Windows Analysis Report
http://46.228.223.162//d/msdownload/update/software/uprl/2024/04/windows-kb890830-x64-v5.123_12cbe1571c83eb7c16bfdfde1426dff713619670.exe?cacheHostOrigin=au.download.windowsupdate.com

Overview

General Information

Sample URL:	http://46.228.223.162//d/msdownload/update/software/uprl/2024/04/windows-kb890830-x64-v5.123_12cbe1571c83eb7c16bfdfde1426dff713619670.exe?cacheHostOrigin=au.download.windowsupdate.com
Analysis ID:	1431376
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Downloads executable code via HTTP

Drops PE files

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file does not import any functions

PE file overlay found

Stores files to the Windows start menu directory

Classification

Signatures

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49713 version: TLS 1.2

Source:	Binary string: mrtstub.pdbGCTL source: Unconfirmed 432828.crdownload.0.dr
Source:	Binary string: mrtstub.pdb source: Unconfirmed 432828.crdownload.0.dr

Downloads executable code via HTTP

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 24 Apr 2024 22:13:43 GMTContent-Type: application/octet-streamContent-Length: 69014128Connection: keep-aliveCache-Control: public,max-age=172800Last-Modified: Mon, 01 Apr 2024 11:38:37 GMTVia: 1.1 varnishAge: 2X-Served-By: cache-vie6346-VIEX-Cache: HITX-Cache-Hits: 1X-Timer: S1712682011.792939,VS0,VE1X-CID: 10002X-CCC: f9a2db7b-7e0b-4e14-8070-1150b56b2bf1Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'X-XSS-Protection: 1; mode=blockX-Frame-Options: SAMEORIGINX-Cache-Status: STALEAccept-Ranges: bytesX-XSS-Protection: 1; mode=blockX-Frame-Options: DENYX-Content-Type-Options: nosniffContent-Security-Policy: default-src 'self';X-Permitted-Cross-Domain-Policies: noneReferrer-Policy: no-referrerData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 22 10 92 de 66 71 fc 8d 66 71 fc 8d 66 71 fc 8d 09 f0 ff 8c 67 71 fc 8d 35 0e f8 8c 7d 71 fc 8d 35 0e ff 8c 69 71 fc 8d 35 0e f9 8c ad 71 fc 8d 35 0e fd 8c 6b 71 fc 8d 66 71 fd 8d 7b 70 fc 8d 09 f0 f5 8c 2d 71 fc 8d 09 f0 03 8d 67 71 fc 8d 09 f0 fe 8c 67 71 fc 8d 52 69 63 68 66 71 fc 8d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 82 f4 f7 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 26 00 70 02 00 00 40 11 04 00 00 00 00 70 40 01 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 10 00 00 0a 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 e0 13 04 00 10 00 00 04 25 1d 04 02 00 60 c1 00 00 08 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 75 03 00 8c 00 00 00 00 f0 03 00 f0 d9 0f 04 00 c0 03 00 30 21 00 00 00 c0 13 04 70 52 09 00 00 d0 13 04 74 06 00 00 b0 30 03 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 a5 02 00 28 00 00 00 90 a4 02 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$"fqfqfqgq5}q5iq5q5kqfq{p-qgqgqRichfqPEde"&p@p@@%` <u0!pRt0p(

Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162
Source: unknown	TCP traffic detected without corresponding DNS query: 46.228.223.162

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fz4sHxNnDDavVy6&MD=Tklen53X HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fz4sHxNnDDavVy6&MD=Tklen53X HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET //d/msdownload/update/software/uprl/2024/04/windows-kb890830-x64-v5.123_12cbe1571c83eb7c16bfdfde1426dff713619670.exe?cacheHostOrigin=au.download.windowsupdate.com HTTP/1.1Host: 46.228.223.162Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49713 version: TLS 1.2

PE file contains executable resources (Code or Archives)

Source: Unconfirmed 432828.crdownload.0.dr

Static PE information: Resource name: CABINET type: Microsoft Cabinet archive data, Windows 2000/XP setup, 68139746 bytes, 1 file, at 0x2c +A "mrt.exe", number 1, 5880 datablocks, 0x1503 compression

PE file does not import any functions

Source: 24cc25fe-2324-44f6-a41f-222d3e915eb2.tmp.0.dr

Static PE information: No import functions for PE file found

PE file overlay found

Source: 24cc25fe-2324-44f6-a41f-222d3e915eb2.tmp.0.dr

Static PE information: Data appended to the last section found

Source: classification engine

Classification label: clean3.win@16/8@2/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\24cc25fe-2324-44f6-a41f-222d3e915eb2.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://46.228.223.162//d/msdownload/update/software/uprl/2024/04/windows-kb890830-x64-v5.123_12cbe1571c83eb7c16bfdfde1426dff713619670.exe?cacheHostOrigin=au.download.windowsupdate.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1932,i,17179411634351785297,16397966678369388923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5292 --field-trial-handle=1932,i,17179411634351785297,16397966678369388923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1932,i,17179411634351785297,16397966678369388923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5292 --field-trial-handle=1932,i,17179411634351785297,16397966678369388923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source:	Binary string: mrtstub.pdbGCTL source: Unconfirmed 432828.crdownload.0.dr
Source:	Binary string: mrtstub.pdb source: Unconfirmed 432828.crdownload.0.dr

PE file contains an invalid checksum

Source: 24cc25fe-2324-44f6-a41f-222d3e915eb2.tmp.0.dr

Static PE information: real checksum: 0x41d2504 should be: 0x9914

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 432828.crdownload			Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\24cc25fe-2324-44f6-a41f-222d3e915eb2.tmp			Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: Unconfirmed 432828.crdownload.0.dr

Binary or memory string: vMCih

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
46.228.223.162	unknown	Slovakia (SLOVAK Republic)	49798	SNAILNETSK	false
142.250.105.105	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
www.google.com	142.250.105.105	true

ID:	1431376
Product:	CloudBasic
Start time:	00:13:17
Start date:	25.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 21:13:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F9D1DB15E9B358C0F6A04EB49B3111E6	99F490013BA556E7D14D433AA0F888971806F6B4	5F8120F11E2F42BFBF5F82575A3222DFECA0042D2DD980529E74048E57387117
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 21:13:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4C44AE91E4A6DC3F94D1150E64444DF8	49A72DD567613E3A1B1B312BA6D70572C8AB8222	9E207036DEDC112ECB537BCBAC6E30F8EB16EC49111C2A9DDC8CD1FD22582711
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	C4D3E9FCA29D0B163F4EE85ED1F4370B	0CA03304A2C8C3634FD2F6D9E366560354B1E492	DE587705E8B3D2C2BA591BCC7DCDEDF62C799FDFAFCAE02AE9DAA2A9965D700A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 21:13:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	430D23363717C3B7A9EC04690DDD2A66	1C34559FD4AAB46AFF1071F27B70C0BB1E05AD3A	FF1F4B202DAE6F950EA05A38D13D58456C1205830BD1CFBA22C275B9628776AB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 21:13:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	271927BCA71960D39F9DFA52E938FA09	25E4AAAA5F430B4ED2ACB7EFA3574239670BD02D	FFAC0309FBD1F2175846651069D3A929CDFEC4174403E1CD41C4E7E77504D7D0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 21:13:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	9CB589A7B6F6819390788F3AE54DCDE2	E2F50273B5624F63218FD38C58E67DC9E34932D9	9EF5B5A0092839BDAB0258468434A849FF7D91535434AB19A3894DB817DFDD83
C:\Users\user\Downloads\24cc25fe-2324-44f6-a41f-222d3e915eb2.tmp	PE32+ executable (GUI) x86-64, for MS Windows	F7202E324D15A8F52AE33DC80BC52573	0959FEDD77EC6E888B552EC8E96D5F13DD358E82	31274F2E103E607C11D951A473CD4B4B4A59C4A5B5447DE450BBE2BB4D6B7A84
C:\Users\user\Downloads\Unconfirmed 432828.crdownload	PE32+ executable (GUI) x86-64, for MS Windows	99F3C1A822D23ECCCED7D77F3CB46A37	B3164AC0EA9B4FD0CBC0D28A10B103246E4BF540	6FB0D25F3F8A82877C33B699BBF4B0BF112F1044D442E3DBAE1FD804801B3F8B

Windows Analysis Report
http://46.228.223.162//d/msdownload/update/software/uprl/2024/04/windows-kb890830-x64-v5.123_12cbe1571c83eb7c16bfdfde1426dff713619670.exe?cacheHostOrigin=au.download.windowsupdate.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report http://46.228.223.162//d/msdownload/update/software/uprl/2024/04/windows-kb890830-x64-v5.123_12cbe1571c83eb7c16bfdfde1426dff713619670.exe?cacheHostOrigin=au.download.windowsupdate.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report
http://46.228.223.162//d/msdownload/update/software/uprl/2024/04/windows-kb890830-x64-v5.123_12cbe1571c83eb7c16bfdfde1426dff713619670.exe?cacheHostOrigin=au.download.windowsupdate.com