Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:06:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:06:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:06:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:06:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:06:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\segoeui-light.woff2 (copy)
|
Web Open Font Format (Version 2), TrueType, length 28740, version 0.0
|
dropped
|
||
|
C:\Users\user\Downloads\segoeui-light.woff2.crdownload
|
Web Open Font Format (Version 2), TrueType, length 28740, version 0.0
|
dropped
|
||
|
Chrome Cache Entry: 65
|
Web Open Font Format (Version 2), TrueType, length 28740, version 0.0
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1892,i,13164569031032215832,12959837454332518080,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff2"
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
142.250.186.164
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
static2.sharepointonline.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.8
|
unknown
|
unknown
|
||
|
142.250.186.164
|
www.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22E8898F000
|
heap
|
page read and write
|
||
|
22E88836000
|
heap
|
page read and write
|
||
|
22E8899E000
|
heap
|
page read and write
|
||
|
22E88929000
|
heap
|
page read and write
|
||
|
22E88821000
|
heap
|
page read and write
|
||
|
22E889EB000
|
heap
|
page read and write
|
||
|
22E888F6000
|
heap
|
page read and write
|
||
|
22E8883A000
|
heap
|
page read and write
|
||
|
22E8B150000
|
heap
|
page read and write
|
||
|
22E8D2A2000
|
trusted library allocation
|
page read and write
|
||
|
22E88832000
|
heap
|
page read and write
|
||
|
22E888FD000
|
heap
|
page read and write
|
||
|
22E868B0000
|
heap
|
page read and write
|
||
|
22E88918000
|
heap
|
page read and write
|
||
|
22E88836000
|
heap
|
page read and write
|
||
|
22E8882E000
|
heap
|
page read and write
|
||
|
6C7B166000
|
stack
|
page read and write
|
||
|
22E8AA40000
|
trusted library allocation
|
page read and write
|
||
|
6C7B77D000
|
stack
|
page read and write
|
||
|
6C7B87B000
|
stack
|
page read and write
|
||
|
22E889B8000
|
heap
|
page read and write
|
||
|
22E88842000
|
heap
|
page read and write
|
||
|
22E88836000
|
heap
|
page read and write
|
||
|
22E88932000
|
heap
|
page read and write
|
||
|
22E889A3000
|
heap
|
page read and write
|
||
|
22E8884E000
|
heap
|
page read and write
|
||
|
22E8883E000
|
heap
|
page read and write
|
||
|
22E8693B000
|
heap
|
page read and write
|
||
|
6C7B57E000
|
stack
|
page read and write
|
||
|
22E88998000
|
heap
|
page read and write
|
||
|
22E889BE000
|
heap
|
page read and write
|
||
|
22E88914000
|
heap
|
page read and write
|
||
|
22E889BE000
|
heap
|
page read and write
|
||
|
22E88832000
|
heap
|
page read and write
|
||
|
22E8885A000
|
heap
|
page read and write
|
||
|
22E8881F000
|
heap
|
page read and write
|
||
|
22E8881B000
|
heap
|
page read and write
|
||
|
22E8883B000
|
heap
|
page read and write
|
||
|
22E86941000
|
heap
|
page read and write
|
||
|
6C7B5FC000
|
stack
|
page read and write
|
||
|
6C7B47E000
|
stack
|
page read and write
|
||
|
22E8884F000
|
heap
|
page read and write
|
||
|
6C7B6FE000
|
stack
|
page read and write
|
||
|
22E8B15E000
|
heap
|
page read and write
|
||
|
22E889B8000
|
heap
|
page read and write
|
||
|
22E8897A000
|
heap
|
page read and write
|
||
|
22E8881F000
|
heap
|
page read and write
|
||
|
22E8890B000
|
heap
|
page read and write
|
||
|
22E8882E000
|
heap
|
page read and write
|
||
|
22E8891C000
|
heap
|
page read and write
|
||
|
22E8B600000
|
heap
|
page read and write
|
||
|
22E8B030000
|
unkown
|
page readonly
|
||
|
22E88832000
|
heap
|
page read and write
|
||
|
22E8883E000
|
heap
|
page read and write
|
||
|
22E88800000
|
heap
|
page read and write
|
||
|
22E88850000
|
heap
|
page read and write
|
||
|
22E8883A000
|
heap
|
page read and write
|
||
|
22E88936000
|
heap
|
page read and write
|
||
|
22E88350000
|
heap
|
page read and write
|
||
|
22E8899E000
|
heap
|
page read and write
|
||
|
22E888F0000
|
heap
|
page read and write
|
||
|
22E86880000
|
heap
|
page read and write
|
||
|
22E88857000
|
heap
|
page read and write
|
||
|
22E889A3000
|
heap
|
page read and write
|
||
|
22E88824000
|
heap
|
page read and write
|
||
|
6C7B4FF000
|
stack
|
page read and write
|
||
|
22E889B8000
|
heap
|
page read and write
|
||
|
22E88842000
|
heap
|
page read and write
|
||
|
22E88920000
|
heap
|
page read and write
|
||
|
22E8882E000
|
heap
|
page read and write
|
||
|
22E889C4000
|
heap
|
page read and write
|
||
|
6C7B67B000
|
stack
|
page read and write
|
||
|
22E86937000
|
heap
|
page read and write
|
||
|
22E88821000
|
heap
|
page read and write
|
||
|
22E88824000
|
heap
|
page read and write
|
||
|
22E88842000
|
heap
|
page read and write
|
||
|
22E8883A000
|
heap
|
page read and write
|
||
|
22E8883A000
|
heap
|
page read and write
|
||
|
22E887F0000
|
heap
|
page read and write
|
||
|
22E8883E000
|
heap
|
page read and write
|
||
|
22E889A1000
|
heap
|
page read and write
|
||
|
22E88836000
|
heap
|
page read and write
|
||
|
22E8882D000
|
heap
|
page read and write
|
||
|
22E868B8000
|
heap
|
page read and write
|
||
|
22E88824000
|
heap
|
page read and write
|
||
|
22E8891A000
|
heap
|
page read and write
|
||
|
6C7B8FE000
|
stack
|
page read and write
|
||
|
22E88989000
|
heap
|
page read and write
|
||
|
22E88160000
|
heap
|
page read and write
|
||
|
22E88836000
|
heap
|
page read and write
|
||
|
22E88832000
|
heap
|
page read and write
|
||
|
22E8697E000
|
heap
|
page read and write
|
||
|
22E8883E000
|
heap
|
page read and write
|
||
|
22E88901000
|
heap
|
page read and write
|
||
|
6C7B1EE000
|
stack
|
page read and write
|
||
|
22E8D700000
|
heap
|
page read and write
|
||
|
22E8891E000
|
heap
|
page read and write
|
||
|
22E88986000
|
heap
|
page read and write
|
||
|
22E8897B000
|
heap
|
page read and write
|
||
|
22E867A0000
|
heap
|
page read and write
|
||
|
22E8883E000
|
heap
|
page read and write
|
||
|
22E88856000
|
heap
|
page read and write
|
||
|
22E8883A000
|
heap
|
page read and write
|
||
|
22E88824000
|
heap
|
page read and write
|
||
|
22E88998000
|
heap
|
page read and write
|
||
|
22E88832000
|
heap
|
page read and write
|
||
|
22E8885A000
|
heap
|
page read and write
|
||
|
22E8B159000
|
heap
|
page read and write
|
||
|
22E88260000
|
heap
|
page read and write
|
||
|
22E88265000
|
heap
|
page read and write
|
||
|
22E8B165000
|
heap
|
page read and write
|
||
|
22E8882D000
|
heap
|
page read and write
|
||
|
22E8B192000
|
heap
|
page read and write
|
||
|
22E8899E000
|
heap
|
page read and write
|
||
|
22E8B470000
|
trusted library section
|
page readonly
|
||
|
22E8691C000
|
heap
|
page read and write
|
||
|
22E88922000
|
heap
|
page read and write
|
||
|
22E88986000
|
heap
|
page read and write
|
||
|
22E8898F000
|
heap
|
page read and write
|
||
|
22E889D5000
|
heap
|
page read and write
|
||
|
22E88977000
|
heap
|
page read and write
|
||
|
6C7B7FE000
|
stack
|
page read and write
|
There are 112 hidden memdumps, click here to show them.