Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\6ce439df-b12a-4e45-badd-d44d8f8cdb7d.tmp
|
Web Open Font Format (Version 2), TrueType, length 28740, version 0.0
|
dropped
|
||
|
C:\Users\user\Downloads\segoeui-light.woff2 (copy)
|
Web Open Font Format (Version 2), TrueType, length 28740, version 0.0
|
dropped
|
||
|
C:\Users\user\Downloads\segoeui-light.woff2.crdownload
|
Web Open Font Format (Version 2), TrueType, length 28740, version 0.0
|
dropped
|
||
|
Chrome Cache Entry: 55
|
Web Open Font Format (Version 2), TrueType, length 28740, version 0.0
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2044,i,2681339334101602418,8801684867977286478,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff2"
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
142.250.181.228
|
||
|
static2.sharepointonline.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.181.228
|
www.google.com
|
United States
|
||
|
192.168.2.6
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E13775A000
|
heap
|
page read and write
|
||
|
1E137812000
|
heap
|
page read and write
|
||
|
1E13A18D000
|
heap
|
page read and write
|
||
|
1E13774A000
|
heap
|
page read and write
|
||
|
1E13773F000
|
heap
|
page read and write
|
||
|
1E13A380000
|
trusted library section
|
page readonly
|
||
|
1E139950000
|
trusted library allocation
|
page read and write
|
||
|
1E13774A000
|
heap
|
page read and write
|
||
|
1E1378D7000
|
heap
|
page read and write
|
||
|
1E1378CE000
|
heap
|
page read and write
|
||
|
1E13773B000
|
heap
|
page read and write
|
||
|
1E13776B000
|
heap
|
page read and write
|
||
|
1E13773F000
|
heap
|
page read and write
|
||
|
1E137766000
|
heap
|
page read and write
|
||
|
1E137825000
|
heap
|
page read and write
|
||
|
1E137808000
|
heap
|
page read and write
|
||
|
5147D7F000
|
stack
|
page read and write
|
||
|
1E13A1BC000
|
heap
|
page read and write
|
||
|
1E137745000
|
heap
|
page read and write
|
||
|
1E137827000
|
heap
|
page read and write
|
||
|
5147A7B000
|
stack
|
page read and write
|
||
|
1E137768000
|
heap
|
page read and write
|
||
|
1E13773F000
|
heap
|
page read and write
|
||
|
1E13775F000
|
heap
|
page read and write
|
||
|
1E13773B000
|
heap
|
page read and write
|
||
|
1E1378D4000
|
heap
|
page read and write
|
||
|
1E13772F000
|
heap
|
page read and write
|
||
|
51478FE000
|
stack
|
page read and write
|
||
|
1E137745000
|
heap
|
page read and write
|
||
|
1E137836000
|
heap
|
page read and write
|
||
|
1E13581F000
|
heap
|
page read and write
|
||
|
1E137070000
|
heap
|
page read and write
|
||
|
5147BFF000
|
stack
|
page read and write
|
||
|
1E137120000
|
heap
|
page read and write
|
||
|
1E13774A000
|
heap
|
page read and write
|
||
|
1E1370D0000
|
heap
|
page read and write
|
||
|
51474F7000
|
stack
|
page read and write
|
||
|
1E137761000
|
heap
|
page read and write
|
||
|
1E1357B9000
|
heap
|
page read and write
|
||
|
1E13774A000
|
heap
|
page read and write
|
||
|
1E137800000
|
heap
|
page read and write
|
||
|
51475FE000
|
stack
|
page read and write
|
||
|
1E137732000
|
heap
|
page read and write
|
||
|
1E135790000
|
heap
|
page read and write
|
||
|
1E137710000
|
heap
|
page read and write
|
||
|
1E13781F000
|
heap
|
page read and write
|
||
|
1E13C1B2000
|
trusted library allocation
|
page read and write
|
||
|
1E13774A000
|
heap
|
page read and write
|
||
|
1E137760000
|
heap
|
page read and write
|
||
|
1E13A180000
|
heap
|
page read and write
|
||
|
1E137700000
|
heap
|
page read and write
|
||
|
1E13773B000
|
heap
|
page read and write
|
||
|
5147B7D000
|
stack
|
page read and write
|
||
|
1E137745000
|
heap
|
page read and write
|
||
|
1E13783C000
|
heap
|
page read and write
|
||
|
1E13774E000
|
heap
|
page read and write
|
||
|
1E137736000
|
heap
|
page read and write
|
||
|
1E137736000
|
heap
|
page read and write
|
||
|
514757E000
|
stack
|
page read and write
|
||
|
1E13776B000
|
heap
|
page read and write
|
||
|
1E137753000
|
heap
|
page read and write
|
||
|
1E1370D5000
|
heap
|
page read and write
|
||
|
1E137804000
|
heap
|
page read and write
|
||
|
1E13781C000
|
heap
|
page read and write
|
||
|
1E13A1BA000
|
heap
|
page read and write
|
||
|
1E135840000
|
heap
|
page read and write
|
||
|
1E1357B0000
|
heap
|
page read and write
|
||
|
1E13773B000
|
heap
|
page read and write
|
||
|
1E13773F000
|
heap
|
page read and write
|
||
|
1E137745000
|
heap
|
page read and write
|
||
|
1E13774B000
|
heap
|
page read and write
|
||
|
1E13774E000
|
heap
|
page read and write
|
||
|
514797C000
|
stack
|
page read and write
|
||
|
1E137745000
|
heap
|
page read and write
|
||
|
1E13773F000
|
heap
|
page read and write
|
||
|
1E137823000
|
heap
|
page read and write
|
||
|
1E13773F000
|
heap
|
page read and write
|
||
|
51479FF000
|
stack
|
page read and write
|
||
|
5147C7D000
|
stack
|
page read and write
|
||
|
1E13583D000
|
heap
|
page read and write
|
||
|
1E13789D000
|
heap
|
page read and write
|
||
|
1E137732000
|
heap
|
page read and write
|
||
|
1E13A3B0000
|
heap
|
page read and write
|
||
|
1E1356B0000
|
heap
|
page read and write
|
||
|
5147AFF000
|
stack
|
page read and write
|
||
|
1E13773B000
|
heap
|
page read and write
|
||
|
1E137753000
|
heap
|
page read and write
|
||
|
1E13C610000
|
heap
|
page read and write
|
||
|
1E13773C000
|
heap
|
page read and write
|
||
|
1E13774E000
|
heap
|
page read and write
|
||
|
1E13782E000
|
heap
|
page read and write
|
||
|
1E135848000
|
heap
|
page read and write
|
||
|
1E13772F000
|
heap
|
page read and write
|
||
|
514787E000
|
stack
|
page read and write
|
||
|
1E137745000
|
heap
|
page read and write
|
||
|
1E13A1A0000
|
heap
|
page read and write
|
||
|
1E137736000
|
heap
|
page read and write
|
||
|
1E13774A000
|
heap
|
page read and write
|
||
|
1E13772B000
|
heap
|
page read and write
|
||
|
1E137736000
|
heap
|
page read and write
|
||
|
1E1378E8000
|
heap
|
page read and write
|
||
|
1E13772F000
|
heap
|
page read and write
|
||
|
1E13775A000
|
heap
|
page read and write
|
||
|
1E137821000
|
heap
|
page read and write
|
||
|
1E137736000
|
heap
|
page read and write
|
||
|
1E137814000
|
heap
|
page read and write
|
||
|
5147CFB000
|
stack
|
page read and write
|
||
|
1E1378E3000
|
heap
|
page read and write
|
||
|
1E1378F1000
|
heap
|
page read and write
|
There are 99 hidden memdumps, click here to show them.