkown
|
page read and write
|
|
|
|
7FF58BF42000
|
unkown
|
page readonly
|
|
|
|
177159A0000
|
unkown
|
page readonly
|
|
|
|
17715A00000
|
unkown
|
page read and write
|
|
|
|
7FF5D6CD3000
|
unkown
|
page readonly
|
|
|
|
7FF5D6DDF000
|
unkown
|
page readonly
|
|
|
|
47707FB000
|
unkown
|
page read and write
|
|
|
|
17715A67000
|
unkown
|
page read and write
|
|
|
|
7FF5D6DE8000
|
unkown
|
page readonly
|
|
|
|
47702EC000
|
unkown
|
page read and write
|
|
|
|
17715A47000
|
unkown
|
page read and write
|
|
|
|
177159C0000
|
unkown
|
page read and write
|
|
|
|
7FF5D6E6A000
|
unkown
|
page readonly
|
|
|
|
177159B0000
|
unkown
|
page readonly
|
|
There are 69 hidden memdumps, click here to show them.