Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\ProgramData\mcafee.ico
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nwg5202.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nwg553E.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\mcafee-stinger\avvdat.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\McAfeeStinger.exe (copy)
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\Downloads\Unconfirmed 115533.crdownload (copy)
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\Downloads\bedb9404-1434-4489-b3f3-9a06b7c9028e.tmp
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Downloads\McAfeeStinger.exe
|
"C:\Users\user\Downloads\McAfeeStinger.exe"
|
 |
|
|
C:\Users\user\Downloads\McAfeeStinger.exe
|
"C:\Users\user\Downloads\McAfeeStinger.exe" --update
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 /prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3884 /prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3784 /prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,16494396912243797666,5406229403683992866,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4080 /prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html
|
|
||
|
https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exe
|
unknown
|
||
|
https://www.mcafee.com/favicon.ico32
|
unknown
|
||
|
https://www.mcafee.com/favicon.icoB_;
|
unknown
|
||
|
http://www.quovadis.bm0
|
unknown
|
||
|
https://docs.rs/getrandom#nodejs-es-module-supportC:
|
unknown
|
||
|
https://pam.mcafee.com
|
unknown
|
||
|
https://www.mcafee.com/favicon.icositexml
|
unknown
|
||
|
https://ocsp.quovadisoffshore.com0
|
unknown
|
||
|
https://www.mcafee.com/favicon.ico
|
unknown
|
||
|
https://downloadcenter.trellix.com/products/mcafee-avert/Stinger/stinger64.exei
|
unknown
|
||
|
https://www.mcafee.com/favicon.ico3
|
unknown
|
||
|
https://download.nai.com/products/commonupdater/avvdat.ini
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
172.253.122.106
|
||
|
www.mcafee.com
|
unknown
|
||
|
downloadcenter.trellix.com
|
unknown
|
||
|
download.nai.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.11.20
|
unknown
|
unknown
|
|
|
|
172.253.122.106
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
17CF52EE000
|
heap
|
page read and write
|
||
|
7FF6ACC4F000
|
unkown
|
page readonly
|
||
|
29714129000
|
heap
|
page read and write
|
||
|
6BE4AFE000
|
stack
|
page read and write
|
||
|
FB098FE000
|
stack
|
page read and write
|
||
|
FB091FE000
|
stack
|
page read and write
|
||
|
17CF1E94000
|
heap
|
page read and write
|
||
|
2971406A000
|
heap
|
page read and write
|
||
|
17CF1E80000
|
heap
|
page read and write
|
||
|
17CF0117000
|
heap
|
page read and write
|
||
|
29714020000
|
remote allocation
|
page read and write
|
||
|
17CF00FB000
|
heap
|
page read and write
|
||
|
17CF1F7E000
|
heap
|
page read and write
|
||
|
7FF6ACC4F000
|
unkown
|
page readonly
|
||
|
17CF0177000
|
heap
|
page read and write
|
||
|
FB08BFE000
|
stack
|
page read and write
|
||
|
17CF0196000
|
heap
|
page read and write
|
||
|
FB08FFF000
|
stack
|
page read and write
|
||
|
297140D8000
|
heap
|
page read and write
|
||
|
29714063000
|
heap
|
page read and write
|
||
|
7FF6ACCBF000
|
unkown
|
page write copy
|
||
|
29714121000
|
heap
|
page read and write
|
||
|
6BE5CFF000
|
stack
|
page read and write
|
||
|
FB097FF000
|
stack
|
page read and write
|
||
|
17CF7CA0000
|
heap
|
page read and write
|
||
|
29714129000
|
heap
|
page read and write
|
||
|
FB07BFF000
|
stack
|
page read and write
|
||
|
17CF5EA0000
|
heap
|
page read and write
|
||
|
7FF6ACCC0000
|
unkown
|
page readonly
|
||
|
17CF1E07000
|
heap
|
page read and write
|
||
|
17CF0040000
|
heap
|
page read and write
|
||
|
FB085FE000
|
stack
|
page read and write
|
||
|
17CF1E26000
|
heap
|
page read and write
|
||
|
FB07FFE000
|
stack
|
page read and write
|
||
|
FB071FE000
|
stack
|
page read and write
|
||
|
6BE3392000
|
stack
|
page read and write
|
||
|
17CF0200000
|
remote allocation
|
page read and write
|
||
|
7FF6ACC4F000
|
unkown
|
page readonly
|
||
|
FB073FE000
|
stack
|
page read and write
|
||
|
17CF1E0D000
|
heap
|
page read and write
|
||
|
29714117000
|
heap
|
page read and write
|
||
|
FB081FF000
|
stack
|
page read and write
|
||
|
6BE38FE000
|
stack
|
page read and write
|
||
|
17CF01A2000
|
heap
|
page read and write
|
||
|
29714130000
|
heap
|
page read and write
|
||
|
FB095FB000
|
stack
|
page read and write
|
||
|
7FF6ACCC0000
|
unkown
|
page readonly
|
||
|
FB070F2000
|
stack
|
page read and write
|
||
|
7FF6ACB80000
|
unkown
|
page readonly
|
||
|
6BE4EFA000
|
stack
|
page read and write
|
||
|
17CF1E84000
|
heap
|
page read and write
|
||
|
FB077FF000
|
stack
|
page read and write
|
||
|
6BE37FE000
|
stack
|
page read and write
|
||
|
17CF019F000
|
heap
|
page read and write
|
||
|
29713F60000
|
heap
|
page read and write
|
||
|
17CF1E84000
|
heap
|
page read and write
|
||
|
6BE40FE000
|
stack
|
page read and write
|
||
|
17CF0200000
|
remote allocation
|
page read and write
|
||
|
FB093FE000
|
stack
|
page read and write
|
||
|
6BE50FE000
|
stack
|
page read and write
|
||
|
17CF1E7C000
|
heap
|
page read and write
|
||
|
17CF019A000
|
heap
|
page read and write
|
||
|
7FF6ACB80000
|
unkown
|
page readonly
|
||
|
FB089FC000
|
stack
|
page read and write
|
||
|
7FF6ACB81000
|
unkown
|
page execute read
|
||
|
17CF1F00000
|
heap
|
page read and write
|
||
|
6BE48FF000
|
stack
|
page read and write
|
||
|
2971409C000
|
heap
|
page read and write
|
||
|
6BE3AFF000
|
stack
|
page read and write
|
||
|
17CF011B000
|
heap
|
page read and write
|
||
|
17CF01A7000
|
heap
|
page read and write
|
||
|
FB079FE000
|
stack
|
page read and write
|
||
|
6BE5DFF000
|
stack
|
page read and write
|
||
|
7FF6ACB81000
|
unkown
|
page execute read
|
||
|
29713E20000
|
heap
|
page read and write
|
||
|
17CF1E21000
|
heap
|
page read and write
|
||
|
17CF1E94000
|
heap
|
page read and write
|
||
|
297140D8000
|
heap
|
page read and write
|
||
|
17CEFFB0000
|
heap
|
page read and write
|
||
|
6BE5BFF000
|
stack
|
page read and write
|
||
|
17CF0197000
|
heap
|
page read and write
|
||
|
7FF6ACCC0000
|
unkown
|
page readonly
|
||
|
17CF0175000
|
heap
|
page read and write
|
||
|
FB072FE000
|
stack
|
page read and write
|
||
|
29714084000
|
heap
|
page read and write
|
||
|
6BE56FF000
|
stack
|
page read and write
|
||
|
17CF1E1D000
|
heap
|
page read and write
|
||
|
29714119000
|
heap
|
page read and write
|
||
|
29714129000
|
heap
|
page read and write
|
||
|
17CF00B0000
|
heap
|
page read and write
|
||
|
6BE4CFC000
|
stack
|
page read and write
|
||
|
17CF0315000
|
heap
|
page read and write
|
||
|
7FF6ACCBF000
|
unkown
|
page write copy
|
||
|
6BE42FB000
|
stack
|
page read and write
|
||
|
17CF1E88000
|
heap
|
page read and write
|
||
|
17CF68A0000
|
heap
|
page read and write
|
||
|
6BE36FE000
|
stack
|
page read and write
|
||
|
17CF1E8C000
|
heap
|
page read and write
|
||
|
29714125000
|
heap
|
page read and write
|
||
|
7FF6ACCC0000
|
unkown
|
page readonly
|
||
|
17CF0310000
|
heap
|
page read and write
|
||
|
17CF00E6000
|
heap
|
page read and write
|
||
|
29714255000
|
heap
|
page read and write
|
||
|
6BE54FD000
|
stack
|
page read and write
|
||
|
6BE44FF000
|
stack
|
page read and write
|
||
|
297140C4000
|
heap
|
page read and write
|
||
|
7FF6ACB80000
|
unkown
|
page readonly
|
||
|
29714020000
|
remote allocation
|
page read and write
|
||
|
17CF2300000
|
heap
|
page read and write
|
||
|
29714099000
|
heap
|
page read and write
|
||
|
17CF48EE000
|
heap
|
page read and write
|
||
|
17CF1E98000
|
heap
|
page read and write
|
||
|
17CF2EFD000
|
heap
|
page read and write
|
||
|
17CF72A0000
|
heap
|
page read and write
|
||
|
17CF0200000
|
remote allocation
|
page read and write
|
||
|
17CF1E01000
|
heap
|
page read and write
|
||
|
17CF0193000
|
heap
|
page read and write
|
||
|
6BE5EFF000
|
stack
|
page read and write
|
||
|
2971403C000
|
heap
|
page read and write
|
||
|
FB07DFE000
|
stack
|
page read and write
|
||
|
297140C4000
|
heap
|
page read and write
|
||
|
2971406D000
|
heap
|
page read and write
|
||
|
17CF5CEE000
|
heap
|
page read and write
|
||
|
6BE58FE000
|
stack
|
page read and write
|
||
|
17CF02C0000
|
heap
|
page read and write
|
||
|
17CF2103000
|
heap
|
page read and write
|
||
|
FB08DFA000
|
stack
|
page read and write
|
||
|
7FF6ACB80000
|
unkown
|
page readonly
|
||
|
17CF00F9000
|
heap
|
page read and write
|
||
|
17CF38FD000
|
heap
|
page read and write
|
||
|
17CF2701000
|
heap
|
page read and write
|
||
|
17CF00B9000
|
heap
|
page read and write
|
||
|
6BE46FE000
|
stack
|
page read and write
|
||
|
7FF6ACB81000
|
unkown
|
page execute read
|
||
|
29714230000
|
heap
|
page read and write
|
||
|
17CF3EEE000
|
heap
|
page read and write
|
||
|
7FF6ACB81000
|
unkown
|
page execute read
|
||
|
17CF0154000
|
heap
|
page read and write
|
||
|
6BE52FE000
|
stack
|
page read and write
|
||
|
29714030000
|
heap
|
page read and write
|
||
|
6BE3EFE000
|
stack
|
page read and write
|
||
|
17CF1E0E000
|
heap
|
page read and write
|
||
|
17CF01A6000
|
heap
|
page read and write
|
||
|
17CF1F01000
|
heap
|
page read and write
|
||
|
7FF6ACCBF000
|
unkown
|
page read and write
|
||
|
6BE3CFE000
|
stack
|
page read and write
|
||
|
FB075FF000
|
stack
|
page read and write
|
||
|
2971407E000
|
heap
|
page read and write
|
||
|
29714020000
|
remote allocation
|
page read and write
|
||
|
17CEFE70000
|
heap
|
page read and write
|
||
|
17CF1E90000
|
heap
|
page read and write
|
||
|
6BE5AFB000
|
stack
|
page read and write
|
||
|
29714250000
|
heap
|
page read and write
|
||
|
17CF1E00000
|
heap
|
page read and write
|
||
|
7FF6ACC4F000
|
unkown
|
page readonly
|
||
|
7FF6ACCBF000
|
unkown
|
page read and write
|
||
|
FB087FF000
|
stack
|
page read and write
|
||
|
FB083FE000
|
stack
|
page read and write
|
||
|
17CF00E2000
|
heap
|
page read and write
|
There are 149 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html
|
||
|
https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html
|