Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PrivacyDrive.exe_fef1a7949e4fa8cb69f4d5963b96612fcca58a7_7d659330_04139ed1-6b2b-413a-87d3-3eb36da0d4e9\Report.wer
|
data
|
dropped
|
||
C:\Users\user\Downloads\il222.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD517.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Sep 26 15:42:10 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD6DD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD70D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:40:45 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:40:45 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:40:45 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:40:45 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:40:45 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\Downloads\3b87bdb0-9cae-4aee-9c21-ee5d154420e7.tmp
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\Downloads\il222.zip.crdownload
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
Chrome Cache Entry: 137
|
ASCII text, with very long lines (563), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 138
|
ASCII text, with very long lines (2287)
|
downloaded
|
||
Chrome Cache Entry: 139
|
Unicode text, UTF-8 text, with very long lines (3167)
|
downloaded
|
||
Chrome Cache Entry: 140
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 141
|
ASCII text, with very long lines (1885)
|
downloaded
|
||
Chrome Cache Entry: 142
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
Chrome Cache Entry: 143
|
ASCII text, with very long lines (5162), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 144
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
downloaded
|
||
Chrome Cache Entry: 145
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 146
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 147
|
ASCII text, with very long lines (65531)
|
downloaded
|
There are 15 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1988,i,15395324966863303034,10377143304438437007,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://finalstepgo.com/uploads/il2.txt"
|
||
C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe
|
"C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe"
|
||
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 1712
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://finalstepgo.com/uploads/il2.txt
|
|||
covvercilverow.shop
|
|||
pumpkinkwquo.shop
|
|||
abortinoiwiam.shop
|
|||
deallyharvenw.shop
|
|||
defenddsouneuw.shop
|
|||
priooozekw.shop
|
|||
https://racedsuitreow.shop/api
|
172.67.206.221
|
||
surroundeocw.shop
|
|||
racedsuitreow.shop
|
|||
candleduseiwo.shop
|
|||
https://finalstepgo.com/uploads/il2.txt
|
|||
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
http://www.broofa.com
|
unknown
|
||
https://finalstepgo.com/favicon.ico
|
185.255.122.133
|
||
https://finalstepgo.com/uploads/il222.zip
|
185.255.122.133
|
||
https://www.google.com/async/newtab_promos
|
142.250.185.132
|
||
https://racedsuitreow.shop/apib
|
unknown
|
||
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0
|
142.250.184.238
|
||
http://www.privacy-drive.comx
|
unknown
|
||
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
|
unknown
|
||
https://racedsuitreow.shop/w
|
unknown
|
||
https://plus.google.com
|
unknown
|
||
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.185.132
|
||
https://play.google.com/log?format=json&hasfast=true
|
142.250.186.110
|
||
https://www.cloudflare.com/5xx-error
|
unknown
|
||
https://racedsuitreow.shop/
|
unknown
|
||
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.185.132
|
||
https://csp.withgoogle.com/csp/lcreport/
|
unknown
|
||
https://racedsuitreow.shop/_
|
unknown
|
||
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.185.132
|
||
https://apis.google.com
|
unknown
|
||
https://domains.google.com/suggest/flow
|
unknown
|
||
https://racedsuitreow.shop/api4
|
unknown
|
||
https://clients6.google.com
|
unknown
|
||
https://racedsuitreow.shop/api6
|
unknown
|
There are 26 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
racedsuitreow.shop
|
172.67.206.221
|
||
apis.google.com
|
unknown
|
||
candleduseiwo.shop
|
unknown
|
||
plus.l.google.com
|
142.250.184.238
|
||
play.google.com
|
142.250.186.110
|
||
www.google.com
|
142.250.185.132
|
||
finalstepgo.com
|
185.255.122.133
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.168.2.17
|
unknown
|
unknown
|
||
172.67.206.221
|
racedsuitreow.shop
|
United States
|
||
142.250.185.132
|
www.google.com
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
||
192.168.2.5
|
unknown
|
unknown
|
||
185.255.122.133
|
finalstepgo.com
|
Netherlands
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.186.110
|
play.google.com
|
United States
|
||
142.250.184.238
|
plus.l.google.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B92EA0FCD
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1010000
|
direct allocation
|
page execute and read and write
|
||
5C1000
|
unkown
|
page readonly
|
||
6B00000
|
remote allocation
|
page read and write
|
||
1978000
|
heap
|
page read and write
|
||
1004000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
5A2B000
|
stack
|
page read and write
|
||
7EDD000
|
stack
|
page read and write
|
||
18AC000
|
heap
|
page read and write
|
||
1970000
|
heap
|
page read and write
|
||
552000
|
unkown
|
page readonly
|
||
4941000
|
heap
|
page read and write
|
||
4930000
|
heap
|
page read and write
|
||
1919000
|
heap
|
page read and write
|
||
1894000
|
heap
|
page read and write
|
||
1090000
|
heap
|
page read and write
|
||
18A0000
|
heap
|
page read and write
|
||
1878000
|
heap
|
page read and write
|
||
26ADFA60000
|
heap
|
page read and write
|
||
318F000
|
stack
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
904F000
|
stack
|
page read and write
|
||
F4E000
|
stack
|
page read and write
|
||
6AED000
|
stack
|
page read and write
|
||
190A000
|
heap
|
page read and write
|
||
1004000
|
heap
|
page read and write
|
||
1004000
|
heap
|
page read and write
|
||
62AE000
|
stack
|
page read and write
|
||
18DA000
|
heap
|
page read and write
|
||
4931000
|
heap
|
page read and write
|
||
117E000
|
stack
|
page read and write
|
||
1915000
|
heap
|
page read and write
|
||
26ADFA67000
|
heap
|
page read and write
|
||
5CB3000
|
trusted library allocation
|
page read and write
|
||
190C000
|
heap
|
page read and write
|
||
873F000
|
stack
|
page read and write
|
||
F0E000
|
stack
|
page read and write
|
||
18A0000
|
heap
|
page read and write
|
||
4931000
|
heap
|
page read and write
|
||
1004000
|
heap
|
page read and write
|
||
5A8F000
|
unclassified section
|
page readonly
|
||
4931000
|
heap
|
page read and write
|
||
1E0000
|
heap
|
page read and write
|
||
18AB000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
62ED000
|
stack
|
page read and write
|
||
26ADFDD5000
|
heap
|
page read and write
|
||
17F3000
|
heap
|
page read and write
|
||
F8E000
|
stack
|
page read and write
|
||
298F000
|
stack
|
page read and write
|
||
1004000
|
heap
|
page read and write
|
||
4931000
|
heap
|
page read and write
|
||
18BC000
|
heap
|
page read and write
|
||
5BA000
|
unkown
|
page read and write
|
||
6B00000
|
remote allocation
|
page read and write
|
||
187E000
|
heap
|
page read and write
|
||
FEE000
|
stack
|
page read and write
|
||
10E0000
|
direct allocation
|
page read and write
|
||
CF37BFC000
|
stack
|
page read and write
|
||
1070000
|
heap
|
page read and write
|
||
5ABA000
|
trusted library allocation
|
page read and write
|
||
4931000
|
heap
|
page read and write
|
||
26ADFDD0000
|
heap
|
page read and write
|
||
5A31000
|
unclassified section
|
page execute read
|
||
1972000
|
heap
|
page read and write
|
||
601000
|
unkown
|
page readonly
|
||
552000
|
unkown
|
page readonly
|
||
1908000
|
heap
|
page read and write
|
||
1883000
|
heap
|
page read and write
|
||
1970000
|
heap
|
page read and write
|
||
14F9000
|
heap
|
page read and write
|
||
18B0000
|
heap
|
page read and write
|
||
26ADFC60000
|
heap
|
page read and write
|
||
768D000
|
stack
|
page read and write
|
||
13FB000
|
heap
|
page read and write
|
||
100000
|
heap
|
page read and write
|
||
1004000
|
heap
|
page read and write
|
||
26ADFD30000
|
heap
|
page read and write
|
||
6E8E000
|
stack
|
page read and write
|
||
15F7000
|
heap
|
page read and write
|
||
CF37F7F000
|
stack
|
page read and write
|
||
18C7000
|
heap
|
page read and write
|
||
4940000
|
heap
|
page read and write
|
||
5AA0000
|
heap
|
page read and write
|
||
CF37EFF000
|
stack
|
page read and write
|
||
76DD000
|
stack
|
page read and write
|
||
188D000
|
heap
|
page read and write
|
||
5C0000
|
unkown
|
page read and write
|
||
10DC000
|
stack
|
page read and write
|
||
13FB000
|
heap
|
page read and write
|
||
190E000
|
heap
|
page read and write
|
||
18A9000
|
heap
|
page read and write
|
||
5A7C000
|
unclassified section
|
page readonly
|
||
4931000
|
heap
|
page read and write
|
||
16F5000
|
heap
|
page read and write
|
||
187B000
|
heap
|
page read and write
|
||
18C4000
|
heap
|
page read and write
|
||
5AC000
|
unkown
|
page read and write
|
||
FB0000
|
trusted library allocation
|
page read and write
|
||
5CB000
|
unkown
|
page readonly
|
||
1000000
|
heap
|
page read and write
|
||
189D000
|
heap
|
page read and write
|
||
5C7C000
|
trusted library allocation
|
page read and write
|
||
1004000
|
heap
|
page read and write
|
||
1180000
|
heap
|
page read and write
|
||
26ADFB60000
|
heap
|
page read and write
|
||
6B00000
|
remote allocation
|
page read and write
|
||
522F000
|
stack
|
page read and write
|
||
18FB000
|
heap
|
page read and write
|
||
127E000
|
heap
|
page read and write
|
||
ECD000
|
stack
|
page read and write
|
||
1872000
|
heap
|
page read and write
|
||
4931000
|
heap
|
page read and write
|
||
218F000
|
stack
|
page read and write
|
||
26ADFC40000
|
heap
|
page read and write
|
||
5A7F000
|
unclassified section
|
page write copy
|
||
5A84000
|
unclassified section
|
page read and write
|
||
1886000
|
heap
|
page read and write
|
||
1872000
|
heap
|
page read and write
|
||
879E000
|
stack
|
page read and write
|
||
8840000
|
heap
|
page read and write
|
||
CF37E7E000
|
stack
|
page read and write
|
||
7F3E000
|
stack
|
page read and write
|
||
5AC000
|
unkown
|
page write copy
|
||
18CF000
|
heap
|
page read and write
|
||
18D6000
|
heap
|
page read and write
|
||
1896000
|
heap
|
page read and write
|
There are 117 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://finalstepgo.com/uploads/il2.txt
|