Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
http://bbowles@boohoffpa.com
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C1FA25A-D3C2-11EB-90E5-ECF4BB2D2496}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C1FA25C-D3C2-11EB-90E5-ECF4BB2D2496}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C1FA25E-D3C2-11EB-90E5-ECF4BB2D2496}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF00B808E4ADDA9C45.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF3919968C317FF79C.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF74150F8D4F32A3FF.TMP
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5908 CREDAT:17410 /prefetch:2
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5908 CREDAT:17414 /prefetch:2
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{2C1FA25A-D3C2-11EB-90E5-ECF4BB2D2496}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Window_Placement
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2255326B000
|
unkown
|
page read and write
|
|
|
|
1B25D600000
|
unkown
|
page readonly
|
|
|
|
7FF521F77000
|
unkown
|
page readonly
|
|
|
|
7FF5B95AE000
|
unkown
|
page readonly
|
|
|
|
7FF5B9567000
|
unkown
|
page readonly
|
|
|
|
7FF5B95C2000
|
unkown
|
page readonly
|
|
|
|
7FF5B936F000
|
unkown
|
page readonly
|
|
|
|
7FF5B95E7000
|
unkown
|
page readonly
|
|
|
|
1B25D340000
|
unkown
|
page readonly
|
|
|
|
7FF521CEF000
|
unkown
|
page readonly
|
|
|
|
1B25D402000
|
unkown
|
page read and write
|
|
|
|
9F4C7B000
|
unkown
|
page read and write
|
|
|
|
A0A89F9000
|
unkown
|
page read and write
|
|
|
|
22553300000
|
unkown
|
page read and write
|
|
|
|
22553269000
|
unkown
|
page read and write
|
|
|
|
A0A88FE000
|
unkown
|
page read and write
|
|
|
|
7FF521C45000
|
unkown
|
page readonly
|
|
|
|
9F4F7F000
|
unkown
|
page read and write
|
|
|
|
22553258000
|
unkown
|
page read and write
|
|
|
|
1B25D46A000
|
unkown
|
page read and write
|
|
|
|
1B25D43F000
|
unkown
|
page read and write
|
|
|
|
22553202000
|
unkown
|
page read and write
|
|
|
|
1B25D46E000
|
unkown
|
page read and write
|
|
|
|
7FF521D66000
|
unkown
|
page readonly
|
|
|
|
A0A85FB000
|
unkown
|
page read and write
|
|
|
|
1B25D46A000
|
unkown
|
page read and write
|
|
|
|
7FF521E47000
|
unkown
|
page readonly
|
|
|
|
7FF5B94A0000
|
unkown
|
page readonly
|
|
|
|
22553269000
|
unkown
|
page read and write
|
|
|
|
1B25EDA0000
|
unkown
|
page read and write
|
|
|
|
22553244000
|
unkown
|
page read and write
|
|
|
|
7FF5B95B6000
|
unkown
|
page readonly
|
|
|
|
7FF5B9365000
|
unkown
|
page readonly
|
|
|
|
A0A8979000
|
unkown
|
page read and write
|
|
|
|
7FF5B926A000
|
unkown
|
page readonly
|
|
|
|
7FF521B46000
|
unkown
|
page readonly
|
|
|
|
7FF521EB6000
|
unkown
|
page readonly
|
|
|
|
22554CA0000
|
unkown
|
page readonly
|
|
|
|
7FF5B9647000
|
unkown
|
page readonly
|
|
|
|
1B25D456000
|
unkown
|
page read and write
|
|
|
|
225530C0000
|
heap default
|
page read and write
|
|
|
|
2255326B000
|
unkown
|
page read and write
|
|
|
|
22553213000
|
unkown
|
page read and write
|
|
|
|
7FF5B8E87000
|
unkown
|
page readonly
|
|
|
|
7FF5B93BF000
|
unkown
|
page readonly
|
|
|
|
7FF521E8E000
|
unkown
|
page readonly
|
|
|
|
7FF5B95BA000
|
unkown
|
page readonly
|
|
|
|
7FF521F66000
|
unkown
|
page readonly
|
|
|
|
1B25D220000
|
unkown
|
page readonly
|
|
|
|
7FF521E9A000
|
unkown
|
page readonly
|
|
|
|
1B25D46A000
|
unkown
|
page read and write
|
|
|
|
7FF521F63000
|
unkown
|
page readonly
|
|
|
|
1B25D2F0000
|
unkown
|
page write copy
|
|
|
|
1B25D502000
|
unkown
|
page read and write
|
|
|
|
22553313000
|
unkown
|
page read and write
|
|
|
|
7FF5B959F000
|
unkown
|
page readonly
|
|
|
|
7FF5B9654000
|
unkown
|
page readonly
|
|
|
|
9F4E79000
|
unkown
|
page read and write
|
|
|
|
7FF5B9258000
|
unkown
|
page readonly
|
|
|
|
22553200000
|
unkown
|
page read and write
|
|
|
|
22553229000
|
unkown
|
page read and write
|
|
|
|
1B25D46A000
|
unkown
|
page read and write
|
|
|
|
7FF5B9486000
|
unkown
|
page readonly
|
|
|
|
7FF521E7F000
|
unkown
|
page readonly
|
|
|
|
7FF521F27000
|
unkown
|
page readonly
|
|
|
|
22554BA0000
|
unkown
|
page read and write
|
|
|
|
1B25D500000
|
unkown
|
page read and write
|
|
|
|
22553400000
|
unkown
|
page readonly
|
|
|
|
1B25D46A000
|
unkown
|
page read and write
|
|
|
|
7FF521EC9000
|
unkown
|
page readonly
|
|
|
|
1B25D1B0000
|
heap private
|
page read and write
|
|
|
|
7FF521EBD000
|
unkown
|
page readonly
|
|
|
|
9F4EFF000
|
unkown
|
page read and write
|
|
|
|
9F4CFE000
|
unkown
|
page read and write
|
|
|
|
7FF5B9545000
|
unkown
|
page readonly
|
|
|
|
7FF521F34000
|
unkown
|
page readonly
|
|
|
|
22553271000
|
unkown
|
page read and write
|
|
|
|
7FF5B95A3000
|
unkown
|
page readonly
|
|
|
|
7FF5B9547000
|
unkown
|
page readonly
|
|
|
|
7FF521E27000
|
unkown
|
page readonly
|
|
|
|
7FF5B940F000
|
unkown
|
page readonly
|
|
|
|
7FF5B9697000
|
unkown
|
page readonly
|
|
|
|
7FF5B9683000
|
unkown
|
page readonly
|
|
|
|
A0A8AFE000
|
unkown
|
page read and write
|
|
|
|
7FF521E25000
|
unkown
|
page readonly
|
|
|
|
1B25D46E000
|
unkown
|
page read and write
|
|
|
|
A0A8A7F000
|
unkown
|
page read and write
|
|
|
|
7FF521F2D000
|
unkown
|
page readonly
|
|
|
|
7FF521F4A000
|
unkown
|
page readonly
|
|
|
|
7FF521F77000
|
unkown
|
page readonly
|
|
|
|
7FF521D88000
|
unkown
|
page readonly
|
|
|
|
7FF5B95E9000
|
unkown
|
page readonly
|
|
|
|
22553271000
|
unkown
|
page read and write
|
|
|
|
2255326F000
|
unkown
|
page read and write
|
|
|
|
2255326B000
|
unkown
|
page read and write
|
|
|
|
7FF521E83000
|
unkown
|
page readonly
|
|
|
|
2255326B000
|
unkown
|
page read and write
|
|
|
|
2255326F000
|
unkown
|
page read and write
|
|
|
|
225531F0000
|
unkown
|
page readonly
|
|
|
|
7FF5B966A000
|
unkown
|
page readonly
|
|
|
|
7FF5B964D000
|
unkown
|
page readonly
|
|
|
|
A0A887E000
|
unkown
|
page read and write
|
|
|
|
2255326B000
|
unkown
|
page read and write
|
|
|
|
7FF5B965B000
|
unkown
|
page readonly
|
|
|
|
7FF5B9657000
|
unkown
|
page readonly
|
|
|
|
22553060000
|
heap private
|
page read and write
|
|
|
|
7FF521E96000
|
unkown
|
page readonly
|
|
|
|
22553271000
|
unkown
|
page read and write
|
|
|
|
7FF5B9692000
|
unkown
|
page readonly
|
|
|
|
7FF5B93BB000
|
unkown
|
page readonly
|
|
|
|
225531A0000
|
unkown
|
page write copy
|
|
|
|
7FF521F72000
|
unkown
|
page readonly
|
|
|
|
2255326F000
|
unkown
|
page read and write
|
|
|
|
7FF521767000
|
unkown
|
page readonly
|
|
|
|
2255326F000
|
unkown
|
page read and write
|
|
|
|
7FF5B95D6000
|
unkown
|
page readonly
|
|
|
|
9F4DFA000
|
unkown
|
page read and write
|
|
|
|
7FF521F37000
|
unkown
|
page readonly
|
|
|
|
1B25D429000
|
unkown
|
page read and write
|
|
|
|
1B25D400000
|
unkown
|
page read and write
|
|
|
|
22553269000
|
unkown
|
page read and write
|
|
|
|
7FF521D80000
|
unkown
|
page readonly
|
|
|
|
1B25D413000
|
unkown
|
page read and write
|
|
|
|
7FF5B95DD000
|
unkown
|
page readonly
|
|
|
|
7FF521C9B000
|
unkown
|
page readonly
|
|
|
|
7FF5B94A8000
|
unkown
|
page readonly
|
|
|
|
1B25EEA0000
|
unkown
|
page readonly
|
|
|
|
7FF521F24000
|
unkown
|
page readonly
|
|
|
|
7FF5B9644000
|
unkown
|
page readonly
|
|
|
|
9F4D7F000
|
unkown
|
page read and write
|
|
|
|
7FF5B9266000
|
unkown
|
page readonly
|
|
|
|
1B25D513000
|
unkown
|
page read and write
|
|
|
|
7FF5B9697000
|
unkown
|
page readonly
|
|
|
|
1B25D210000
|
heap default
|
page read and write
|
|
|
|
2255326F000
|
unkown
|
page read and write
|
|
|
|
7FF521EA2000
|
unkown
|
page readonly
|
|
|
|
7FF521B4A000
|
unkown
|
page readonly
|
|
|
|
22553302000
|
unkown
|
page read and write
|
|
|
|
7FF521C9F000
|
unkown
|
page readonly
|
|
|
|
7FF521C4F000
|
unkown
|
page readonly
|
|
|
|
7FF521EC7000
|
unkown
|
page readonly
|
|
|
|
7FF521B38000
|
unkown
|
page readonly
|
|
|
|
1B25D46A000
|
unkown
|
page read and write
|
|
|
|
225530D0000
|
unkown
|
page readonly
|
|
|
|
7FF521F3B000
|
unkown
|
page readonly
|
|
|
|
2255326B000
|
unkown
|
page read and write
|
|
|
|
2255326D000
|
unkown
|
page read and write
|
|
|
|
7FF5B9686000
|
unkown
|
page readonly
|
|
There are 138 hidden memdumps, click here to show them.