Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\3.dat (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
 |
|
|
C:\Users\user\Downloads\3.dat.crdownload
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Downloads\ab6c8f49-01ae-497c-a189-3be0203beff6.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
Chrome Cache Entry: 61
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 22:22:47 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 22:22:47 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 22:22:47 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 22:22:47 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 22:22:47 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1992,i,2771170727428028237,18400158983486350545,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eshoradebitcoin.com/3.dat"
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://eshoradebitcoin.com/3.dat
|
|
||
|
https://eshoradebitcoin.com/3.dat
|
78.24.180.93
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
eshoradebitcoin.com
|
78.24.180.93
|
||
|
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
|
217.20.50.36
|
||
|
www.google.com
|
172.253.124.147
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
78.24.180.93
|
eshoradebitcoin.com
|
Russian Federation
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
172.253.124.147
|
www.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
16430D0B000
|
heap
|
page read and write
|
||
|
16430CE2000
|
heap
|
page read and write
|
||
|
16430DDA000
|
heap
|
page read and write
|
||
|
16430CFB000
|
heap
|
page read and write
|
||
|
1642ED40000
|
heap
|
page read and write
|
||
|
16430CFB000
|
heap
|
page read and write
|
||
|
16430CF5000
|
heap
|
page read and write
|
||
|
16433910000
|
trusted library section
|
page readonly
|
||
|
16433B00000
|
heap
|
page read and write
|
||
|
624ADFB000
|
stack
|
page read and write
|
||
|
16430E52000
|
heap
|
page read and write
|
||
|
16430E72000
|
heap
|
page read and write
|
||
|
1642EE0D000
|
heap
|
page read and write
|
||
|
16430CEE000
|
heap
|
page read and write
|
||
|
16430E48000
|
heap
|
page read and write
|
||
|
16430DF9000
|
heap
|
page read and write
|
||
|
16433638000
|
heap
|
page read and write
|
||
|
16430D00000
|
heap
|
page read and write
|
||
|
624AC7E000
|
stack
|
page read and write
|
||
|
1643360C000
|
heap
|
page read and write
|
||
|
16430DCD000
|
heap
|
page read and write
|
||
|
1642EDFD000
|
heap
|
page read and write
|
||
|
16430CE5000
|
heap
|
page read and write
|
||
|
16432F00000
|
trusted library allocation
|
page read and write
|
||
|
16430D03000
|
heap
|
page read and write
|
||
|
1642EE10000
|
heap
|
page read and write
|
||
|
16430CB0000
|
heap
|
page read and write
|
||
|
16430D0B000
|
heap
|
page read and write
|
||
|
16430DDE000
|
heap
|
page read and write
|
||
|
16430E60000
|
heap
|
page read and write
|
||
|
1643362B000
|
heap
|
page read and write
|
||
|
16430D03000
|
heap
|
page read and write
|
||
|
624B07C000
|
stack
|
page read and write
|
||
|
16430CF5000
|
heap
|
page read and write
|
||
|
16430E92000
|
heap
|
page read and write
|
||
|
1642EE30000
|
heap
|
page read and write
|
||
|
16430CFE000
|
heap
|
page read and write
|
||
|
624ACFC000
|
stack
|
page read and write
|
||
|
16430CF9000
|
heap
|
page read and write
|
||
|
16435800000
|
heap
|
page readonly
|
||
|
1642ED78000
|
heap
|
page read and write
|
||
|
16430CF9000
|
heap
|
page read and write
|
||
|
624AB7E000
|
stack
|
page read and write
|
||
|
1642EE0F000
|
heap
|
page read and write
|
||
|
16430E59000
|
heap
|
page read and write
|
||
|
16430CF4000
|
heap
|
page read and write
|
||
|
1642ED70000
|
heap
|
page read and write
|
||
|
164306C5000
|
heap
|
page read and write
|
||
|
16430D0B000
|
heap
|
page read and write
|
||
|
16430CC0000
|
heap
|
page read and write
|
||
|
16430CE5000
|
heap
|
page read and write
|
||
|
16430CF5000
|
heap
|
page read and write
|
||
|
1642EE01000
|
heap
|
page read and write
|
||
|
624AE7E000
|
stack
|
page read and write
|
||
|
624B0FB000
|
stack
|
page read and write
|
||
|
16430CFE000
|
heap
|
page read and write
|
||
|
1642EE07000
|
heap
|
page read and write
|
||
|
16430CFF000
|
heap
|
page read and write
|
||
|
16430CF9000
|
heap
|
page read and write
|
||
|
16430D03000
|
heap
|
page read and write
|
||
|
624AF7E000
|
stack
|
page read and write
|
||
|
624AFFE000
|
stack
|
page read and write
|
||
|
16430CEA000
|
heap
|
page read and write
|
||
|
16430CF9000
|
heap
|
page read and write
|
||
|
16430DDC000
|
heap
|
page read and write
|
||
|
1642EDE2000
|
heap
|
page read and write
|
||
|
16433920000
|
trusted library allocation
|
page read and write
|
||
|
16430CE5000
|
heap
|
page read and write
|
||
|
16430DED000
|
heap
|
page read and write
|
||
|
16430CEA000
|
heap
|
page read and write
|
||
|
1642EE34000
|
heap
|
page read and write
|
||
|
16430CEE000
|
heap
|
page read and write
|
||
|
16430DC2000
|
heap
|
page read and write
|
||
|
16430CEA000
|
heap
|
page read and write
|
||
|
16430D0B000
|
heap
|
page read and write
|
||
|
16430CEB000
|
heap
|
page read and write
|
||
|
16430CEE000
|
heap
|
page read and write
|
||
|
16430DCB000
|
heap
|
page read and write
|
||
|
16430CDF000
|
heap
|
page read and write
|
||
|
16430DD8000
|
heap
|
page read and write
|
||
|
164357B0000
|
heap
|
page read and write
|
||
|
16430DD5000
|
heap
|
page read and write
|
||
|
16430D03000
|
heap
|
page read and write
|
||
|
16430DB0000
|
heap
|
page read and write
|
||
|
624AAFE000
|
stack
|
page read and write
|
||
|
16430CEE000
|
heap
|
page read and write
|
||
|
16430620000
|
heap
|
page read and write
|
||
|
1642EC60000
|
heap
|
page read and write
|
||
|
1642EE4E000
|
heap
|
page read and write
|
||
|
1642EE2A000
|
heap
|
page read and write
|
||
|
16430CF5000
|
heap
|
page read and write
|
||
|
624B17F000
|
stack
|
page read and write
|
||
|
624AD7E000
|
stack
|
page read and write
|
||
|
16430E36000
|
heap
|
page read and write
|
||
|
16433631000
|
heap
|
page read and write
|
||
|
16430CEE000
|
heap
|
page read and write
|
||
|
16430E42000
|
heap
|
page read and write
|
||
|
16433604000
|
heap
|
page read and write
|
||
|
16430D03000
|
heap
|
page read and write
|
||
|
624ABFF000
|
stack
|
page read and write
|
||
|
16430CEA000
|
heap
|
page read and write
|
||
|
164307B0000
|
heap
|
page read and write
|
||
|
624AA77000
|
stack
|
page read and write
|
||
|
7DF4ED321000
|
trusted library allocation
|
page execute read
|
||
|
16430CFE000
|
heap
|
page read and write
|
||
|
16430CF9000
|
heap
|
page read and write
|
||
|
16430CDF000
|
heap
|
page read and write
|
||
|
624AEFC000
|
stack
|
page read and write
|
||
|
16430DE5000
|
heap
|
page read and write
|
||
|
164306C0000
|
heap
|
page read and write
|
||
|
16433600000
|
heap
|
page read and write
|
||
|
16430DBF000
|
heap
|
page read and write
|
||
|
16430CE5000
|
heap
|
page read and write
|
||
|
164334E0000
|
unkown
|
page readonly
|
||
|
1642EE39000
|
heap
|
page read and write
|
There are 105 hidden memdumps, click here to show them.