IOC Report
Invoice#0036473 .xlsx

loading gif

Files

File Path
Type
Category
Malicious
Invoice#0036473 .xlsx
Microsoft Excel 2007+
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\index[1].htm
HTML document, UTF-8 Unicode text, with CRLF line terminators
downloaded
 malicious
C:\Users\user\AppData\Local\Google\Chrome\User Data\10a36c76-179f-4b6c-8570-4068d7b95038.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\2e7ae45e-292f-4c2c-8644-46887721f59e.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\32f73c54-cdaa-4123-8c7e-734a8f628d3d.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\462d2348-cde6-4394-b88d-3ef7a690546b.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\5cc29f6a-f57d-4269-b4a5-b35882368e40.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\08bcfff1-5e8d-42bb-a394-0d3c1979af63.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\137e88e9-eb57-40f4-b989-72e2595c97aa.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1b81d574-d17f-43d8-b909-8aad5c117009.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1e6a7797-f867-41d1-8962-183f08016f0e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\23d6aa7d-ae0f-44fb-8098-8671aa3c36c0.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4ffaf27a-581e-4744-82c7-561c030c5cfd.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\68b69776-d590-40a8-9e70-f14c909f8c8d.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\28273922-1a26-4399-a23a-25fab8ef8ef9.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index
ISO-8859 text, with no line terminators, with escape sequences
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index
ISO-8859 text, with no line terminators, with escape sequences
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_2
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_3
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\index
FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\MANIFEST-000001
PGP\011Secret Key -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\MANIFEST-000001
PGP\011Secret Key -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001
PGP\011Secret Key -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity (copy)
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a48514e2-257b-4ce9-a1b8-aa007209afbe.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ad7e2249-b97d-4442-a21f-a4067c98d52b.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d5575abb-c188-4676-bc77-eb3ead99d0fa.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000008.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fa57dafd-4e3d-4280-86ef-5f6b279f8fb2.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fc72625b-ce6c-4e0e-9448-31cad2a3c0bd.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\be60ccf5-e6d5-4124-a42c-7e04cc18673a.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d4994c1e-e2a6-417a-8037-eef2f3c2f99e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d696b02f-2025-4f67-a692-d8adde6b1278.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d7c59152-eb3b-4827-aca1-e6afce5cc8c3.tmp
PGP symmetric key encrypted data - Plaintext or unencrypted data salted -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\f00af8ef-12e7-45e4-b998-a92816026779.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\42098A23.png
PNG image data, 1140 x 1281, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\3054.tmp
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Temp\347e43ed-9d19-441d-ac31-ab93e366f8d0.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\a4053014-91fa-4ea9-8dde-7cf0b34244b6.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\a4053014-91fa-4ea9-8dde-7cf0b34244b6.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\~DF6AEEABD9704EA844.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Temp\~DFCA3402021093D597.TMP
data
dropped
C:\Users\user\Desktop\~$Invoice#0036473 .xlsx
data
dropped
There are 116 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html
 malicious
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=968,11663495452235836402,10867097982774653214,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1452 /prefetch:8
malicious
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html
 malicious
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=932,13148372515324661737,10505591573509331624,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1376 /prefetch:8
malicious

URLs

Name
IP
Malicious
https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html
malicious
https://eyecandylashcompany.com/payment/frontend_paper_lantern/images/office3651.png
69.49.244.155
 malicious
https://eyecandylashcompany.com/payment/frontend_paper_lantern/images/gmail.png
69.49.244.155
 malicious
https://eyecandylashcompany.com/payment/frontend_paper_lantern/css/hover.css
69.49.244.155
 malicious
https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html2
unknown
 malicious
https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html
69.49.244.155
 malicious
https://consent.google.com
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://ogs.google.com
unknown
https://cdn.pixabay.com/photo/2018/03/10/12/00/paper-3213924_1280.jpg
104.18.37.244
https://www.google.com/images/cleardot.gif
unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js
unknown
http://www.gmail.com
unknown
https://code.jquery.com/jquery-3.1.1.min.js
unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.251.36.205
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://adservice.google.com
unknown
https://lh3.googleusercontent.com
unknown
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
104.18.11.207
https://lh3.googleusercontent.com/proxy/bATQDWurvLlY3z2KTwUlb1gMxwLZoCk7CvqzrLqN1JioLU4nXkElVj-rMrvN
unknown
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
https://www.google.com/images/x2.gif
unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
104.18.11.207
https://code.jquery.com/jquery-3.3.1.js
unknown
https://accounts.google.com/MergeSession
unknown
https://lh3.googleusercontent.com/proxy/bATQDWurvLlY3z2KTwUlb1gMxwLZoCk7CvqzrLqN1JioLU4nXkElVj-rMrvNZjuUXh3c1WhNOGX5_Cg18Wmltm3vvna-uZDqOkUISXU4XOYsUyt-4962tq2u0WiI358gef4ewWcVp0PA6YiTnICV2Cg7wLzdb0DlXw
172.217.16.161
https://www.google.com
unknown
https://www.google.com/images/dot2.gif
unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
104.17.25.14
https://accounts.google.com
unknown
https://cdn.iconscout.com/icon/free/png-512/microsoft-sharepoint-3-599372.png
104.18.28.243
https://clients2.googleusercontent.com
unknown
https://apis.google.com
unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
104.18.11.207
https://kit.fontawesome.com/585b051251.js
unknown
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://www.google.com/
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.251.36.238
https://clients2.google.com
unknown
https://clients2.google.com/service/update2/crx
unknown
There are 32 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
eyecandylashcompany.com
69.49.244.155
 malicious
gstaticadssl.l.google.com
142.251.36.227
stackpath.bootstrapcdn.com
104.18.11.207
accounts.google.com
142.251.36.205
cdnjs.cloudflare.com
104.17.25.14
maxcdn.bootstrapcdn.com
104.18.11.207
clients.l.google.com
142.251.36.238
cdn.iconscout.com
104.18.28.243
cdn.pixabay.com
104.18.37.244
googlehosted.l.googleusercontent.com
172.217.16.161
clients2.google.com
unknown
ka-f.fontawesome.com
unknown
code.jquery.com
unknown
kit.fontawesome.com
unknown
lh3.googleusercontent.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
69.49.244.155
eyecandylashcompany.com
United States
malicious
142.251.36.238
clients.l.google.com
United States
142.251.36.205
accounts.google.com
United States
142.251.36.227
gstaticadssl.l.google.com
United States
192.168.2.4
unknown
unknown
104.18.11.207
stackpath.bootstrapcdn.com
United States
104.18.37.244
cdn.pixabay.com
United States
192.168.2.22
unknown
unknown
239.255.255.250
unknown
Reserved
104.18.28.243
cdn.iconscout.com
United States
172.217.16.161
googlehosted.l.googleusercontent.com
United States
192.168.2.255
unknown
unknown
104.17.25.14
cdnjs.cloudflare.com
United States
127.0.0.1
unknown
unknown
There are 4 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
'x)
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\68536
68536
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
& )
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\73F03
73F03
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\74E6E
74E6E
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
UseRWHlinkNavigation
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-966771315-3019405637-367336477-1006
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
version
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
There are 108 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
45D000
heap
page read and write
46B000
heap
page read and write
7EFE0000
unkown
page readonly
420000
heap
page read and write
D0000
heap
page read and write
6AF000
stack
page read and write
106000
heap
page read and write
61F000
stack
page read and write
466000
heap
page read and write
29D000
stack
page read and write
10000
heap
page read and write
427000
heap
page read and write
6C4000
heap
page read and write
39F000
stack
page read and write
6C0000
heap
page read and write
77E000
stack
page read and write
There are 6 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html
 malicious