Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\96b75cd5-f570-4f95-98aa-75ac2d49a0ba.tmp
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\Downloads\Unconfirmed 135111.crdownload
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\Downloads\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe (copy)
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
|
"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
|
"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --no-sandbox --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2056 --field-trial-handle=1996,i,1775928385925400890,13953614706138782368,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
|
"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" "http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.com"
|
||
|
C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
|
"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --no-sandbox --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon
--lang=en-GB --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1996,i,1775928385925400890,13953614706138782368,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
|
"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --no-sandbox --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon
--lang=en-GB --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5208 --field-trial-handle=1996,i,1775928385925400890,13953614706138782368,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.com
|
 |
||
|
https://www.virustotal.com/gui/images/favicon.svg
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/87347.c002f57d03220f54c084.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/70520.2084d2d63c64ac00d8ff.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/27197.598dbd3bfe6cc1efe979.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/manifest.json
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/52564.fcbb1496712f373a7906.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/88116.be3428c199d3d7ca9393.js
|
74.125.34.46
|
||
|
https://clients2.googleusercontent.com/crx/blobs/AYA8Vyx2J_yUZTKcv47OjJ_lQNlaCYqeh8SOiGiawnXT0TvFvxRmwfkcv63jai6G-68PkdQz0qjWRURdD69KjIEk_1WMoGqX2-nmHyARS_kIQQQ8jggfB8g6y3OxQgNbZ3cAxlKa5c6rbuh5modTsW2qcgj5aN-TT3fn/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_24_10_2_0.crx
|
142.250.185.65
|
||
|
https://www.virustotal.com/gui/22232.91445a0c09a3242fac1c.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/88292.a814e2f9bbd53eb184a3.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/contacted_ips
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/
|
|||
|
https://www.youtube.com/iframe_api?version=3
|
142.250.138.190
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/mitre_format?link=true
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/75884.d7767dd34ca82b896517.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/contacted_domains
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/behaviours?limit=40
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/58686.e43f75fcd3216c74cafe.js
|
74.125.34.46
|
||
|
https://sb-ssl.google.com/safebrowsing/clientreport/download?key=dummytoken
|
172.217.16.206
|
||
|
https://www.virustotal.com/gui/1402accbefdec6a25762.woff2
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/5796.a9e8212a1628cbdb8bce.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/pe_resource_children
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/2121f4aabac6fbe523ec.woff2
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/bundled_files
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/dropped_files
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/vt-ui-sw-installer.3166763520a2b299ee12.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/images/manifest/icon-192x192.png
|
74.125.34.46
|
||
|
https://chrome.google.com/webstore/inlineinstall/detail/efaidnbmnnnibpcajpcglclefindmkaj
|
142.250.113.138
|
||
|
https://www.virustotal.com/gui/sha256.worker.5553997fe32b1412e31e.worker.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/49272.372a1ed11135b11cd4f7.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/bundled_files?limit=10&cursor=MTB8fHYzfHwxNzI5NzYzMDQ4fHwzY2M1YzM1YzM0ZmIzZDFjNDlkZTVjZTc4NzQzZWNhMmI2YjhmYTRkYzQ1ZTQyYTljMmYyZGIwYThiY2NiYmNk
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/36253.6f4dc6a9d8dab2123ae5.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/74278.4e291418bc556b622962.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/88687.cca6b938f5ec6b221b34.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/84569.030dc629fa8cc22ed550.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/pe_resource_parents
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/home/upload
|
|||
|
https://www.virustotal.com/gui/38304.fb4a0d25cd02c2064144.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/13420.2099364bebdd02277cf9.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/submission/challenge
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/ee990a93df71bfdfb3b5.woff2
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/submissions/add
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/30192.1c2ba98f9e3aa24d1929.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/execution_parents
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/main.1e3f41455405da971270.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/71254.89ea96287cbc8b900860.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/static/qrcode.min.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/59084.04d6b3360a5bc50128d1.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/30592.64f38a11064ff2dd4b23.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/26044.e227fd5c65cff1753dd6.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/97174.987fc1d4b24686f2c0c7.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/dropped_files?limit=10&cursor=eyJsaW1pdCI6IDEwLCAib2Zmc2V0IjogMTB9
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/25924.b3a6356de76617e73c99.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/67920.83f748ec82f4e379de06.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/45428.d50e11e1e27c0917ea14.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/static/opensearch.xml
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/71288.1829e1a8db7a3e06e295.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/67916.54c2c0cc036592986ddb.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/behaviour_mitre_trees
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/11358.f3f57088de337b2eacd2.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/service-worker.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/user_notifications
|
74.125.34.46
|
||
|
https://www.virustotal.com/
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/34894.ada184a092746870eefc.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/behaviour_mbc_trees
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/76194.9a49eca4de4d4a1bd1bf.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/file/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3
|
|||
|
https://i.ytimg.com/vi/4Eu8wrEejUI/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3nnSobupLFu6PdHSkj0YQIBkMbOeQ
|
142.250.114.119
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/comments?relationships=item%2Cauthor
|
74.125.34.46
|
||
|
https://i.ytimg.com/vi/Sf2UdT53yFw/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3nHnDZp41kd8qjHwRBAPpl1cxalyQ
|
142.250.114.119
|
||
|
https://www.virustotal.com/gui/vt-ui-shell-extra-deps.2f0832bf9cf1fc541ba6.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/5978.4206cee10d7d4c2afd11.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/users/zbetcheckin/avatar
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/40946.52e58c8b2a8b55ad5067.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/33274.186e9fb49d3ce6fbe3b3.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/25076.f1d5707846ec1ba9ed7f.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/intelligence/rules_matching_iocs
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/8405.86474e95af8bef65079f.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/graphs?relationships=owner%2Cviewers%2Ceditors
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/cookie_disclaimer
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/16339.0119306c79f13a4051bd.js
|
74.125.34.46
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
142.251.116.100
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/contacted_urls
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/21928.84211e4ee5e5aa330648.js
|
74.125.34.46
|
||
|
https://chrome.cloudflare-dns.com/dns-query
|
162.159.61.3
|
||
|
https://www.virustotal.com/gui/stackdriver-errors.3069a6025a2308368f46.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/signin?relationships=groups
|
74.125.34.46
|
||
|
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
|
142.250.114.138
|
||
|
https://www.virustotal.com/gui/36796.52ea6edb5c8ac00adeb8.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/51452.bfed120085deab858144.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/88220.7a7bbdb48b5a17981431.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3
|
74.125.34.46
|
||
|
https://www.virustotal.com/gui/icon.types-peexe.d2868179402000c6d4c8.js
|
74.125.34.46
|
||
|
https://www.virustotal.com/ui/files/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3/votes?relationships=item%2Cvoter
|
74.125.34.46
|
There are 84 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
chrome.cloudflare-dns.com
|
162.159.61.3
|
||
|
sb-ssl.l.google.com
|
172.217.16.206
|
||
|
tunnel.googlezip.net
|
216.239.34.157
|
||
|
www.google.com
|
142.250.185.196
|
||
|
googlehosted.l.googleusercontent.com
|
142.250.185.65
|
||
|
clients2.googleusercontent.com
|
unknown
|
||
|
sb-ssl.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.251.116.101
|
unknown
|
United States
|
||
|
142.251.116.100
|
unknown
|
United States
|
||
|
142.251.116.105
|
unknown
|
United States
|
||
|
142.250.114.119
|
unknown
|
United States
|
||
|
142.250.114.138
|
unknown
|
United States
|
||
|
142.251.116.103
|
unknown
|
United States
|
||
|
142.250.114.94
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
142.251.116.97
|
unknown
|
United States
|
||
|
142.251.116.95
|
unknown
|
United States
|
||
|
142.250.113.139
|
unknown
|
United States
|
||
|
162.159.61.3
|
chrome.cloudflare-dns.com
|
United States
|
||
|
74.125.34.46
|
unknown
|
United States
|
||
|
142.250.113.138
|
unknown
|
United States
|
||
|
172.64.41.3
|
unknown
|
United States
|
||
|
142.250.185.65
|
googlehosted.l.googleusercontent.com
|
United States
|
||
|
74.248.121.8
|
unknown
|
United States
|
||
|
142.251.116.156
|
unknown
|
United States
|
||
|
172.217.16.206
|
sb-ssl.l.google.com
|
United States
|
||
|
142.250.113.95
|
unknown
|
United States
|
||
|
142.250.115.94
|
unknown
|
United States
|
||
|
142.250.138.190
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.185.196
|
www.google.com
|
United States
|
||
|
192.168.2.15
|
unknown
|
unknown
|
||
|
192.168.2.14
|
unknown
|
unknown
|
||
|
216.239.34.157
|
tunnel.googlezip.net
|
United States
|
There are 17 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
19879EA7000
|
heap
|
page read and write
|
||
|
35AB1CC000
|
stack
|
page read and write
|
||
|
1987A130000
|
heap
|
page read and write
|
||
|
35AB4FE000
|
stack
|
page read and write
|
||
|
19879EA0000
|
heap
|
page read and write
|
||
|
35AB47E000
|
stack
|
page read and write
|
||
|
1987A180000
|
heap
|
page read and write
|
||
|
1987A070000
|
heap
|
page read and write
|
||
|
1987A185000
|
heap
|
page read and write
|
||
|
19879E60000
|
heap
|
page read and write
|
||
|
19879E70000
|
heap
|
page read and write
|
||
|
35AB57E000
|
stack
|
page read and write
|
There are 2 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://www.virustotal.com/gui/
|
||
|
https://www.virustotal.com/gui/home/upload
|
||
|
https://www.virustotal.com/gui/home/upload
|
||
|
https://www.virustotal.com/gui/home/upload
|
||
|
https://www.virustotal.com/gui/home/upload
|
||
|
https://www.virustotal.com/gui/file/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3
|
||
|
https://www.virustotal.com/gui/file/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3
|
||
|
https://www.virustotal.com/gui/file/c89726d27a208d8fa8e35a05c7f23db37719571b9bd4ff7979eae3edc4b071f3
|