Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
http://feedproxy.google.com/~r/rdgahz/~3/KxTOprzA7Go/databank.php?param1=param1&c=dfoster@edgewortheconomics.com
|
URL
|
initial url
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5C0FE4AC-CAB2-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C0FE4AE-CAB2-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C0FE4AF-CAB2-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bullet[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http_404[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\info_48[1]
|
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\down[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\background_gradient[1]
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames
3
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\databank[1].htm
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
||
C:\Users\user\AppData\Local\Temp\~DF11EE74CB7DC9C1BE.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DF2B32E0794A59CB53.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFB95526EF5CC5F7CB.TMP
|
data
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
||
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5340 CREDAT:17410 /prefetch:2
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://ganbiya.com/databank.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
ganbiya.com
|
94.130.229.185
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
94.130.229.185
|
ganbiya.com
|
Germany
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
C:\Program Files\internet explorer\iexplore.exe
|
{5C0FE4AC-CAB2-11EB-90E4-ECF4BB862DED}
|
||
C:\Program Files\internet explorer\iexplore.exe
|
AdminActive
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1E563A02000
|
unkown
|
page read and write
|
||
7FF500F72000
|
unkown
|
page readonly
|
||
1E56325E000
|
unkown
|
page read and write
|
||
1E563213000
|
unkown
|
page read and write
|
||
7FF500FFC000
|
unkown
|
page readonly
|
||
7FF500FEC000
|
unkown
|
page readonly
|
||
1E56325C000
|
unkown
|
page read and write
|
||
1E563308000
|
unkown
|
page read and write
|
||
A7207F7000
|
unkown
|
page read and write
|
||
1E563870000
|
unkown
|
page readonly
|
||
1E563272000
|
unkown
|
page read and write
|
||
A7206FB000
|
unkown
|
page read and write
|
||
7FF500E8D000
|
unkown
|
page readonly
|
||
1E563880000
|
unkown
|
page read and write
|
||
7FF501071000
|
unkown
|
page readonly
|
||
1E563200000
|
unkown
|
page read and write
|
||
7FF500B70000
|
unkown
|
page readonly
|
||
1E563229000
|
unkown
|
page read and write
|
||
7FF500EB1000
|
unkown
|
page readonly
|
||
7FF500D9A000
|
unkown
|
page readonly
|
||
1E5630C0000
|
heap private
|
page read and write
|
||
7FF500FF6000
|
unkown
|
page readonly
|
||
7FF500717000
|
unkown
|
page readonly
|
||
7FF500EB7000
|
unkown
|
page readonly
|
||
A7204FF000
|
unkown
|
page read and write
|
||
7FF500EEC000
|
unkown
|
page readonly
|
||
7FF500B80000
|
unkown
|
page readonly
|
||
A7201AB000
|
unkown
|
page read and write
|
||
1E563265000
|
unkown
|
page read and write
|
||
1E563F40000
|
unkown
|
page readonly
|
||
7FF501079000
|
unkown
|
page readonly
|
||
7FF500F86000
|
unkown
|
page readonly
|
||
1E563120000
|
heap default
|
page read and write
|
||
7FF500FBF000
|
unkown
|
page readonly
|
||
7FF500E68000
|
unkown
|
page readonly
|
||
1E563130000
|
unkown
|
page readonly
|
||
7FF501010000
|
unkown
|
page readonly
|
||
1E56325D000
|
unkown
|
page read and write
|
||
7FF501005000
|
unkown
|
page readonly
|
||
7FF500812000
|
unkown
|
page readonly
|
||
A7209FE000
|
unkown
|
page read and write
|
||
7FF501017000
|
unkown
|
page readonly
|
||
1E563302000
|
unkown
|
page read and write
|
||
7FF500E83000
|
unkown
|
page readonly
|
||
1E563258000
|
unkown
|
page read and write
|
||
7FF500B6A000
|
unkown
|
page readonly
|
||
A72047F000
|
unkown
|
page read and write
|
||
A7205F5000
|
unkown
|
page read and write
|
||
1E563400000
|
unkown
|
page readonly
|
||
1E563C00000
|
unkown
|
page readonly
|
||
7FF500DFF000
|
unkown
|
page readonly
|
||
7FF500FDD000
|
unkown
|
page readonly
|
||
7FF500E3E000
|
unkown
|
page readonly
|
||
1E563290000
|
unkown
|
page read and write
|
||
7FF500F9A000
|
unkown
|
page readonly
|
||
7FF500FAE000
|
unkown
|
page readonly
|
||
1E563300000
|
unkown
|
page read and write
|
||
1E563272000
|
unkown
|
page read and write
|
||
7FF500F88000
|
unkown
|
page readonly
|
||
A7208FF000
|
unkown
|
page read and write
|
||
7FF501079000
|
unkown
|
page readonly
|
||
7FF500F70000
|
unkown
|
page readonly
|
||
7FF500FC9000
|
unkown
|
page readonly
|
||
7FF500E4A000
|
unkown
|
page readonly
|
||
1E563260000
|
unkown
|
page read and write
|
||
7FF501014000
|
unkown
|
page readonly
|
||
1E563600000
|
unkown
|
page readonly
|
||
7FF500FE6000
|
unkown
|
page readonly
|
||
1E563252000
|
unkown
|
page read and write
|
||
1E563257000
|
unkown
|
page read and write
|
||
7FF500FB5000
|
unkown
|
page readonly
|
||
1E563268000
|
unkown
|
page read and write
|
||
1E56323C000
|
unkown
|
page read and write
|
||
1E563313000
|
unkown
|
page read and write
|
||
7FF50106E000
|
unkown
|
page readonly
|
||
1E563288000
|
unkown
|
page read and write
|
||
7FF500F82000
|
unkown
|
page readonly
|
There are 67 hidden memdumps, click here to show them.