Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\4179d7b4-4d08-4c57-9590-19ecc0dcbfd4 (copy)
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 09:54:09 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 09:54:09 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 08:59:33 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 09:54:09 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 09:54:09 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 09:54:09 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\5fb4c68c-2b24-46c3-9d7f-59c5c6a4127b.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
Chrome Cache Entry: 100
|
ASCII text, with very long lines (1694)
|
downloaded
|
||
|
Chrome Cache Entry: 101
|
ASCII text, with very long lines (755)
|
downloaded
|
||
|
Chrome Cache Entry: 102
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 103
|
ASCII text, with very long lines (3190)
|
downloaded
|
||
|
Chrome Cache Entry: 104
|
ASCII text, with very long lines (683)
|
downloaded
|
||
|
Chrome Cache Entry: 105
|
Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 106
|
ASCII text, with very long lines (468)
|
downloaded
|
||
|
Chrome Cache Entry: 107
|
ASCII text, with very long lines (3346)
|
downloaded
|
||
|
Chrome Cache Entry: 108
|
ASCII text, with very long lines (2544)
|
downloaded
|
||
|
Chrome Cache Entry: 109
|
ASCII text, with very long lines (569)
|
downloaded
|
||
|
Chrome Cache Entry: 110
|
ASCII text, with very long lines (522)
|
downloaded
|
||
|
Chrome Cache Entry: 111
|
ASCII text, with very long lines (553)
|
downloaded
|
||
|
Chrome Cache Entry: 112
|
ASCII text, with very long lines (533)
|
downloaded
|
||
|
Chrome Cache Entry: 113
|
ASCII text, with very long lines (395)
|
downloaded
|
||
|
Chrome Cache Entry: 98
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
HTML document, ASCII text, with very long lines (681)
|
downloaded
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1980,i,6137211469705690225,15754436481577264097,262144
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US
--service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=1980,i,6137211469705690225,15754436481577264097,262144
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1980,i,6137211469705690225,15754436481577264097,262144
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://play.google/intl/
|
unknown
|
||
|
https://families.google.com/intl/
|
unknown
|
||
|
https://youtube.com/t/terms?gl=
|
unknown
|
||
|
https://policies.google.com/technologies/location-data
|
unknown
|
||
|
https://www.google.com/intl/
|
unknown
|
||
|
https://apis.google.com/js/api.js
|
unknown
|
||
|
https://policies.google.com/privacy/google-partners
|
unknown
|
||
|
https://play.google.com/work/enroll?identifier=
|
unknown
|
||
|
https://policies.google.com/terms/service-specific
|
unknown
|
||
|
https://g.co/recover
|
unknown
|
||
|
https://policies.google.com/privacy/additional
|
unknown
|
||
|
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true&authuser=0
|
142.250.181.238
|
||
|
https://policies.google.com/technologies/cookies
|
unknown
|
||
|
https://www.google.com/favicon.ico
|
142.250.184.196
|
||
|
https://policies.google.com/terms
|
unknown
|
||
|
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://www.youtube.com/t/terms?chromeless=1&hl=
|
unknown
|
||
|
https://support.google.com/accounts?hl=
|
unknown
|
||
|
https://policies.google.com/terms/location
|
unknown
|
||
|
https://policies.google.com/privacy
|
unknown
|
||
|
https://support.google.com/accounts?p=new-si-ui
|
unknown
|
||
|
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
youtube-ui.l.google.com
|
142.250.184.206
|
||
|
www3.l.google.com
|
216.58.206.46
|
||
|
play.google.com
|
142.250.181.238
|
||
|
www.google.com
|
142.250.184.196
|
||
|
youtube.com
|
142.250.185.238
|
||
|
accounts.youtube.com
|
unknown
|
||
|
www.youtube.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.184.196
|
www.google.com
|
United States
|
||
|
142.250.185.238
|
youtube.com
|
United States
|
||
|
216.58.206.46
|
www3.l.google.com
|
United States
|
||
|
172.217.23.110
|
unknown
|
United States
|
||
|
142.250.181.238
|
play.google.com
|
United States
|
||
|
192.168.2.10
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.184.206
|
youtube-ui.l.google.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4D3E000
|
stack
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
17C1000
|
heap
|
page read and write
|
||
|
401C000
|
heap
|
page read and write
|
||
|
3E3C000
|
heap
|
page read and write
|
||
|
180D000
|
heap
|
page read and write
|
||
|
3D90000
|
heap
|
page read and write
|
||
|
59BF000
|
stack
|
page read and write
|
||
|
187B000
|
heap
|
page read and write
|
||
|
4012000
|
heap
|
page read and write
|
||
|
4414000
|
heap
|
page read and write
|
||
|
15DB000
|
stack
|
page read and write
|
||
|
3FD4000
|
heap
|
page read and write
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
16DF000
|
heap
|
page read and write
|
||
|
408E000
|
heap
|
page read and write
|
||
|
517E000
|
stack
|
page read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
3E46000
|
heap
|
page read and write
|
||
|
D3C000
|
unkown
|
page readonly
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
3DA5000
|
heap
|
page read and write
|
||
|
3C0A000
|
heap
|
page read and write
|
||
|
15FF000
|
stack
|
page read and write
|
||
|
16FD000
|
heap
|
page read and write
|
||
|
3D84000
|
heap
|
page read and write
|
||
|
D62000
|
unkown
|
page readonly
|
||
|
15BF000
|
stack
|
page read and write
|
||
|
186B000
|
heap
|
page read and write
|
||
|
55BE000
|
stack
|
page read and write
|
||
|
18B1000
|
heap
|
page read and write
|
||
|
195F000
|
heap
|
page read and write
|
||
|
3E86000
|
heap
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
3F2C000
|
heap
|
page read and write
|
||
|
3FA0000
|
heap
|
page read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
3FAA000
|
heap
|
page read and write
|
||
|
182D000
|
heap
|
page read and write
|
||
|
D62000
|
unkown
|
page readonly
|
||
|
F49000
|
stack
|
page read and write
|
||
|
4008000
|
heap
|
page read and write
|
||
|
15CF000
|
stack
|
page read and write
|
||
|
3EAB000
|
heap
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
3F66000
|
heap
|
page read and write
|
||
|
D74000
|
unkown
|
page readonly
|
||
|
3E22000
|
heap
|
page read and write
|
||
|
D6C000
|
unkown
|
page write copy
|
||
|
189C000
|
heap
|
page read and write
|
||
|
199D000
|
heap
|
page read and write
|
||
|
3DD3000
|
heap
|
page read and write
|
||
|
43E2000
|
heap
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
2410000
|
heap
|
page read and write
|
||
|
43D0000
|
heap
|
page read and write
|
||
|
1A20000
|
heap
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
17E1000
|
heap
|
page read and write
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
1934000
|
heap
|
page read and write
|
||
|
D74000
|
unkown
|
page readonly
|
||
|
3EE9000
|
heap
|
page read and write
|
||
|
1A16000
|
heap
|
page read and write
|
||
|
1722000
|
heap
|
page read and write
|
||
|
3D9A000
|
heap
|
page read and write
|
||
|
3E90000
|
heap
|
page read and write
|
||
|
190A000
|
heap
|
page read and write
|
||
|
43EC000
|
heap
|
page read and write
|
||
|
1916000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
3DB8000
|
heap
|
page read and write
|
||
|
5E20000
|
heap
|
page read and write
|
||
|
3FE2000
|
heap
|
page read and write
|
||
|
3EB5000
|
heap
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
4067000
|
heap
|
page read and write
|
||
|
CA1000
|
unkown
|
page execute read
|
||
|
CA1000
|
unkown
|
page execute read
|
||
|
4079000
|
heap
|
page read and write
|
||
|
1662000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
403B000
|
heap
|
page read and write
|
||
|
3D80000
|
heap
|
page read and write
|
||
|
1638000
|
heap
|
page read and write
|
||
|
19C0000
|
heap
|
page read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
D70000
|
unkown
|
page write copy
|
||
|
2456000
|
heap
|
page read and write
|
||
|
D3C000
|
unkown
|
page readonly
|
||
|
D6C000
|
unkown
|
page read and write
|
There are 81 hidden memdumps, click here to show them.