IOC Report
I43xo3KKfS.exe

loading gif

Files

File Path
Type
Category
Malicious
I43xo3KKfS.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_I43xo3KKfS.exe_28bc6b3603f5f8d941a5aba9cef8425f2a398_64f2822e_66db753d-6df9-4199-9577-860096641214\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\FBAFIIJK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\JDGHIIJKEBGIDHIDBKJD
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8540.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 31 08:07:31 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER866A.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER869A.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\chrome.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8b6d5c38-7013-4935-b302-a38391baefe8.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\946f95c7-b468-4ea4-8fc5-c980224918a7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9b7e0c63-8a8f-4c13-826a-79e2e534c269.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67233AB9-1F04.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38c14.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38d8b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38d9b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38dba.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a0592f6d-518e-43c4-b6c0-7165d2616047.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e19c6e1c-b08f-4fbe-97b7-037000527258.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
Chrome Cache Entry: 79
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 80
ASCII text, with very long lines (2287)
downloaded
Chrome Cache Entry: 81
Unicode text, UTF-8 text, with very long lines (5438)
downloaded
Chrome Cache Entry: 82
ASCII text
downloaded
Chrome Cache Entry: 83
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 84
ASCII text, with very long lines (1302)
downloaded
Chrome Cache Entry: 85
SVG Scalable Vector Graphics image
downloaded
There are 21 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\I43xo3KKfS.exe
"C:\Users\user\Desktop\I43xo3KKfS.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2824 --field-trial-handle=2580,i,9160805204216496030,1290202691667560686,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2096,i,1110173691356344578,8625308391343283424,262144 /prefetch:3
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2236,i,12728769652571103709,16681002183324042487,262144 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 1888

URLs

Name
IP
Malicious
http://45.88.105.105/caf2400fcdb97982/sqlite3.dll
45.88.105.105
malicious
https://duckduckgo.com/chrome_newtab
unknown
https://mail.google.com/mail/?usp=installed_webapp
unknown
https://duckduckgo.com/ac/?q=
unknown
https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
unknown
https://permanently-removed.invalid/oauth2/v2/tokeninfo
unknown
http://anglebug.com/6439r
unknown
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
unknown
https://docs.google.com/document/J
unknown
https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
unknown
http://anglebug.com/4633
unknown
http://anglebug.com/5881C999
unknown
https://anglebug.com/7382
unknown
http://45.88.105.105/e88e05dfd1bdeeb9.phpApplication
unknown
https://issuetracker.google.com/284462263
unknown
http://45.88.105.105/e88e05dfd1bdeeb9.php~
unknown
http://anglebug.com/7488N
unknown
https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
unknown
https://publickeyservice.gcp.privacysandboxservices.com
unknown
http://polymer.github.io/AUTHORS.txt
unknown
https://docs.google.com/
unknown