Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:32:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:32:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:32:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:32:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:32:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\Desktop\download\download-windows.html
|
HTML document, Unicode text, UTF-8 text, with very long lines (1131)
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\LICENSE
|
ASCII text
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\manifest.json
|
JSON data
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\sets.json
|
JSON data
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\Google.Widevine.CDM.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\manifest.json
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 143
|
ASCII text, with very long lines (4201)
|
downloaded
|
||
|
Chrome Cache Entry: 146
|
ASCII text, with very long lines (4201)
|
dropped
|
||
|
Chrome Cache Entry: 148
|
ASCII text, with very long lines (2343)
|
downloaded
|
||
|
Chrome Cache Entry: 149
|
ASCII text, with very long lines (5945)
|
dropped
|
||
|
Chrome Cache Entry: 150
|
ASCII text, with very long lines (2343)
|
dropped
|
||
|
Chrome Cache Entry: 151
|
ASCII text, with very long lines (5945)
|
downloaded
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition
--user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.videolan.org/vlc/download-windows.html"
> cmdline.out 2>&1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.videolan.org/vlc/download-windows.html"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\download-windows.html
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1760,i,8591697756766500833,3544110521577231241,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.videolan.org/vlc/download-windows.html
|
|||
|
https://stats.g.doubleclick.net/g/collect
|
unknown
|
||
|
https://wieistmeineip.de
|
unknown
|
||
|
https://mercadoshops.com.co
|
unknown
|
||
|
https://gliadomain.com
|
unknown
|
||
|
https://poalim.xyz
|
unknown
|
||
|
https://mercadolivre.com
|
unknown
|
||
|
https://www.paypal.com/cgi-bin/webscr
|
unknown
|
||
|
https://addons.videolan.org/browse/cat/323/ord/latest/
|
unknown
|
||
|
https://reshim.org
|
unknown
|
||
|
https://ampcid.google.com/v1/publisher:getClientId
|
unknown
|
||
|
https://nourishingpursuits.com
|
unknown
|
||
|
https://oss.maxcdn.com/respond/1.4.2/respond.min.js
|
unknown
|
||
|
https://medonet.pl
|
unknown
|
||
|
https://unotv.com
|
unknown
|
||
|
https://mercadoshops.com.br
|
unknown
|
||
|
https://joyreactor.cc
|
unknown
|
||
|
https://zdrowietvn.pl
|
unknown
|
||
|
https://johndeere.com
|
unknown
|
||
|
https://songstats.com
|
unknown
|
||
|
https://baomoi.com
|
unknown
|
||
|
https://supereva.it
|
unknown
|
||
|
https://elfinancierocr.com
|
unknown
|
||
|
https://www.videolan.org/thank_you.html
|
unknown
|
||
|
https://bolasport.com
|
unknown
|
||
|
https://rws1nvtvt.com
|
unknown
|
||
|
https://desimartini.com
|
unknown
|
||
|
https://hearty.app
|
unknown
|
||
|
https://hearty.gift
|
unknown
|
||
|
https://mercadoshops.com
|
unknown
|
||
|
https://heartymail.com
|
unknown
|
||
|
https://nlc.hu
|
unknown
|
||
|
https://p106.net
|
unknown
|
||
|
https://stats.g.doubleclick.net/j/collect
|
unknown
|
||
|
https://www.twitter.com/videolan
|
unknown
|
||
|
https://radio2.be
|
unknown
|
||
|
https://finn.no
|
unknown
|
||
|
https://hc1.com
|
unknown
|
||
|
https://kompas.tv
|
unknown
|
||
|
https://mystudentdashboard.com
|
unknown
|
||
|
https://songshare.com
|
unknown
|
||
|
https://smaker.pl
|
unknown
|
||
|
https://mercadopago.com.mx
|
unknown
|
||
|
https://p24.hu
|
unknown
|
||
|
https://talkdeskqaid.com
|
unknown
|
||
|
https://24.hu
|
unknown
|
||
|
https://mercadopago.com.pe
|
unknown
|
||
|
https://cardsayings.net
|
unknown
|
||
|
https://wiki.videolan.org/
|
unknown
|
||
|
https://text.com
|
unknown
|
||
|
https://mightytext.net
|
unknown
|
||
|
https://pudelek.pl
|
unknown
|
||
|
http://cuberto.com/
|
unknown
|
||
|
https://hazipatika.com
|
unknown
|
||
|
https://joyreactor.com
|
unknown
|
||
|
https://cookreactor.com
|
unknown
|
||
|
https://wildixin.com
|
unknown
|
||
|
https://eworkbookcloud.com
|
unknown
|
||
|
https://cognitiveai.ru
|
unknown
|
||
|
https://nacion.com
|
unknown
|
||
|
https://chennien.com
|
unknown
|
||
|
https://drimer.travel
|
unknown
|
||
|
https://deccoria.pl
|
unknown
|
||
|
https://mercadopago.cl
|
unknown
|
||
|
https://talkdeskstgid.com
|
unknown
|
||
|
https://naukri.com
|
unknown
|
||
|
https://interia.pl
|
unknown
|
||
|
https://bonvivir.com
|
unknown
|
||
|
https://carcostadvisor.be
|
unknown
|
||
|
https://salemovetravel.com
|
unknown
|
||
|
https://sapo.io
|
unknown
|
||
|
https://wpext.pl
|
unknown
|
||
|
https://welt.de
|
unknown
|
||
|
https://poalim.site
|
unknown
|
||
|
https://drimer.io
|
unknown
|
||
|
https://infoedgeindia.com
|
unknown
|
||
|
https://blackrockadvisorelite.it
|
unknown
|
||
|
https://cognitive-ai.ru
|
unknown
|
||
|
https://cafemedia.com
|
unknown
|
||
|
https://graziadaily.co.uk
|
unknown
|
||
|
https://thirdspace.org.au
|
unknown
|
||
|
https://mercadoshops.com.ar
|
unknown
|
||
|
https://www.madebyargon.com
|
unknown
|
||
|
https://smpn106jkt.sch.id
|
unknown
|
||
|
https://elpais.uy
|
unknown
|
||
|
https://landyrev.com
|
unknown
|
||
|
https://the42.ie
|
unknown
|
||
|
https://commentcamarche.com
|
unknown
|
||
|
https://creativecommons.org/licenses/by-sa/3.0/us/
|
unknown
|
||
|
https://tucarro.com.ve
|
unknown
|
||
|
https://rws3nvtvt.com
|
unknown
|
||
|
https://eleconomista.net
|
unknown
|
||
|
https://helpdesk.com
|
unknown
|
||
|
https://mercadolivre.com.br
|
unknown
|
||
|
https://clmbtech.com
|
unknown
|
||
|
https://standardsandpraiserepurpose.com
|
unknown
|
||
|
https://07c225f3.online
|
unknown
|
||
|
https://salemovefinancial.com
|
unknown
|
||
|
https://mercadopago.com.br
|
unknown
|
||
|
file:///C:/Users/user/Desktop/download/download-windows.html
|
|||
|
https://commentcamarche.net
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.videolan.org
|
213.36.253.2
|
||
|
www.google.com
|
216.58.212.132
|
||
|
206.23.85.13.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.186.68
|
unknown
|
United States
|
||
|
216.58.212.132
|
www.google.com
|
United States
|
||
|
213.36.253.2
|
www.videolan.org
|
France
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9B000
|
stack
|
page read and write
|
||
|
10FE000
|
heap
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
B76000
|
heap
|
page read and write
|
||
|
F7F000
|
stack
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
FD6000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
10FD000
|
heap
|
page read and write
|
||
|
FAB000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
10FB000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
FDA000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
10FC000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
9CC000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
D7F000
|
stack
|
page read and write
|
||
|
FAD000
|
heap
|
page read and write
|
||
|
A68000
|
heap
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
There are 21 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
file:///C:/Users/user/Desktop/download/download-windows.html
|