Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Invoice#0036473 .xlsx
|
Microsoft Excel 2007+
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\index[1].htm
|
HTML document, UTF-8 Unicode text, with CRLF line terminators
|
downloaded
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\10a36c76-179f-4b6c-8570-4068d7b95038.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\2e7ae45e-292f-4c2c-8644-46887721f59e.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\32f73c54-cdaa-4123-8c7e-734a8f628d3d.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\462d2348-cde6-4394-b88d-3ef7a690546b.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\5cc29f6a-f57d-4269-b4a5-b35882368e40.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\08bcfff1-5e8d-42bb-a394-0d3c1979af63.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\137e88e9-eb57-40f4-b989-72e2595c97aa.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
modified
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1b81d574-d17f-43d8-b909-8aad5c117009.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1e6a7797-f867-41d1-8962-183f08016f0e.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\23d6aa7d-ae0f-44fb-8098-8671aa3c36c0.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4ffaf27a-581e-4744-82c7-561c030c5cfd.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\68b69776-d590-40a8-9e70-f14c909f8c8d.tmp
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\28273922-1a26-4399-a23a-25fab8ef8ef9.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index
|
ISO-8859 text, with no line terminators, with escape sequences
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\temp-index
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\the-real-index
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index
|
ISO-8859 text, with no line terminators, with escape sequences
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir\temp-index
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir\the-real-index
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_0
|
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_2
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_3
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\index
|
FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\000001.dbtmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\CURRENT
(copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\MANIFEST-000001
|
PGP\011Secret Key -
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\000001.dbtmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\CURRENT
(copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\MANIFEST-000001
|
PGP\011Secret Key -
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000001.dbtmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\CURRENT
(copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001
|
PGP\011Secret Key -
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a48514e2-257b-4ce9-a1b8-aa007209afbe.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ad7e2249-b97d-4442-a21f-a4067c98d52b.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d5575abb-c188-4676-bc77-eb3ead99d0fa.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000008.dbtmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fa57dafd-4e3d-4280-86ef-5f6b279f8fb2.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fc72625b-ce6c-4e0e-9448-31cad2a3c0bd.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\be60ccf5-e6d5-4124-a42c-7e04cc18673a.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\d4994c1e-e2a6-417a-8037-eef2f3c2f99e.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\d696b02f-2025-4f67-a692-d8adde6b1278.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\d7c59152-eb3b-4827-aca1-e6afce5cc8c3.tmp
|
PGP symmetric key encrypted data - Plaintext or unencrypted data salted -
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\f00af8ef-12e7-45e4-b998-a92816026779.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\42098A23.png
|
PNG image data, 1140 x 1281, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\3054.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\347e43ed-9d19-441d-ac31-ab93e366f8d0.tmp
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\a4053014-91fa-4ea9-8dde-7cf0b34244b6.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir1688_252689295\a4053014-91fa-4ea9-8dde-7cf0b34244b6.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DF6AEEABD9704EA844.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFCA3402021093D597.TMP
|
data
|
dropped
|
||
C:\Users\user\Desktop\~$Invoice#0036473 .xlsx
|
data
|
dropped
|
There are 116 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
||
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
|
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html
|
||
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
|
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--field-trial-handle=968,11663495452235836402,10867097982774653214,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox
--mojo-platform-channel-handle=1452 /prefetch:8
|
||
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
|
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html
|
||
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
|
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--field-trial-handle=932,13148372515324661737,10505591573509331624,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox
--mojo-platform-channel-handle=1376 /prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html
|
|||
https://eyecandylashcompany.com/payment/frontend_paper_lantern/images/office3651.png
|
69.49.244.155
|
||
https://eyecandylashcompany.com/payment/frontend_paper_lantern/images/gmail.png
|
69.49.244.155
|
||
https://eyecandylashcompany.com/payment/frontend_paper_lantern/css/hover.css
|
69.49.244.155
|
||
https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html2
|
unknown
|
||
https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html
|
69.49.244.155
|
||
https://consent.google.com
|
unknown
|
||
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
https://ogs.google.com
|
unknown
|
||
https://cdn.pixabay.com/photo/2018/03/10/12/00/paper-3213924_1280.jpg
|
104.18.37.244
|
||
https://www.google.com/images/cleardot.gif
|
unknown
|
||
https://code.jquery.com/jquery-3.2.1.slim.min.js
|
unknown
|
||
http://www.gmail.com
|
unknown
|
||
https://code.jquery.com/jquery-3.1.1.min.js
|
unknown
|
||
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.251.36.205
|
||
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
https://adservice.google.com
|
unknown
|
||
https://lh3.googleusercontent.com
|
unknown
|
||
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
|
104.18.11.207
|
||
https://lh3.googleusercontent.com/proxy/bATQDWurvLlY3z2KTwUlb1gMxwLZoCk7CvqzrLqN1JioLU4nXkElVj-rMrvN
|
unknown
|
||
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
https://www.google.com/images/x2.gif
|
unknown
|
||
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
|
104.18.11.207
|
||
https://code.jquery.com/jquery-3.3.1.js
|
unknown
|
||
https://accounts.google.com/MergeSession
|
unknown
|
||
https://lh3.googleusercontent.com/proxy/bATQDWurvLlY3z2KTwUlb1gMxwLZoCk7CvqzrLqN1JioLU4nXkElVj-rMrvNZjuUXh3c1WhNOGX5_Cg18Wmltm3vvna-uZDqOkUISXU4XOYsUyt-4962tq2u0WiI358gef4ewWcVp0PA6YiTnICV2Cg7wLzdb0DlXw
|
172.217.16.161
|
||
https://www.google.com
|
unknown
|
||
https://www.google.com/images/dot2.gif
|
unknown
|
||
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
|
104.17.25.14
|
||
https://accounts.google.com
|
unknown
|
||
https://cdn.iconscout.com/icon/free/png-512/microsoft-sharepoint-3-599372.png
|
104.18.28.243
|
||
https://clients2.googleusercontent.com
|
unknown
|
||
https://apis.google.com
|
unknown
|
||
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
|
104.18.11.207
|
||
https://kit.fontawesome.com/585b051251.js
|
unknown
|
||
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
https://www.google.com/
|
unknown
|
||
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.251.36.238
|
||
https://clients2.google.com
|
unknown
|
||
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 32 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
eyecandylashcompany.com
|
69.49.244.155
|
||
gstaticadssl.l.google.com
|
142.251.36.227
|
||
stackpath.bootstrapcdn.com
|
104.18.11.207
|
||
accounts.google.com
|
142.251.36.205
|
||
cdnjs.cloudflare.com
|
104.17.25.14
|
||
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
||
clients.l.google.com
|
142.251.36.238
|
||
cdn.iconscout.com
|
104.18.28.243
|
||
cdn.pixabay.com
|
104.18.37.244
|
||
googlehosted.l.googleusercontent.com
|
172.217.16.161
|
||
clients2.google.com
|
unknown
|
||
ka-f.fontawesome.com
|
unknown
|
||
code.jquery.com
|
unknown
|
||
kit.fontawesome.com
|
unknown
|
||
lh3.googleusercontent.com
|
unknown
|
There are 5 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
69.49.244.155
|
eyecandylashcompany.com
|
United States
|
||
142.251.36.238
|
clients.l.google.com
|
United States
|
||
142.251.36.205
|
accounts.google.com
|
United States
|
||
142.251.36.227
|
gstaticadssl.l.google.com
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
||
104.18.11.207
|
stackpath.bootstrapcdn.com
|
United States
|
||
104.18.37.244
|
cdn.pixabay.com
|
United States
|
||
192.168.2.22
|
unknown
|
unknown
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
104.18.28.243
|
cdn.iconscout.com
|
United States
|
||
172.217.16.161
|
googlehosted.l.googleusercontent.com
|
United States
|
||
192.168.2.255
|
unknown
|
unknown
|
||
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
There are 4 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
'x)
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\68536
|
68536
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
& )
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\73F03
|
73F03
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\74E6E
|
74E6E
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
|
UseRWHlinkNavigation
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-966771315-3019405637-367336477-1006
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
version
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
There are 108 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
45D000
|
heap
|
page read and write
|
||
46B000
|
heap
|
page read and write
|
||
7EFE0000
|
unkown
|
page readonly
|
||
420000
|
heap
|
page read and write
|
||
D0000
|
heap
|
page read and write
|
||
6AF000
|
stack
|
page read and write
|
||
106000
|
heap
|
page read and write
|
||
61F000
|
stack
|
page read and write
|
||
466000
|
heap
|
page read and write
|
||
29D000
|
stack
|
page read and write
|
||
10000
|
heap
|
page read and write
|
||
427000
|
heap
|
page read and write
|
||
6C4000
|
heap
|
page read and write
|
||
39F000
|
stack
|
page read and write
|
||
6C0000
|
heap
|
page read and write
|
||
77E000
|
stack
|
page read and write
|
There are 6 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://eyecandylashcompany.com/payment/frontend_paper_lantern/index.html
|