Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
http://feedproxy.google.com/~r/uvdobo/~3/eoiawoh0hcy/spelled.php
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\accounts.google[1].xml
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5EB6A9E6-D374-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5EB6A9E8-D374-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5EB6A9E9-D374-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
|
Web Open Font Format, TrueType, length 20012, version 1.1
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOmCnqEu92Fr1Mu4mxM[1].woff
|
Web Open Font Format, TrueType, length 19824, version 1.1
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=i5H9N,sy6v,sy70,PHUIyb,qNG0Fc,ywOR5c[1].js
|
ASCII text, with very long lines
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=sy6w,i5dxUd,m9oV,RAnnUd,sy6q,sy6r,sy6s,uu7UOe,sy6t,sy6u,soHxf[1].js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\v2logo_white[1].gif
|
GIF image data, version 89a, 230 x 42
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOkCnqEu92Fr1MmgVxIIzQ[1].woff
|
Web Open Font Format, TrueType, length 19936, version 1.1
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff
|
Web Open Font Format, TrueType, length 19916, version 1.1
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bscframe[1].htm
|
HTML document, ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\m=sy71,wg1P6b[1].js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff
|
Web Open Font Format, TrueType, length 26180, version 1.1
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff
|
Web Open Font Format, TrueType, length 19888, version 1.1
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ServiceLogin[1].htm
|
HTML document, UTF-8 Unicode text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].ico
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=sy7g,sy7h,sy7i,sy7k,sy7l,sy9h,pwd_view[1].js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\2F05QQI3.htm
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff
|
Web Open Font Format, TrueType, length 26412, version 1.1
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\CheckConnection[1].htm
|
HTML document, ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\m=n73qwf,MpJwZc,NpD4ec,SF3gsd,O8k1Cd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,otPmVb,rlNAl[1].js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF2D90F4100E2FE8B0.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFC13BC963B5A42CA7.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFCD36760A8D17F84A.TMP
|
data
|
dropped
|
|
There are 17 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5424 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
|
|
|
https://g.co/recover
|
unknown
|
|
|
|
https://accounts.googl
|
unknown
|
|
|
|
https://accounts.youtube.com/accounts/CheckConnection?pmpo
|
unknown
|
|
|
|
https://www.youtube.com/t/terms?chromeless=1&hl=
|
unknown
|
|
|
|
https://g.co/YourFamily
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
accounts.youtube.com
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{5EB6A9E6-D374-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-912
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-903
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NumberOfSubdomains
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
There are 29 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1CE56013000
|
unkown
|
page read and write
|
|
|
|
7FF51D16C000
|
unkown
|
page readonly
|
|
|
|
1CE5603C000
|
unkown
|
page read and write
|
|
|
|
1CE5608A000
|
unkown
|
page read and write
|
|
|
|
7FF5E39ED000
|
unkown
|
page readonly
|
|
|
|
1CE56102000
|
unkown
|
page read and write
|
|
|
|
7FF5E39B4000
|
unkown
|
page readonly
|
|
|
|
7FF51D08D000
|
unkown
|
page readonly
|
|
|
|
7FF5E3169000
|
unkown
|
page readonly
|
|
|
|
44EB89C000
|
unkown
|
page read and write
|
|
|
|
1D249E3C000
|
unkown
|
page read and write
|
|
|
|
7FF51CD06000
|
unkown
|
page readonly
|
|
|
|
1CE5606F000
|
unkown
|
page read and write
|
|
|
|
C6037D000
|
unkown
|
page read and write
|
|
|
|
7FF5E3536000
|
unkown
|
page readonly
|
|
|
|
7FF5E395C000
|
unkown
|
page readonly
|
|
|
|
7FF51CEC0000
|
unkown
|
page readonly
|
|
|
|
7FF5E3530000
|
unkown
|
page readonly
|
|
|
|
7FF5E39A7000
|
unkown
|
page readonly
|
|
|
|
C605F7000
|
unkown
|
page read and write
|
|
|
|
1CE55FD0000
|
unkown
|
page read and write
|
|
|
|
7FF51D194000
|
unkown
|
page readonly
|
|
|
|
1D249C40000
|
unkown
|
page readonly
|
|
|
|
1CE56029000
|
unkown
|
page read and write
|
|
|
|
7FF5E395A000
|
unkown
|
page readonly
|
|
|
|
44EBE7F000
|
unkown
|
page read and write
|
|
|
|
44EBF77000
|
unkown
|
page read and write
|
|
|
|
1D24A940000
|
unkown
|
page readonly
|
|
|
|
7FF51D13E000
|
unkown
|
page readonly
|
|
|
|
7FF51D232000
|
unkown
|
page readonly
|
|
|
|
7FF5E39BA000
|
unkown
|
page readonly
|
|
|
|
7FF5E38D4000
|
unkown
|
page readonly
|
|
|
|
1CE56800000
|
unkown
|
page readonly
|
|
|
|
7FF5E396E000
|
unkown
|
page readonly
|
|
|
|
7FF5E3A61000
|
unkown
|
page readonly
|
|
|
|
C6027E000
|
unkown
|
page read and write
|
|
|
|
1D249E57000
|
unkown
|
page read and write
|
|
|
|
7FF51CEB7000
|
unkown
|
page readonly
|
|
|
|
44EC07E000
|
unkown
|
page read and write
|
|
|
|
1D24A000000
|
unkown
|
page readonly
|
|
|
|
7FF51D184000
|
unkown
|
page readonly
|
|
|
|
7FF51D13A000
|
unkown
|
page readonly
|
|
|
|
1D24A390000
|
unkown
|
page read and write
|
|
|
|
1D249F08000
|
unkown
|
page read and write
|
|
|
|
7FF51D093000
|
unkown
|
page readonly
|
|
|
|
7FF5E3545000
|
unkown
|
page readonly
|
|
|
|
1D249F13000
|
unkown
|
page read and write
|
|
|
|
7FF51D1B6000
|
unkown
|
page readonly
|
|
|
|
7FF51D12C000
|
unkown
|
page readonly
|
|
|
|
1D249D10000
|
unkown
|
page readonly
|
|
|
|
1CE55EF0000
|
unkown
|
page readonly
|
|
|
|
1CE56602000
|
unkown
|
page read and write
|
|
|
|
7FF51D19F000
|
unkown
|
page readonly
|
|
|
|
44EC17F000
|
unkown
|
page read and write
|
|
|
|
7FF5E39CF000
|
unkown
|
page readonly
|
|
|
|
1D249E51000
|
unkown
|
page read and write
|
|
|
|
7FF5E39E6000
|
unkown
|
page readonly
|
|
|
|
7FF5E39E9000
|
unkown
|
page readonly
|
|
|
|
7FF5E397B000
|
unkown
|
page readonly
|
|
|
|
1D249E64000
|
unkown
|
page read and write
|
|
|
|
C6047B000
|
unkown
|
page read and write
|
|
|
|
7FF51D12A000
|
unkown
|
page readonly
|
|
|
|
7FF51D1BD000
|
unkown
|
page readonly
|
|
|
|
7FF5E36E7000
|
unkown
|
page readonly
|
|
|
|
7FF51D14B000
|
unkown
|
page readonly
|
|
|
|
7FF5E399C000
|
unkown
|
page readonly
|
|
|
|
1D249F00000
|
unkown
|
page read and write
|
|
|
|
7FF51D16F000
|
unkown
|
page readonly
|
|
|
|
1CE55DA0000
|
heap private
|
page read and write
|
|
|
|
7FF5E3851000
|
unkown
|
page readonly
|
|
|
|
1D249DF0000
|
unkown
|
page readonly
|
|
|
|
1CE5608E000
|
unkown
|
page read and write
|
|
|
|
7FF5E37C1000
|
unkown
|
page readonly
|
|
|
|
7FF5E39D8000
|
unkown
|
page readonly
|
|
|
|
7FF51D140000
|
unkown
|
page readonly
|
|
|
|
7FF5E3A5A000
|
unkown
|
page readonly
|
|
|
|
1CE56000000
|
unkown
|
page read and write
|
|
|
|
7FF51CD15000
|
unkown
|
page readonly
|
|
|
|
7FF51C951000
|
unkown
|
page readonly
|
|
|
|
7FF51D177000
|
unkown
|
page readonly
|
|
|
|
7FF5E39DE000
|
unkown
|
page readonly
|
|
|
|
1D249E00000
|
unkown
|
page read and write
|
|
|
|
7FF51D03B000
|
unkown
|
page readonly
|
|
|
|
7FF5E3813000
|
unkown
|
page readonly
|
|
|
|
7FF5E3970000
|
unkown
|
page readonly
|
|
|
|
7FF5E3A62000
|
unkown
|
page readonly
|
|
|
|
7FF51D157000
|
unkown
|
page readonly
|
|
|
|
1CE56200000
|
unkown
|
page readonly
|
|
|
|
1D24A600000
|
unkown
|
page readonly
|
|
|
|
C5FF8E000
|
unkown
|
page read and write
|
|
|
|
7FF5E396A000
|
unkown
|
page readonly
|
|
|
|
7FF51D1AE000
|
unkown
|
page readonly
|
|
|
|
7FF51D22A000
|
unkown
|
page readonly
|
|
|
|
7FF51D0AC000
|
unkown
|
page readonly
|
|
|
|
1CE55E00000
|
heap default
|
page read and write
|
|
|
|
7FF5E38C3000
|
unkown
|
page readonly
|
|
|
|
1CE56002000
|
unkown
|
page read and write
|
|
|
|
1D249E13000
|
unkown
|
page read and write
|
|
|
|
7FF51D18A000
|
unkown
|
page readonly
|
|
|
|
1D249F02000
|
unkown
|
page read and write
|
|
|
|
7FF5E3975000
|
unkown
|
page readonly
|
|
|
|
1D249BD0000
|
heap private
|
page read and write
|
|
|
|
7FF51D145000
|
unkown
|
page readonly
|
|
|
|
1D24A402000
|
unkown
|
page read and write
|
|
|
|
1D249C30000
|
heap default
|
page read and write
|
|
|
|
7FF51D224000
|
unkown
|
page readonly
|
|
|
|
C5FF0B000
|
unkown
|
page read and write
|
|
|
|
7FF51D1B9000
|
unkown
|
page readonly
|
|
|
|
7FF51D231000
|
unkown
|
page readonly
|
|
|
|
7FF5E3A54000
|
unkown
|
page readonly
|
|
|
|
1D249E61000
|
unkown
|
page read and write
|
|
|
|
44EB91E000
|
unkown
|
page read and write
|
|
|
|
7FF51D1A8000
|
unkown
|
page readonly
|
|
|
|
7FF5E386B000
|
unkown
|
page readonly
|
|
|
|
7FF51D021000
|
unkown
|
page readonly
|
|
|
|
1D249E5A000
|
unkown
|
page read and write
|
|
|
|
C606FF000
|
unkown
|
page read and write
|
|
|
|
7FF5E386E000
|
unkown
|
page readonly
|
|
|
|
1CE56113000
|
unkown
|
page read and write
|
|
|
|
7FF5E38BD000
|
unkown
|
page readonly
|
|
|
|
1CE55FC0000
|
unkown
|
page readonly
|
|
|
|
7FF51D0A4000
|
unkown
|
page readonly
|
|
|
|
7FF5E38DC000
|
unkown
|
page readonly
|
|
|
|
1D249E5B000
|
unkown
|
page read and write
|
|
|
|
44EBDFB000
|
unkown
|
page read and write
|
|
|
|
C604FE000
|
unkown
|
page read and write
|
|
|
|
1CE55EE0000
|
unkown
|
page readonly
|
|
|
|
7FF51CD00000
|
unkown
|
page readonly
|
|
|
|
44EB99E000
|
unkown
|
page read and write
|
|
|
|
C607FF000
|
unkown
|
page read and write
|
|
|
|
1D249E81000
|
unkown
|
page read and write
|
|
|
|
7FF5E39C4000
|
unkown
|
page readonly
|
|
|
|
1D249E29000
|
unkown
|
page read and write
|
|
|
|
7FF51CF91000
|
unkown
|
page readonly
|
|
|
|
7FF51CFE3000
|
unkown
|
page readonly
|
|
|
|
1D249E5E000
|
unkown
|
page read and write
|
|
|
|
1CE5605D000
|
unkown
|
page read and write
|
|
|
|
7FF5E399F000
|
unkown
|
page readonly
|
|
|
|
1CE55E10000
|
unkown
|
page readonly
|
|
|
|
7FF5E3987000
|
unkown
|
page readonly
|
|
There are 130 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://accounts.google.com/signin/v2/identifier?service=feedburner&continue=https%3A%2F%2Ffeedburner.google.com%2Ffb%2Fa%2Fmyfeeds&gsessionid=77y3LeSuyUIpV-kh6eqVNsOZy6TmR1kNF_JnmINRIuE&flowName=GlifWebSignIn&flowEntry=ServiceLogin
|
|
|
|
http://feedproxy.google.com/~r/uvdobo/~3/eoiawoh0hcy/spelled.php
|
|