Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://sites.google(dot)com/view/settlements213/home
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F529691C-D3BF-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F529691E-D3BF-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F529691F-D3BF-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\down[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF27BF5AC1CCEFB8D5.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF511CF6694F723CC1.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF680295EA62D7A067.TMP
|
data
|
dropped
|
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5624 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://sites.google(dot)com/view/settlements213/homeRoot
|
unknown
|
|
|
|
https://sites.google(dot)com/view/settlements213/home
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{F529691C-D3BF-11EB-90E4-ECF4BB862DED}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
AdminActive
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29A04C68000
|
unkown
|
page read and write
|
|
|
|
7FF525C37000
|
unkown
|
page readonly
|
|
|
|
7FF525C92000
|
unkown
|
page readonly
|
|
|
|
7FF5578CC000
|
unkown
|
page readonly
|
|
|
|
1FF74602000
|
unkown
|
page read and write
|
|
|
|
7FF525D89000
|
unkown
|
page readonly
|
|
|
|
EC5EFF7000
|
unkown
|
page read and write
|
|
|
|
1FF7463C000
|
unkown
|
page read and write
|
|
|
|
7FF5578E7000
|
unkown
|
page readonly
|
|
|
|
EC5F2FF000
|
unkown
|
page read and write
|
|
|
|
29A04D02000
|
unkown
|
page read and write
|
|
|
|
7FF5259E4000
|
unkown
|
page readonly
|
|
|
|
1FF7464B000
|
unkown
|
page read and write
|
|
|
|
7FF525CED000
|
unkown
|
page readonly
|
|
|
|
7FF557852000
|
unkown
|
page readonly
|
|
|
|
29A04C6A000
|
unkown
|
page read and write
|
|
|
|
1FF74650000
|
unkown
|
page read and write
|
|
|
|
F3B854B000
|
unkown
|
page read and write
|
|
|
|
7FF525B93000
|
unkown
|
page readonly
|
|
|
|
7FF525D7E000
|
unkown
|
page readonly
|
|
|
|
1FF74C70000
|
unkown
|
page readonly
|
|
|
|
EC5E98B000
|
unkown
|
page read and write
|
|
|
|
7FF525CFC000
|
unkown
|
page readonly
|
|
|
|
7FF525D20000
|
unkown
|
page readonly
|
|
|
|
7FF525C5A000
|
unkown
|
page readonly
|
|
|
|
7FF557738000
|
unkown
|
page readonly
|
|
|
|
EC5EEFB000
|
unkown
|
page read and write
|
|
|
|
7FF525B97000
|
unkown
|
page readonly
|
|
|
|
7FF5578E0000
|
unkown
|
page readonly
|
|
|
|
EC5EC7E000
|
unkown
|
page read and write
|
|
|
|
1FF74708000
|
unkown
|
page read and write
|
|
|
|
7FF55775D000
|
unkown
|
page readonly
|
|
|
|
7FF557787000
|
unkown
|
page readonly
|
|
|
|
29A04C68000
|
unkown
|
page read and write
|
|
|
|
EC5ECFF000
|
unkown
|
page read and write
|
|
|
|
7FF55787E000
|
unkown
|
page readonly
|
|
|
|
7FF525C98000
|
unkown
|
page readonly
|
|
|
|
7FF525D06000
|
unkown
|
page readonly
|
|
|
|
7FF525D24000
|
unkown
|
page readonly
|
|
|
|
7FF557856000
|
unkown
|
page readonly
|
|
|
|
1FF74460000
|
heap private
|
page read and write
|
|
|
|
29A04C6A000
|
unkown
|
page read and write
|
|
|
|
7FF55788F000
|
unkown
|
page readonly
|
|
|
|
7FF5571AC000
|
unkown
|
page readonly
|
|
|
|
7FF557858000
|
unkown
|
page readonly
|
|
|
|
29A04C68000
|
unkown
|
page read and write
|
|
|
|
F3B88FA000
|
unkown
|
page read and write
|
|
|
|
29A04C70000
|
unkown
|
page read and write
|
|
|
|
29A04C00000
|
unkown
|
page read and write
|
|
|
|
7FF557941000
|
unkown
|
page readonly
|
|
|
|
7FF5578D5000
|
unkown
|
page readonly
|
|
|
|
7FF557440000
|
unkown
|
page readonly
|
|
|
|
1FF74671000
|
unkown
|
page read and write
|
|
|
|
7FF55766A000
|
unkown
|
page readonly
|
|
|
|
29A06670000
|
unkown
|
page read and write
|
|
|
|
1FF7464F000
|
unkown
|
page read and write
|
|
|
|
29A04ED0000
|
unkown
|
page readonly
|
|
|
|
F3B85CF000
|
unkown
|
page read and write
|
|
|
|
7FF525CAA000
|
unkown
|
page readonly
|
|
|
|
29A04B20000
|
heap private
|
page read and write
|
|
|
|
1FF7464D000
|
unkown
|
page read and write
|
|
|
|
7FF557949000
|
unkown
|
page readonly
|
|
|
|
7FF525CF6000
|
unkown
|
page readonly
|
|
|
|
29A04C13000
|
unkown
|
page read and write
|
|
|
|
7FF55793E000
|
unkown
|
page readonly
|
|
|
|
7FF5578E4000
|
unkown
|
page readonly
|
|
|
|
1FF74E02000
|
unkown
|
page read and write
|
|
|
|
F3B89FE000
|
unkown
|
page read and write
|
|
|
|
7FF55786A000
|
unkown
|
page readonly
|
|
|
|
7FF525ADA000
|
unkown
|
page readonly
|
|
|
|
7FF5578C6000
|
unkown
|
page readonly
|
|
|
|
1FF75000000
|
unkown
|
page readonly
|
|
|
|
7FF525D17000
|
unkown
|
page readonly
|
|
|
|
29A04C29000
|
unkown
|
page read and write
|
|
|
|
EC5F0FD000
|
unkown
|
page read and write
|
|
|
|
1FF74629000
|
unkown
|
page read and write
|
|
|
|
7FF525AF0000
|
unkown
|
page readonly
|
|
|
|
29A04BE0000
|
unkown
|
page readonly
|
|
|
|
7FF525D81000
|
unkown
|
page readonly
|
|
|
|
7FF557840000
|
unkown
|
page readonly
|
|
|
|
29A04B80000
|
heap default
|
page read and write
|
|
|
|
7FF525A45000
|
unkown
|
page readonly
|
|
|
|
29A04C02000
|
unkown
|
page read and write
|
|
|
|
7FF5578BC000
|
unkown
|
page readonly
|
|
|
|
7FF525B78000
|
unkown
|
page readonly
|
|
|
|
7FF557949000
|
unkown
|
page readonly
|
|
|
|
7FF55743A000
|
unkown
|
page readonly
|
|
|
|
1FF745A0000
|
unkown
|
page readonly
|
|
|
|
29A04C6A000
|
unkown
|
page read and write
|
|
|
|
7FF55771A000
|
unkown
|
page readonly
|
|
|
|
1FF74613000
|
unkown
|
page read and write
|
|
|
|
29A04C6A000
|
unkown
|
page read and write
|
|
|
|
7FF525C96000
|
unkown
|
page readonly
|
|
|
|
29A04D13000
|
unkown
|
page read and write
|
|
|
|
29A04D00000
|
unkown
|
page read and write
|
|
|
|
7FF5576CF000
|
unkown
|
page readonly
|
|
|
|
F3B887E000
|
unkown
|
page read and write
|
|
|
|
F3B8A7F000
|
unkown
|
page read and write
|
|
|
|
7FF525CBE000
|
unkown
|
page readonly
|
|
|
|
1FF7466A000
|
unkown
|
page read and write
|
|
|
|
29A04B90000
|
unkown
|
page write copy
|
|
|
|
7FF525D27000
|
unkown
|
page readonly
|
|
|
|
7FF5259F3000
|
unkown
|
page readonly
|
|
|
|
29A04C3F000
|
unkown
|
page read and write
|
|
|
|
7FF5259C4000
|
unkown
|
page readonly
|
|
|
|
29A04C68000
|
unkown
|
page read and write
|
|
|
|
7FF525A50000
|
unkown
|
page readonly
|
|
|
|
7FF5259C8000
|
unkown
|
page readonly
|
|
|
|
1FF74713000
|
unkown
|
page read and write
|
|
|
|
7FF5578B6000
|
unkown
|
page readonly
|
|
|
|
7FF525C9A000
|
unkown
|
page readonly
|
|
|
|
7FF557899000
|
unkown
|
page readonly
|
|
|
|
F3B8979000
|
unkown
|
page read and write
|
|
|
|
7FF525D0C000
|
unkown
|
page readonly
|
|
|
|
7FF557781000
|
unkown
|
page readonly
|
|
|
|
1FF74652000
|
unkown
|
page read and write
|
|
|
|
29A04C68000
|
unkown
|
page read and write
|
|
|
|
7FF557842000
|
unkown
|
page readonly
|
|
|
|
7FF5577BC000
|
unkown
|
page readonly
|
|
|
|
1FF745B0000
|
unkown
|
page readonly
|
|
|
|
1FF74800000
|
unkown
|
page readonly
|
|
|
|
1FF744D0000
|
unkown
|
page readonly
|
|
|
|
7FF557450000
|
unkown
|
page readonly
|
|
|
|
7FF557753000
|
unkown
|
page readonly
|
|
|
|
7FF525CCF000
|
unkown
|
page readonly
|
|
|
|
7FF557580000
|
unkown
|
page readonly
|
|
|
|
7FF525C5C000
|
unkown
|
page readonly
|
|
|
|
1FF74702000
|
unkown
|
page read and write
|
|
|
|
7FF55770E000
|
unkown
|
page readonly
|
|
|
|
1FF7468A000
|
unkown
|
page read and write
|
|
|
|
1FF744C0000
|
heap default
|
page read and write
|
|
|
|
7FF5259F7000
|
unkown
|
page readonly
|
|
|
|
7FF525D89000
|
unkown
|
page readonly
|
|
|
|
29A06770000
|
unkown
|
page readonly
|
|
|
|
7FF525C41000
|
unkown
|
page readonly
|
|
|
|
29A04E00000
|
unkown
|
page readonly
|
|
|
|
1FF74700000
|
unkown
|
page read and write
|
|
|
|
7FF525CC5000
|
unkown
|
page readonly
|
|
|
|
EC5F1FF000
|
unkown
|
page read and write
|
|
|
|
1FF7466A000
|
unkown
|
page read and write
|
|
|
|
29A04C52000
|
unkown
|
page read and write
|
|
|
|
7FF525CD9000
|
unkown
|
page readonly
|
|
|
|
1FF745C0000
|
unkown
|
page read and write
|
|
|
|
1FF74600000
|
unkown
|
page read and write
|
|
|
|
7FF557885000
|
unkown
|
page readonly
|
|
|
|
7FF525C3A000
|
unkown
|
page readonly
|
|
|
|
7FF5578AD000
|
unkown
|
page readonly
|
|
There are 137 hidden memdumps, click here to show them.