Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

107.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

JSON data

dropped

C:\Users\user\AppData\Local\Temp\tmp1075.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp14D0.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp1EE7.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmp267B.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp3669.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmp3697.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp3978.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp3B29.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp3CA9.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp46F9.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp4B47.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp4C6D.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp587C.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp5D7A.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp5EAA.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmp67CB.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmp6849.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp7B39.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp7BFD.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp7DF7.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmp8341.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmp85D3.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp9139.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmp9A96.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp9D57.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp9E2A.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp9F7C.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmp9FA5.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpA256.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmpA27F.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpA652.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpAA08.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpAC54.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpAE56.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpB201.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmpBC4F.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpC1AF.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpC2A3.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmpC4DF.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpC756.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpD407.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpD64F.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpD916.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpDC8Ctmp.zip

Zip archive data, at least v2.0 to extract, compression method=deflate

dropped

C:\Users\user\AppData\Local\Temp\tmpE415.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpE744.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmpEC43.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmpECBB.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpF211.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\tmpF63D.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpF64D.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpFB4F.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\tmpFBC5.tmp

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\LICENSE

ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ar\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\bg\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\bn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ca\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\cs\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\da\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\de\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\el\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\en\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\es\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\et\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\fa\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\fi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\fr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\fy\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\he\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\hi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\hr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\hu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\id\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\it\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ja\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ko\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\nl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\no\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\pl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\pt\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\pt_BR\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ro\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ru\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\sq\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\sr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\sv\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\th\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\tr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\uk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\vi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\zh_CN\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\zh_TW\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\DroidSansMono.woff2

Web Open Font Format (Version 2), TrueType, length 7568, version 1.0

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\content.css

ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\content.css.map

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\import.css

Objective-C source, ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\import.css.map

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\mocha.css

Unicode text, UTF-8 text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\mocha.css.map

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\permissions.css

ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\permissions.css.map

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\popup.css

ASCII text, with very long lines (311)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\popup.css.map

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\argon.js

ASCII text, with very long lines (47996)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\argon.js.map

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\background.js

ASCII text, with very long lines (65468)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\background.js.LICENSE.txt

Unicode text, UTF-8 text, with very long lines (756)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\background.js.map

ASCII text, with very long lines (65536), with no line terminators

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\content.js

ASCII text, with very long lines (65536), with no line terminators

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\content.js.map

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\import.js

ASCII text, with very long lines (65472)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\import.js.LICENSE.txt

Unicode text, UTF-8 text, with very long lines (756)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\import.js.map

ASCII text, with very long lines (65536), with no line terminators

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\options.js

ASCII text, with very long lines (65471)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\options.js.LICENSE.txt

ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\options.js.map

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\permissions.js

ASCII text, with very long lines (65467)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\permissions.js.LICENSE.txt

ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\permissions.js.map

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\popup.js

ASCII text, with very long lines (65473)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\popup.js.LICENSE.txt

Unicode text, UTF-8 text, with very long lines (756)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\popup.js.map

ASCII text, with very long lines (65536), with no line terminators

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\qrdebug.js

ASCII text, with very long lines (1119)

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\qrdebug.js.map

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon.svg

SVG Scalable Vector Graphics image

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon128.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon16.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon19.png

PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon38.png

PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon48.png

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\scan.gif

GIF image data, version 89a, 300 x 300

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\manifest-pwa.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\manifest.fingerprint

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\manifest.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\schema.json

JSON data

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\argon.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\import.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\licenses.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\options.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\permissions.html

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\popup.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\qrdebug.html

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\test.html

HTML document, ASCII text

dropped

There are 136 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\107.exe

"C:\Users\user\Desktop\107.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7112
Target ID:	0
Parent PID:	1028
Name:	107.exe
Path:	C:\Users\user\Desktop\107.exe
Commandline:	"C:\Users\user\Desktop\107.exe"
Size:	4083200
MD5:	468BBC70A56325CC39D82E796879FAA2
Time:	21:36:59
Date:	18/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	4128768
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary contains device paths (device paths are often used for kernel mode <-> user mode communication)	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file imports many functions	System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Users\user\Desktop\107.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3928
Target ID:	1
Parent PID:	7112
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Users\user\Desktop\107.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	21:36:59
Date:	18/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x840000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://213.109.202.97:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F

213.109.202.97

https://pastebin.com/raw/Ld9GfkdJ

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://github.com/Authenticator-Extension

unknown

http://www.droidfonts.com/

unknown

https://duckduckgo.com/ac/?q=

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

https://github.com/multiwebinc

unknown

https://chrome.google.com/webstore

unknown

https://drive-daily-2.corp.google.com/

unknown

https://drive-autopush.corp.google.com/

unknown

https://drive-daily-4.corp.google.com/

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://duckduckgo.com/chrome_newtabS

unknown

https://www.ecosia.org/newtab/

unknown

https://drive-daily-1.corp.google.com/

unknown

https://drive-daily-5.corp.google.com/

unknown

https://docs.google.com/

unknown

http://213.109.202.97:9000

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://drive-staging.corp.google.com/

unknown

https://drive-daily-6.corp.google.com/

unknown

https://drive.google.com/

unknown

https://drive-daily-0.corp.google.com/

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://drive-preprod.corp.google.com/

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://github.com/FortAwesome/Font-Awesome

unknown

https://www.google.com/

unknown

https://login.microsoftonline.com/common/oauth2/v2.0/token

unknown

https://drive-daily-3.corp.google.com/

unknown

There are 23 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

213.109.202.97

unknown

Details

IP:	213.109.202.97
TargetID:	1
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
ASN number:	34359
ASN name:	UA-LINK-ASUA
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

402000

remote allocation

page execute read

45A0000

unclassified section

page execute and read and write

4680000

direct allocation

page read and write

44C0000

direct allocation

page read and write

E36000

trusted library allocation

page execute and read and write

741D000

stack

page read and write

E3A000

trusted library allocation

page execute and read and write

602D000

stack

page read and write

3C75000

trusted library allocation

page read and write

2F08000

trusted library allocation

page read and write

506E000

trusted library allocation

page read and write

400000

remote allocation

page readonly

28D0000

heap

page read and write

73DD000

stack

page read and write

6F0000

unkown

page readonly

29FE000

stack

page read and write

6440000

trusted library allocation

page read and write

400000

unkown

page readonly

6D70000

trusted library allocation

page execute and read and write

6160000

trusted library allocation

page read and write

5120000

heap

page read and write

50B0000

trusted library allocation

page read and write

6ED0000

trusted library allocation

page read and write

6072000

trusted library allocation

page read and write

2D01000

trusted library allocation

page read and write

7680000

trusted library allocation

page execute and read and write

291E000

stack

page read and write

2930000

heap

page read and write

5E2E000

stack

page read and write

E45000

trusted library allocation

page execute and read and write

2B0E000

heap

page read and write

E32000

trusted library allocation

page read and write

F21000

heap

page read and write

6E7000

unkown

page read and write

6150000

trusted library allocation

page execute and read and write

6141000

trusted library allocation

page read and write

50C0000

trusted library allocation

page read and write

28BE000

stack

page read and write

7B7D000

stack

page read and write

50A0000

trusted library allocation

page read and write

53B0000

trusted library allocation

page execute and read and write

2CE7000

trusted library allocation

page read and write

2CC4000

trusted library allocation

page read and write

2A3C000

stack

page read and write

5770000

trusted library allocation

page read and write

689000

unkown

page read and write

790E000

stack

page read and write

6B7C000

heap

page read and write

5050000

trusted library allocation

page read and write

3170000

trusted library allocation

page read and write

4D0D000

stack

page read and write

6095000

trusted library allocation

page read and write

6070000

trusted library allocation

page read and write

61CE000

stack

page read and write

F2B000

heap

page read and write

2C3F000

trusted library allocation

page read and write

2C17000

trusted library allocation

page read and write

50BB000

trusted library allocation

page read and write

689000

unkown

page write copy

44BF000

stack

page read and write

E90000

heap

page execute and read and write

E42000

trusted library allocation

page read and write

2DA0000

heap

page read and write

534E000

stack

page read and write

E8B000

trusted library allocation

page read and write

6180000

trusted library allocation

page execute and read and write

10AE000

stack

page read and write

2C31000

trusted library allocation

page read and write

7A00000

trusted library allocation

page read and write

7DDD000

stack

page read and write

3B71000

trusted library allocation

page read and write

2CAE000

trusted library allocation

page read and write

3C6D000

trusted library allocation

page read and write

5076000

trusted library allocation

page read and write

6B83000

heap

page read and write

5FAE000

stack

page read and write

5F2000

unkown

page readonly

6D0D000

stack

page read and write

401000

unkown

page execute read

608F000

trusted library allocation

page read and write

5F2000

unkown

page readonly

2A48000

trusted library allocation

page read and write

2C2A000

trusted library allocation

page read and write

6230000

trusted library allocation

page execute and read and write

313B000

trusted library allocation

page read and write

E1D000

trusted library allocation

page execute and read and write

51E0000

trusted library allocation

page execute and read and write

5390000

trusted library allocation

page execute and read and write

3152000

trusted library allocation

page read and write

606D000

stack

page read and write

60C0000

trusted library allocation

page execute and read and write

E20000

trusted library allocation

page read and write

6120000

trusted library allocation

page execute and read and write

E40000

trusted library allocation

page read and write

6B9D000

heap

page read and write

510B000

trusted library allocation

page read and write

6B81000

heap

page read and write

53E0000

trusted library allocation

page read and write

9E8000

stack

page read and write

6AD0000

heap

page read and write

50A6000

trusted library allocation

page read and write

8EB000

stack

page read and write

27F0000

heap

page read and write

5100000

trusted library allocation

page read and write

10C9000

trusted library allocation

page read and write

6F0000

unkown

page readonly

2B6E000

stack

page read and write

2C36000

trusted library allocation

page read and write

317B000

trusted library allocation

page read and write

2C96000

trusted library allocation

page read and write

2B71000

trusted library allocation

page read and write

72DD000

stack

page read and write

2CE3000

trusted library allocation

page read and write

2C8D000

trusted library allocation

page read and write

9C000

stack

page read and write

506A000

trusted library allocation

page read and write

10D7000

heap

page read and write

71A0000

heap

page read and write

10D0000

heap

page read and write

2CEF000

trusted library allocation

page read and write

50F4000

trusted library allocation

page read and write

6ADF000

heap

page read and write

6D80000

trusted library allocation

page read and write

505E000

trusted library allocation

page read and write

7A70000

heap

page read and write

2C2D000

trusted library allocation

page read and write

3CE1000

trusted library allocation

page read and write

766D000

stack

page read and write

2C8F000

trusted library allocation

page read and write

EE5000

heap

page read and write

3160000

trusted library allocation

page read and write

CCE000

stack

page read and write

68A000

unkown

page write copy

6088000

trusted library allocation

page read and write

C60000

heap

page read and write

E00000

trusted library allocation

page read and write

5071000

trusted library allocation

page read and write

5729000

stack

page read and write

2CD7000

trusted library allocation

page read and write

3162000

trusted library allocation

page read and write

10C0000

trusted library allocation

page read and write

E2D000

trusted library allocation

page execute and read and write

6B32000

heap

page read and write

2F22000

trusted library allocation

page read and write

3C8E000

trusted library allocation

page read and write

60E0000

trusted library allocation

page read and write

3C7E000

trusted library allocation

page read and write

7B90000

trusted library allocation

page execute and read and write

2DC6000

trusted library allocation

page read and write

751D000

stack

page read and write

2C69000

trusted library allocation

page read and write

3146000

trusted library allocation

page read and write

2A7E000

stack

page read and write

3182000

trusted library allocation

page read and write

EF2000

heap

page read and write

6B49000

heap

page read and write

E14000

trusted library allocation

page read and write

7F420000

trusted library allocation

page execute and read and write

19D000

stack

page read and write

60F0000

trusted library allocation

page read and write

4C2000

remote allocation

page readonly

400000

unkown

page readonly

6EE000

unkown

page read and write

29BE000

stack

page read and write

643F000

stack

page read and write

5F2C000

stack

page read and write

542E000

stack

page read and write

4B78000

trusted library allocation

page read and write

6C0C000

stack

page read and write

71B0000

heap

page read and write

507D000

trusted library allocation

page read and write

CD0000

heap

page read and write

2CB7000

trusted library allocation

page read and write

6B7F000

heap

page read and write

401000

unkown

page execute read

6220000

trusted library allocation

page execute and read and write

505B000

trusted library allocation

page read and write

6EE0000

heap

page read and write

7CDE000

stack

page read and write

4676000

unclassified section

page execute and read and write

2A3F000

stack

page read and write

5FEE000

stack

page read and write

EA0000

trusted library allocation

page read and write

C50000

heap

page read and write

6B15000

heap

page read and write

51D0000

trusted library allocation

page read and write

D20000

heap

page read and write

7670000

heap

page read and write

780D000

stack

page read and write

2C25000

trusted library allocation

page read and write

6F3A000

stack

page read and write

7A4D000

stack

page read and write

2A50000

trusted library allocation

page read and write

5F6E000

stack

page read and write

2B26000

heap

page read and write

6130000

trusted library allocation

page execute and read and write

2F13000

trusted library allocation

page read and write

2CDE000

trusted library allocation

page read and write

2A40000

trusted library allocation

page read and write

538C000

stack

page read and write

5123000

heap

page read and write

2CF6000

trusted library allocation

page read and write

F27000

heap

page read and write

6D40000

trusted library allocation

page read and write

EB0000

heap

page read and write

2CCC000

trusted library allocation

page read and write

E4B000

trusted library allocation

page execute and read and write

2F2D000

trusted library allocation

page read and write

D25000

heap

page read and write

E80000

trusted library allocation

page read and write

2F33000

trusted library allocation

page read and write

6B4F000

heap

page read and write

50A3000

trusted library allocation

page read and write

609F000

trusted library allocation

page read and write

527D000

stack

page read and write

2B0A000

heap

page read and write

6D10000

heap

page read and write

576E000

stack

page read and write

D07000

heap

page read and write

2A60000

heap

page read and write

6075000

trusted library allocation

page read and write

E60000

trusted library allocation

page read and write

7039000

stack

page read and write

5110000

trusted library allocation

page read and write

50F0000

trusted library allocation

page read and write

709C000

stack

page read and write

7B80000

trusted library allocation

page read and write

5772000

trusted library allocation

page read and write

E47000

trusted library allocation

page execute and read and write

2C4C000

trusted library allocation

page read and write

60D0000

trusted library allocation

page read and write

E70000

trusted library allocation

page execute and read and write

6079000

trusted library allocation

page read and write

D00000

heap

page read and write

609A000

trusted library allocation

page read and write

E13000

trusted library allocation

page execute and read and write

633F000

stack

page read and write

EB8000

heap

page read and write

2C82000

trusted library allocation

page read and write

3006000

trusted library allocation

page read and write

756E000

stack

page read and write

10B0000

trusted library allocation

page read and write

6D50000

trusted library section

page read and write

5280000

heap

page execute and read and write

6EF0000

trusted library allocation

page execute and read and write

2B00000

heap

page read and write

FA7000

heap

page read and write

E10000

trusted library allocation

page read and write

F3D000

heap

page read and write

E30000

trusted library allocation

page read and write

7197000

stack

page read and write

There are 241 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
107.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report107.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
107.exe