Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Local\Qobuz\Update.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Qobuz\packages\Qobuz-7.1.4-b008-full.nupkg
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\SquirrelTemp\Qobuz-7.1.4-b008-full.nupkg
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\SquirrelTemp\RELEASES
|
Unicode text, UTF-8 (with BOM) text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\SquirrelTemp\background.gif
|
GIF image data, version 89a, 400 x 400
|
dropped
|
||
|
C:\Users\user\AppData\Local\SquirrelTemp\setupIcon.ico
|
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 18:20:44 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 18:20:44 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 18:20:44 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 18:20:44 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 18:20:44 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\4a4df6e5-2dec-4712-a072-5d2a1109b3f6.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Downloads\Qobuz_Installer.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Downloads\Unconfirmed 118702.crdownload
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
|
"C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install .
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1800,i,16295125349097330652,7967667769422856774,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://desktop.qobuz.com/releases/win32/x64/windows7_8_10/7.1.4-b008/Qobuz_Installer.exe?_gl=1*a1991m*_up*MQ..*_ga*MTkzODU0OTg5OC4xNzI4MzI2MTA4*_ga_BCS72N6MDF*MTcyODMyNjEwNy4xLjEuMTcyODMyNjc2OS4wLjAuMTM1MzY5NjE3NA.."
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US
--service-sandbox-type=icon_reader --mojo-platform-channel-handle=5412 --field-trial-handle=1800,i,16295125349097330652,7967667769422856774,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Users\user\Downloads\Qobuz_Installer.exe
|
"C:\Users\user\Downloads\Qobuz_Installer.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://desktop.qobuz.com/releases/win32/x64/windows7_8_10/7.1.4-b008/Qobuz_Installer.exe?_gl=1*a1991m*_up*MQ..*_ga*MTkzODU0OTg5OC4xNzI4MzI2MTA4*_ga_BCS72N6MDF*MTcyODMyNjEwNy4xLjEuMTcyODMyNjc2OS4wLjAuMTM1MzY5NjE3NA..
|
|||
|
https://github.com/myuser/myrepo
|
unknown
|
||
|
https://api.github.com/#
|
unknown
|
||
|
http://schemas.microsoft
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.181.238
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
142.250.185.68
|
unknown
|
United States
|
||
|
34.104.35.123
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.186.174
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
172.217.18.3
|
unknown
|
United States
|
||
|
172.217.16.195
|
unknown
|
United States
|
||
|
18.239.83.39
|
unknown
|
United States
|
||
|
66.102.1.84
|
unknown
|
United States
|
There are 1 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
882F000
|
heap
|
page read and write
|
||
|
7FFEB8CFC000
|
trusted library allocation
|
page read and write
|
||
|
7A0C000
|
unkown
|
page readonly
|
||
|
1B95F000
|
stack
|
page read and write
|
||
|
7FFEB8B50000
|
trusted library allocation
|
page read and write
|
||
|
1BD5E000
|
stack
|
page read and write
|
||
|
8827000
|
heap
|
page read and write
|
||
|
7FFEB8D20000
|
trusted library allocation
|
page read and write
|
||
|
A400000
|
heap
|
page read and write
|
||
|
700C000
|
unkown
|
page readonly
|
||
|
1B75E000
|
stack
|
page read and write
|
||
|
7FFEB8B4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
882B000
|
heap
|
page read and write
|
||
|
7FFEB8B34000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
E95000
|
heap
|
page read and write
|
||
|
7FFEB8B5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B9BD000
|
heap
|
page read and write
|
||
|
1BE5E000
|
stack
|
page read and write
|
||
|
C0C000
|
unkown
|
page readonly
|
||
|
1E22D575000
|
heap
|
page read and write
|
||
|
C79000
|
heap
|
page read and write
|
||
|
881A000
|
heap
|
page read and write
|
||
|
BE1000
|
unkown
|
page execute read
|
||
|
8827000
|
heap
|
page read and write
|
||
|
7FFEB8B4B000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8D40000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8CF4000
|
trusted library allocation
|
page read and write
|
||
|
12B51000
|
trusted library allocation
|
page read and write
|
||
|
12B71000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8B43000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8D2A000
|
trusted library allocation
|
page read and write
|
||
|
12B60000
|
trusted library allocation
|
page read and write
|
||
|
3E0C000
|
unkown
|
page readonly
|
||
|
AF8000
|
stack
|
page read and write
|
||
|
1B518000
|
stack
|
page read and write
|
||
|
7FFEB8B3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1385000
|
heap
|
page read and write
|
||
|
109F000
|
stack
|
page read and write
|
||
|
2BED000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8B8C000
|
trusted library allocation
|
page execute and read and write
|
||
|
868E000
|
stack
|
page read and write
|
||
|
12B56000
|
trusted library allocation
|
page read and write
|
||
|
C0A000
|
unkown
|
page read and write
|
||
|
87F0000
|
heap
|
page read and write
|
||
|
CAF000
|
heap
|
page read and write
|
||
|
882F000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
7FFEB8B49000
|
trusted library allocation
|
page read and write
|
||
|
68F15DE000
|
stack
|
page read and write
|
||
|
864E000
|
stack
|
page read and write
|
||
|
8820000
|
heap
|
page read and write
|
||
|
C7B000
|
heap
|
page read and write
|
||
|
7FFEB8D10000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8BE6000
|
trusted library allocation
|
page read and write
|
||
|
520C000
|
unkown
|
page readonly
|
||
|
68F155C000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
7FFEB8D31000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8BEC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFEB8D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
7FFEB8BE0000
|
trusted library allocation
|
page read and write
|
||
|
1E22D470000
|
heap
|
page read and write
|
||
|
1E22D1B0000
|
heap
|
page read and write
|
||
|
882000
|
unkown
|
page readonly
|
||
|
87FE000
|
heap
|
page read and write
|
||
|
1BB55000
|
stack
|
page read and write
|
||
|
2B71000
|
trusted library allocation
|
page read and write
|
||
|
2A0C000
|
unkown
|
page readonly
|
||
|
7FFEB8B54000
|
trusted library allocation
|
page read and write
|
||
|
2B51000
|
trusted library allocation
|
page read and write
|
||
|
480C000
|
unkown
|
page readonly
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
C0A000
|
unkown
|
page write copy
|
||
|
D2A000
|
heap
|
page read and write
|
||
|
2BA6000
|
trusted library allocation
|
page read and write
|
||
|
89EF000
|
stack
|
page read and write
|
||
|
7FFEB8B5B000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
881A000
|
heap
|
page read and write
|
||
|
1E22D570000
|
heap
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
6B2000
|
unkown
|
page readonly
|
||
|
87FA000
|
heap
|
page read and write
|
||
|
7FFEB8B33000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B960000
|
heap
|
page read and write
|
||
|
200C000
|
unkown
|
page readonly
|
||
|
1E22D1E0000
|
heap
|
page read and write
|
||
|
660C000
|
unkown
|
page readonly
|
||
|
7FFEB8D09000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8B32000
|
trusted library allocation
|
page read and write
|
||
|
881A000
|
heap
|
page read and write
|
||
|
8AEF000
|
stack
|
page read and write
|
||
|
1E22D228000
|
heap
|
page read and write
|
||
|
7FFEB8D60000
|
trusted library allocation
|
page read and write
|
||
|
840C000
|
unkown
|
page readonly
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
1BC59000
|
stack
|
page read and write
|
||
|
7FFEB8B30000
|
trusted library allocation
|
page read and write
|
||
|
5C0C000
|
unkown
|
page readonly
|
||
|
7FFEB8C16000
|
trusted library allocation
|
page execute and read and write
|
||
|
CAA000
|
heap
|
page read and write
|
||
|
7FFEB8CDD000
|
trusted library allocation
|
page read and write
|
||
|
C7D000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
C66000
|
heap
|
page read and write
|
||
|
1B9AC000
|
heap
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
882B000
|
heap
|
page read and write
|
||
|
8827000
|
heap
|
page read and write
|
||
|
1B650000
|
heap
|
page read and write
|
||
|
68F18FE000
|
stack
|
page read and write
|
||
|
7FFEB8CD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8D50000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
unkown
|
page readonly
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8CE7000
|
trusted library allocation
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
2BB4000
|
trusted library allocation
|
page read and write
|
||
|
881C000
|
heap
|
page read and write
|
||
|
7FFEB8CED000
|
trusted library allocation
|
page read and write
|
||
|
7FF4330C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A40000
|
heap
|
page execute and read and write
|
||
|
D32000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
68F187E000
|
stack
|
page read and write
|
||
|
12B5B000
|
trusted library allocation
|
page read and write
|
||
|
7FFEB8C50000
|
trusted library allocation
|
page execute and read and write
|
||
|
340C000
|
unkown
|
page readonly
|
||
|
12B58000
|
trusted library allocation
|
page read and write
|
||
|
8827000
|
heap
|
page read and write
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
86F0000
|
heap
|
page read and write
|
||
|
BFF000
|
unkown
|
page readonly
|
||
|
1E22D1C0000
|
heap
|
page read and write
|
||
|
1B5A0000
|
heap
|
page execute and read and write
|
||
|
8827000
|
heap
|
page read and write
|
||
|
7FFEB8D80000
|
trusted library allocation
|
page read and write
|
||
|
882F000
|
heap
|
page read and write
|
||
|
1E22D220000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
7FFEB8D00000
|
trusted library allocation
|
page read and write
|
||
|
1B85E000
|
stack
|
page read and write
|
||
|
8827000
|
heap
|
page read and write
|
||
|
9C3000
|
stack
|
page read and write
|
||
|
7FFEB8CD3000
|
trusted library allocation
|
page read and write
|
||
|
881A000
|
heap
|
page read and write
|
||
|
1B0DC000
|
stack
|
page read and write
|
||
|
881D000
|
heap
|
page read and write
|
||
|
C49000
|
heap
|
page read and write
|
||
|
7FFEB8BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1353000
|
trusted library allocation
|
page read and write
|
||
|
882E000
|
heap
|
page read and write
|
||
|
860F000
|
stack
|
page read and write
|
||
|
160C000
|
unkown
|
page readonly
|
||
|
2C26000
|
trusted library allocation
|
page read and write
|
||
|
BFF000
|
unkown
|
page readonly
|
||
|
7FFEB8D03000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
882B000
|
heap
|
page read and write
|
||
|
2B6E000
|
trusted library allocation
|
page read and write
|
||
|
8CD0000
|
heap
|
page read and write
|
||
|
119E000
|
stack
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
72B000
|
stack
|
page read and write
|
There are 162 hidden memdumps, click here to show them.