Source: C:\Users\user\Downloads\3.dat.crdownload |
Avira: detection malicious, Label: TR/Dropper.Gen |
Source: /opt/package/joesandbox/database/analysis/1429002/temp/droppedscan/chromecache_61 |
Avira: detection malicious, Label: TR/Dropper.Gen |
Source: C:\Users\user\Downloads\3.dat (copy) |
ReversingLabs: Detection: 87% |
Source: C:\Users\user\Downloads\3.dat.crdownload |
ReversingLabs: Detection: 87% |
Source: Chrome Cache Entry: 61 |
ReversingLabs: Detection: 87% |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.31.62.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /3.dat HTTP/1.1Host: eshoradebitcoin.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: unknown |
HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713568951032&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF |
Source: unknown |
Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49711 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49721 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49711 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49703 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49726 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49721 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49726 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49703 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: 3.dat.crdownload.0.dr |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: chromecache_61.2.dr |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1992,i,2771170727428028237,18400158983486350545,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
|
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eshoradebitcoin.com/3.dat" |
|
Source: unknown |
Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1992,i,2771170727428028237,18400158983486350545,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: twinui.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: actxprxy.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.ui.appdefaults.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.ui.immersive.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uiautomationcore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dui70.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: bcp47mrm.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uianimation.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.ui.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windowmanagementapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: inputhost.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: thumbcache.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: tiledatarepository.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: staterepository.core.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.staterepository.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.staterepositorycore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: mrmcorer.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: appxdeploymentclient.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: directmanipulation.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: Google Drive.lnk.0.dr |
LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe |
Source: YouTube.lnk.0.dr |
LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe |
Source: Sheets.lnk.0.dr |
LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe |
Source: Gmail.lnk.0.dr |
LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe |
Source: Slides.lnk.0.dr |
LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe |
Source: Docs.lnk.0.dr |
LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe |
Source: 3.dat.crdownload.0.dr |
Static PE information: section name: .text entropy: 7.743688791524453 |
Source: chromecache_61.2.dr |
Static PE information: section name: .text entropy: 7.743688791524453 |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: C:\Users\user\Downloads\3.dat.crdownload |
Jump to dropped file |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: Chrome Cache Entry: 61 |
Jump to dropped file |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: C:\Users\user\Downloads\ab6c8f49-01ae-497c-a189-3be0203beff6.tmp |
Jump to dropped file |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: C:\Users\user\Downloads\3.dat (copy) |
Jump to dropped file |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: 3.dat.crdownload.0.dr, chromecache_61.2.dr |
Binary or memory string: AilOgfBfMfOHEGniCcN.kmLJbnBRHGr3PRMqMOc+xfaiMJ1LKHgFS5Jr3j0+I6K0ZZ1iJX3hE6vOgRe`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][] |
Source: 3.dat.crdownload.0.dr, chromecache_61.2.dr |
Binary or memory string: xfaiMJ1LKHgFS5Jr3j0 |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: C:\Users\user\Downloads\3.dat.crdownload, type: DROPPED |
Source: Yara match |
File source: dropped/chromecache_61, type: DROPPED |
Source: Yara match |
File source: C:\Users\user\Downloads\3.dat.crdownload, type: DROPPED |
Source: Yara match |
File source: dropped/chromecache_61, type: DROPPED |
Source: Yara match |
File source: C:\Users\user\Downloads\3.dat.crdownload, type: DROPPED |
Source: Yara match |
File source: dropped/chromecache_61, type: DROPPED |
Source: Yara match |
File source: C:\Users\user\Downloads\3.dat.crdownload, type: DROPPED |
Source: Yara match |
File source: dropped/chromecache_61, type: DROPPED |