Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Review Document.pdf
|
PDF document, version 1.7, 1 pages
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index
|
data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF5fc69d.TMP (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF5f4ab6.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-221129164109Z-201.bmp
|
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3024000, file counter 16, database pages 15, cookie 0x5, schema 4,
UTF-8, version-valid-for 16
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.4796
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.4796
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
|
data
|
dropped
|
There are 46 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\Review Document.pdf
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://passatuhenverify.web.app/
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB
--service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1784,i,7271988810475612612,8623558977825433660,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://passatuhenverify.web.app/)
|
unknown
|
|
|
|
https://passatuhenverify.web.app/
|
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.203.110
|
||
|
https://passatuhenverify.web.app/
|
199.36.158.100
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
|
152.199.23.37
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
|
152.199.23.37
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
172.217.168.45
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
|
152.199.23.37
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cs1100.wpc.omegacdn.net
|
152.199.23.37
|
||
|
accounts.google.com
|
172.217.168.45
|
||
|
www.google.com
|
172.217.168.36
|
||
|
clients.l.google.com
|
142.250.203.110
|
||
|
passatuhenverify.web.app
|
199.36.158.100
|
||
|
clients2.google.com
|
unknown
|
||
|
aadcdn.msftauth.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
199.36.158.100
|
passatuhenverify.web.app
|
United States
|
||
|
172.217.168.45
|
accounts.google.com
|
United States
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
172.217.168.36
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.203.110
|
clients.l.google.com
|
United States
|
||
|
152.199.23.37
|
cs1100.wpc.omegacdn.net
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blocklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
|
TraceTimeLast
|
There are 54 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6B9EF7C000
|
stack
|
page read and write
|
||
|
2194A46B000
|
heap
|
page read and write
|
||
|
21C4B29D000
|
heap
|
page read and write
|
||
|
8F6DE7C000
|
stack
|
page read and write
|
||
|
6B9F4FF000
|
stack
|
page read and write
|
||
|
188F6E29000
|
heap
|
page read and write
|
||
|
21C50700000
|
trusted library allocation
|
page read and write
|
||
|
21C4C160000
|
trusted library section
|
page readonly
|
||
|
21C4BB02000
|
heap
|
page read and write
|
||
|
188F7602000
|
trusted library allocation
|
page read and write
|
||
|
25DC885C000
|
heap
|
page read and write
|
||
|
6B9EC7B000
|
stack
|
page read and write
|
||
|
21C4B279000
|
heap
|
page read and write
|
||
|
2194A457000
|
heap
|
page read and write
|
||
|
21C50970000
|
trusted library allocation
|
page read and write
|
||
|
21C50890000
|
trusted library allocation
|
page read and write
|
||
|
2194A45D000
|
heap
|
page read and write
|
||
|
21C50A17000
|
heap
|
page read and write
|
||
|
21C4BA00000
|
heap
|
page read and write
|
||
|
21C4BB18000
|
heap
|
page read and write
|
||
|
3D207E000
|
stack
|
page read and write
|
||
|
2194A425000
|
heap
|
page read and write
|
||
|
1FE3E440000
|
heap
|
page read and write
|
||
|
2194A444000
|
heap
|
page read and write
|
||
|
1FE3E436000
|
heap
|
page read and write
|
||
|
25DC9213000
|
heap
|
page read and write
|
||
|
6B9F27B000
|
stack
|
page read and write
|
||
|
2194A350000
|
heap
|
page read and write
|
||
|
2194A46D000
|
heap
|
page read and write
|
||
|
21C4B1D0000
|
trusted library section
|
page read and write
|
||
|
2194A461000
|
heap
|
page read and write
|
||
|
21C4BB58000
|
heap
|
page read and write
|
||
|
21C508A4000
|
trusted library allocation
|
page read and write
|
||
|
25DC8864000
|
heap
|
page read and write
|
||
|
2194A459000
|
heap
|
page read and write
|
||
|
21C4B29F000
|
heap
|
page read and write
|
||
|
21C4B23D000
|
heap
|
page read and write
|
||
|
1A46B5D0000
|
trusted library allocation
|
page read and write
|
||
|
21C4B277000
|
heap
|
page read and write
|
||
|
1FE3E1A0000
|
heap
|
page read and write
|
||
|
8F6E1FE000
|
stack
|
page read and write
|
||
|
25DC898E000
|
heap
|
page read and write
|
||
|
1A46AC20000
|
trusted library allocation
|
page read and write
|
||
|
25DC8856000
|
heap
|
page read and write
|
||
|
2194A400000
|
heap
|
page read and write
|
||
|
32F5F8B000
|
stack
|
page read and write
|
||
|
2194A477000
|
heap
|
page read and write
|
||
|
21C509D0000
|
trusted library allocation
|
page read and write
|
||
|
188F6E52000
|
heap
|
page read and write
|
||
|
2194A45E000
|
heap
|
page read and write
|
||
|
20FCDEE000
|
stack
|
page read and write
|
||
|
25DC8813000
|
heap
|
page read and write
|
||
|
25DC8800000
|
heap
|
page read and write
|
||
|
188F6BE0000
|
heap
|
page read and write
|
||
|
25DC8869000
|
heap
|
page read and write
|
||
|
2194A440000
|
heap
|
page read and write
|
||
|
21C50CC0000
|
trusted library allocation
|
page read and write
|
||
|
21C50880000
|
trusted library allocation
|
page read and write
|
||
|
1A46A920000
|
trusted library allocation
|
page read and write
|
||
|
2194A2F0000
|
heap
|
page read and write
|
||
|
21C506C0000
|
trusted library allocation
|
page read and write
|
||
|
21C4B2FB000
|
heap
|
page read and write
|
||
|
25DC9122000
|
heap
|
page read and write
|
||
|
6B9ECFE000
|
stack
|
page read and write
|
||
|
2194A380000
|
trusted library allocation
|
page read and write
|
||
|
6B9F07A000
|
stack
|
page read and write
|
||
|
21C509C0000
|
remote allocation
|
page read and write
|
||
|
8F6DEF9000
|
stack
|
page read and write
|
||
|
6B9F8FD000
|
stack
|
page read and write
|
||
|
25DC884E000
|
heap
|
page read and write
|
||
|
21C50A2B000
|
heap
|
page read and write
|
||
|
3D227D000
|
stack
|
page read and write
|
||
|
1A46B860000
|
trusted library allocation
|
page read and write
|
||
|
25DC883C000
|
heap
|
page read and write
|
||
|
21C4B326000
|
heap
|
page read and write
|
||
|
21C4C000000
|
trusted library allocation
|
page read and write
|
||
|
21C50887000
|
trusted library allocation
|
page read and write
|
||
|
25DC91BC000
|
heap
|
page read and write
|
||
|
6B9ED7E000
|
stack
|
page read and write
|
||
|
21C5086E000
|
trusted library allocation
|
page read and write
|
||
|
21C4C6C0000
|
trusted library allocation
|
page read and write
|
||
|
1A46AC15000
|
heap
|
page read and write
|
||
|
21C4B229000
|
heap
|
page read and write
|
||
|
8F6DBFF000
|
stack
|
page read and write
|
||
|
25DC91AE000
|
heap
|
page read and write
|
||
|
21C4BB58000
|
heap
|
page read and write
|
||
|
21C4B302000
|
heap
|
page read and write
|
||
|
8F6E37F000
|
stack
|
page read and write
|
||
|
21C4C1B0000
|
trusted library section
|
page readonly
|
||
|
21C4B9F0000
|
trusted library allocation
|
page read and write
|
||
|
21C506D0000
|
trusted library allocation
|
page read and write
|
||
|
2194AE02000
|
trusted library allocation
|
page read and write
|
||
|
1A46B810000
|
trusted library allocation
|
page read and write
|
||
|
188F6E13000
|
heap
|
page read and write
|
||
|
21C4B213000
|
heap
|
page read and write
|
||
|
25DC8843000
|
heap
|
page read and write
|
||
|
2194A47B000
|
heap
|
page read and write
|
||
|
8F6E0FA000
|
stack
|
page read and write
|
||
|
3D1FFC000
|
stack
|
page read and write
|
||
|
6B9F97D000
|
stack
|
page read and write
|
||
|
21C4C180000
|
trusted library section
|
page readonly
|
||
|
21C508A0000
|
trusted library allocation
|
page read and write
|
||
|
21C50A56000
|
heap
|
page read and write
|
||
|
21C50A10000
|
heap
|
page read and write
|
||
|
21C50865000
|
trusted library allocation
|
page read and write
|
||
|
21C4B274000
|
heap
|
page read and write
|
||
|
20FCD6B000
|
stack
|
page read and write
|
||
|
1A46A8B0000
|
heap
|
page read and write
|
||
|
21C4BB00000
|
heap
|
page read and write
|
||
|
21C506E0000
|
trusted library allocation
|
page read and write
|
||
|
25DC9200000
|
heap
|
page read and write
|
||
|
21C4B050000
|
heap
|
page read and write
|
||
|
188F6E44000
|
heap
|
page read and write
|
||
|
1FE3E340000
|
remote allocation
|
page read and write
|
||
|
25DC85A0000
|
heap
|
page read and write
|
||
|
21C509B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE3E429000
|
heap
|
page read and write
|
||
|
21C50A3F000
|
heap
|
page read and write
|
||
|
6B9F7FA000
|
stack
|
page read and write
|
||
|
21C4C190000
|
trusted library section
|
page readonly
|
||
|
21C4B291000
|
heap
|
page read and write
|
||
|
1FE3E458000
|
heap
|
page read and write
|
||
|
21C4C2A0000
|
trusted library allocation
|
page read and write
|
||
|
25DC8610000
|
heap
|
page read and write
|
||
|
21C50750000
|
trusted library allocation
|
page read and write
|
||
|
21C4BD01000
|
trusted library allocation
|
page read and write
|
||
|
2194A43A000
|
heap
|
page read and write
|
||
|
2194A441000
|
heap
|
page read and write
|
||
|
21C50868000
|
trusted library allocation
|
page read and write
|
||
|
1FE3E210000
|
heap
|
page read and write
|
||
|
21C50CD0000
|
trusted library allocation
|
page read and write
|
||
|
20FD3FE000
|
stack
|
page read and write
|
||
|
2194A460000
|
heap
|
page read and write
|
||
|
21C508A0000
|
trusted library allocation
|
page read and write
|
||
|
21C50881000
|
trusted library allocation
|
page read and write
|
||
|
21C4B9D1000
|
trusted library allocation
|
page read and write
|
||
|
2194A458000
|
heap
|
page read and write
|
||
|
2194A445000
|
heap
|
page read and write
|
||
|
1A46A9CB000
|
heap
|
page read and write
|
||
|
6B9F5FF000
|
stack
|
page read and write
|
||
|
21C4B313000
|
heap
|
page read and write
|
||
|
3D22FF000
|
stack
|
page read and write
|
||
|
1A46A9CB000
|
heap
|
page read and write
|
||
|
1A46B7F0000
|
heap
|
page readonly
|
||
|
8F6DFFF000
|
stack
|
page read and write
|
||
|
21C509A0000
|
trusted library allocation
|
page read and write
|
||
|
25DC91C9000
|
heap
|
page read and write
|
||
|
8F6DD7E000
|
stack
|
page read and write
|
||
|
2194A45A000
|
heap
|
page read and write
|
||
|
25DC887B000
|
heap
|
page read and write
|
||
|
1A46A750000
|
heap
|
page read and write
|
||
|
1A46A9CB000
|
heap
|
page read and write
|
||
|
188F6F02000
|
heap
|
page read and write
|
||
|
6B9F57F000
|
stack
|
page read and write
|
||
|
1FE3E1B0000
|
heap
|
page read and write
|
||
|
20FD4FF000
|
stack
|
page read and write
|
||
|
2194A46A000
|
heap
|
page read and write
|
||
|
21C4BA15000
|
heap
|
page read and write
|
||
|
21C4B0C0000
|
heap
|
page read and write
|
||
|
1FE3E413000
|
heap
|
page read and write
|
||
|
21C50890000
|
trusted library allocation
|
page read and write
|
||
|
21C50867000
|
trusted library allocation
|
page read and write
|
||
|
32F647E000
|
stack
|
page read and write
|
||
|
2194A446000
|
heap
|
page read and write
|
||
|
21C50884000
|
trusted library allocation
|
page read and write
|
||
|
20FD1FE000
|
stack
|
page read and write
|
||
|
2194A442000
|
heap
|
page read and write
|
||
|
21C50A88000
|
heap
|
page read and write
|
||
|
25DC9102000
|
heap
|
page read and write
|
||
|
21C50A00000
|
heap
|
page read and write
|
||
|
1FE3E402000
|
heap
|
page read and write
|
||
|
3D23FD000
|
stack
|
page read and write
|
||
|
21C50A95000
|
heap
|
page read and write
|
||
|
25DC9230000
|
heap
|
page read and write
|
||
|
6B9F2FE000
|
stack
|
page read and write
|
||
|
1A46A989000
|
heap
|
page read and write
|
||
|
25DC8851000
|
heap
|
page read and write
|
||
|
21C509B0000
|
trusted library allocation
|
page read and write
|
||
|
21C50930000
|
trusted library allocation
|
page read and write
|
||
|
3D257C000
|
stack
|
page read and write
|
||
|
1FE3E340000
|
remote allocation
|
page read and write
|
||
|
2194A484000
|
heap
|
page read and write
|
||
|
188F6E2E000
|
heap
|
page read and write
|
||
|
25DC89B9000
|
heap
|
page read and write
|
||
|
2194A448000
|
heap
|
page read and write
|
||
|
6B9F37F000
|
stack
|
page read and write
|
||
|
3D1B4B000
|
stack
|
page read and write
|
||
|
21C50990000
|
trusted library allocation
|
page read and write
|
||
|
2194A44E000
|
heap
|
page read and write
|
||
|
25DC9227000
|
heap
|
page read and write
|
||
|
21C50740000
|
trusted library allocation
|
page read and write
|
||
|
188F6E00000
|
heap
|
page read and write
|
||
|
188F6E02000
|
heap
|
page read and write
|
||
|
21C50A7A000
|
heap
|
page read and write
|
||
|
21C50861000
|
trusted library allocation
|
page read and write
|
||
|
188F6D40000
|
trusted library allocation
|
page read and write
|
||
|
21C50980000
|
trusted library allocation
|
page read and write
|
||
|
21C4BA02000
|
heap
|
page read and write
|
||
|
21C50A4C000
|
heap
|
page read and write
|
||
|
188F6C40000
|
heap
|
page read and write
|
||
|
25DC8913000
|
heap
|
page read and write
|
||
|
25DC886F000
|
heap
|
page read and write
|
||
|
1FE3E400000
|
heap
|
page read and write
|
||
|
2194A47E000
|
heap
|
page read and write
|
||
|
1A46AC19000
|
heap
|
page read and write
|
||
|
1A46AC10000
|
heap
|
page read and write
|
||
|
21C4B26F000
|
heap
|
page read and write
|
||
|
25DC916D000
|
heap
|
page read and write
|
||
|
25DC8730000
|
trusted library allocation
|
page read and write
|
||
|
21C4C170000
|
trusted library section
|
page readonly
|
||
|
21C509C0000
|
remote allocation
|
page read and write
|
||
|
6B9F47E000
|
stack
|
page read and write
|
||
|
21C509C0000
|
remote allocation
|
page read and write
|
||
|
21C50A83000
|
heap
|
page read and write
|
||
|
32F64F9000
|
stack
|
page read and write
|
||
|
21C4BB59000
|
heap
|
page read and write
|
||
|
1A46A980000
|
heap
|
page read and write
|
||
|
21C4B28D000
|
heap
|
page read and write
|
||
|
21C4B256000
|
heap
|
page read and write
|
||
|
25DC9202000
|
heap
|
page read and write
|
||
|
25DC8878000
|
heap
|
page read and write
|
||
|
21C4B200000
|
heap
|
page read and write
|
||
|
21C4B28B000
|
heap
|
page read and write
|
||
|
25DC8710000
|
trusted library allocation
|
page read and write
|
||
|
2194A413000
|
heap
|
page read and write
|
||
|
25DC9154000
|
heap
|
page read and write
|
||
|
25DC8891000
|
heap
|
page read and write
|
||
|
25DC9143000
|
heap
|
page read and write
|
||
|
21C50A1E000
|
heap
|
page read and write
|
||
|
1A46A930000
|
trusted library allocation
|
page read and write
|
||
|
21C4C1A0000
|
trusted library section
|
page readonly
|
||
|
25DC9190000
|
heap
|
page read and write
|
||
|
21C4B060000
|
heap
|
page read and write
|
||
|
2194A462000
|
heap
|
page read and write
|
||
|
1FE3E310000
|
trusted library allocation
|
page read and write
|
||
|
25DC9122000
|
heap
|
page read and write
|
||
|
2194A47A000
|
heap
|
page read and write
|
||
|
6B9F3FE000
|
stack
|
page read and write
|
||
|
1A46B7E0000
|
trusted library allocation
|
page read and write
|
||
|
505CB5B000
|
stack
|
page read and write
|
||
|
1A46B800000
|
trusted library allocation
|
page read and write
|
||
|
2194A502000
|
heap
|
page read and write
|
||
|
21C4B1C0000
|
trusted library allocation
|
page read and write
|
||
|
1A46A760000
|
trusted library allocation
|
page read and write
|
||
|
1FE3E340000
|
remote allocation
|
page read and write
|
||
|
6B9F17F000
|
stack
|
page read and write
|
||
|
1FE3EC02000
|
trusted library allocation
|
page read and write
|
||
|
2194A431000
|
heap
|
page read and write
|
||
|
21C509C0000
|
trusted library allocation
|
page read and write
|
||
|
32F63F9000
|
stack
|
page read and write
|
||
|
1A46A9C3000
|
heap
|
page read and write
|
||
|
8F6E2FB000
|
stack
|
page read and write
|
||
|
1A46A890000
|
heap
|
page read and write
|
||
|
32F637C000
|
stack
|
page read and write
|
||
|
25DC9230000
|
heap
|
page read and write
|
||
|
21C4BB18000
|
heap
|
page read and write
|
||
|
25DC9223000
|
heap
|
page read and write
|
||
|
505D179000
|
stack
|
page read and write
|
||
|
6B9EE78000
|
stack
|
page read and write
|
||
|
2194A2E0000
|
heap
|
page read and write
|
||
|
6B9F6FA000
|
stack
|
page read and write
|
||
|
25DC89E5000
|
heap
|
page read and write
|
||
|
21C4B225000
|
heap
|
page read and write
|
||
|
25DC85B0000
|
heap
|
page read and write
|
||
|
21C4BB18000
|
heap
|
page read and write
|
||
|
2194A43D000
|
heap
|
page read and write
|
||
|
188F6BF0000
|
heap
|
page read and write
|
||
|
8F6DA7C000
|
stack
|
page read and write
|
||
|
1A46A940000
|
trusted library allocation
|
page read and write
|
||
|
25DC8843000
|
heap
|
page read and write
|
||
|
1A46A9CD000
|
heap
|
page read and write
|
||
|
1FE3E502000
|
heap
|
page read and write
|
||
|
21C4B9F3000
|
trusted library allocation
|
page read and write
|
||
|
505D27F000
|
stack
|
page read and write
|
||
|
188F6E36000
|
heap
|
page read and write
|
||
|
2194A467000
|
heap
|
page read and write
|
||
|
21C4BB13000
|
heap
|
page read and write
|
||
|
1A46A991000
|
heap
|
page read and write
|
||
|
21C50A63000
|
heap
|
page read and write
|
||
|
21C50860000
|
trusted library allocation
|
page read and write
|
||
|
2194A429000
|
heap
|
page read and write
|
||
|
25DC8829000
|
heap
|
page read and write
|
||
|
25DC9100000
|
heap
|
page read and write
|
||
|
20FD2FE000
|
stack
|
page read and write
|
||
|
188F6E3D000
|
heap
|
page read and write
|
||
|
21C50860000
|
trusted library allocation
|
page read and write
|
||
|
25DC9002000
|
heap
|
page read and write
|
||
|
505D07E000
|
stack
|
page read and write
|
||
|
20FD07E000
|
stack
|
page read and write
|
There are 279 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://passatuhenverify.web.app/
|
|