Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

data.tmp.zip

Zip archive data, at least v2.0 to extract, compression method=deflate

initial sample

C:\Users\user\Desktop\data.tmp

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:57:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Chrome Cache Entry: 100

PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 101

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 102

PNG image data, 275 x 175, 8-bit colormap, non-interlaced

downloaded

Chrome Cache Entry: 103

ASCII text, with very long lines (2273)

downloaded

Chrome Cache Entry: 104

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 105

Web Open Font Format (Version 2), TrueType, length 31568, version 1.0

downloaded

Chrome Cache Entry: 106

PNG image data, 275 x 175, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 107

PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 108

ASCII text, with very long lines (2774)

downloaded

Chrome Cache Entry: 109

ASCII text, with very long lines (2054)

downloaded

Chrome Cache Entry: 110

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 111

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 275x175, components 3

downloaded

Chrome Cache Entry: 112

ASCII text, with very long lines (2956)

downloaded

Chrome Cache Entry: 113

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 114

PNG image data, 1344 x 289, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 115

PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 116

ASCII text, with very long lines (7804)

downloaded

Chrome Cache Entry: 117

ASCII text, with very long lines (2124)

downloaded

Chrome Cache Entry: 118

PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 119

ASCII text

downloaded

Chrome Cache Entry: 120

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 121

Web Open Font Format (Version 2), TrueType, length 52280, version 1.0

downloaded

Chrome Cache Entry: 122

PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 123

Web Open Font Format (Version 2), TrueType, length 15436, version 1.0

downloaded

Chrome Cache Entry: 124

PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 125

PNG image data, 1072 x 373, 8-bit colormap, non-interlaced

downloaded

Chrome Cache Entry: 126

PNG image data, 275 x 175, 8-bit colormap, non-interlaced

downloaded

Chrome Cache Entry: 127

ASCII text, with very long lines (1293)

downloaded

Chrome Cache Entry: 128

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 129

PNG image data, 385 x 245, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 130

PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 131

PNG image data, 1072 x 373, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 132

ASCII text, with very long lines (65531)

downloaded

Chrome Cache Entry: 133

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 134

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 275x175, components 3

downloaded

Chrome Cache Entry: 135

PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 136

PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 137

PNG image data, 385 x 245, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 138

PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 139

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 140

ASCII text, with very long lines (1250)

downloaded

Chrome Cache Entry: 141

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 142

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 143

PNG image data, 385 x 245, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 144

PNG image data, 1296 x 450, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 145

PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 146

ASCII text, with very long lines (3383)

downloaded

Chrome Cache Entry: 147

ASCII text, with very long lines (1684), with no line terminators

downloaded

Chrome Cache Entry: 148

PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 149

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 150

PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 151

PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 152

PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 153

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 154

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 440x280, components 3

downloaded

Chrome Cache Entry: 155

PNG image data, 385 x 245, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 156

HTML document, ASCII text

downloaded

Chrome Cache Entry: 157

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 158

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 159

PNG image data, 1344 x 289, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 160

PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 161

ASCII text, with very long lines (3572), with no line terminators

downloaded

Chrome Cache Entry: 162

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 163

ASCII text, with very long lines (2114)

downloaded

Chrome Cache Entry: 164

PNG image data, 1072 x 373, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 165

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 166

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 167

PNG image data, 1344 x 289, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 168

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 169

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 170

ASCII text, with very long lines (2124)

downloaded

Chrome Cache Entry: 171

PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 172

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 173

Web Open Font Format (Version 2), TrueType, length 15344, version 1.0

downloaded

Chrome Cache Entry: 174

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 175

ASCII text, with very long lines (2124)

downloaded

Chrome Cache Entry: 176

ASCII text, with very long lines (784)

downloaded

Chrome Cache Entry: 177

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 178

PNG image data, 275 x 175, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 179

ASCII text, with very long lines (13698)

downloaded

Chrome Cache Entry: 96

ASCII text, with very long lines (1746)

downloaded

Chrome Cache Entry: 97

PNG image data, 1344 x 289, 8-bit colormap, non-interlaced

downloaded

Chrome Cache Entry: 98

ASCII text, with very long lines (961)

downloaded

Chrome Cache Entry: 99

ASCII text, with very long lines (18949)

downloaded

There are 82 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1956,i,13585838025729743128,13057916773906373123,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap23183:72:7zEvent6237

C:\Windows\System32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\rundll32.exe

rundll32 data.tmp DeviceInternetSettingUi jweo

C:\Windows\System32\rundll32.exe

rundll32 data.tmp , DeviceInternetSettingUi jweo

C:\Windows\System32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\rundll32.exe

rundll32 data.tmp,#1

There are 1 hidden processes, click here to show them.

URLs

Name

Malicious

https://apis.google.com/js/googleapis.proxy.js?onload=startup

142.250.105.139

https://stats.g.doubleclick.net/g/collect

unknown

https://lh3.googleusercontent.com/LAsVU_UUpRNbTzm7MkMsPIEkg2HCfY73k6qWGYnxHY0jit6Pz55wz-lzTG4PE1QlS9L6EY-sxkHsr37N-J2v-_ye=s275-w275-h175

172.253.124.132

https://feedback.googleusercontent.com/resources/annotator.css

unknown

https://support.google.com/chrome_webstore/answer/12225786?p=cws_reviews_results&hl=

unknown

http://www.broofa.com

unknown

https://apis.google.com/js/client.js

unknown

https://lh3.googleusercontent.com/vCYJGpSIN_auzBhjLRoX9PW5W4tBDcUbMx8_VA3WqkNXxtELPtdI9ibyafBP3UWiwkg76licB-9XKwio46ThcG6z=s385-w385-h245

172.253.124.132

https://feedback2-test.corp.googleusercontent.com/tools/feedback/%

unknown

https://support.google.com

unknown

https://apis.google.com/js/googleapis.proxy.js

unknown

http://localhost.proxy.googlers.com/inapp/

unknown

https://stagingqual-feedback-pa-googleapis.sandbox.google.com

unknown

https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1

unknown

https://lh3.googleusercontent.com/wAe16R5k1krCpALFUc6ni8uY0EiXeFYv3hIcyD8Jj7UNeNki2jw5Op14uufaWpQlSXKyFpkBEYDyt2r-TfB2IfwbOMA=s275-w275-h175

172.253.124.132

https://help.youtube.com/tools/feedback/

unknown

https://chrome.google.com/webstore?hl=en

74.125.138.102

https://chromewebstore.google.com/?hl=en

64.233.176.100

https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1

unknown

https://lh3.googleusercontent.com/rY_osi5khkHuBeNMcSgKoTQ-q4wcmjRBAFpaCY3Ku4xF0wyaGmZYS479Lr0sUze0Gc8h7Ri8LYYjc0F5wxW2UC4Y=s60

172.253.124.132

https://asx-frontend-staging.corp.google.com/tools/feedback/

unknown

https://lh3.googleusercontent.com/symkeYX2dCYyu0OOgAuxLSshF080Xe_oGZ-ymYLWjmqO1S-7SD1O9a7XyOJDxbpAuZAVHF3QfHnQkafjkpvUXVzQoA=s275-w275-h175

172.253.124.132

https://lh3.googleusercontent.com/6RQFMWkuafStFzxIY37u2EAsJ98CrWPvS7198JGGjFQUKm6lKs4iN31OgXEVcdg9dL1EAih287lKXOPlMaEFJie5Z5g=s275-w275-h175

172.253.124.132

https://www.google.com

unknown

https://www.youtube.com/iframe_api

unknown

https://static-ecst.licdn.com/apc/trans.gif?fabc2574088505862363021ddafa715f

152.199.24.163

https://lh3.googleusercontent.com/zqKRvf52hI5Yk6N5C8k6NJnDT7bsEW6whE3wf1UqfpES79AtnrO2ykLgqwciE-bca6QghdXNFJDYe_9xO6iYsvK7=s80

172.253.124.132

https://pay.google.com/gp/v/widget/save

unknown

https://lh3.googleusercontent.com/aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zF45Uh74Rmmq-Bh6dJRsVAbm=s80

172.253.124.132

https://lh3.googleusercontent.com/9D0ptG7ovDcAWcbde7ERzhuUDcK_6ke6iIXmqcAeYILliu00nLQ3-lF7THV5D6Acy-fDKDulqBNd57mLLaprWTy_=s275-w275-h175

172.253.124.132

https://www.google.com/shopping/customerreviews/optin?usegapi=1

unknown

https://asx-frontend-autopush.corp.google.co.uk/tools/feedback/

unknown

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

172.217.215.106

https://lh3.googleusercontent.com/UgFDFB5loR1wtNe5MOB1Dl9aAxBQUE21DqvrYAwAhxebMFvz7V9OSHFZNcUmpIiFX36AQwB1xz2DkLZY2Ey4vIU--gQ=s506-w506-h322

172.253.124.132

https://developers.google.com/

unknown

https://lh3.googleusercontent.com/DstbwquETsBrMHMauDHZYfA4kg2l5uxxcKUWdsoH6FIrZ4SvGOOOWkpQOKDTCBl9NjYika310eD7pDZF10Dm4DIQhOU=s275-w275-h175

172.253.124.132

https://developers.google.com/identity/gsi/web/guides/gis-migration)

unknown

https://www.google.com/tools/feedback

unknown

https://lh3.googleusercontent.com/xILk2fHRrUHy-sB_E3mluWfgNU5Fpa069wj7J5mkrin2Ipvs_dWqMm1T8RLidHM93zyRjF1iJT8OzJAFQGQFIQOyng=s275-w275-h175

172.253.124.132

https://sandbox.google.com/inapp/%

unknown

https://lh3.googleusercontent.com/EMfvx8EBj3Ku24BieKV9cKEAhRw9EdqeG3J-ZfEnctLxuLT4oM3SQQGu_HkRbb_kqwb6kQqe5Gqq4Wd3KKul4y6t8w=s275-w275-h175

172.253.124.132

https://lh3.googleusercontent.com/Ywdz5mn9q2Mx76DU45LSH-Pv5OGpqk8QAOY3lT1AWScMTZYQtAhqhVjtY5I2JZK530QIycLZooe2a0k3quGqYUaZ=s80

172.253.124.132

https://apis.google.com/js/api.js

unknown

https://lh3.googleusercontent.com/9q6_biGbJRBzZ1q4er_4X85b60TdnJRwM4vTBAMeBydjEuQbA0EMRJ6bZY_-4_OkGudYbPMZkBIZ_UrtmvKBiubufg=s80

172.253.124.132

https://lh3.googleusercontent.com/_8J1kzPh-x9NLMx8ekIpCLpjzPckPzGESaAWTSwJf44IJQyu1E7DKNM4VOrKeQykOpRL0BofIzyoazs_AwQadujvdg=s275-w275-h175

172.253.124.132

https://www.google.com/tools/feedback/

unknown

https://www.youtube.com/subscribe_embed?usegapi=1

unknown

https://lh3.googleusercontent.com/R1VCtKWCJHNSefxUCuRlIPWPdY06F7rxbj1RQpJs5z14C10LEHo79daUXFGPwYLs7rLE8RY9nrxR4ijao0yMViHa6Q=s275-w275-h175

172.253.124.132

https://adservice.google.com/pagead/regclk

unknown

https://static-ecst.licdn.com/apc/trans.gif?be502d8ba45b794bb9a4ed7b34197dc5

152.199.24.163

https://feedback2-test.corp.google.com/tools/feedback/%

unknown

https://cct.google/taggy/agent.js

unknown

https://plus.google.com

unknown

https://asx-frontend-autopush.corp.google.de/tools/feedback/

unknown

https://asx-help-frontend-autopush.corp.youtube.com/tools/feedback/

unknown

https://play.google.com/log?format=json&hasfast=true

unknown

https://asx-frontend-autopush.corp.google.com/inapp/

unknown

https://feedback.googleusercontent.com/resources/render_frame2.html

unknown

https://sandbox.google.com/tools/feedback/%

unknown

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_1

142.250.105.139

https://localhost.corp.google.com/inapp/

unknown

https://lh3.googleusercontent.com/NOTrUmh3B9H3mEKJlU1L2jmrrEc941xhwW7HZmLLFSmsE8hbiip15vpx3pkfiuvPcaNuTVBLzKJJjrfA1k4nKft7_g=s60

172.253.124.132

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0

142.250.105.139

https://stats.g.doubleclick.net/g/collect?v=2&

unknown

https://static-ecst.licdn.com/apc/trans.gif?7c54fcdece227d9c4e9f564c880fa5a2

152.199.24.163

https://play.google.com/work/embedded/search?usegapi=1&usegapi=1

unknown

https://asx-frontend-staging.corp.google.com/inapp/

unknown

https://lh3.googleusercontent.com/qlN70mLwKZnfWS8U51LGosEj1fOaF3gt_q5PDfN2HalyTpO2Dxh997y4CoZWE1N7oW3ISP9Y0ZxyUlrrTxJmHLaFbQ=s275-w275-h175

172.253.124.132

https://lh3.googleusercontent.com/r-m1XnCKKlZqgc6159qrCwBF7agPwrjKqGnl-faHo-_k5EpSu60dP0gqBoyAAomecx036RQqQ6uS4uPR7MeyGllC=s275-w275-h175

172.253.124.132

https://chromewebstore.google.com/_/ChromeWebStoreConsumerFeUi/data/batchexecute?rpcids=xY2Ddd&source-path=%2F&f.sid=-1503129673516885531&bl=boq_chrome-webstore-consumerfe-ui_20240423.06_p0&hl=en&soc-app=1&soc-platform=1&soc-device=1&_reqid=357520&rt=c

64.233.176.100

https://lh3.googleusercontent.com/mFOl1tNqGqj9hsfllNxffFSi-ai3kmvBUhu5aSvq8fWh0QRJ_73oi6pevRkAK0Zy84vijHhOpNxX-DsjviMtnmYCi6k=s385-w385-h245

172.253.124.132

https://clients6.google.com

unknown

http://localhost.corp.google.com/inapp/

unknown

https://lh3.googleusercontent.com/rDkDsETebzUWltgLEiQRWsZ2ClyEZxDglrQegC9zDUOYchH-i8JP9O0yDP9HgNbC16UwF6aD7m6T74zp8oRjtCAHlQ=s80

172.253.124.132

https://lh3.googleusercontent.com/l00gN_hxnwaCgGnBd-k_9PSHNZlKLOc_gL0-bsGknZWd64ckLbUUayVh6vUjp2icIB-oVcj8eS7txCfWEbWziKX1xnA=s275-w275-h175

172.253.124.132

https://lh3.googleusercontent.com/jHp0xsmuG8W_qWntN39iVHjJRo8OF-RU4SlGA5ISsEbteclhoC7V4f4RrlCOYnqHp1lPcVkynHp_usow1CEyGhZ9iw=s275-w275-h175

172.253.124.132

https://play.google.com

unknown

https://lh3.googleusercontent.com/D_2y8xid8DV3cckujaxv2HZ2KyE8hH-1SzNQ6cQWXZhjPNm8X9mkb7EL9IOGjtTNmL1al3ci0DZ3S_UdLn0HKD2E=s60

172.253.124.132

https://lh3.googleusercontent.com/RxV8dYM2v87bRWuJbFRJKKw-S1QRjG0P4veoe0JdW0Cqd5LADbXw3kFeEo3OD0xgO417MkBczNU-ejYtkII91O9GMHw=s275-w275-h175

172.253.124.132

https://www.google.com/log?format=json&hasfast=true

unknown

https://console.developers.google.com/

unknown

https://support.google.com/inapp/%

unknown

https://asx-help-frontend-autopush.corp.youtube.com/inapp/

unknown

https://support.google.com/

unknown

https://www.google.com/shopping/customerreviews/badge?usegapi=1

unknown

https://lh3.googleusercontent.com/3fPSO_HcXxdmAzbbsrX1MrlU3zJNcbVGKU2BvDtXLMug_FyVXX1mKdDHRn_Oj56jYyXg9-HT8el_wysLzxqGluVz4B8=s275-w275-h175

172.253.124.132

https://lh3.googleusercontent.com/Ncaf-4QU5K3oA4vVx78TJVFQywzz9ZzqeaxFVqTrx9yaEF0DG316BGPW7DhAHnzzBZST9oNFfCWoJP1ICocKt1wtTpQ=s80

172.253.124.132

https://csp.withgoogle.com/csp/lcreport/

unknown

https://drive.google.com/savetodrivebutton?usegapi=1

unknown

https://lh3.googleusercontent.com/f79mqJMv5XQrkbvBCky7qlZKQ1nfG8mcqU6hrnCLqvHOQg44uQ5nVbhzB8ZgQSsWDcxhd6LrEtjaAC1E6D4j_pWlszg=s80

172.253.124.132

https://scone-pa.clients6.google.com

unknown

https://lh3.googleusercontent.com/zRMhcQ4FWkfChqtEPNacR-IWoI2Fj-bdDP9hm7-2iupuPA3ck83D4q9FUtL8cNUueEhWnR_nZkCLX0b5uGy50ZHOPA=s275-w275-h175

172.253.124.132

https://support.google.com/inapp/

unknown

https://asx-frontend-autopush.corp.google.co.uk/inapp/

unknown

64.233.176.100

https://developers.google.com/api-client-library/javascript/reference/referencedocs

unknown

https://apis.google.com

unknown

https://www.google.com/chrome/?brand=GGRF&utm_source=google.com&utm_medium=material-callout&utm_camp

unknown

https://asx-frontend-autopush.corp.google.com/tools/feedback/

unknown

https://asx-frontend-autopush.corp.youtube.com/tools/feedback/

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

plus.l.google.com

172.253.124.101

www3.l.google.com

74.125.138.102

chromewebstore.google.com

64.233.176.100

Details

Name:	chromewebstore.google.com
IP:	64.233.176.100
TargetID:	3
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

172.217.215.106

Details

Name:	www.google.com
IP:	172.217.215.106
TargetID:	3
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

googlehosted.l.googleusercontent.com

172.253.124.132

chrome.google.com

unknown

Details

Name:	chrome.google.com
TargetID:	3
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

lh3.googleusercontent.com

unknown

Details

Name:	lh3.googleusercontent.com
TargetID:	3
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

apis.google.com

unknown

Details

Name:	apis.google.com
TargetID:	3
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

74.125.138.102

www3.l.google.com

United States

74.125.136.97

unknown

United States

172.253.124.132

googlehosted.l.googleusercontent.com

United States

172.217.215.106

www.google.com

United States

192.168.2.16

unknown

142.250.105.139

unknown

United States

64.233.185.113

unknown

United States

239.255.255.250

unknown

Reserved

64.233.176.100

chromewebstore.google.com

United States

64.233.185.138

unknown

United States

64.233.176.139

unknown

United States

There are 1 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

1E7FFE33000

heap

page read and write

1E7FE492000

heap

page read and write

DD434FE000

stack

page read and write

6C2A6FC000

stack

page read and write

1FED63E0000

heap

page read and write

22B1B9E0000

heap

page read and write

1E7FE48E000

heap

page read and write

1F2DC730000

heap

page read and write

22B1BE20000

heap

page read and write

B8F86F9000

stack

page read and write

1E7FE49B000

heap

page read and write

2B4D86A0000

heap

page read and write

1D1B92F5000

heap

page read and write

1FED4658000

heap

page read and write

2B4DA2C0000

heap

page read and write

22B1B9D0000

heap

page read and write

22B1BA70000

heap

page read and write

1E7FE4AD000

heap

page read and write

81AACFE000

stack

page read and write

1F2DC589000

heap

page read and write

1D1B90B0000

heap

page read and write

6C2A77E000

stack

page read and write

6C2A7FF000

stack

page read and write

138027C000

stack

page read and write

81AA9FE000

stack

page read and write

2B4D8970000

heap

page read and write

22B1BA77000

heap

page read and write

1E7FE710000

heap

page read and write

F78C5FF000

stack

page read and write

138037E000

stack

page read and write

81AA7FD000

stack

page read and write

13803FE000

stack

page read and write

1F2DC4F0000

heap

page read and write

81AA8FE000

stack

page read and write

1D1B9190000

heap

page read and write

22B1BA80000

heap

page read and write

1E7FE492000

heap

page read and write

1F2DC870000

heap

page read and write

1FED4590000

heap

page read and write

1E7FE715000

heap

page read and write

2B4D8520000

heap

page read and write

1E7FFF30000

trusted library allocation

page read and write

1E7FFD30000

heap

page read and write

20E12F20000

heap

page read and write

1D1BAB00000

heap

page read and write

1E7FFE30000

heap

page read and write

1F2DC560000

heap

page read and write

1E7FE4A0000

heap

page read and write

2B4D8620000

heap

page read and write

1E7FE49C000

heap

page read and write

1D1B9198000

heap

page read and write

1E7FE459000

heap

page read and write

1FED4930000

heap

page read and write

22B1BA7B000

heap

page read and write

1FED4935000

heap

page read and write

20E12F00000

heap

page read and write

DD431DC000

stack

page read and write

1E7FE3B0000

heap

page read and write

1E7FE498000

heap

page read and write

1E7FE4AE000

heap

page read and write

1E780620000

trusted library allocation

page read and write

81AA6FA000

stack

page read and write

22B1BE30000

heap

page read and write

13802FE000

stack

page read and write

1E7FFD3A000

heap

page read and write

1D1B92B0000

heap

page read and write

22B1BA00000

heap

page read and write

20E12D10000

heap

page read and write

20E12E29000

heap

page read and write

1E7FE4A4000

heap

page read and write

1E7FE390000

heap

page read and write

1F2DC56B000

heap

page read and write

22B1BE35000

heap

page read and write

FDAE72C000

stack

page read and write

1E7FE463000

heap

page read and write

1E7FE4B5000

heap

page read and write

1E7FE4A9000

heap

page read and write

2B4D88F0000

heap

page read and write

2B4D8975000

heap

page read and write

1E7FE49E000

heap

page read and write

1E7FE6E0000

heap

page read and write

1D1B9290000

heap

page read and write

1E7FE494000

heap

page read and write

1E7FE49B000

heap

page read and write

20E12E18000

heap

page read and write

2B4D8600000

heap

page read and write

6C2AA7F000

stack

page read and write

1E7FE2B0000

heap

page read and write

1FED4650000

heap

page read and write

22B1D4A0000

heap

page read and write

1E7FE47B000

heap

page read and write

2B4D86A7000

heap

page read and write

20E12E0B000

heap

page read and write

1F2DC500000

heap

page read and write

1E780630000

trusted library allocation

page read and write

DD4357E000

stack

page read and write

DD4347E000

stack

page read and write

1E781BA0000

trusted library allocation

page read and write

1FED45C0000

heap

page read and write

1E7FE4BB000

heap

page read and write

F78C4FE000

unkown

page read and write

20E12F60000

heap

page read and write

81AABFF000

stack

page read and write

1FED4A90000

heap

page read and write

1E7FE481000

heap

page read and write

1E7FE49B000

heap

page read and write

20E12E00000

heap

page read and write

20E12E2B000

heap

page read and write

1F2DC5AC000

heap

page read and write

1F2DC589000

heap

page read and write

1E781BA0000

trusted library allocation

page read and write

1E7FE491000

heap

page read and write

1E7FE4B6000

heap

page read and write

1FED45A0000

heap

page read and write

FDAEA7F000

stack

page read and write

1E7FE491000

heap

page read and write

1E7FE491000

heap

page read and write

1E7FE485000

heap

page read and write

FDAEAFF000

stack

page read and write

1D1B92F0000

heap

page read and write

B8F87FF000

unkown

page read and write

1E7FE4B6000

heap

page read and write

20E12E29000

heap

page read and write

FDAE7AE000

stack

page read and write

1F2DC589000

heap

page read and write

1E7FE450000

heap

page read and write

1F2DC58B000

heap

page read and write

20E12F70000

heap

page read and write

1E7FE4A4000

heap

page read and write

1E7FE492000

heap

page read and write

1F2DC578000

heap

page read and write

1E7FE481000

heap

page read and write

1E7FE49C000

heap

page read and write

1F2DC520000

heap

page read and write

F78C129000

stack

page read and write

There are 125 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SCWmpDDGjPk.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA%2Fm%3D__features__#parent=https%3A%2F%2Fchromewebstore.google.com&rpctoken=326055385

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
data.tmp.zip

Files

Processes

URLs

Domains

IPs

Memdumps

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportdata.tmp.zip

Files

Processes

URLs

Domains

IPs

Memdumps

DOM / HTML

IOC Report
data.tmp.zip