Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
IDProtect Manager.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 20:59:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 20:59:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 20:59:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 20:59:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 20:59:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 56
|
ASCII text, with very long lines (3753)
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\IDProtect Manager.exe
|
"C:\Users\user\Desktop\IDProtect Manager.exe"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1960,i,4465652620104932970,15968156762818287997,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Users\user\Desktop\IDProtect Manager.exe
|
"C:\Users\user\Desktop\IDProtect Manager.exe"
|
||
|
C:\Users\user\Desktop\IDProtect Manager.exe
|
"C:\Users\user\Desktop\IDProtect Manager.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.217.196
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGN3HsLEGIjBXNY7YcegvyOHYSwdfu5I_M0N2dcx3FvhLYsqeDJ9GBKii4_kEKNqzeEuer1mYsD0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.217.196
|
||
|
https://www.google.com/async/newtab_promos
|
142.250.217.196
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.217.196
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.217.196
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGN3HsLEGIjBX3BfcQ98qwWOS90Bukqjp-iVTJvobixLhl4MnGPX3CMTHq4gdZ2y95_O1i-7EVc0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.217.196
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
142.250.217.196
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.217.196
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
192.168.2.4
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5DF000
|
heap
|
page read and write
|
||
|
B07000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
58B000
|
heap
|
page read and write
|
||
|
88F000
|
stack
|
page read and write
|
||
|
2457000
|
heap
|
page read and write
|
||
|
5FB000
|
heap
|
page read and write
|
||
|
2454000
|
heap
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
2324000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
47B000
|
unkown
|
page readonly
|
||
|
590000
|
heap
|
page read and write
|
||
|
252BDA50000
|
heap
|
page read and write
|
||
|
5DC000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
49F000
|
unkown
|
page readonly
|
||
|
591000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
5E7000
|
heap
|
page read and write
|
||
|
58C000
|
heap
|
page read and write
|
||
|
588000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
CB6000
|
heap
|
page read and write
|
||
|
47B000
|
unkown
|
page readonly
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
498000
|
unkown
|
page read and write
|
||
|
5D9000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
5A3000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
2410000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
28EE000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
496000
|
unkown
|
page read and write
|
||
|
498000
|
unkown
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
743000
|
heap
|
page read and write
|
||
|
58F000
|
heap
|
page read and write
|
||
|
749000
|
heap
|
page read and write
|
||
|
252BDA30000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
736000
|
heap
|
page read and write
|
||
|
5A8000
|
heap
|
page read and write
|
||
|
567000
|
heap
|
page read and write
|
||
|
5FC000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
5DB000
|
heap
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
2A4F000
|
stack
|
page read and write
|
||
|
5B3000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
ACF000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
58B000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
5E8000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
CBA000
|
heap
|
page read and write
|
||
|
404F000
|
stack
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
5DB000
|
heap
|
page read and write
|
||
|
252BDA80000
|
heap
|
page read and write
|
||
|
5D6000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
735000
|
heap
|
page read and write
|
||
|
58F000
|
heap
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
AD6000
|
heap
|
page read and write
|
||
|
2417000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
598000
|
heap
|
page read and write
|
||
|
5B7000
|
heap
|
page read and write
|
||
|
74E000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
5A9000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
5E7000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
252BDC05000
|
heap
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
25EE000
|
stack
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
58D000
|
heap
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
4D1000
|
unkown
|
page readonly
|
||
|
74C000
|
heap
|
page read and write
|
||
|
496000
|
unkown
|
page write copy
|
||
|
3F4E000
|
stack
|
page read and write
|
||
|
5DC000
|
heap
|
page read and write
|
||
|
5E2000
|
heap
|
page read and write
|
||
|
5A1000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
8FF000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
82B9FAE000
|
stack
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
26EF000
|
stack
|
page read and write
|
||
|
5E8000
|
heap
|
page read and write
|
||
|
23FE000
|
stack
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
24AE000
|
stack
|
page read and write
|
||
|
252BDC00000
|
heap
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
5D8000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
73C000
|
heap
|
page read and write
|
||
|
239C000
|
stack
|
page read and write
|
||
|
82B9F2E000
|
stack
|
page read and write
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
47B000
|
unkown
|
page readonly
|
||
|
ADA000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
24C4000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
5D8000
|
heap
|
page read and write
|
||
|
58C000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
2564000
|
heap
|
page read and write
|
||
|
732000
|
heap
|
page read and write
|
||
|
254E000
|
stack
|
page read and write
|
||
|
82BA27F000
|
stack
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
496000
|
unkown
|
page read and write
|
||
|
82B9EAC000
|
stack
|
page read and write
|
||
|
72C000
|
heap
|
page read and write
|
||
|
599000
|
heap
|
page read and write
|
||
|
58F000
|
heap
|
page read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
5AB000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
410F000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
25AF000
|
stack
|
page read and write
|
||
|
742000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
82E000
|
stack
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
732000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
72C000
|
heap
|
page read and write
|
||
|
2414000
|
heap
|
page read and write
|
||
|
496000
|
unkown
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
252BDA88000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
58F000
|
heap
|
page read and write
|
||
|
B04000
|
heap
|
page read and write
|
||
|
252BF4A0000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
252BD950000
|
heap
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
5AB000
|
heap
|
page read and write
|
There are 182 hidden memdumps, click here to show them.