Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://te121491a.emailsys1c.net/mailing/117/4130125/0/e11e3fdf13/index.html
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\doc0022as[1].htm
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2EB38425-CACA-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2EB38427-CACA-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2EB38428-CACA-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bootstrap.min[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bootstrap.min[2].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\index[1].htm
|
HTML document, ASCII text
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-3.2.1.slim.min[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bootstrap.min[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\css[1].css
|
ASCII text
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\doc0022as[1].htm
|
HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\1[1].png
|
PNG image data, 3351 x 1679, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\imagecompressionZgPwV2[1]
|
PNG image data, 740 x 525, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery.min[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\popper.min[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\datDCC0.tmp
|
Web Open Font Format, TrueType, length 2532, version 2.24904
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF856C10FBED5E7462.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFB069A4B60C91DAAA.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFE21D5024E00E3D1A.TMP
|
data
|
dropped
|
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6812 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://bayoujanitorial.com/doc0022as//117/4130125/0/e11e3fdf13/index.html
|
unknown
|
|
|
|
https://bayoujanitorial.com/doc0022as/
|
unknown
|
|
|
|
https://bayoujanitorial.com/doc0022as//117/4130125/0/e11e3fdf13/index.htmln
|
unknown
|
|
|
|
https://bayoujanitorial.com/doc0022as/.Sharing
|
unknown
|
|
|
|
https://bayoujanitorial.com/doc0022as/
|
|
||
|
https://te121491a.emailsys1c.net/mailing/117/4130125/0/e11e3fdf13/index.html
|
|
||
|
https://github.com/twbs/bootstrap/graphs/contributors)
|
unknown
|
|
|
|
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
|
unknown
|
|
|
|
https://getbootstrap.com)
|
unknown
|
|
|
|
https://code.jquery.com/jquery-3.2.1.slim.min.js
|
unknown
|
|
|
|
https://bayoujanitorialsys1c.net/mailing/117/4130125/0/e11e3fdf13/index.html
|
unknown
|
|
|
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
|
|
|
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
|
unknown
|
|
|
|
http://opensource.org/licenses/MIT).
|
unknown
|
|
|
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
|
unknown
|
|
|
|
https://getbootstrap.com/)
|
unknown
|
|
|
|
https://c.emailsys1c.net/mailingassets/8aa5a37e4da81f4d64e4f7d2104ed890fc3fff99.png
|
unknown
|
|
|
|
https://te121491a.emailsys1c.net/c/117/4130125/0/0/0/209281/18be3b4950.html?testmail=yes
|
unknown
|
|
|
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
|
unknown
|
|
|
|
https://te121491al.com/doc0022as//117/4130125/0/e11e3fdf13/index.htmlRoot
|
unknown
|
|
|
|
https://te121491a.emailsys1c.net/mailing/117/4130125/0/e11e3fdf13/index.html
|
unknown
|
|
|
|
https://te121491a.emailsys1c.net/mailing/117/4130125/0/e11e3fdf13/index.htmlRoot
|
unknown
|
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
stackpath.bootstrapcdn.com
|
104.18.11.207
|
|
|
|
te121491a.emailsys1c.net
|
185.71.125.3
|
|
|
|
d3rvoh99oxehdi.cloudfront.net
|
65.9.66.125
|
|
|
|
bayoujanitorial.com
|
162.241.121.59
|
|
|
|
cdnjs.cloudflare.com
|
104.16.18.94
|
|
|
|
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
|
|
|
code.jquery.com
|
unknown
|
|
|
|
c.emailsys1c.net
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.18.11.207
|
stackpath.bootstrapcdn.com
|
United States
|
|
|
|
185.71.125.3
|
te121491a.emailsys1c.net
|
Germany
|
|
|
|
104.16.18.94
|
cdnjs.cloudflare.com
|
United States
|
|
|
|
65.9.66.125
|
d3rvoh99oxehdi.cloudfront.net
|
United States
|
|
|
|
162.241.121.59
|
bayoujanitorial.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{2EB38425-CACA-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-912
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-904
|
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
295E3700000
|
unkown
|
page read and write
|
|
|
|
7FF54C2E3000
|
unkown
|
page readonly
|
|
|
|
7FF54C4BD000
|
unkown
|
page readonly
|
|
|
|
7FF512D6C000
|
unkown
|
page readonly
|
|
|
|
AE394FE000
|
unkown
|
page read and write
|
|
|
|
295E3702000
|
unkown
|
page read and write
|
|
|
|
7FF54C3AC000
|
unkown
|
page readonly
|
|
|
|
CA23677000
|
unkown
|
page read and write
|
|
|
|
7FF54C43E000
|
unkown
|
page readonly
|
|
|
|
CA2327E000
|
unkown
|
page read and write
|
|
|
|
7FF54C4B9000
|
unkown
|
page readonly
|
|
|
|
248B7260000
|
unkown
|
page readonly
|
|
|
|
295E3649000
|
unkown
|
page read and write
|
|
|
|
7FF54C42C000
|
unkown
|
page readonly
|
|
|
|
295E35F0000
|
unkown
|
page readonly
|
|
|
|
7FF512D2C000
|
unkown
|
page readonly
|
|
|
|
295E3654000
|
unkown
|
page read and write
|
|
|
|
7FF512E31000
|
unkown
|
page readonly
|
|
|
|
7FF512D3E000
|
unkown
|
page readonly
|
|
|
|
CA233FC000
|
unkown
|
page read and write
|
|
|
|
CA234FB000
|
unkown
|
page read and write
|
|
|
|
295E3688000
|
unkown
|
page read and write
|
|
|
|
248B7330000
|
unkown
|
page readonly
|
|
|
|
7FF512D40000
|
unkown
|
page readonly
|
|
|
|
7FF54C38D000
|
unkown
|
page readonly
|
|
|
|
295E3651000
|
unkown
|
page read and write
|
|
|
|
295E3D30000
|
unkown
|
page read and write
|
|
|
|
CA22F8B000
|
unkown
|
page read and write
|
|
|
|
7FF512AC0000
|
unkown
|
page readonly
|
|
|
|
7FF54C000000
|
unkown
|
page readonly
|
|
|
|
295E35D0000
|
heap default
|
page read and write
|
|
|
|
7FF54C477000
|
unkown
|
page readonly
|
|
|
|
295E3713000
|
unkown
|
page read and write
|
|
|
|
7FF512DBD000
|
unkown
|
page readonly
|
|
|
|
295E3708000
|
unkown
|
page read and write
|
|
|
|
7FF54C445000
|
unkown
|
page readonly
|
|
|
|
7FF512D57000
|
unkown
|
page readonly
|
|
|
|
248B6BE0000
|
heap default
|
page read and write
|
|
|
|
7FF54C46C000
|
unkown
|
page readonly
|
|
|
|
7FF54C484000
|
unkown
|
page readonly
|
|
|
|
7FF512CAC000
|
unkown
|
page readonly
|
|
|
|
7FF512D77000
|
unkown
|
page readonly
|
|
|
|
7FF54C494000
|
unkown
|
page readonly
|
|
|
|
248B6E00000
|
unkown
|
page readonly
|
|
|
|
295E3653000
|
unkown
|
page read and write
|
|
|
|
AE391FB000
|
unkown
|
page read and write
|
|
|
|
248B6C8A000
|
unkown
|
page read and write
|
|
|
|
7FF54C291000
|
unkown
|
page readonly
|
|
|
|
7FF54C52A000
|
unkown
|
page readonly
|
|
|
|
7FF54C532000
|
unkown
|
page readonly
|
|
|
|
7FF512C3B000
|
unkown
|
page readonly
|
|
|
|
7FF512906000
|
unkown
|
page readonly
|
|
|
|
295E4340000
|
unkown
|
page readonly
|
|
|
|
7FF54C44B000
|
unkown
|
page readonly
|
|
|
|
7FF54C42A000
|
unkown
|
page readonly
|
|
|
|
248B7402000
|
unkown
|
page read and write
|
|
|
|
248B6ED0000
|
unkown
|
page readonly
|
|
|
|
7FF512AB7000
|
unkown
|
page readonly
|
|
|
|
248B6C02000
|
unkown
|
page read and write
|
|
|
|
295E3800000
|
unkown
|
page readonly
|
|
|
|
7FF54C440000
|
unkown
|
page readonly
|
|
|
|
295E3629000
|
unkown
|
page read and write
|
|
|
|
7FF54C393000
|
unkown
|
page readonly
|
|
|
|
295E3655000
|
unkown
|
page read and write
|
|
|
|
7FF512E32000
|
unkown
|
page readonly
|
|
|
|
248B6BF0000
|
unkown
|
page readonly
|
|
|
|
7FF54C33B000
|
unkown
|
page readonly
|
|
|
|
7FF54C457000
|
unkown
|
page readonly
|
|
|
|
248B7600000
|
unkown
|
page readonly
|
|
|
|
248B6C71000
|
unkown
|
page read and write
|
|
|
|
7FF54C531000
|
unkown
|
page readonly
|
|
|
|
295E3E02000
|
unkown
|
page read and write
|
|
|
|
295E3600000
|
unkown
|
page read and write
|
|
|
|
7FF51254C000
|
unkown
|
page readonly
|
|
|
|
295E38D0000
|
unkown
|
page readonly
|
|
|
|
7FF54C4A8000
|
unkown
|
page readonly
|
|
|
|
AE38D4F000
|
unkown
|
page read and write
|
|
|
|
7FF54C33E000
|
unkown
|
page readonly
|
|
|
|
7FF512DB6000
|
unkown
|
page readonly
|
|
|
|
295E364B000
|
unkown
|
page read and write
|
|
|
|
7FF512C21000
|
unkown
|
page readonly
|
|
|
|
295E364E000
|
unkown
|
page read and write
|
|
|
|
7FF512DAE000
|
unkown
|
page readonly
|
|
|
|
CA2387E000
|
unkown
|
page read and write
|
|
|
|
AE38CCC000
|
unkown
|
page read and write
|
|
|
|
248B6B80000
|
heap private
|
page read and write
|
|
|
|
CA2357E000
|
unkown
|
page read and write
|
|
|
|
7FF512D84000
|
unkown
|
page readonly
|
|
|
|
7FF54BC71000
|
unkown
|
page readonly
|
|
|
|
7FF512D9F000
|
unkown
|
page readonly
|
|
|
|
7FF54C321000
|
unkown
|
page readonly
|
|
|
|
CA2377F000
|
unkown
|
page read and write
|
|
|
|
7FF512D4B000
|
unkown
|
page readonly
|
|
|
|
7FF54C49F000
|
unkown
|
page readonly
|
|
|
|
7FF54C006000
|
unkown
|
page readonly
|
|
|
|
248B6C2A000
|
unkown
|
page read and write
|
|
|
|
248B7340000
|
unkown
|
page read and write
|
|
|
|
7FF512D3A000
|
unkown
|
page readonly
|
|
|
|
7FF512D94000
|
unkown
|
page readonly
|
|
|
|
7FF54C015000
|
unkown
|
page readonly
|
|
|
|
7FF54C46F000
|
unkown
|
page readonly
|
|
|
|
295E3656000
|
unkown
|
page read and write
|
|
|
|
7FF54C48A000
|
unkown
|
page readonly
|
|
|
|
248B6C00000
|
unkown
|
page read and write
|
|
|
|
7FF512546000
|
unkown
|
page readonly
|
|
|
|
248B6D13000
|
unkown
|
page read and write
|
|
|
|
7FF512B91000
|
unkown
|
page readonly
|
|
|
|
7FF54C524000
|
unkown
|
page readonly
|
|
|
|
7FF512C3E000
|
unkown
|
page readonly
|
|
|
|
295E3670000
|
unkown
|
page read and write
|
|
|
|
7FF512D45000
|
unkown
|
page readonly
|
|
|
|
248B6D02000
|
unkown
|
page read and write
|
|
|
|
295E35E0000
|
unkown
|
page readonly
|
|
|
|
7FF54C3A4000
|
unkown
|
page readonly
|
|
|
|
AE38DCF000
|
unkown
|
page read and write
|
|
|
|
7FF512E24000
|
unkown
|
page readonly
|
|
|
|
AE390F5000
|
unkown
|
page read and write
|
|
|
|
295E363C000
|
unkown
|
page read and write
|
|
|
|
7FF512900000
|
unkown
|
page readonly
|
|
|
|
7FF512915000
|
unkown
|
page readonly
|
|
|
|
7FF512E2A000
|
unkown
|
page readonly
|
|
|
|
7FF54C43A000
|
unkown
|
page readonly
|
|
|
|
7FF512D6F000
|
unkown
|
page readonly
|
|
|
|
295E4000000
|
unkown
|
page readonly
|
|
|
|
7FF54C1B7000
|
unkown
|
page readonly
|
|
|
|
AE392F7000
|
unkown
|
page read and write
|
|
|
|
7FF512D8A000
|
unkown
|
page readonly
|
|
|
|
7FF512BE3000
|
unkown
|
page readonly
|
|
|
|
7FF512C8D000
|
unkown
|
page readonly
|
|
|
|
7FF512DB9000
|
unkown
|
page readonly
|
|
|
|
248B6C13000
|
unkown
|
page read and write
|
|
|
|
7FF54C4B6000
|
unkown
|
page readonly
|
|
|
|
7FF512D2A000
|
unkown
|
page readonly
|
|
|
|
AE393FF000
|
unkown
|
page read and write
|
|
|
|
7FF512C93000
|
unkown
|
page readonly
|
|
|
|
CA232FE000
|
unkown
|
page read and write
|
|
|
|
7FF54C4AE000
|
unkown
|
page readonly
|
|
|
|
7FF512CA4000
|
unkown
|
page readonly
|
|
|
|
248B6C3C000
|
unkown
|
page read and write
|
|
|
|
7FF512DA8000
|
unkown
|
page readonly
|
|
|
|
295E3613000
|
unkown
|
page read and write
|
|
|
|
295E3570000
|
heap private
|
page read and write
|
|
|
|
248B6C8F000
|
unkown
|
page read and write
|
|
There are 133 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://bayoujanitorial.com/doc0022as/
|
|
|
|
https://te121491a.emailsys1c.net/mailing/117/4130125/0/e11e3fdf13/index.html
|
|