Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
GJIBADMGILGDJABOCKFMGEBJIAPFPIFP_3_86_0_0.crx
|
Google Chrome extension, version 3
|
initial sample
|
||
|
C:\chrome\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
|
C:\chrome\crypto-1.1.js
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\chrome\icon-128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\chrome\icon-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\chrome\icon-32.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\chrome\jsrsasign-latest-all-min.js
|
ASCII text, with very long lines (559), with CRLF line terminators
|
dropped
|
||
|
C:\chrome\main.js
|
Unicode text, UTF-8 (with BOM) text, with very long lines (5229), with CRLF line terminators
|
dropped
|
||
|
C:\chrome\manifest.json
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 85
|
ASCII text, with very long lines (5162), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 86
|
ASCII text, with very long lines (3521)
|
downloaded
|
||
|
Chrome Cache Entry: 87
|
ASCII text, with very long lines (774)
|
downloaded
|
||
|
Chrome Cache Entry: 88
|
ASCII text, with very long lines (1281)
|
downloaded
|
||
|
Chrome Cache Entry: 89
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 90
|
ASCII text, with very long lines (766)
|
downloaded
|
||
|
Chrome Cache Entry: 91
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
|
Chrome Cache Entry: 92
|
ASCII text, with very long lines (1302)
|
downloaded
|
||
|
Chrome Cache Entry: 93
|
ASCII text, with very long lines (2287)
|
downloaded
|
||
|
Chrome Cache Entry: 94
|
ASCII text, with very long lines (960)
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
ASCII text, with very long lines (1657)
|
downloaded
|
||
|
Chrome Cache Entry: 96
|
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 97
|
PNG image data, 106 x 5326, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 98
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
HTML document, ASCII text, with very long lines (20800)
|
downloaded
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\7za.exe
|
7za.exe x -oC:\chrome "C:\Users\user\Desktop\GJIBADMGILGDJABOCKFMGEBJIAPFPIFP_3_86_0_0.crx"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=C:\chrome
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2004,i,17086501925047305726,6324390350767066051,262144
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ogs.google.com/
|
unknown
|
||
|
http://www.broofa.com
|
unknown
|
||
|
https://seo.turbosa.local/
|
unknown
|
||
|
https://apis.google.com/js/api.js
|
unknown
|
||
|
https://www.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
http://www-cs-students.stanford.edu/~tjw/jsbn/
|
unknown
|
||
|
https://www.google.com/async/newtab_promos
|
142.250.185.196
|
||
|
http://kjur.github.io/jsrsasign/license/
|
unknown
|
||
|
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
|
unknown
|
||
|
https://plus.google.com
|
unknown
|
||
|
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
|
unknown
|
||
|
https://ogs.google.com/widget/app/so?eom=1&awwd=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|
172.217.16.206
|
||
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.185.196
|
||
|
https://play.google.com/log?hasfast=true&authuser=0&format=json
|
142.250.186.78
|
||
|
https://crypto-js.googlecode.com/svn-history/r667/branches/3.x/src/core.js
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
142.250.185.174
|
||
|
https://seo.siege.turbosa.fr/
|
unknown
|
||
|
http://127.0.0.1:60854/
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.185.196
|
||
|
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
|
142.250.186.78
|
||
|
https://code.google.com/p/crypto-js/issues/detail?id=84
|
unknown
|
||
|
http://127.0.0.1/
|
unknown
|
||
|
https://demoseo.turbosa.local/
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.185.196
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://kjur.github.com/jsrsasign/license
|
unknown
|
||
|
https://ogs.google.com/widget/app/so
|
unknown
|
||
|
https://domains.google.com/suggest/flow
|
unknown
|
||
|
http://developer.yahoo.com/yui/license.html
|
unknown
|
||
|
https://clients6.google.com
|
unknown
|
||
|
https://github.com/bitcoinjs/bitcoinjs-lib
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
plus.l.google.com
|
142.250.186.78
|
||
|
play.google.com
|
142.250.185.174
|
||
|
www3.l.google.com
|
172.217.16.206
|
||
|
www.google.com
|
142.250.185.196
|
||
|
ogs.google.com
|
unknown
|
||
|
apis.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.186.78
|
plus.l.google.com
|
United States
|
||
|
172.217.16.206
|
www3.l.google.com
|
United States
|
||
|
192.168.2.6
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.185.196
|
www.google.com
|
United States
|
||
|
142.250.185.174
|
play.google.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1EE000
|
stack
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
A8F000
|
stack
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
570000
|
trusted library allocation
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
2355000
|
heap
|
page read and write
|
||
|
2242000
|
heap
|
page read and write
|
||
|
550000
|
trusted library allocation
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
2362000
|
heap
|
page read and write
|
||
|
11C000
|
stack
|
page read and write
|
||
|
2770000
|
trusted library allocation
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
6C8000
|
heap
|
page read and write
|
There are 13 hidden memdumps, click here to show them.