Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\b1a1bc63-05f4-42ba-8afe-f1f6aa025abd.tmp
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\dstrootcax3.p7c (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\dstrootcax3.p7c.crdownload (copy)
|
data
|
dropped
|
||
|
Chrome Cache Entry: 43
|
data
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2080,i,6131848338749698094,11378942584928162797,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://apps.identrust.com/roots/dstrootcax3.p7c"
|
||
|
C:\Program Files\Windows Mail\wab.exe
|
"C:\Program Files\Windows Mail\wab.exe" /certificate "C:\Users\user\Downloads\dstrootcax3.p7c"
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
173.194.219.106
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
173.194.219.106
|
www.google.com
|
United States
|
||
|
192.168.2.6
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
25F93940000
|
trusted library allocation
|
page read and write
|
||
|
25F939F0000
|
heap
|
page read and write
|
||
|
25F939DF000
|
heap
|
page read and write
|
||
|
25F939A8000
|
heap
|
page read and write
|
||
|
25F95490000
|
heap
|
page read and write
|
||
|
25F939F3000
|
heap
|
page read and write
|
||
|
25F93910000
|
heap
|
page read and write
|
||
|
CA0F47E000
|
stack
|
page read and write
|
||
|
25F939DF000
|
heap
|
page read and write
|
||
|
25F95450000
|
heap
|
page read and write
|
||
|
25F939DC000
|
heap
|
page read and write
|
||
|
25F939DA000
|
heap
|
page read and write
|
||
|
25F93810000
|
heap
|
page read and write
|
||
|
25F939D8000
|
heap
|
page read and write
|
||
|
25F955A0000
|
heap
|
page read and write
|
||
|
25F939A0000
|
heap
|
page read and write
|
||
|
25F939D5000
|
heap
|
page read and write
|
||
|
25F93990000
|
heap
|
page read and write
|
||
|
25F939DA000
|
heap
|
page read and write
|
||
|
CA0F14D000
|
stack
|
page read and write
|
||
|
CA0F0C9000
|
stack
|
page read and write
|
||
|
CA0F1CE000
|
stack
|
page read and write
|
||
|
25F939CB000
|
heap
|
page read and write
|
||
|
25F95454000
|
heap
|
page read and write
|
||
|
25F939D5000
|
heap
|
page read and write
|
||
|
25F939DA000
|
heap
|
page read and write
|
||
|
25F938F0000
|
heap
|
page read and write
|
||
|
25F939D4000
|
heap
|
page read and write
|
||
|
25F93995000
|
heap
|
page read and write
|
||
|
25F939D4000
|
heap
|
page read and write
|
There are 20 hidden memdumps, click here to show them.