Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 16:04:53 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 16:04:53 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 16:04:53 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 16:04:53 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 16:04:53 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 101
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
Chrome Cache Entry: 102
|
Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 103
|
ASCII text, with very long lines (468)
|
downloaded
|
||
Chrome Cache Entry: 104
|
HTML document, ASCII text, with very long lines (681)
|
downloaded
|
||
Chrome Cache Entry: 105
|
ASCII text, with very long lines (5693)
|
downloaded
|
||
Chrome Cache Entry: 106
|
ASCII text, with very long lines (553)
|
downloaded
|
||
Chrome Cache Entry: 107
|
ASCII text, with very long lines (1694)
|
downloaded
|
||
Chrome Cache Entry: 108
|
ASCII text, with very long lines (522)
|
downloaded
|
||
Chrome Cache Entry: 109
|
ASCII text, with very long lines (755)
|
downloaded
|
||
Chrome Cache Entry: 110
|
ASCII text, with very long lines (683)
|
downloaded
|
||
Chrome Cache Entry: 111
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 112
|
ASCII text, with very long lines (2907)
|
downloaded
|
||
Chrome Cache Entry: 113
|
ASCII text, with very long lines (533)
|
downloaded
|
||
Chrome Cache Entry: 114
|
ASCII text, with very long lines (570)
|
downloaded
|
||
Chrome Cache Entry: 115
|
ASCII text, with very long lines (395)
|
downloaded
|
There are 12 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
||
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /F /IM chrome.exe /T
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd"
--start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2352,i,15969125917398102169,18062438457060757556,262144
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US
--service-sandbox-type=audio --mojo-platform-channel-handle=5528 --field-trial-handle=2352,i,15969125917398102169,18062438457060757556,262144
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=2352,i,15969125917398102169,18062438457060757556,262144
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://play.google/intl/
|
unknown
|
||
https://families.google.com/intl/
|
unknown
|
||
https://youtube.com/t/terms?gl=
|
unknown
|
||
https://policies.google.com/technologies/location-data
|
unknown
|
||
https://www.google.com/intl/
|
unknown
|
||
https://apis.google.com/js/api.js
|
unknown
|
||
https://policies.google.com/privacy/google-partners
|
unknown
|
||
https://play.google.com/work/enroll?identifier=
|
unknown
|
||
https://policies.google.com/terms/service-specific
|
unknown
|
||
https://g.co/recover
|
unknown
|
||
https://policies.google.com/privacy/additional
|
unknown
|
||
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
|
unknown
|
||
https://play.google.com/log?format=json&hasfast=true&authuser=0
|
142.250.185.142
|
||
https://policies.google.com/technologies/cookies
|
unknown
|
||
https://www.google.com/favicon.ico
|
216.58.206.68
|
||
https://policies.google.com/terms
|
unknown
|
||
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
|
unknown
|
||
https://www.google.com
|
unknown
|
||
https://play.google.com/log?hasfast=true&authuser=0&format=json
|
142.250.185.142
|
||
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
https://www.youtube.com/t/terms?chromeless=1&hl=
|
unknown
|
||
https://support.google.com/accounts?hl=
|
unknown
|
||
https://policies.google.com/terms/location
|
unknown
|
||
https://policies.google.com/privacy
|
unknown
|
||
https://support.google.com/accounts?p=new-si-ui
|
unknown
|
||
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
youtube-ui.l.google.com
|
216.58.206.46
|
||
www3.l.google.com
|
142.250.185.110
|
||
play.google.com
|
142.250.185.142
|
||
www.google.com
|
216.58.206.68
|
||
youtube.com
|
142.250.185.78
|
||
accounts.youtube.com
|
unknown
|
||
www.youtube.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.185.78
|
youtube.com
|
United States
|
||
142.250.185.110
|
www3.l.google.com
|
United States
|
||
192.168.2.9
|
unknown
|
unknown
|
||
216.58.206.46
|
youtube-ui.l.google.com
|
United States
|
||
216.58.206.68
|
www.google.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.185.142
|
play.google.com
|
United States
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
17B0000
|
heap
|
page read and write
|
||
DD0000
|
heap
|
page read and write
|
||
1FAE000
|
stack
|
page read and write
|
||
D80000
|
heap
|
page read and write
|
||
17E5000
|
heap
|
page read and write
|
||
10C000
|
unkown
|
page readonly
|
||
17D9000
|
heap
|
page read and write
|
||
23AE000
|
stack
|
page read and write
|
||
71000
|
unkown
|
page execute read
|
||
1720000
|
heap
|
page read and write
|
||
13DB000
|
stack
|
page read and write
|
||
3D10000
|
heap
|
page read and write
|
||
13CE000
|
stack
|
page read and write
|
||
17E3000
|
heap
|
page read and write
|
||
13BF000
|
stack
|
page read and write
|
||
17E3000
|
heap
|
page read and write
|
||
17D3000
|
heap
|
page read and write
|
||
132000
|
unkown
|
page readonly
|
||
DCE000
|
stack
|
page read and write
|
||
15D0000
|
heap
|
page read and write
|
||
1800000
|
heap
|
page read and write
|
||
13C000
|
unkown
|
page read and write
|
||
144000
|
unkown
|
page readonly
|
||
3D14000
|
heap
|
page read and write
|
||
71000
|
unkown
|
page execute read
|
||
17D0000
|
heap
|
page read and write
|
||
150E000
|
stack
|
page read and write
|
||
D19000
|
stack
|
page read and write
|
||
13EF000
|
stack
|
page read and write
|
||
70000
|
unkown
|
page readonly
|
||
17E3000
|
heap
|
page read and write
|
||
144000
|
unkown
|
page readonly
|
||
17B8000
|
heap
|
page read and write
|
||
17E3000
|
heap
|
page read and write
|
||
17FD000
|
heap
|
page read and write
|
||
17E3000
|
heap
|
page read and write
|
||
13FE000
|
stack
|
page read and write
|
||
17E5000
|
heap
|
page read and write
|
||
15F0000
|
heap
|
page read and write
|
||
10C000
|
unkown
|
page readonly
|
||
13C000
|
unkown
|
page write copy
|
||
17D3000
|
heap
|
page read and write
|
||
140000
|
unkown
|
page write copy
|
||
17E3000
|
heap
|
page read and write
|
||
17FD000
|
heap
|
page read and write
|
||
71000
|
unkown
|
page execute read
|
||
132000
|
unkown
|
page readonly
|
||
70000
|
unkown
|
page readonly
|
||
17EE000
|
heap
|
page read and write
|
||
17D8000
|
heap
|
page read and write
|
There are 40 hidden memdumps, click here to show them.