Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\68b05a2d-6a1b-43c6-b40f-13543c73a26e.tmp
|
bzip2 compressed data, block size = 100k
|
dropped
|
||
|
C:\Users\user\Downloads\ultdata-ios-mac.dmg (copy)
|
bzip2 compressed data, block size = 100k
|
dropped
|
||
|
C:\Users\user\Downloads\ultdata-ios-mac.dmg.crdownload
|
bzip2 compressed data, block size = 100k
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1576 --field-trial-handle=2028,i,6561906880990585665,1557022049475139373,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://download.tenorshare.net/go/ultdata-ios-mac_1093.dmg"
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
www.google.com
|
142.250.185.196
|
||
|
download.tenorshare.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.185.196
|
www.google.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2097A359000
|
heap
|
page read and write
|
||
|
2097C8F3000
|
heap
|
page read and write
|
||
|
2097A35E000
|
heap
|
page read and write
|
||
|
2097A34E000
|
heap
|
page read and write
|
||
|
2097C8ED000
|
heap
|
page read and write
|
||
|
2097A274000
|
heap
|
page read and write
|
||
|
2097C8D0000
|
heap
|
page read and write
|
||
|
2097A355000
|
heap
|
page read and write
|
||
|
2097A34E000
|
heap
|
page read and write
|
||
|
2097C8B0000
|
heap
|
page read and write
|
||
|
2097A310000
|
heap
|
page read and write
|
||
|
3CBE0FD000
|
stack
|
page read and write
|
||
|
2097A25B000
|
heap
|
page read and write
|
||
|
2097A35E000
|
heap
|
page read and write
|
||
|
3CBDF7E000
|
stack
|
page read and write
|
||
|
2097C8EF000
|
heap
|
page read and write
|
||
|
2097A34A000
|
heap
|
page read and write
|
||
|
3CBE07E000
|
stack
|
page read and write
|
||
|
20979CE0000
|
heap
|
page read and write
|
||
|
2097A359000
|
heap
|
page read and write
|
||
|
20978130000
|
heap
|
page read and write
|
||
|
20978283000
|
heap
|
page read and write
|
||
|
2097A276000
|
heap
|
page read and write
|
||
|
2097A2E9000
|
heap
|
page read and write
|
||
|
2097A34A000
|
heap
|
page read and write
|
||
|
2097A305000
|
heap
|
page read and write
|
||
|
2097827E000
|
heap
|
page read and write
|
||
|
2097A33F000
|
heap
|
page read and write
|
||
|
20979EC0000
|
heap
|
page read and write
|
||
|
20978120000
|
heap
|
page read and write
|
||
|
2097A267000
|
heap
|
page read and write
|
||
|
3CBDE7C000
|
stack
|
page read and write
|
||
|
2097CDA0000
|
trusted library section
|
page readonly
|
||
|
209782C4000
|
heap
|
page read and write
|
||
|
2097A27A000
|
heap
|
page read and write
|
||
|
2097A258000
|
heap
|
page read and write
|
||
|
2097EC30000
|
heap
|
page read and write
|
||
|
2097A34E000
|
heap
|
page read and write
|
||
|
2097A34E000
|
heap
|
page read and write
|
||
|
3CBE17B000
|
stack
|
page read and write
|
||
|
3CBDD7E000
|
stack
|
page read and write
|
||
|
2097A272000
|
heap
|
page read and write
|
||
|
3CBDCFE000
|
stack
|
page read and write
|
||
|
2097A278000
|
heap
|
page read and write
|
||
|
2097827A000
|
heap
|
page read and write
|
||
|
2097A252000
|
heap
|
page read and write
|
||
|
2097A345000
|
heap
|
page read and write
|
||
|
2097A355000
|
heap
|
page read and write
|
||
|
2097A265000
|
heap
|
page read and write
|
||
|
3CBDFFD000
|
stack
|
page read and write
|
||
|
2097A355000
|
heap
|
page read and write
|
||
|
2097A359000
|
heap
|
page read and write
|
||
|
3CBDDFE000
|
stack
|
page read and write
|
||
|
3CBDEFB000
|
stack
|
page read and write
|
||
|
20979CE5000
|
heap
|
page read and write
|
||
|
2097CDE0000
|
heap
|
page read and write
|
||
|
2097A359000
|
heap
|
page read and write
|
||
|
3CBD977000
|
stack
|
page read and write
|
||
|
2097A210000
|
heap
|
page read and write
|
||
|
2097A28F000
|
heap
|
page read and write
|
||
|
2097A354000
|
heap
|
page read and write
|
||
|
3CBE1FF000
|
stack
|
page read and write
|
||
|
2097A33F000
|
heap
|
page read and write
|
||
|
3CBDC7E000
|
stack
|
page read and write
|
||
|
2097A34B000
|
heap
|
page read and write
|
||
|
2097A35A000
|
heap
|
page read and write
|
||
|
2097A36A000
|
heap
|
page read and write
|
||
|
20978170000
|
heap
|
page read and write
|
||
|
2097A345000
|
heap
|
page read and write
|
||
|
2097A320000
|
heap
|
page read and write
|
||
|
2097A28A000
|
heap
|
page read and write
|
||
|
2097A345000
|
heap
|
page read and write
|
||
|
20979E70000
|
trusted library allocation
|
page read and write
|
||
|
2097A2DE000
|
heap
|
page read and write
|
||
|
2097A281000
|
heap
|
page read and write
|
||
|
2097A26F000
|
heap
|
page read and write
|
||
|
209781F9000
|
heap
|
page read and write
|
||
|
2097A362000
|
heap
|
page read and write
|
||
|
3CBD9FE000
|
stack
|
page read and write
|
||
|
2097A34A000
|
heap
|
page read and write
|
||
|
20978260000
|
heap
|
page read and write
|
||
|
209781F0000
|
heap
|
page read and write
|
There are 72 hidden memdumps, click here to show them.