Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
http://3c4e7b.zgmwgzfzdwxnrfq.com
|
URL
|
initial url
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8A846DAC-D3C0-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A846DAE-D3C0-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A846DAF-D3C0-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\XjWJv9LQfx407iOuFqfg52ImSSTEQJORsxDRpBL3wWM[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ads[1].htm
|
HTML document, UTF-8 Unicode text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css
|
ASCII text
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pxiByp8kv8JHgFVrLDz8Z1xlEw[1].woff
|
Web Open Font Format, TrueType, length 10504, version 1.1
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\caf[1].js
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css
|
ASCII text
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\js3caf[1].js
|
ASCII text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\search[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\style[1].css
|
ASCII text
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\style[2].css
|
ASCII text
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chevron[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\css[1].css
|
ASCII text
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\webfont[1].js
|
ASCII text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\-nF8OGQ1-uoVr2wK-iLT8A[1].woff
|
Web Open Font Format, TrueType, length 12396, version 1.1
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\C4004G0V.htm
|
HTML document, ASCII text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\arrows[1].png
|
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\caf[1].js
|
ASCII text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\pxiEyp8kv8JHgFVrJJfedA[1].woff
|
Web Open Font Format, TrueType, length 10536, version 1.1
|
downloaded
|
||
C:\Users\user\AppData\Local\Temp\~DF0EAA380694CF522F.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DF69E7BBDB605ADC19.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DF72E20344339451D6.TMP
|
data
|
dropped
|
There are 15 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
||
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4580 CREDAT:17410 /prefetch:2
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://pr.cremationservicesnewusanet.com/%253Fbackfill%253D0%2526KW1%253DCremation%252BCost%2526KW2
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
https://pr.cremationservicesnewusanet.com/?backfill=0&KW1=Cremation
|
unknown
|
||
https://use.typekit.net
|
unknown
|
||
https://parking-crew.com/track.
|
unknown
|
||
http://3c4e7b.zgmwgzfzdwxnrfq.com/
|
13.224.193.70
|
||
http://parkingcrew.net/assets
|
unknown
|
||
https://attestation.android.com
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
dk8g5exin21my.cloudfront.net
|
13.224.193.70
|
||
pr.cremationservicesnewusanet.com
|
185.53.179.91
|
||
d1lxhc4jvstzrp.cloudfront.net
|
13.224.194.160
|
||
googlehosted.l.googleusercontent.com
|
216.58.212.161
|
||
afs.googleusercontent.com
|
unknown
|
||
3c4e7b.zgmwgzfzdwxnrfq.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
13.224.194.160
|
d1lxhc4jvstzrp.cloudfront.net
|
United States
|
||
185.53.179.91
|
pr.cremationservicesnewusanet.com
|
Germany
|
||
13.224.193.70
|
dk8g5exin21my.cloudfront.net
|
United States
|
||
216.58.212.161
|
googlehosted.l.googleusercontent.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
C:\Program Files\internet explorer\iexplore.exe
|
{8A846DAC-D3C0-11EB-90E4-ECF4BB862DED}
|
||
C:\Program Files\internet explorer\iexplore.exe
|
AdminActive
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Type
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Flags
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
There are 14 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1D227A00000
|
unkown
|
page readonly
|
||
1D227EA0000
|
unkown
|
page readonly
|
||
1D227902000
|
unkown
|
page read and write
|
||
7FF54B8DC000
|
unkown
|
page readonly
|
||
1D22783C000
|
unkown
|
page read and write
|
||
7FF54B8A1000
|
unkown
|
page readonly
|
||
7FF54B560000
|
unkown
|
page readonly
|
||
1D228200000
|
unkown
|
page readonly
|
||
7FF54B8A7000
|
unkown
|
page readonly
|
||
1D22784E000
|
unkown
|
page read and write
|
||
7FF54BA00000
|
unkown
|
page readonly
|
||
B4984FE000
|
unkown
|
page read and write
|
||
1D227700000
|
unkown
|
page readonly
|
||
7FF54B9D6000
|
unkown
|
page readonly
|
||
1D227800000
|
unkown
|
page read and write
|
||
B4987FF000
|
unkown
|
page read and write
|
||
7FF54B9CD000
|
unkown
|
page readonly
|
||
7FF54B978000
|
unkown
|
page readonly
|
||
7FF54B858000
|
unkown
|
page readonly
|
||
7FF54B78A000
|
unkown
|
page readonly
|
||
1D2277D0000
|
unkown
|
page readonly
|
||
B4985F7000
|
unkown
|
page read and write
|
||
7FF54B570000
|
unkown
|
page readonly
|
||
B497FBE000
|
unkown
|
page read and write
|
||
7FF54B87D000
|
unkown
|
page readonly
|
||
7FF54B98A000
|
unkown
|
page readonly
|
||
7FF54B976000
|
unkown
|
page readonly
|
||
1D227813000
|
unkown
|
page read and write
|
||
1D228002000
|
unkown
|
page read and write
|
||
7FF54BA69000
|
unkown
|
page readonly
|
||
7FF54B55A000
|
unkown
|
page readonly
|
||
B497F3C000
|
unkown
|
page read and write
|
||
7FF54B82E000
|
unkown
|
page readonly
|
||
7FF54B9A5000
|
unkown
|
page readonly
|
||
1D227802000
|
unkown
|
page read and write
|
||
7FF54B9AF000
|
unkown
|
page readonly
|
||
B49847B000
|
unkown
|
page read and write
|
||
7FF54B7EF000
|
unkown
|
page readonly
|
||
B49827E000
|
unkown
|
page read and write
|
||
7FF54BA69000
|
unkown
|
page readonly
|
||
7FF54B962000
|
unkown
|
page readonly
|
||
1D227690000
|
heap private
|
page read and write
|
||
1D22782A000
|
unkown
|
page read and write
|
||
7FF54B9EC000
|
unkown
|
page readonly
|
||
7FF54BA61000
|
unkown
|
page readonly
|
||
1D2277E0000
|
unkown
|
page readonly
|
||
7FF54B9E6000
|
unkown
|
page readonly
|
||
7FF54B9DC000
|
unkown
|
page readonly
|
||
1D227913000
|
unkown
|
page read and write
|
||
7FF54B873000
|
unkown
|
page readonly
|
||
1D227854000
|
unkown
|
page read and write
|
||
7FF54B972000
|
unkown
|
page readonly
|
||
1D2276F0000
|
heap default
|
page read and write
|
||
7FF54B960000
|
unkown
|
page readonly
|
||
7FF54B9B9000
|
unkown
|
page readonly
|
||
1D227908000
|
unkown
|
page read and write
|
||
B4986FE000
|
unkown
|
page read and write
|
||
7FF54B99E000
|
unkown
|
page readonly
|
||
1D227882000
|
unkown
|
page read and write
|
||
1D227871000
|
unkown
|
page read and write
|
||
7FF54BA5E000
|
unkown
|
page readonly
|
||
7FF54BA07000
|
unkown
|
page readonly
|
||
7FF54BA04000
|
unkown
|
page readonly
|
||
7FF54B83A000
|
unkown
|
page readonly
|
||
7FF54B9F5000
|
unkown
|
page readonly
|
||
1D2277F0000
|
unkown
|
page read and write
|
There are 56 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://pr.cremationservicesnewusanet.com/?backfill=0&KW1=Cremation+Cost&KW2=Cremation+Without+A+Funeral&KW3=Inexpensive+Cremation&KW4=Prepaid+Cremation+Plans&KW5=Cremation+Services+Near+Me&KW6=Affordable+Burial+%26+Cremation+Service&domainname=0&searchbox=0&subid1=7e06d0f70b5db364b643d21345d1260a986e6860ce7304569bc041b0a5aeb045&track_id=7e06d0f70b5db364b643d21345d1260a986e6860ce7304569bc041b0a5aeb045&kcoptimize=1&theme=DoriPlus
|