Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Webex.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 07:50:31 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 07:50:31 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 07:50:31 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 07:50:31 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 07:50:31 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 41
|
ASCII text, with very long lines (778)
|
downloaded
|
||
|
Chrome Cache Entry: 42
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 43
|
ASCII text, with very long lines (65531)
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Webex.exe
|
"C:\Users\user\Desktop\Webex.exe"
|
|
|
|
C:\Users\user\Desktop\Webex.exe
|
"C:\Users\user\Desktop\Webex.exe"
|
|
|
|
C:\Users\user\Desktop\Webex.exe
|
"C:\Users\user\Desktop\Webex.exe"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2004,i,8847488438381224337,2067994835853220120,262144
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
|
142.250.185.238
|
||
|
https://www.google.com/async/newtab_promos
|
142.250.184.196
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.184.196
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.184.196
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
plus.l.google.com
|
142.250.185.238
|
||
|
play.google.com
|
142.250.186.110
|
||
|
www.google.com
|
142.250.184.196
|
||
|
apis.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.184.196
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.16
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22A24038000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
156F000
|
heap
|
page read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
22C9000
|
heap
|
page read and write
|
||
|
CFF000
|
heap
|
page read and write
|
||
|
151E000
|
stack
|
page read and write
|
||
|
2414000
|
heap
|
page read and write
|
||
|
157E000
|
heap
|
page read and write
|
||
|
3EC0000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
367F000
|
stack
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
B9000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
1557000
|
heap
|
page read and write
|
||
|
A7E000
|
stack
|
page read and write
|
||
|
22A24015000
|
heap
|
page read and write
|
||
|
22A24020000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
71F000
|
heap
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
711000
|
heap
|
page read and write
|
||
|
1579000
|
heap
|
page read and write
|
||
|
FDC000
|
stack
|
page read and write
|
||
|
727000
|
heap
|
page read and write
|
||
|
867000
|
unkown
|
page readonly
|
||
|
1595000
|
heap
|
page read and write
|
||
|
1585000
|
heap
|
page read and write
|
||
|
EDA000
|
stack
|
page read and write
|
||
|
C25000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
870000
|
unkown
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
723000
|
heap
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
CE7000
|
heap
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
B2A96FF000
|
stack
|
page read and write
|
||
|
157E000
|
heap
|
page read and write
|
||
|
B2A930C000
|
stack
|
page read and write
|
||
|
22A241F0000
|
heap
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
1578000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
135E000
|
stack
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
BEF000
|
stack
|
page read and write
|
||
|
174E000
|
stack
|
page read and write
|
||
|
22C5000
|
heap
|
page read and write
|
||
|
1573000
|
heap
|
page read and write
|
||
|
156F000
|
heap
|
page read and write
|
||
|
870000
|
unkown
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
870000
|
unkown
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
870000
|
unkown
|
page write copy
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
71D000
|
heap
|
page read and write
|
||
|
4920000
|
trusted library allocation
|
page read and write
|
||
|
578000
|
stack
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
1588000
|
heap
|
page read and write
|
||
|
B2A938E000
|
stack
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
158C000
|
heap
|
page read and write
|
||
|
706000
|
heap
|
page read and write
|
||
|
841000
|
unkown
|
page execute read
|
||
|
521F000
|
stack
|
page read and write
|
||
|
3065000
|
heap
|
page read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
97C000
|
stack
|
page read and write
|
||
|
22A24210000
|
heap
|
page read and write
|
||
|
1583000
|
heap
|
page read and write
|
||
|
867000
|
unkown
|
page readonly
|
||
|
139E000
|
stack
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
867000
|
unkown
|
page readonly
|
||
|
B2A967E000
|
stack
|
page read and write
|
||
|
716000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
840000
|
unkown
|
page readonly
|
||
|
22A24000000
|
heap
|
page read and write
|
||
|
184E000
|
stack
|
page read and write
|
||
|
6EE000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
D07000
|
heap
|
page read and write
|
||
|
874000
|
unkown
|
page readonly
|
||
|
1577000
|
heap
|
page read and write
|
||
|
36BE000
|
stack
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
1BC000
|
stack
|
page read and write
|
||
|
22A246C0000
|
heap
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
6EA000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
22A24010000
|
heap
|
page read and write
|
||
|
27BE000
|
stack
|
page read and write
|
||
|
2410000
|
heap
|
page read and write
|
||
|
1595000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
D0C000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
D1D000
|
heap
|
page read and write
|
||
|
22A24027000
|
heap
|
page read and write
|
||
|
71D000
|
heap
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
3069000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
157C000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
There are 112 hidden memdumps, click here to show them.