Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
e8056c3dc4b573b95de1d3e68c4bfce889d7ec9824ea4a2f3873d19c309d09e7.zip
|
Zip archive data, at least v4.5 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 56
|
ASCII text, with very long lines (7423)
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\e8056c3dc4b573b95de1d3e68c4bfce889d7ec9824ea4a2f3873d19c309d09e7.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\nmeqw10e.03i" "C:\Users\user\Desktop\e8056c3dc4b573b95de1d3e68c4bfce889d7ec9824ea4a2f3873d19c309d09e7.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1960,i,12582273665155075133,2497263848660553741,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1980,i,15587171962087274700,4709450360019695002,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.217.196
|
||
|
https://www.google.com/async/newtab_promos
|
142.250.217.196
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGIXfrrEGIjAdKFZA6B8LUpBZRiNhr8FJpy1yvW5vqYo1ClOK6dWNHDtcaSKK-xlwd9CyEsnqRasyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.217.196
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.217.196
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.217.196
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGIXfrrEGIjAZuMafgKHf7uR1JXgpqjpK6Z2b7SObhQkaGFX3CtQIhkDC1Mq1y2n6uvliGb60JvkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.217.196
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
142.250.217.196
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.7
|
unknown
|
unknown
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
192.168.2.6
|
unknown
|
unknown
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
142.250.217.196
|
www.google.com
|
United States
|
||
|
142.250.64.196
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D2B000
|
trusted library allocation
|
page read and write
|
||
|
2CEC000
|
trusted library allocation
|
page read and write
|
||
|
53CF000
|
stack
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
F1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CE9000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D47000
|
trusted library allocation
|
page read and write
|
||
|
2D41000
|
trusted library allocation
|
page read and write
|
||
|
2D6E000
|
trusted library allocation
|
page read and write
|
||
|
F47000
|
trusted library allocation
|
page execute and read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
A36000
|
heap
|
page read and write
|
||
|
2CE1000
|
trusted library allocation
|
page read and write
|
||
|
4FAD000
|
stack
|
page read and write
|
||
|
2DA3000
|
trusted library allocation
|
page read and write
|
||
|
186F000
|
stack
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
2D1D000
|
trusted library allocation
|
page read and write
|
||
|
2CDC000
|
trusted library allocation
|
page read and write
|
||
|
F02000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
F4C000
|
stack
|
page read and write
|
||
|
7AB000
|
stack
|
page read and write
|
||
|
2CE3000
|
trusted library allocation
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
176F000
|
stack
|
page read and write
|
||
|
2D15000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
2D8F000
|
trusted library allocation
|
page read and write
|
||
|
2D81000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
2D4F000
|
trusted library allocation
|
page read and write
|
||
|
2D9D000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
2D39000
|
trusted library allocation
|
page read and write
|
||
|
2D36000
|
trusted library allocation
|
page read and write
|
||
|
2D5D000
|
trusted library allocation
|
page read and write
|
||
|
2D07000
|
trusted library allocation
|
page read and write
|
||
|
2D04000
|
trusted library allocation
|
page read and write
|
||
|
7A9000
|
stack
|
page read and write
|
||
|
A1E000
|
heap
|
page read and write
|
||
|
2D4C000
|
trusted library allocation
|
page read and write
|
||
|
3C81000
|
trusted library allocation
|
page read and write
|
||
|
2D63000
|
trusted library allocation
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
F3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D30000
|
trusted library allocation
|
page read and write
|
||
|
2D52000
|
trusted library allocation
|
page read and write
|
||
|
2D76000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
A4D000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
A7E000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
2D7C000
|
trusted library allocation
|
page read and write
|
||
|
2D3E000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
F0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D02000
|
trusted library allocation
|
page read and write
|
||
|
2D5A000
|
trusted library allocation
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
2D28000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
2CF4000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
trusted library allocation
|
page read and write
|
||
|
2CDE000
|
trusted library allocation
|
page read and write
|
||
|
2CBC000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
F12000
|
trusted library allocation
|
page execute and read and write
|
||
|
A1A000
|
heap
|
page read and write
|
||
|
F8E000
|
stack
|
page read and write
|
||
|
12FD000
|
stack
|
page read and write
|
||
|
7A6000
|
stack
|
page read and write
|
||
|
2D79000
|
trusted library allocation
|
page read and write
|
||
|
2D95000
|
trusted library allocation
|
page read and write
|
||
|
7FCC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6AC000
|
stack
|
page read and write
|
||
|
F32000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C81000
|
trusted library allocation
|
page read and write
|
||
|
2D25000
|
trusted library allocation
|
page read and write
|
||
|
2D87000
|
trusted library allocation
|
page read and write
|
||
|
2D98000
|
trusted library allocation
|
page read and write
|
||
|
2D84000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
14C5000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
2D22000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
F1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
2CF7000
|
trusted library allocation
|
page read and write
|
||
|
2D8A000
|
trusted library allocation
|
page read and write
|
||
|
1578000
|
heap
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
2CC4000
|
trusted library allocation
|
page read and write
|
||
|
2D44000
|
trusted library allocation
|
page read and write
|
||
|
2CFC000
|
trusted library allocation
|
page read and write
|
||
|
133E000
|
stack
|
page read and write
|
||
|
2D71000
|
trusted library allocation
|
page read and write
|
||
|
BD5000
|
heap
|
page read and write
|
||
|
2D68000
|
trusted library allocation
|
page read and write
|
||
|
2CD9000
|
trusted library allocation
|
page read and write
|
||
|
2D55000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
heap
|
page execute and read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
F4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
2D6B000
|
trusted library allocation
|
page read and write
|
||
|
2D92000
|
trusted library allocation
|
page read and write
|
||
|
52CE000
|
stack
|
page read and write
|
||
|
2CC8000
|
trusted library allocation
|
page read and write
|
||
|
2D33000
|
trusted library allocation
|
page read and write
|
There are 110 hidden memdumps, click here to show them.