Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\afac5a0a-aa95-4488-8244-776c3466c4b3.tmp
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\dstrootcax3.p7c (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\dstrootcax3.p7c.crdownload (copy)
|
data
|
dropped
|
||
|
Chrome Cache Entry: 43
|
data
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2300,i,6016061923229140778,5192207821669088839,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://apps.identrust.com/roots/dstrootcax3.p7c"
|
||
|
C:\Program Files\Windows Mail\wab.exe
|
"C:\Program Files\Windows Mail\wab.exe" /certificate "C:\Users\user\Downloads\dstrootcax3.p7c"
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
172.253.124.99
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.253.124.99
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.4
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1D181CE5000
|
heap
|
page read and write
|
||
|
1D1837C4000
|
heap
|
page read and write
|
||
|
1D181DB0000
|
heap
|
page read and write
|
||
|
1D181CE0000
|
heap
|
page read and write
|
||
|
1D181CEA000
|
heap
|
page read and write
|
||
|
1D181CDB000
|
heap
|
page read and write
|
||
|
1D181D09000
|
heap
|
page read and write
|
||
|
1D181CB0000
|
heap
|
page read and write
|
||
|
1D181DD0000
|
heap
|
page read and write
|
||
|
1D181CEE000
|
heap
|
page read and write
|
||
|
1D181CEE000
|
heap
|
page read and write
|
||
|
1D181D08000
|
heap
|
page read and write
|
||
|
1D181CEB000
|
heap
|
page read and write
|
||
|
30E2EFE000
|
stack
|
page read and write
|
||
|
1D181DD5000
|
heap
|
page read and write
|
||
|
30E307F000
|
stack
|
page read and write
|
||
|
1D181CE4000
|
heap
|
page read and write
|
||
|
30E2FFE000
|
stack
|
page read and write
|
||
|
1D183580000
|
trusted library allocation
|
page read and write
|
||
|
30E2F7E000
|
stack
|
page read and write
|
||
|
1D1837C0000
|
heap
|
page read and write
|
||
|
1D181D00000
|
heap
|
page read and write
|
||
|
1D181CE8000
|
heap
|
page read and write
|
||
|
30E2E79000
|
stack
|
page read and write
|
||
|
1D183850000
|
heap
|
page read and write
|
||
|
1D181CEA000
|
heap
|
page read and write
|
||
|
1D181BA0000
|
heap
|
page read and write
|
||
|
1D181CE5000
|
heap
|
page read and write
|
||
|
1D181CEA000
|
heap
|
page read and write
|
||
|
1D183820000
|
heap
|
page read and write
|
||
|
1D181C80000
|
heap
|
page read and write
|
||
|
1D181CE4000
|
heap
|
page read and write
|
||
|
1D181CB8000
|
heap
|
page read and write
|
There are 23 hidden memdumps, click here to show them.