Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\845bb9d1-3687-4d66-8dc3-a70105bc17a8 (copy)
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\Downloads\7b10a737-adbd-413d-8ed6-4d77a2b6b622.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
Chrome Cache Entry: 74
|
HTML document, ASCII text, with very long lines (681)
|
downloaded
|
||
|
Chrome Cache Entry: 75
|
ASCII text, with very long lines (1694)
|
downloaded
|
||
|
Chrome Cache Entry: 76
|
ASCII text, with very long lines (755)
|
downloaded
|
||
|
Chrome Cache Entry: 77
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 78
|
ASCII text, with very long lines (3190)
|
downloaded
|
||
|
Chrome Cache Entry: 79
|
ASCII text, with very long lines (683)
|
downloaded
|
||
|
Chrome Cache Entry: 80
|
Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 81
|
ASCII text, with very long lines (468)
|
downloaded
|
||
|
Chrome Cache Entry: 82
|
ASCII text, with very long lines (3346)
|
downloaded
|
||
|
Chrome Cache Entry: 83
|
ASCII text, with very long lines (2544)
|
downloaded
|
||
|
Chrome Cache Entry: 84
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 85
|
ASCII text, with very long lines (569)
|
downloaded
|
||
|
Chrome Cache Entry: 86
|
ASCII text, with very long lines (522)
|
downloaded
|
||
|
Chrome Cache Entry: 87
|
ASCII text, with very long lines (553)
|
downloaded
|
||
|
Chrome Cache Entry: 88
|
ASCII text, with very long lines (533)
|
downloaded
|
||
|
Chrome Cache Entry: 89
|
ASCII text, with very long lines (395)
|
downloaded
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2256,i,1819774373061227252,10951112883925006493,262144
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US
--service-sandbox-type=audio --mojo-platform-channel-handle=5632 --field-trial-handle=2256,i,1819774373061227252,10951112883925006493,262144
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=2256,i,1819774373061227252,10951112883925006493,262144
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://play.google/intl/
|
unknown
|
||
|
https://families.google.com/intl/
|
unknown
|
||
|
https://youtube.com/t/terms?gl=
|
unknown
|
||
|
https://policies.google.com/technologies/location-data
|
unknown
|
||
|
https://www.google.com/intl/
|
unknown
|
||
|
https://apis.google.com/js/api.js
|
unknown
|
||
|
https://policies.google.com/privacy/google-partners
|
unknown
|
||
|
https://play.google.com/work/enroll?identifier=
|
unknown
|
||
|
https://policies.google.com/terms/service-specific
|
unknown
|
||
|
https://g.co/recover
|
unknown
|
||
|
https://policies.google.com/privacy/additional
|
unknown
|
||
|
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true&authuser=0
|
142.250.186.174
|
||
|
https://policies.google.com/technologies/cookies
|
unknown
|
||
|
https://www.google.com/favicon.ico
|
142.250.184.196
|
||
|
https://policies.google.com/terms
|
unknown
|
||
|
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://play.google.com/log?hasfast=true&authuser=0&format=json
|
142.250.186.174
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://www.youtube.com/t/terms?chromeless=1&hl=
|
unknown
|
||
|
https://support.google.com/accounts?hl=
|
unknown
|
||
|
https://policies.google.com/terms/location
|
unknown
|
||
|
https://policies.google.com/privacy
|
unknown
|
||
|
https://support.google.com/accounts?p=new-si-ui
|
unknown
|
||
|
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
youtube-ui.l.google.com
|
216.58.212.142
|
||
|
www3.l.google.com
|
216.58.212.142
|
||
|
play.google.com
|
142.250.186.174
|
||
|
www.google.com
|
142.250.184.196
|
||
|
youtube.com
|
142.250.185.78
|
||
|
accounts.youtube.com
|
unknown
|
||
|
www.youtube.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.185.78
|
youtube.com
|
United States
|
||
|
142.250.184.196
|
www.google.com
|
United States
|
||
|
216.58.212.142
|
youtube-ui.l.google.com
|
United States
|
||
|
142.250.186.174
|
play.google.com
|
United States
|
||
|
192.168.2.6
|
unknown
|
unknown
|
||
|
142.250.181.238
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3254000
|
heap
|
page read and write
|
||
|
308E000
|
heap
|
page read and write
|
||
|
383D000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
CAE000
|
heap
|
page read and write
|
||
|
18D6000
|
heap
|
page read and write
|
||
|
E2000
|
unkown
|
page readonly
|
||
|
3230000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
F4000
|
unkown
|
page readonly
|
||
|
EC000
|
unkown
|
page read and write
|
||
|
4D2F000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
3846000
|
heap
|
page read and write
|
||
|
F0000
|
unkown
|
page write copy
|
||
|
48EF000
|
stack
|
page read and write
|
||
|
F84000
|
heap
|
page read and write
|
||
|
E11000
|
heap
|
page read and write
|
||
|
D24000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
E9A000
|
heap
|
page read and write
|
||
|
3496000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
FAA000
|
heap
|
page read and write
|
||
|
DA2000
|
heap
|
page read and write
|
||
|
C8F000
|
heap
|
page read and write
|
||
|
9EF000
|
stack
|
page read and write
|
||
|
20000
|
unkown
|
page readonly
|
||
|
3321000
|
heap
|
page read and write
|
||
|
FC6000
|
heap
|
page read and write
|
||
|
BF8000
|
heap
|
page read and write
|
||
|
9DB000
|
stack
|
page read and write
|
||
|
33D5000
|
heap
|
page read and write
|
||
|
EC000
|
unkown
|
page write copy
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
3433000
|
heap
|
page read and write
|
||
|
F4000
|
unkown
|
page readonly
|
||
|
3834000
|
heap
|
page read and write
|
||
|
34A8000
|
heap
|
page read and write
|
||
|
18D0000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
21000
|
unkown
|
page execute read
|
||
|
34C2000
|
heap
|
page read and write
|
||
|
E1D000
|
heap
|
page read and write
|
||
|
FBC000
|
heap
|
page read and write
|
||
|
44AE000
|
stack
|
page read and write
|
||
|
BE8000
|
heap
|
page read and write
|
||
|
44EE000
|
stack
|
page read and write
|
||
|
E2000
|
unkown
|
page readonly
|
||
|
BC000
|
unkown
|
page readonly
|
||
|
323A000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
3810000
|
heap
|
page read and write
|
||
|
343D000
|
heap
|
page read and write
|
||
|
F96000
|
heap
|
page read and write
|
||
|
DBA000
|
heap
|
page read and write
|
||
|
B85000
|
heap
|
page read and write
|
||
|
21000
|
unkown
|
page execute read
|
||
|
3333000
|
heap
|
page read and write
|
||
|
CD1000
|
heap
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
DFE000
|
heap
|
page read and write
|
||
|
21000
|
unkown
|
page execute read
|
||
|
3316000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
3356000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
2B9000
|
stack
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
320C000
|
heap
|
page read and write
|
||
|
20000
|
unkown
|
page readonly
|
||
|
325E000
|
heap
|
page read and write
|
||
|
32DA000
|
heap
|
page read and write
|
||
|
3304000
|
heap
|
page read and write
|
||
|
BC000
|
unkown
|
page readonly
|
||
|
32A2000
|
heap
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
321E000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
There are 74 hidden memdumps, click here to show them.