Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 19:37:27 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 19:37:27 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 08:59:33 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 19:37:27 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 19:37:27 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 19:37:27 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\2b9facec-1b33-46a3-b813-88eb15abeae9.tmp
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\dstrootcax3.p7c (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\dstrootcax3.p7c.crdownload (copy)
|
data
|
dropped
|
||
|
Chrome Cache Entry: 64
|
data
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1996,i,16050332450259264952,18118608799944959310,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://apps.identrust.com/roots/dstrootcax3.p7c"
|
||
|
C:\Program Files\Windows Mail\wab.exe
|
"C:\Program Files\Windows Mail\wab.exe" /certificate "C:\Users\user\Downloads\dstrootcax3.p7c"
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
74.125.138.106
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.10
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
74.125.138.106
|
www.google.com
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2745ABF8000
|
heap
|
page read and write
|
||
|
2745ADF0000
|
heap
|
page read and write
|
||
|
2745C870000
|
heap
|
page read and write
|
||
|
2745ABF8000
|
heap
|
page read and write
|
||
|
2745ADC0000
|
heap
|
page read and write
|
||
|
9C4BDDA000
|
stack
|
page read and write
|
||
|
2745ABF1000
|
heap
|
page read and write
|
||
|
9C4C07E000
|
stack
|
page read and write
|
||
|
2745C734000
|
heap
|
page read and write
|
||
|
2745ABF9000
|
heap
|
page read and write
|
||
|
2745C730000
|
heap
|
page read and write
|
||
|
2745ABC8000
|
heap
|
page read and write
|
||
|
2745ABFC000
|
heap
|
page read and write
|
||
|
2745ADF5000
|
heap
|
page read and write
|
||
|
9C4C17F000
|
stack
|
page read and write
|
||
|
2745ABEB000
|
heap
|
page read and write
|
||
|
2745ACC0000
|
heap
|
page read and write
|
||
|
2745ABFF000
|
heap
|
page read and write
|
||
|
2745C840000
|
heap
|
page read and write
|
||
|
2745ADA0000
|
heap
|
page read and write
|
||
|
2745ABFC000
|
heap
|
page read and write
|
||
|
9C4C0FE000
|
stack
|
page read and write
|
||
|
2745AC11000
|
heap
|
page read and write
|
||
|
2745AC11000
|
heap
|
page read and write
|
||
|
2745ABF5000
|
heap
|
page read and write
|
||
|
2745ABC0000
|
heap
|
page read and write
|
||
|
2745ABF8000
|
heap
|
page read and write
|
||
|
2745ABF4000
|
heap
|
page read and write
|
||
|
2745ABF4000
|
heap
|
page read and write
|
||
|
2745ABF6000
|
heap
|
page read and write
|
||
|
2745C5A0000
|
trusted library allocation
|
page read and write
|
There are 21 hidden memdumps, click here to show them.