Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\16ce44f6-2823-48dc-a188-3961cab87022.tmp
|
Web Open Font Format, TrueType, length 33752, version 0.0
|
dropped
|
||
|
C:\Users\user\Downloads\segoeui-light.woff (copy)
|
Web Open Font Format, TrueType, length 33752, version 0.0
|
dropped
|
||
|
C:\Users\user\Downloads\segoeui-light.woff.crdownload
|
Web Open Font Format, TrueType, length 33752, version 0.0
|
dropped
|
||
|
Chrome Cache Entry: 113
|
Web Open Font Format, TrueType, length 33752, version 0.0
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2520,i,7871720370456779308,6423416162174988078,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff"
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
www.google.com
|
142.250.181.228
|
||
|
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
|
217.20.57.34
|
||
|
static2.sharepointonline.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.181.228
|
www.google.com
|
United States
|
||
|
192.168.2.7
|
unknown
|
unknown
|
||
|
192.168.2.4
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
11E40BB0000
|
heap
|
page read and write
|
||
|
11E40C8D000
|
heap
|
page read and write
|
||
|
11E40CE5000
|
heap
|
page read and write
|
||
|
11E40CDB000
|
heap
|
page read and write
|
||
|
60A0FD000
|
stack
|
page read and write
|
||
|
11E40CA4000
|
heap
|
page read and write
|
||
|
11E40CE9000
|
heap
|
page read and write
|
||
|
11E40C19000
|
heap
|
page read and write
|
||
|
11E40CF4000
|
heap
|
page read and write
|
||
|
11E40CF4000
|
heap
|
page read and write
|
||
|
11E40CF4000
|
heap
|
page read and write
|
||
|
11E40CEE000
|
heap
|
page read and write
|
||
|
11E40C11000
|
heap
|
page read and write
|
||
|
11E40CE9000
|
heap
|
page read and write
|
||
|
11E40D0E000
|
heap
|
page read and write
|
||
|
11E40CF9000
|
heap
|
page read and write
|
||
|
11E4336E000
|
heap
|
page read and write
|
||
|
11E40675000
|
heap
|
page read and write
|
||
|
11E40CFF000
|
heap
|
page read and write
|
||
|
11E43349000
|
heap
|
page read and write
|
||
|
11E40D0B000
|
heap
|
page read and write
|
||
|
11E40C2C000
|
heap
|
page read and write
|
||
|
11E40CFE000
|
heap
|
page read and write
|
||
|
11E40BF9000
|
heap
|
page read and write
|
||
|
11E40CEE000
|
heap
|
page read and write
|
||
|
11E40CE2000
|
heap
|
page read and write
|
||
|
11E40C05000
|
heap
|
page read and write
|
||
|
609FFF000
|
stack
|
page read and write
|
||
|
11E3ECA8000
|
heap
|
page read and write
|
||
|
60A17B000
|
stack
|
page read and write
|
||
|
11E3EB70000
|
heap
|
page read and write
|
||
|
11E3EC1E000
|
heap
|
page read and write
|
||
|
11E40CEE000
|
heap
|
page read and write
|
||
|
11E40CE9000
|
heap
|
page read and write
|
||
|
11E45662000
|
trusted library allocation
|
page read and write
|
||
|
11E40D0B000
|
heap
|
page read and write
|
||
|
11E40670000
|
heap
|
page read and write
|
||
|
11E40D0F000
|
heap
|
page read and write
|
||
|
11E40CF9000
|
heap
|
page read and write
|
||
|
11E40C17000
|
heap
|
page read and write
|
||
|
11E40C13000
|
heap
|
page read and write
|
||
|
11E40D16000
|
heap
|
page read and write
|
||
|
11E40CFE000
|
heap
|
page read and write
|
||
|
60A3FB000
|
stack
|
page read and write
|
||
|
11E40CE5000
|
heap
|
page read and write
|
||
|
11E40CFE000
|
heap
|
page read and write
|
||
|
11E43330000
|
heap
|
page read and write
|
||
|
11E3EC46000
|
heap
|
page read and write
|
||
|
11E3EC3A000
|
heap
|
page read and write
|
||
|
11E40D02000
|
heap
|
page read and write
|
||
|
11E3EBB0000
|
heap
|
page read and write
|
||
|
60A07C000
|
stack
|
page read and write
|
||
|
11E40CEE000
|
heap
|
page read and write
|
||
|
11E40D0E000
|
heap
|
page read and write
|
||
|
11E40CF9000
|
heap
|
page read and write
|
||
|
11E40D02000
|
heap
|
page read and write
|
||
|
11E3EC3D000
|
heap
|
page read and write
|
||
|
11E40CF9000
|
heap
|
page read and write
|
||
|
609E77000
|
stack
|
page read and write
|
||
|
11E40CF9000
|
heap
|
page read and write
|
||
|
11E4337B000
|
heap
|
page read and write
|
||
|
11E40CE5000
|
heap
|
page read and write
|
||
|
11E43830000
|
trusted library section
|
page readonly
|
||
|
11E40CEE000
|
heap
|
page read and write
|
||
|
11E40CF4000
|
heap
|
page read and write
|
||
|
60A27D000
|
stack
|
page read and write
|
||
|
11E40C15000
|
heap
|
page read and write
|
||
|
11E43340000
|
heap
|
page read and write
|
||
|
11E40CF4000
|
heap
|
page read and write
|
||
|
11E40CFE000
|
heap
|
page read and write
|
||
|
11E40CE9000
|
heap
|
page read and write
|
||
|
11E40C1B000
|
heap
|
page read and write
|
||
|
11E40CF4000
|
heap
|
page read and write
|
||
|
11E40CEE000
|
heap
|
page read and write
|
||
|
11E40BF2000
|
heap
|
page read and write
|
||
|
11E40CE9000
|
heap
|
page read and write
|
||
|
11E40CE5000
|
heap
|
page read and write
|
||
|
11E40CF9000
|
heap
|
page read and write
|
||
|
11E40D0E000
|
heap
|
page read and write
|
||
|
11E40CE5000
|
heap
|
page read and write
|
||
|
11E40C0F000
|
heap
|
page read and write
|
||
|
11E40D09000
|
heap
|
page read and write
|
||
|
11E40CE9000
|
heap
|
page read and write
|
||
|
11E3EBB8000
|
heap
|
page read and write
|
||
|
60A2FE000
|
stack
|
page read and write
|
||
|
11E40BFD000
|
heap
|
page read and write
|
||
|
11E40D09000
|
heap
|
page read and write
|
||
|
11E3EC40000
|
heap
|
page read and write
|
||
|
11E3EC36000
|
heap
|
page read and write
|
||
|
11E40CF9000
|
heap
|
page read and write
|
||
|
609EFE000
|
stack
|
page read and write
|
||
|
11E40D09000
|
heap
|
page read and write
|
||
|
11E40CC0000
|
heap
|
page read and write
|
||
|
11E40CF4000
|
heap
|
page read and write
|
||
|
11E40CF9000
|
heap
|
page read and write
|
||
|
11E40D0B000
|
heap
|
page read and write
|
||
|
11E433A2000
|
heap
|
page read and write
|
||
|
11E40C94000
|
heap
|
page read and write
|
||
|
11E4339E000
|
heap
|
page read and write
|
||
|
11E45AC0000
|
heap
|
page read and write
|
||
|
11E40CDF000
|
heap
|
page read and write
|
||
|
11E43860000
|
heap
|
page read and write
|
||
|
11E40CDF000
|
heap
|
page read and write
|
||
|
11E40CEE000
|
heap
|
page read and write
|
||
|
11E42E00000
|
trusted library allocation
|
page read and write
|
||
|
11E40CE9000
|
heap
|
page read and write
|
||
|
11E40CE5000
|
heap
|
page read and write
|
||
|
11E40CE2000
|
heap
|
page read and write
|
||
|
11E405C0000
|
heap
|
page read and write
|
||
|
60A37D000
|
stack
|
page read and write
|
||
|
11E40CF4000
|
heap
|
page read and write
|
||
|
11E40CE5000
|
heap
|
page read and write
|
||
|
11E40CEE000
|
heap
|
page read and write
|
||
|
11E40C86000
|
heap
|
page read and write
|
||
|
11E43379000
|
heap
|
page read and write
|
||
|
11E40520000
|
heap
|
page read and write
|
||
|
11E40D02000
|
heap
|
page read and write
|
||
|
11E40CFE000
|
heap
|
page read and write
|
||
|
609F7E000
|
stack
|
page read and write
|
||
|
11E3EB60000
|
heap
|
page read and write
|
||
|
11E40D15000
|
heap
|
page read and write
|
||
|
11E40CB0000
|
heap
|
page read and write
|
||
|
11E40C07000
|
heap
|
page read and write
|
||
|
60A1FE000
|
stack
|
page read and write
|
||
|
11E40C22000
|
heap
|
page read and write
|
||
|
11E40CE2000
|
heap
|
page read and write
|
||
|
11E40C30000
|
heap
|
page read and write
|
||
|
11E43335000
|
heap
|
page read and write
|
||
|
60A47F000
|
stack
|
page read and write
|
There are 119 hidden memdumps, click here to show them.