Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Rtd-denver Statement Withhold_Detail954089.html
|
HTML document, ASCII text, with very long lines (4083), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20230320T2202390426-404.etl
|
data
|
modified
|
||
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
data
|
dropped
|
||
|
Chrome Cache Entry: 137
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.5], baseline, precision
8, 1420x1080, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 138
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
|
downloaded
|
||
|
Chrome Cache Entry: 139
|
troff or preprocessor input, ASCII text, with very long lines (372)
|
downloaded
|
||
|
Chrome Cache Entry: 140
|
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
|
downloaded
|
||
|
Chrome Cache Entry: 141
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 142
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
|
downloaded
|
||
|
Chrome Cache Entry: 143
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.5], baseline, precision
8, 1420x1080, components 3
|
dropped
|
||
|
Chrome Cache Entry: 144
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 145
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
|
dropped
|
||
|
Chrome Cache Entry: 146
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.1], baseline, precision
8, 280x60, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 147
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
|
dropped
|
||
|
Chrome Cache Entry: 148
|
ASCII text, with very long lines (30837)
|
downloaded
|
||
|
Chrome Cache Entry: 149
|
ASCII text, with very long lines (65266), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 150
|
ASCII text, with very long lines (65325)
|
downloaded
|
||
|
Chrome Cache Entry: 151
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
|
dropped
|
||
|
Chrome Cache Entry: 152
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
|
downloaded
|
||
|
Chrome Cache Entry: 153
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.1], baseline, precision
8, 280x60, components 3
|
dropped
|
||
|
Chrome Cache Entry: 154
|
ASCII text, with very long lines (32030)
|
downloaded
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
|
"C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE" /PIM NoEmail
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Rtd-denver
Statement Withhold_Detail954089.html
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1820,i,13093619940633005099,1936944448872114653,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
file:///C:/Users/user/Desktop/Rtd-denver%20Statement%20Withhold_Detail954089.html
|
|
||
|
https://b0ndtech.net/host16/admin/js/mj.php?ar=ZXhjZWw=
|
92.242.187.183
|
||
|
http://fontawesome.io
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
|
104.18.11.207
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
|
104.17.25.14
|
||
|
https://getbootstrap.com)
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
|
104.18.11.207
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.186.45
|
||
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
|
https://b0ndtech.net/host16/d21edef.php
|
92.242.187.183
|
||
|
https://aadcdn.msauthimages.net/dbd5a2dd-1njtyxqmqtxll4fekahwsiyy3a1hrkw922ab5h5-6r8/logintenantbranding/0/illustration?ts=637082369601429463
|
152.199.23.72
|
||
|
https://aadcdn.msauthimages.net/dbd5a2dd-1njtyxqmqtxll4fekahwsiyy3a1hrkw922ab5h5-6r8/logintenantbranding/0/bannerlogo?ts=637045113745897419
|
152.199.23.72
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.185.142
|
||
|
https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css
|
151.101.129.229
|
||
|
http://fontawesome.io/license
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jsdelivr.map.fastly.net
|
151.101.129.229
|
||
|
b0ndtech.net
|
92.242.187.183
|
||
|
accounts.google.com
|
142.250.186.45
|
||
|
cdnjs.cloudflare.com
|
104.17.25.14
|
||
|
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
||
|
cs1227.wpc.alphacdn.net
|
192.229.221.185
|
||
|
www.google.com
|
216.58.212.164
|
||
|
part-0017.t-0009.fdv2-t-msedge.net
|
13.107.237.45
|
||
|
clients.l.google.com
|
142.250.185.142
|
||
|
cs1025.wpc.upsiloncdn.net
|
152.199.23.72
|
||
|
aadcdn.msauthimages.net
|
unknown
|
||
|
clients2.google.com
|
unknown
|
||
|
code.jquery.com
|
unknown
|
||
|
cdn.jsdelivr.net
|
unknown
|
There are 4 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.186.45
|
accounts.google.com
|
United States
|
||
|
142.250.185.68
|
unknown
|
United States
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
152.199.23.72
|
cs1025.wpc.upsiloncdn.net
|
United States
|
||
|
151.101.129.229
|
jsdelivr.map.fastly.net
|
United States
|
||
|
52.109.77.0
|
unknown
|
United States
|
||
|
92.242.187.183
|
b0ndtech.net
|
United Kingdom
|
||
|
104.18.11.207
|
maxcdn.bootstrapcdn.com
|
United States
|
||
|
52.109.32.24
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.229.221.185
|
cs1227.wpc.alphacdn.net
|
United States
|
||
|
142.250.185.142
|
clients.l.google.com
|
United States
|
||
|
13.107.237.45
|
part-0017.t-0009.fdv2-t-msedge.net
|
United States
|
||
|
192.229.221.95
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
||
|
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
There are 6 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Settings\Data
|
global_Accessibility_ReminderType
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
|
11023d05
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{AA8FA310-0939-4CE3-B9BB-AE05B2695110}
|
5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{AA8FA310-0939-4CE3-B9BB-AE05B2695110}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{691E1C12-2693-4D4A-852C-7478657BBE6E}
|
255
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{691E1C12-2693-4D4A-852C-7478657BBE6E}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{287BF315-5A11-4B2F-B069-B761ADE25A49}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{287BF315-5A11-4B2F-B069-B761ADE25A49}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{6B6B571B-F4E3-4FBB-A83F-0790D11D19AB}
|
255
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{6B6B571B-F4E3-4FBB-A83F-0790D11D19AB}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{284B8D30-4AA6-4A0F-9143-CE2E8E1F10F0}
|
255
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{284B8D30-4AA6-4A0F-9143-CE2E8E1F10F0}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{F762CE39-AC6C-4E1C-B55F-0E11586E6D07}
|
5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{F762CE39-AC6C-4E1C-B55F-0E11586E6D07}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02CAC15F-D4BE-400E-9127-D54982AA4AE9}
|
5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02CAC15F-D4BE-400E-9127-D54982AA4AE9}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{11ADBD74-7DF2-4E8E-802B-B3BCBFD04A78}
|
5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{11ADBD74-7DF2-4E8E-802B-B3BCBFD04A78}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{13967EE5-6B23-4BCD-A496-1D788449A8CF}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{13967EE5-6B23-4BCD-A496-1D788449A8CF}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ULSMonitor
|
ULSTagIds0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ULSMonitor
|
ULSCategoriesSeverities
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{AA8FA310-0939-4CE3-B9BB-AE05B2695110}
|
5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{AA8FA310-0939-4CE3-B9BB-AE05B2695110}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{691E1C12-2693-4D4A-852C-7478657BBE6E}
|
255
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{691E1C12-2693-4D4A-852C-7478657BBE6E}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{287BF315-5A11-4B2F-B069-B761ADE25A49}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{287BF315-5A11-4B2F-B069-B761ADE25A49}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{6B6B571B-F4E3-4FBB-A83F-0790D11D19AB}
|
255
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{6B6B571B-F4E3-4FBB-A83F-0790D11D19AB}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{284B8D30-4AA6-4A0F-9143-CE2E8E1F10F0}
|
255
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{284B8D30-4AA6-4A0F-9143-CE2E8E1F10F0}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{F762CE39-AC6C-4E1C-B55F-0E11586E6D07}
|
5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{F762CE39-AC6C-4E1C-B55F-0E11586E6D07}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02CAC15F-D4BE-400E-9127-D54982AA4AE9}
|
5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02CAC15F-D4BE-400E-9127-D54982AA4AE9}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{11ADBD74-7DF2-4E8E-802B-B3BCBFD04A78}
|
5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{11ADBD74-7DF2-4E8E-802B-B3BCBFD04A78}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{13967EE5-6B23-4BCD-A496-1D788449A8CF}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{13967EE5-6B23-4BCD-A496-1D788449A8CF}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ULSMonitor
|
ULSTagIds0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ULSMonitor
|
ULSCategoriesSeverities
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Settings
|
Accounts
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncing
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-2660496737-530772487-1027249058-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blocklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-2660496737-530772487-1027249058-1002
|
||
|
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
|
TraceTimeLast
|
There are 85 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
28403D17000
|
heap
|
page read and write
|
||
|
28404897000
|
heap
|
page read and write
|
||
|
18504A81000
|
heap
|
page read and write
|
||
|
ED5ED9F000
|
stack
|
page read and write
|
||
|
28403D56000
|
heap
|
page read and write
|
||
|
28403D3D000
|
heap
|
page read and write
|
||
|
28403CB3000
|
heap
|
page read and write
|
||
|
28403C94000
|
heap
|
page read and write
|
||
|
4683BF000
|
stack
|
page read and write
|
||
|
28403CF5000
|
heap
|
page read and write
|
||
|
284048A9000
|
heap
|
page read and write
|
||
|
28403D3B000
|
heap
|
page read and write
|
||
|
28404603000
|
heap
|
page read and write
|
||
|
468976000
|
stack
|
page read and write
|
||
|
28403D03000
|
heap
|
page read and write
|
||
|
28403CCB000
|
heap
|
page read and write
|
||
|
284048AB000
|
heap
|
page read and write
|
||
|
28403D42000
|
heap
|
page read and write
|
||
|
28403D3D000
|
heap
|
page read and write
|
||
|
46887B000
|
stack
|
page read and write
|
||
|
28403D13000
|
heap
|
page read and write
|
||
|
18504B13000
|
heap
|
page read and write
|
||
|
28404894000
|
heap
|
page read and write
|
||
|
28403D33000
|
heap
|
page read and write
|
||
|
28403D59000
|
heap
|
page read and write
|
||
|
28403D1F000
|
heap
|
page read and write
|
||
|
28403D58000
|
heap
|
page read and write
|
||
|
28404893000
|
heap
|
page read and write
|
||
|
28403D30000
|
heap
|
page read and write
|
||
|
284048A0000
|
heap
|
page read and write
|
||
|
28403D33000
|
heap
|
page read and write
|
||
|
284045F8000
|
heap
|
page read and write
|
||
|
28403D1F000
|
heap
|
page read and write
|
||
|
28403CAB000
|
heap
|
page read and write
|
||
|
28403D1E000
|
heap
|
page read and write
|
||
|
28403D2C000
|
heap
|
page read and write
|
||
|
18504A65000
|
heap
|
page read and write
|
||
|
28403EF5000
|
heap
|
page read and write
|
||
|
28403D27000
|
heap
|
page read and write
|
||
|
468B7E000
|
stack
|
page read and write
|
||
|
28403D14000
|
heap
|
page read and write
|
||
|
28403D1A000
|
heap
|
page read and write
|
||
|
28403D17000
|
heap
|
page read and write
|
||
|
28403CDC000
|
heap
|
page read and write
|
||
|
28403CD7000
|
heap
|
page read and write
|
||
|
28403C68000
|
heap
|
page read and write
|
||
|
28404892000
|
heap
|
page read and write
|
||
|
28403C89000
|
heap
|
page read and write
|
||
|
468778000
|
stack
|
page read and write
|
||
|
28403D33000
|
heap
|
page read and write
|
||
|
284048B4000
|
heap
|
page read and write
|
||
|
28403D3B000
|
heap
|
page read and write
|
||
|
28403D5D000
|
heap
|
page read and write
|
||
|
28403D08000
|
heap
|
page read and write
|
||
|
28403D3B000
|
heap
|
page read and write
|
||
|
28403CED000
|
heap
|
page read and write
|
||
|
28403D3E000
|
heap
|
page read and write
|
||
|
28403D14000
|
heap
|
page read and write
|
||
|
28403D14000
|
heap
|
page read and write
|
||
|
28403CAD000
|
heap
|
page read and write
|
||
|
28403D45000
|
heap
|
page read and write
|
||
|
28403D2F000
|
heap
|
page read and write
|
||
|
284048B1000
|
heap
|
page read and write
|
||
|
18505215000
|
heap
|
page read and write
|
||
|
28403D08000
|
heap
|
page read and write
|
||
|
2840489A000
|
heap
|
page read and write
|
||
|
28403D3B000
|
heap
|
page read and write
|
||
|
28403D47000
|
heap
|
page read and write
|
||
|
28403D42000
|
heap
|
page read and write
|
||
|
28403D0A000
|
heap
|
page read and write
|
||
|
28403CCB000
|
heap
|
page read and write
|
||
|
18504A4C000
|
heap
|
page read and write
|
||
|
28403CBB000
|
heap
|
page read and write
|
||
|
28403D10000
|
heap
|
page read and write
|
||
|
28403D56000
|
heap
|
page read and write
|
||
|
28403D5A000
|
heap
|
page read and write
|
||
|
2840489E000
|
heap
|
page read and write
|
||
|
185048B0000
|
heap
|
page read and write
|
||
|
18504A57000
|
heap
|
page read and write
|
||
|
28403D5C000
|
heap
|
page read and write
|
||
|
28403D21000
|
heap
|
page read and write
|
||
|
28403D47000
|
heap
|
page read and write
|
||
|
28403CC3000
|
heap
|
page read and write
|
||
|
28403CD5000
|
heap
|
page read and write
|
||
|
28403D2D000
|
heap
|
page read and write
|
||
|
28403D23000
|
heap
|
page read and write
|
||
|
28403CFE000
|
heap
|
page read and write
|
||
|
2840460A000
|
heap
|
page read and write
|
||
|
28403D58000
|
heap
|
page read and write
|
||
|
28403D60000
|
heap
|
page read and write
|
||
|
28403C60000
|
heap
|
page read and write
|
||
|
28403D55000
|
heap
|
page read and write
|
||
|
28404850000
|
heap
|
page read and write
|
||
|
28403CDB000
|
heap
|
page read and write
|
||
|
28403D03000
|
heap
|
page read and write
|
||
|
468C7F000
|
stack
|
page read and write
|
||
|
28403D55000
|
heap
|
page read and write
|
||
|
28403D27000
|
heap
|
page read and write
|
||
|
28403CF4000
|
heap
|
page read and write
|
||
|
28403CEC000
|
heap
|
page read and write
|
||
|
28403D3B000
|
heap
|
page read and write
|
||
|
28403D08000
|
heap
|
page read and write
|
||
|
185049B0000
|
trusted library allocation
|
page read and write
|
||
|
28403D1A000
|
heap
|
page read and write
|
||
|
28403D45000
|
heap
|
page read and write
|
||
|
28403D14000
|
heap
|
page read and write
|
||
|
28404603000
|
heap
|
page read and write
|
||
|
ED5ED17000
|
stack
|
page read and write
|
||
|
28403D22000
|
heap
|
page read and write
|
||
|
18504A2A000
|
heap
|
page read and write
|
||
|
28403CF6000
|
heap
|
page read and write
|
||
|
18505202000
|
heap
|
page read and write
|
||
|
28403D0A000
|
heap
|
page read and write
|
||
|
18504850000
|
heap
|
page read and write
|
||
|
28403D27000
|
heap
|
page read and write
|
||
|
28403D1F000
|
heap
|
page read and write
|
||
|
28403D38000
|
heap
|
page read and write
|
||
|
28403D47000
|
heap
|
page read and write
|
||
|
28403D27000
|
heap
|
page read and write
|
||
|
28403C81000
|
heap
|
page read and write
|
||
|
2840489A000
|
heap
|
page read and write
|
||
|
28403CFA000
|
heap
|
page read and write
|
||
|
18504840000
|
heap
|
page read and write
|
||
|
28403D1A000
|
heap
|
page read and write
|
||
|
18505200000
|
heap
|
page read and write
|
||
|
28403D80000
|
heap
|
page read and write
|
||
|
28403B40000
|
heap
|
page read and write
|
||
|
ED5F0FC000
|
stack
|
page read and write
|
||
|
28403CA2000
|
heap
|
page read and write
|
||
|
18504A40000
|
heap
|
page read and write
|
||
|
284048AC000
|
heap
|
page read and write
|
||
|
28403D04000
|
heap
|
page read and write
|
||
|
ED5F2FF000
|
stack
|
page read and write
|
||
|
28403D14000
|
heap
|
page read and write
|
||
|
28403CED000
|
heap
|
page read and write
|
||
|
28403D33000
|
heap
|
page read and write
|
||
|
28403CA2000
|
heap
|
page read and write
|
||
|
28403C7E000
|
heap
|
page read and write
|
||
|
28403CDA000
|
heap
|
page read and write
|
||
|
18504A00000
|
heap
|
page read and write
|
||
|
ED5F17E000
|
stack
|
page read and write
|
||
|
28403D22000
|
heap
|
page read and write
|
||
|
28403D37000
|
heap
|
page read and write
|
||
|
28403CAE000
|
heap
|
page read and write
|
||
|
18504A38000
|
heap
|
page read and write
|
||
|
28403D1A000
|
heap
|
page read and write
|
||
|
28403CD7000
|
heap
|
page read and write
|
||
|
28404890000
|
heap
|
page read and write
|
||
|
468A7E000
|
stack
|
page read and write
|
||
|
28404612000
|
heap
|
page read and write
|
||
|
18504B02000
|
heap
|
page read and write
|
||
|
18504B00000
|
heap
|
page read and write
|
||
|
28403D59000
|
heap
|
page read and write
|
||
|
28403CF0000
|
heap
|
page read and write
|
||
|
28403D12000
|
heap
|
page read and write
|
||
|
46867E000
|
stack
|
page read and write
|
||
|
28403D55000
|
heap
|
page read and write
|
||
|
28403D47000
|
heap
|
page read and write
|
||
|
18504A13000
|
heap
|
page read and write
|
||
|
46833B000
|
stack
|
page read and write
|
||
|
28403CA6000
|
heap
|
page read and write
|
||
|
28403CE3000
|
heap
|
page read and write
|
||
|
28403CF9000
|
heap
|
page read and write
|
||
|
28403D5E000
|
heap
|
page read and write
|
||
|
28403D22000
|
heap
|
page read and write
|
||
|
284048B6000
|
heap
|
page read and write
|
||
|
28403D42000
|
heap
|
page read and write
|
||
|
28403D3E000
|
heap
|
page read and write
|
||
|
284045F0000
|
heap
|
page read and write
|
||
|
28403CF8000
|
heap
|
page read and write
|
||
|
284048A7000
|
heap
|
page read and write
|
||
|
28403D12000
|
heap
|
page read and write
|
||
|
28403CDC000
|
heap
|
page read and write
|
||
|
28403EF0000
|
heap
|
page read and write
|
||
|
28403D5C000
|
heap
|
page read and write
|
||
|
28403CFA000
|
heap
|
page read and write
|
||
|
28403D45000
|
heap
|
page read and write
|
||
|
2840489B000
|
heap
|
page read and write
|
||
|
28403D1A000
|
heap
|
page read and write
|
||
|
28403D2D000
|
heap
|
page read and write
|
||
|
28403D58000
|
heap
|
page read and write
|
||
|
28403D5E000
|
heap
|
page read and write
|
||
|
28403C7A000
|
heap
|
page read and write
|
||
|
ED5F1FB000
|
stack
|
page read and write
|
||
|
ED5F27F000
|
stack
|
page read and write
|
||
|
28403D1A000
|
heap
|
page read and write
|
||
|
28403CC0000
|
heap
|
page read and write
|
||
|
28403D08000
|
heap
|
page read and write
|
||
|
28403D2F000
|
heap
|
page read and write
|
||
|
28403D3D000
|
heap
|
page read and write
|
||
|
284045FE000
|
heap
|
page read and write
|
||
|
28403D21000
|
heap
|
page read and write
|
||
|
28404895000
|
heap
|
page read and write
|
||
|
28403CCE000
|
heap
|
page read and write
|
||
|
28403CFD000
|
heap
|
page read and write
|
||
|
284048AE000
|
heap
|
page read and write
|
||
|
28403D42000
|
heap
|
page read and write
|
||
|
28403CFF000
|
heap
|
page read and write
|
||
|
28403CCF000
|
heap
|
page read and write
|
||
|
28403CED000
|
heap
|
page read and write
|
||
|
28403D5A000
|
heap
|
page read and write
|
||
|
28403D33000
|
heap
|
page read and write
|
||
|
28403D3B000
|
heap
|
page read and write
|
||
|
284045FF000
|
heap
|
page read and write
|
||
|
ED5F07E000
|
stack
|
page read and write
|
||
|
2840489A000
|
heap
|
page read and write
|
||
|
28403D47000
|
heap
|
page read and write
|
||
|
2840460A000
|
heap
|
page read and write
|
||
|
28404897000
|
heap
|
page read and write
|
||
|
28403D55000
|
heap
|
page read and write
|
There are 200 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
file:///C:/Users/user/Desktop/Rtd-denver%20Statement%20Withhold_Detail954089.html
|
|