Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
PAYMENT FORM.pdf.shtml
|
HTML document, ISO-8859 text, with CRLF line terminators
|
initial sample
|
||
Chrome Cache Entry: 133
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 236x305,
components 3
|
dropped
|
||
Chrome Cache Entry: 134
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 236x305,
components 3
|
downloaded
|
||
Chrome Cache Entry: 135
|
PNG image data, 300 x 168, 8-bit colormap, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 136
|
PNG image data, 300 x 168, 8-bit colormap, non-interlaced
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB
--service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1696,i,11738228780153301006,12006418429625946186,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\PAYMENT FORM.pdf.shtml
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
file:///C:/Users/user/Desktop/PAYMENT%20FORM.pdf.shtml
|
|||
https://www.google.com/url?q
|
unknown
|
||
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.203.110
|
||
https://i.pinimg.com/236x/46/85/2d/46852dd5fa51b69bdf5cc5c65c718ed9.jpg
|
146.75.120.84
|
||
https://formspree.io/f/xeqwznlj
|
unknown
|
||
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.203.109
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
accounts.google.com
|
142.250.203.109
|
||
dualstack.pinterest.map.fastly.net
|
146.75.120.84
|
||
www.google.com
|
142.250.203.100
|
||
clients.l.google.com
|
142.250.203.110
|
||
clients2.google.com
|
unknown
|
||
i.pinimg.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.168.2.1
|
unknown
|
unknown
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.203.100
|
www.google.com
|
United States
|
||
142.250.203.110
|
clients.l.google.com
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
||
142.250.203.109
|
accounts.google.com
|
United States
|
||
146.75.120.84
|
dualstack.pinterest.map.fastly.net
|
Sweden
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blocklist_cache_md5_digest
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
|
TraceTimeLast
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
There are 43 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
98FA7F000
|
stack
|
page read and write
|
||
18EF71B0000
|
trusted library allocation
|
page read and write
|
||
18EF8080000
|
trusted library allocation
|
page read and write
|
||
18EF7E40000
|
trusted library allocation
|
page read and write
|
||
18EF6FD0000
|
heap
|
page read and write
|
||
18EF720B000
|
heap
|
page read and write
|
||
18EF7208000
|
heap
|
page read and write
|
||
18EF7221000
|
heap
|
page read and write
|
||
18EF7210000
|
heap
|
page read and write
|
||
98F7F9000
|
stack
|
page read and write
|
||
98F67B000
|
stack
|
page read and write
|
||
18EF80E0000
|
trusted library allocation
|
page read and write
|
||
18EF71A0000
|
trusted library allocation
|
page read and write
|
||
18EF8090000
|
trusted library allocation
|
page read and write
|
||
18EF7210000
|
heap
|
page read and write
|
||
18EF71D0000
|
heap
|
page read and write
|
||
18EF7489000
|
heap
|
page read and write
|
||
18EF6FE0000
|
trusted library allocation
|
page read and write
|
||
18EF7130000
|
heap
|
page read and write
|
||
18EF71C8000
|
heap
|
page read and write
|
||
18EF7450000
|
trusted library allocation
|
page read and write
|
||
18EF7210000
|
heap
|
page read and write
|
||
18EF71C0000
|
heap
|
page read and write
|
||
98F9F9000
|
stack
|
page read and write
|
||
98F879000
|
stack
|
page read and write
|
||
18EF7490000
|
trusted library allocation
|
page read and write
|
||
18EF8070000
|
heap
|
page readonly
|
||
18EF7480000
|
heap
|
page read and write
|
||
98F8FE000
|
stack
|
page read and write
|
||
18EF7485000
|
heap
|
page read and write
|
||
18EF7470000
|
trusted library allocation
|
page read and write
|
||
18EF7110000
|
heap
|
page read and write
|
There are 22 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
file:///C:/Users/user/Desktop/PAYMENT%20FORM.pdf.shtml
|