Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\450ef022-7f60-42ef-a806-accb0a7494da.tmp
|
M3U playlist, ASCII text
|
dropped
|
||
|
C:\Users\user\Downloads\live.m3u8 (copy)
|
M3U playlist, ASCII text
|
dropped
|
||
|
C:\Users\user\Downloads\live.m3u8.crdownload (copy)
|
M3U playlist, ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2004,i,16804323154904378785,499490639928123209,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://livevideo01.ktvb.com/hls/live/2014542/elvs/live.m3u8"
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
www.google.com
|
142.250.185.132
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
livevideo01.ktvb.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.186.68
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.185.132
|
www.google.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1BC2EF70000
|
heap
|
page read and write
|
||
|
1BC2F644000
|
heap
|
page read and write
|
||
|
1BC2F65E000
|
heap
|
page read and write
|
||
|
1BC32220000
|
trusted library section
|
page readonly
|
||
|
1BC2F7B0000
|
heap
|
page read and write
|
||
|
1BC2F635000
|
heap
|
page read and write
|
||
|
1BC2F649000
|
heap
|
page read and write
|
||
|
A7AA27E000
|
stack
|
page read and write
|
||
|
1BC2F63B000
|
heap
|
page read and write
|
||
|
1BC2F727000
|
heap
|
page read and write
|
||
|
1BC2F645000
|
heap
|
page read and write
|
||
|
A7AA4FD000
|
stack
|
page read and write
|
||
|
1BC2D71D000
|
heap
|
page read and write
|
||
|
1BC2F62F000
|
heap
|
page read and write
|
||
|
1BC31F45000
|
heap
|
page read and write
|
||
|
1BC32230000
|
trusted library allocation
|
page read and write
|
||
|
1BC2F645000
|
heap
|
page read and write
|
||
|
7DF4F8B21000
|
trusted library allocation
|
page execute read
|
||
|
1BC2F635000
|
heap
|
page read and write
|
||
|
1BC2F718000
|
heap
|
page read and write
|
||
|
1BC2F63E000
|
heap
|
page read and write
|
||
|
1BC2D698000
|
heap
|
page read and write
|
||
|
1BC2F78F000
|
heap
|
page read and write
|
||
|
1BC2F71B000
|
heap
|
page read and write
|
||
|
1BC2F700000
|
heap
|
page read and write
|
||
|
1BC2F63E000
|
heap
|
page read and write
|
||
|
1BC2F723000
|
heap
|
page read and write
|
||
|
1BC2F63A000
|
heap
|
page read and write
|
||
|
1BC2F652000
|
heap
|
page read and write
|
||
|
1BC2F72B000
|
heap
|
page read and write
|
||
|
1BC2F649000
|
heap
|
page read and write
|
||
|
A7AA57B000
|
stack
|
page read and write
|
||
|
A7AA47E000
|
stack
|
page read and write
|
||
|
1BC2F641000
|
heap
|
page read and write
|
||
|
1BC2F669000
|
heap
|
page read and write
|
||
|
1BC2F746000
|
heap
|
page read and write
|
||
|
1BC2F600000
|
heap
|
page read and write
|
||
|
A7AA1FE000
|
stack
|
page read and write
|
||
|
1BC2F64E000
|
heap
|
page read and write
|
||
|
1BC2F7BE000
|
heap
|
page read and write
|
||
|
A7AA07E000
|
stack
|
page read and write
|
||
|
1BC2F7A1000
|
heap
|
page read and write
|
||
|
1BC2F72D000
|
heap
|
page read and write
|
||
|
1BC2F63E000
|
heap
|
page read and write
|
||
|
1BC2F652000
|
heap
|
page read and write
|
||
|
1BC2F729000
|
heap
|
page read and write
|
||
|
1BC2F7CE000
|
heap
|
page read and write
|
||
|
1BC2F635000
|
heap
|
page read and write
|
||
|
1BC2F63A000
|
heap
|
page read and write
|
||
|
1BC31F13000
|
heap
|
page read and write
|
||
|
A7AA3FD000
|
stack
|
page read and write
|
||
|
A7AA0FE000
|
stack
|
page read and write
|
||
|
1BC2D5B0000
|
heap
|
page read and write
|
||
|
1BC2F7F3000
|
heap
|
page read and write
|
||
|
1BC344C0000
|
heap
|
page read and write
|
||
|
A7A9D36000
|
stack
|
page read and write
|
||
|
1BC2F63E000
|
heap
|
page read and write
|
||
|
1BC2F72F000
|
heap
|
page read and write
|
||
|
1BC2F62F000
|
heap
|
page read and write
|
||
|
1BC2F63E000
|
heap
|
page read and write
|
||
|
1BC34510000
|
heap
|
page readonly
|
||
|
1BC2F644000
|
heap
|
page read and write
|
||
|
1BC2D690000
|
heap
|
page read and write
|
||
|
1BC2D718000
|
heap
|
page read and write
|
||
|
1BC2F635000
|
heap
|
page read and write
|
||
|
1BC2D764000
|
heap
|
page read and write
|
||
|
1BC323B0000
|
heap
|
page read and write
|
||
|
1BC2F649000
|
heap
|
page read and write
|
||
|
1BC31F1A000
|
heap
|
page read and write
|
||
|
1BC2F649000
|
heap
|
page read and write
|
||
|
A7AA5FE000
|
stack
|
page read and write
|
||
|
1BC2F645000
|
heap
|
page read and write
|
||
|
1BC2F63A000
|
heap
|
page read and write
|
||
|
A7AA37E000
|
stack
|
page read and write
|
||
|
1BC2D6FE000
|
heap
|
page read and write
|
||
|
1BC2F64E000
|
heap
|
page read and write
|
||
|
1BC2F63A000
|
heap
|
page read and write
|
||
|
1BC2F665000
|
heap
|
page read and write
|
||
|
1BC2F085000
|
heap
|
page read and write
|
||
|
A7A9DBE000
|
stack
|
page read and write
|
||
|
1BC2F736000
|
heap
|
page read and write
|
||
|
1BC2F65D000
|
heap
|
page read and write
|
||
|
1BC2F610000
|
heap
|
page read and write
|
||
|
1BC2F62F000
|
heap
|
page read and write
|
||
|
1BC2F7EC000
|
heap
|
page read and write
|
||
|
1BC31850000
|
trusted library allocation
|
page read and write
|
||
|
1BC2F160000
|
heap
|
page read and write
|
||
|
1BC2F70B000
|
heap
|
page read and write
|
||
|
1BC2F740000
|
heap
|
page read and write
|
||
|
1BC2F669000
|
heap
|
page read and write
|
||
|
1BC2F7EA000
|
heap
|
page read and write
|
||
|
1BC2D790000
|
heap
|
page read and write
|
||
|
1BC2F7B7000
|
heap
|
page read and write
|
||
|
1BC2D722000
|
heap
|
page read and write
|
||
|
A7AA17B000
|
stack
|
page read and write
|
||
|
1BC2F7F7000
|
heap
|
page read and write
|
||
|
1BC2F666000
|
heap
|
page read and write
|
||
|
1BC31F10000
|
heap
|
page read and write
|
||
|
1BC2F786000
|
heap
|
page read and write
|
||
|
1BC2F649000
|
heap
|
page read and write
|
||
|
A7AA2FB000
|
stack
|
page read and write
|
||
|
1BC2F64E000
|
heap
|
page read and write
|
||
|
1BC2F64A000
|
heap
|
page read and write
|
||
|
1BC2F70F000
|
heap
|
page read and write
|
||
|
1BC2F080000
|
heap
|
page read and write
|
||
|
1BC34062000
|
trusted library allocation
|
page read and write
|
There are 96 hidden memdumps, click here to show them.