Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 14:43:18 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 14:43:18 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 14:43:18 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 14:43:18 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 14:43:18 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 61
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 62
|
PNG image data, 184 x 146, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 63
|
ASCII text, with very long lines (2847)
|
downloaded
|
||
|
Chrome Cache Entry: 64
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 65
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 66
|
ASCII text, with very long lines (4337)
|
downloaded
|
||
|
Chrome Cache Entry: 67
|
PNG image data, 184 x 146, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 68
|
HTML document, ASCII text
|
downloaded
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://147.45.47.87/
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,5870636824769412072,16774876329388795144,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://147.45.47.87
|
|||
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.251.215.228
|
||
|
https://bugs.launchpad.net/ubuntu/
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.251.215.228
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTxcGMK77rEGIjAk48Y8KCg8B4mVUFuQqcu4G-RyvpSaQ5jcTj__ueSIzfMdaTDINFswKEzxMxmsmt4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.251.215.228
|
||
|
https://launchpad.net/bugs/1966004
|
unknown
|
||
|
http://httpd.apache.org/docs/2.4/mod/mod_userdir.html
|
unknown
|
||
|
https://147.45.47.87/favicon.ico
|
147.45.47.87
|
||
|
https://147.45.47.87/icons/ubuntu-logo.png
|
147.45.47.87
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTxcGMK77rEGIjADuDs5gq96l2jMmM-WTSLC32UTfhufqokbmzs2mbyiYw0rWhgX01uNmSUFQRVEpzAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.251.215.228
|
||
|
https://147.45.47.87/script.js
|
|||
|
https://www.google.com/async/newtab_promos
|
142.251.215.228
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTxcGMK77rEGIjDZ5XczcUie6ow5vZ6pxIqhgT4Nhff0NJGOyxQLHhtR1nYiUsYi6-ed-7snibsaVtsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.251.215.228
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.251.215.228
|
||
|
https://147.45.47.87/theme.js
|
|||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.251.215.228
|
||
|
https://147.45.47.87/
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
142.251.215.228
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.251.215.228
|
www.google.com
|
United States
|
||
|
147.45.47.87
|
unknown
|
Russian Federation
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
192.168.2.4
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
63D31AC000
|
stack
|
page read and write
|
||
|
63D357F000
|
stack
|
page read and write
|
||
|
24C2BFB0000
|
heap
|
page read and write
|
||
|
24C2BF00000
|
heap
|
page read and write
|
||
|
63D34FE000
|
stack
|
page read and write
|
||
|
63D347F000
|
stack
|
page read and write
|
||
|
24C2C150000
|
heap
|
page read and write
|
||
|
24C2BFBE000
|
heap
|
page read and write
|
||
|
24C2C155000
|
heap
|
page read and write
|
||
|
24C2BFB8000
|
heap
|
page read and write
|
||
|
24C2DA20000
|
heap
|
page read and write
|
||
|
24C2BF20000
|
heap
|
page read and write
|
||
|
24C2BE20000
|
heap
|
page read and write
|
There are 3 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://147.45.47.87/
|
||
|
https://147.45.47.87/script.js
|
||
|
https://147.45.47.87/theme.js
|