Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:40:04 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:40:04 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:40:04 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:40:04 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:40:04 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 100
|
Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 101
|
ASCII text, with very long lines (569)
|
downloaded
|
||
|
Chrome Cache Entry: 102
|
ASCII text, with very long lines (468)
|
downloaded
|
||
|
Chrome Cache Entry: 103
|
ASCII text, with very long lines (3346)
|
downloaded
|
||
|
Chrome Cache Entry: 104
|
ASCII text, with very long lines (522)
|
downloaded
|
||
|
Chrome Cache Entry: 105
|
ASCII text, with very long lines (5693)
|
downloaded
|
||
|
Chrome Cache Entry: 106
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 107
|
ASCII text, with very long lines (553)
|
downloaded
|
||
|
Chrome Cache Entry: 108
|
ASCII text, with very long lines (755)
|
downloaded
|
||
|
Chrome Cache Entry: 93
|
ASCII text, with very long lines (683)
|
downloaded
|
||
|
Chrome Cache Entry: 94
|
ASCII text, with very long lines (1694)
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
ASCII text, with very long lines (1307)
|
downloaded
|
||
|
Chrome Cache Entry: 96
|
ASCII text, with very long lines (395)
|
downloaded
|
||
|
Chrome Cache Entry: 97
|
HTML document, ASCII text, with very long lines (681)
|
downloaded
|
||
|
Chrome Cache Entry: 98
|
ASCII text, with very long lines (533)
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
There are 13 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2028,i,5939366904044384475,4979484463348327368,262144
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US
--service-sandbox-type=audio --mojo-platform-channel-handle=5536 --field-trial-handle=2028,i,5939366904044384475,4979484463348327368,262144
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=2028,i,5939366904044384475,4979484463348327368,262144
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://play.google/intl/
|
unknown
|
||
|
https://families.google.com/intl/
|
unknown
|
||
|
https://youtube.com/t/terms?gl=
|
unknown
|
||
|
https://policies.google.com/technologies/location-data
|
unknown
|
||
|
https://www.google.com/intl/
|
unknown
|
||
|
https://apis.google.com/js/api.js
|
unknown
|
||
|
https://policies.google.com/privacy/google-partners
|
unknown
|
||
|
https://play.google.com/work/enroll?identifier=
|
unknown
|
||
|
https://policies.google.com/terms/service-specific
|
unknown
|
||
|
https://g.co/recover
|
unknown
|
||
|
https://policies.google.com/privacy/additional
|
unknown
|
||
|
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true&authuser=0
|
216.58.212.142
|
||
|
https://policies.google.com/technologies/cookies
|
unknown
|
||
|
https://www.google.com/favicon.ico
|
216.58.212.164
|
||
|
https://policies.google.com/terms
|
unknown
|
||
|
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://www.youtube.com/t/terms?chromeless=1&hl=
|
unknown
|
||
|
https://support.google.com/accounts?hl=
|
unknown
|
||
|
https://policies.google.com/terms/location
|
unknown
|
||
|
https://policies.google.com/privacy
|
unknown
|
||
|
https://support.google.com/accounts?p=new-si-ui
|
unknown
|
||
|
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
youtube-ui.l.google.com
|
142.250.181.238
|
||
|
www3.l.google.com
|
172.217.16.206
|
||
|
play.google.com
|
142.250.181.238
|
||
|
www.google.com
|
216.58.212.164
|
||
|
youtube.com
|
142.250.185.78
|
||
|
accounts.youtube.com
|
unknown
|
||
|
www.youtube.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.185.78
|
youtube.com
|
United States
|
||
|
216.58.212.164
|
www.google.com
|
United States
|
||
|
216.58.212.142
|
unknown
|
United States
|
||
|
172.217.16.206
|
www3.l.google.com
|
United States
|
||
|
192.168.2.7
|
unknown
|
unknown
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1222000
|
heap
|
page read and write
|
||
|
6B9000
|
stack
|
page read and write
|
||
|
3686000
|
heap
|
page read and write
|
||
|
4F0000
|
unkown
|
page write copy
|
||
|
4E7E000
|
stack
|
page read and write
|
||
|
420000
|
unkown
|
page readonly
|
||
|
DDB000
|
stack
|
page read and write
|
||
|
3CA0000
|
heap
|
page read and write
|
||
|
4D3E000
|
stack
|
page read and write
|
||
|
1191000
|
heap
|
page read and write
|
||
|
4E2000
|
unkown
|
page readonly
|
||
|
10B1000
|
heap
|
page read and write
|
||
|
F06000
|
heap
|
page read and write
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
3863000
|
heap
|
page read and write
|
||
|
34C4000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page execute read
|
||
|
F00000
|
heap
|
page read and write
|
||
|
128F000
|
heap
|
page read and write
|
||
|
3720000
|
heap
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
38F2000
|
heap
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
421000
|
unkown
|
page execute read
|
||
|
365F000
|
heap
|
page read and write
|
||
|
389F000
|
heap
|
page read and write
|
||
|
3755000
|
heap
|
page read and write
|
||
|
12DA000
|
heap
|
page read and write
|
||
|
1279000
|
heap
|
page read and write
|
||
|
37FA000
|
heap
|
page read and write
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
11EB000
|
heap
|
page read and write
|
||
|
13F9000
|
heap
|
page read and write
|
||
|
1231000
|
heap
|
page read and write
|
||
|
4EC000
|
unkown
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
3871000
|
heap
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
527F000
|
stack
|
page read and write
|
||
|
DEF000
|
stack
|
page read and write
|
||
|
367B000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
1058000
|
heap
|
page read and write
|
||
|
3C85000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page readonly
|
||
|
1309000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
4EC000
|
unkown
|
page write copy
|
||
|
F75000
|
heap
|
page read and write
|
||
|
4E2000
|
unkown
|
page readonly
|
||
|
3794000
|
heap
|
page read and write
|
||
|
1283000
|
heap
|
page read and write
|
||
|
377A000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
38A9000
|
heap
|
page read and write
|
||
|
3C60000
|
heap
|
page read and write
|
||
|
111E000
|
heap
|
page read and write
|
||
|
10FF000
|
heap
|
page read and write
|
||
|
1372000
|
heap
|
page read and write
|
||
|
11A7000
|
heap
|
page read and write
|
||
|
36A0000
|
heap
|
page read and write
|
||
|
48FE000
|
stack
|
page read and write
|
||
|
137D000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
3849000
|
heap
|
page read and write
|
||
|
36F0000
|
heap
|
page read and write
|
||
|
140C000
|
heap
|
page read and write
|
||
|
1323000
|
heap
|
page read and write
|
||
|
3620000
|
heap
|
page read and write
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
34DB000
|
heap
|
page read and write
|
||
|
364C000
|
heap
|
page read and write
|
||
|
1203000
|
heap
|
page read and write
|
||
|
3760000
|
heap
|
page read and write
|
||
|
1338000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
1083000
|
heap
|
page read and write
|
||
|
3814000
|
heap
|
page read and write
|
||
|
11CF000
|
heap
|
page read and write
|
||
|
3836000
|
heap
|
page read and write
|
||
|
13AB000
|
heap
|
page read and write
|
||
|
379E000
|
heap
|
page read and write
|
There are 79 hidden memdumps, click here to show them.