Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 06:42:37 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 06:42:37 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 06:42:37 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 06:42:37 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 06:42:37 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\1e251181-1b3c-4c3e-8f99-c402e4889ca4.tmp
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\dstrootcax3.p7c (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\dstrootcax3.p7c.crdownload (copy)
|
data
|
dropped
|
||
|
Chrome Cache Entry: 61
|
data
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2024,i,4607722313752764857,11006120659772102750,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://apps.identrust.com/roots/dstrootcax3.p7c"
|
||
|
C:\Program Files\Windows Mail\wab.exe
|
"C:\Program Files\Windows Mail\wab.exe" /certificate "C:\Users\user\Downloads\dstrootcax3.p7c"
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
172.217.215.104
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
172.217.215.104
|
www.google.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22768428000
|
heap
|
page read and write
|
||
|
2276841B000
|
heap
|
page read and write
|
||
|
22768210000
|
heap
|
page read and write
|
||
|
227682F0000
|
heap
|
page read and write
|
||
|
22769E74000
|
heap
|
page read and write
|
||
|
2276841E000
|
heap
|
page read and write
|
||
|
22768310000
|
heap
|
page read and write
|
||
|
C2A037E000
|
stack
|
page read and write
|
||
|
22768320000
|
heap
|
page read and write
|
||
|
2276841A000
|
heap
|
page read and write
|
||
|
C2A03FE000
|
stack
|
page read and write
|
||
|
2276A010000
|
heap
|
page read and write
|
||
|
2276841A000
|
heap
|
page read and write
|
||
|
2276841A000
|
heap
|
page read and write
|
||
|
2276841E000
|
heap
|
page read and write
|
||
|
2276840B000
|
heap
|
page read and write
|
||
|
C2A02FD000
|
stack
|
page read and write
|
||
|
22768439000
|
heap
|
page read and write
|
||
|
227683E0000
|
heap
|
page read and write
|
||
|
22768350000
|
trusted library allocation
|
page read and write
|
||
|
C2A027D000
|
stack
|
page read and write
|
||
|
22768414000
|
heap
|
page read and write
|
||
|
227683E8000
|
heap
|
page read and write
|
||
|
22768415000
|
heap
|
page read and write
|
||
|
22768415000
|
heap
|
page read and write
|
||
|
22768418000
|
heap
|
page read and write
|
||
|
C29FFEA000
|
stack
|
page read and write
|
||
|
22768410000
|
heap
|
page read and write
|
||
|
22768315000
|
heap
|
page read and write
|
||
|
22768414000
|
heap
|
page read and write
|
||
|
22768430000
|
heap
|
page read and write
|
||
|
22769E90000
|
heap
|
page read and write
|
||
|
22769E70000
|
heap
|
page read and write
|
||
|
22768438000
|
heap
|
page read and write
|
There are 24 hidden memdumps, click here to show them.