Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\2717b024-f983-4a41-b4b1-eda0a7b69cd8.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\kb641812-filter-pack-2024-1.dat (copy)
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\kb641812-filter-pack-2024-1.dat.crdownload (copy)
|
ASCII text, with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 48
|
HTML document, ASCII text, with very long lines (21826)
|
downloaded
|
||
|
Chrome Cache Entry: 49
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2204,i,23263598249044838,12302988858141818051,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ofu.blob.core.windows.net/ofu/f.html?f_pp=esosolutions"
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ofu.blob.core.windows.net/ofu/f.html?f_pp=esosolutions
|
|||
|
https://outlook.office.com/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
142.250.185.228
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.185.228
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.7
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2DC0D790000
|
heap
|
page read and write
|
||
|
2DC0F80D000
|
heap
|
page read and write
|
||
|
2DC12034000
|
heap
|
page read and write
|
||
|
2DC0F812000
|
heap
|
page read and write
|
||
|
2DC0F91D000
|
heap
|
page read and write
|
||
|
2DC142E0000
|
heap
|
page read and write
|
||
|
2DC0F979000
|
heap
|
page read and write
|
||
|
2DC0F81A000
|
heap
|
page read and write
|
||
|
2DC0F7FF000
|
heap
|
page read and write
|
||
|
2DC0D8AE000
|
heap
|
page read and write
|
||
|
2DC0F804000
|
heap
|
page read and write
|
||
|
2DC0D8B6000
|
heap
|
page read and write
|
||
|
2DC0F81A000
|
heap
|
page read and write
|
||
|
F4086FF000
|
stack
|
page read and write
|
||
|
F408277000
|
stack
|
page read and write
|
||
|
2DC0F81E000
|
heap
|
page read and write
|
||
|
2DC0F81E000
|
heap
|
page read and write
|
||
|
2DC11A20000
|
trusted library allocation
|
page read and write
|
||
|
2DC0F9CA000
|
heap
|
page read and write
|
||
|
2DC1203E000
|
heap
|
page read and write
|
||
|
2DC0F82A000
|
heap
|
page read and write
|
||
|
2DC0F8EA000
|
heap
|
page read and write
|
||
|
2DC0F822000
|
heap
|
page read and write
|
||
|
2DC0F80D000
|
heap
|
page read and write
|
||
|
2DC0F904000
|
heap
|
page read and write
|
||
|
2DC0D7D0000
|
heap
|
page read and write
|
||
|
2DC0D91D000
|
heap
|
page read and write
|
||
|
2DC0F8DD000
|
heap
|
page read and write
|
||
|
2DC0F822000
|
heap
|
page read and write
|
||
|
2DC0F81F000
|
heap
|
page read and write
|
||
|
2DC0F925000
|
heap
|
page read and write
|
||
|
2DC0F812000
|
heap
|
page read and write
|
||
|
2DC0F8F2000
|
heap
|
page read and write
|
||
|
2DC1206E000
|
heap
|
page read and write
|
||
|
2DC0F9AA000
|
heap
|
page read and write
|
||
|
2DC0F80E000
|
heap
|
page read and write
|
||
|
2DC0F81E000
|
heap
|
page read and write
|
||
|
2DC0F804000
|
heap
|
page read and write
|
||
|
2DC0F1E0000
|
heap
|
page read and write
|
||
|
F40877B000
|
stack
|
page read and write
|
||
|
2DC12010000
|
heap
|
page read and write
|
||
|
2DC0D8AB000
|
heap
|
page read and write
|
||
|
2DC0F822000
|
heap
|
page read and write
|
||
|
2DC0F8D0000
|
heap
|
page read and write
|
||
|
2DC12450000
|
heap
|
page read and write
|
||
|
2DC0F80E000
|
heap
|
page read and write
|
||
|
2DC0F822000
|
heap
|
page read and write
|
||
|
2DC0F82A000
|
heap
|
page read and write
|
||
|
2DC12032000
|
heap
|
page read and write
|
||
|
F4083FF000
|
stack
|
page read and write
|
||
|
2DC0F81A000
|
heap
|
page read and write
|
||
|
2DC0F97D000
|
heap
|
page read and write
|
||
|
2DC0F816000
|
heap
|
page read and write
|
||
|
2DC0F816000
|
heap
|
page read and write
|
||
|
F40867D000
|
stack
|
page read and write
|
||
|
2DC0F816000
|
heap
|
page read and write
|
||
|
2DC0F7FF000
|
heap
|
page read and write
|
||
|
2DC0F804000
|
heap
|
page read and write
|
||
|
2DC0F8FC000
|
heap
|
page read and write
|
||
|
2DC0F822000
|
heap
|
page read and write
|
||
|
2DC0F816000
|
heap
|
page read and write
|
||
|
2DC0F81E000
|
heap
|
page read and write
|
||
|
2DC0F8F0000
|
heap
|
page read and write
|
||
|
2DC0F8E0000
|
heap
|
page read and write
|
||
|
2DC0F801000
|
heap
|
page read and write
|
||
|
2DC0F8F4000
|
heap
|
page read and write
|
||
|
2DC0D820000
|
heap
|
page read and write
|
||
|
F4082FF000
|
stack
|
page read and write
|
||
|
2DC0F81E000
|
heap
|
page read and write
|
||
|
2DC0F81A000
|
heap
|
page read and write
|
||
|
2DC0D828000
|
heap
|
page read and write
|
||
|
2DC0F8FE000
|
heap
|
page read and write
|
||
|
2DC0F7FB000
|
heap
|
page read and write
|
||
|
2DC0F82A000
|
heap
|
page read and write
|
||
|
2DC0F7D0000
|
heap
|
page read and write
|
||
|
2DC0F98A000
|
heap
|
page read and write
|
||
|
2DC0F801000
|
heap
|
page read and write
|
||
|
2DC0F92E000
|
heap
|
page read and write
|
||
|
2DC0F225000
|
heap
|
page read and write
|
||
|
2DC12460000
|
trusted library section
|
page readonly
|
||
|
F4085FE000
|
stack
|
page read and write
|
||
|
2DC0F996000
|
heap
|
page read and write
|
||
|
2DC0F7E0000
|
heap
|
page read and write
|
||
|
2DC0D830000
|
heap
|
page read and write
|
||
|
2DC0F8E8000
|
heap
|
page read and write
|
||
|
2DC0F980000
|
heap
|
page read and write
|
||
|
2DC0F816000
|
heap
|
page read and write
|
||
|
F40837E000
|
stack
|
page read and write
|
||
|
F40847B000
|
stack
|
page read and write
|
||
|
2DC0F804000
|
heap
|
page read and write
|
||
|
2DC0F812000
|
heap
|
page read and write
|
||
|
2DC0D890000
|
heap
|
page read and write
|
||
|
F4084FE000
|
stack
|
page read and write
|
||
|
2DC0F81A000
|
heap
|
page read and write
|
||
|
2DC0F812000
|
heap
|
page read and write
|
||
|
2DC0F220000
|
heap
|
page read and write
|
||
|
2DC0F82A000
|
heap
|
page read and write
|
||
|
2DC0F812000
|
heap
|
page read and write
|
||
|
F40857B000
|
stack
|
page read and write
|
||
|
2DC0D780000
|
heap
|
page read and write
|
||
|
2DC0F80E000
|
heap
|
page read and write
|
||
|
F4087FF000
|
stack
|
page read and write
|
There are 92 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://ofu.blob.core.windows.net/ofu/f.html?f_pp=esosolutions
|