Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\Business and Financial Details.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\hqgca3jy.h0w\Business and Financial Details\Building Plan and Property details.pdf.htm
|
HTML document, ASCII text, with very long lines (65472), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\4b514cdd-6afc-448e-ba26-f053fa21258d.tmp
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\Downloads\Business and Financial Details.zip.crdownload
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
Chrome Cache Entry: 59
|
HTML document, Unicode text, UTF-8 text, with very long lines (11384)
|
downloaded
|
||
|
Chrome Cache Entry: 60
|
ASCII text, with very long lines (44061), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 61
|
Unicode text, UTF-8 text, with very long lines (65322), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 62
|
Web Open Font Format, TrueType, length 14192, version 1.1
|
downloaded
|
||
|
Chrome Cache Entry: 63
|
Unicode text, UTF-8 text, with very long lines (65406)
|
downloaded
|
||
|
Chrome Cache Entry: 64
|
ASCII text, with very long lines (44061), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 65
|
MS Windows icon resource - 8 icons, 16x16, 8 bits/pixel, 24x24, 8 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 66
|
Unicode text, UTF-8 text, with very long lines (65406)
|
dropped
|
||
|
Chrome Cache Entry: 67
|
Web Open Font Format, TrueType, length 14344, version 1.1
|
downloaded
|
||
|
Chrome Cache Entry: 68
|
ASCII text, with very long lines (2863)
|
dropped
|
||
|
Chrome Cache Entry: 69
|
Unicode text, UTF-8 text, with very long lines (38299)
|
downloaded
|
||
|
Chrome Cache Entry: 70
|
MS Windows icon resource - 8 icons, 16x16, 8 bits/pixel, 24x24, 8 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 71
|
Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280
|
downloaded
|
||
|
Chrome Cache Entry: 72
|
ASCII text, with very long lines (2863)
|
downloaded
|
||
|
Chrome Cache Entry: 73
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 74
|
Web Open Font Format (Version 2), TrueType, length 24488, version 772.1280
|
downloaded
|
||
|
Chrome Cache Entry: 75
|
Web Open Font Format, TrueType, length 43452, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 76
|
Unicode text, UTF-8 text, with very long lines (65322), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 77
|
Web Open Font Format, TrueType, length 14260, version 1.1
|
downloaded
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1948,i,8650896634388582776,7673543875609925860,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hidrive.ionos.com/lnk/FamigcCEF"
|
|
|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Business and Financial Details.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\hqgca3jy.h0w" "C:\Users\user\Downloads\Business
and Financial Details.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://hidrive.ionos.com/lnk/FamigcCEF
|
|
||
|
https://hidrive.ionos.com/lnk/FamigcCEF#file
|
|
||
|
https://www.html-code-generator.com
|
unknown
|
||
|
https://hidrive.ionos.com/api/sharelink/download?id=FamigcCEF
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/OpenSans-Bold-webfont.b57886ecb84a5d8aa715.woff
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/OpenSans-SemiBold-webfont.773343aa665d7ab6ceb5.woff
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/lnk/js/bootstrap.556f531165a982e55ac1.js
|
85.214.3.95
|
||
|
https://ce1.uicdn.net/exos/icons/exos-icon-font.woff?v=15
|
213.165.66.58
|
||
|
https://my.hidrive.com
|
unknown
|
||
|
https://wl.hidrive.com/ionos/0007
|
unknown
|
||
|
https://wl.hidrive.com/ionos/0006
|
unknown
|
||
|
https://wl.hidrive.com/ionos/0005
|
unknown
|
||
|
https://hidrive.ionos.com/lnk/FamigcCEF
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/fa-solid-900.b6879d41b0852f01ed5b.woff2
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/api/sharelink/info
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/api/sharelink/info?id=FamigcCEF
|
85.214.3.95
|
||
|
https://fontawesome.com/license/free
|
unknown
|
||
|
https://wl.hidrive.com/ionos/0008
|
unknown
|
||
|
https://fontawesome.com
|
unknown
|
||
|
https://hidrive.ionos.com/lnk/js/hdshare-vendor.e87c7ef075c6fc68a726.js
|
85.214.3.95
|
||
|
https://www.strato.de/apps/get_image
|
unknown
|
||
|
https://hidrive.ionos.com/css/hdshare.98ea110adcfb01d9ea58.css
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/fa-regular-400.b041b1fa4fe241b23445.woff2
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/OpenSans-Regular-webfont.8e4fce4052b0df5529c7.woff
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/lnk/js/hdshare.d10440b3317db342388a.js
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/lnk/js/hdshare-images.2f94aa7829bc7ecd852b.js
|
85.214.3.95
|
||
|
https://hidrive.ionos.com/v146/images/static/favicon.ico
|
85.214.3.95
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
ce1.uicdn.net
|
213.165.66.58
|
||
|
hidrive.ionos.com
|
85.214.3.95
|
||
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
www.google.com
|
172.217.18.100
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.4
|
unknown
|
unknown
|
||
|
85.214.3.95
|
hidrive.ionos.com
|
Germany
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
213.165.66.58
|
ce1.uicdn.net
|
Germany
|
||
|
172.217.18.100
|
www.google.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
143A000
|
trusted library allocation
|
page execute and read and write
|
||
|
11BF000
|
stack
|
page read and write
|
||
|
55ED000
|
stack
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
551E000
|
stack
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
104E000
|
stack
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
EFD000
|
stack
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
2D80000
|
trusted library allocation
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
152B000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
128E000
|
stack
|
page read and write
|
||
|
1472000
|
trusted library allocation
|
page execute and read and write
|
||
|
338A000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
33B4000
|
trusted library allocation
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
4341000
|
trusted library allocation
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
3395000
|
trusted library allocation
|
page read and write
|
||
|
10FB000
|
stack
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
59AE000
|
stack
|
page read and write
|
||
|
337C000
|
trusted library allocation
|
page read and write
|
||
|
11FE000
|
stack
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
33AA000
|
trusted library allocation
|
page read and write
|
||
|
339F000
|
trusted library allocation
|
page read and write
|
||
|
56ED000
|
stack
|
page read and write
|
||
|
142F000
|
stack
|
page read and write
|
||
|
145A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1487000
|
trusted library allocation
|
page execute and read and write
|
||
|
582D000
|
stack
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
152E000
|
heap
|
page read and write
|
||
|
2B75000
|
heap
|
page read and write
|
||
|
147A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page execute and read and write
|
||
|
3341000
|
trusted library allocation
|
page read and write
|
||
|
337A000
|
trusted library allocation
|
page read and write
|
||
|
1547000
|
heap
|
page read and write
|
||
|
155D000
|
heap
|
page read and write
|
||
|
148B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
2FDF000
|
stack
|
page read and write
|
||
|
3370000
|
trusted library allocation
|
page read and write
|
||
|
33A7000
|
trusted library allocation
|
page read and write
|
||
|
1325000
|
heap
|
page read and write
|
||
|
2D7F000
|
stack
|
page read and write
|
||
|
DFC000
|
stack
|
page read and write
|
||
|
18B0000
|
trusted library allocation
|
page read and write
|
||
|
1452000
|
trusted library allocation
|
page execute and read and write
|
||
|
14FE000
|
stack
|
page read and write
|
||
|
7F9A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
339B000
|
trusted library allocation
|
page read and write
|
||
|
10F6000
|
stack
|
page read and write
|
||
|
586D000
|
stack
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
33A2000
|
trusted library allocation
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
171F000
|
stack
|
page read and write
|
||
|
5AAE000
|
stack
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
145C000
|
trusted library allocation
|
page execute and read and write
|
||
|
18C0000
|
heap
|
page execute and read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page read and write
|
||
|
1432000
|
trusted library allocation
|
page execute and read and write
|
||
|
BCC000
|
stack
|
page read and write
|
There are 71 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://hidrive.ionos.com/lnk/FamigcCEF#file
|
|
|
|
https://hidrive.ionos.com/lnk/FamigcCEF#file
|