Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\0f50e32e-e071-4574-a327-0efee03a04cf.tmp

SysEx File -

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\21e7fe77-f0ef-4da0-9129-2757dbf78eb4.tmp

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\32029b11-ae67-4665-a634-7c0e82772e51.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\4fb04e8d-ff18-42c9-85b9-ab435a4ea71a.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\64cd8f1e-a13b-45b1-bb66-8f2870bee78d.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session (copy)

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabsnd (copy)

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.oldMP (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\87eb828b-2a13-4b5d-85f1-a6b3dd773e1d.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old. (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old.. (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a8653c50-64fc-4438-9d54-0d4554ba9b8b.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a8e2619f-ef4e-4f38-b0a9-b586a7d05093.tmp

UTF-8 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b1688f3f-84df-497c-a4c9-5430977ce732.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cc951f97-300d-40f7-a212-4920fd1958d3.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

MPEG-4 LOAS

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser

data

modified

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir6644_813995720\Ruleset Data

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\c3f1249b-170c-45fe-820d-b2d47368e2eb.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\f129404c-9119-46ee-8a72-bcc72624bec6.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\281de4e1-6853-407a-a3c1-461f54c4be72.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\285acb69-1251-40b4-910e-6d3be5bd005e.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\6644_1188738901\Filtering Rules

data

dropped

C:\Users\user\AppData\Local\Temp\6644_1188738901\LICENSE.txt

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\6644_1188738901\_metadata\verified_contents.json

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\6644_1188738901\manifest.fingerprint

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\6644_1188738901\manifest.json

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\e204c793-3c54-4647-aeab-ebc9cd58fff3.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\f7a4d8e6-a7a6-407e-b778-518b6bd09156.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\am\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\ar\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\bg\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\bn\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\ca\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\cs\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\da\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\de\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\manifest.json

ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\e204c793-3c54-4647-aeab-ebc9cd58fff3.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\285acb69-1251-40b4-910e-6d3be5bd005e.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\bg\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\ca\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\cs\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\da\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\de\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\el\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\en\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\en_GB\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\es\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\es_419\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\et\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\fi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\fil\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\fr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\hi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\hr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\hu\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\id\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\it\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\ja\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\ko\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\lt\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\lv\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\nb\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\nl\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\pl\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\pt_BR\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\pt_PT\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\ro\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\ru\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\sk\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\sl\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\sr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\sv\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\th\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\tr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\uk\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\vi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\zh_CN\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\zh_TW\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_metadata\verified_contents.json

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\craw_background.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\craw_window.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\css\craw_window.css

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\html\craw_window.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\flapper.gif

GIF image data, version 89a, 30 x 30

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\icon_128.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\icon_16.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\topbar_floating_button.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\topbar_floating_button_close.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\topbar_floating_button_hover.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\topbar_floating_button_maximize.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\topbar_floating_button_pressed.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\manifest.json

ASCII text, with CRLF line terminators

dropped

There are 130 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https:////main.dypuej5ogfl2b.amplifyapp.com/'

Details

Is windows:	true
Is dropped:	false
PID:	6644
Target ID:	1
Parent PID:	4652
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https:////main.dypuej5ogfl2b.amplifyapp.com/'
Size:	2150896
MD5:	C139654B5C1438A95B321BB01AD63EF6
Time:	21:08:39
Date:	27/10/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff609c80000
Modulesize:	2199552
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,13697681952374870177,3520927636459733860,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	6836
Target ID:	2
Parent PID:	6644
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,13697681952374870177,3520927636459733860,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Size:	2150896
MD5:	C139654B5C1438A95B321BB01AD63EF6
Time:	21:08:41
Date:	27/10/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff609c80000
Modulesize:	2199552
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https:////main.dypuej5ogfl2b.amplifyapp.com/

https://main.dypuej5ogfl2b.amplifyapp.com/M

unknown

https://main.dypuej5ogfl2b.amplifyapp.com/images/logo.png

108.139.243.120

https://main.dypuej5ogfl2b.amplifyapp.com/css/font-awesome.min.cssy

unknown

https://main.dypuej5ogfl2b.amplifyapp.com/css/font-awesome.min.css

108.139.243.120

https://main.dypuej5ogfl2b.amplifyapp.com/css/hover.css9

unknown

https://main.dypuej5ogfl2b.amplifyapp.com/

108.139.243.120

https://main.dypuej5ogfl2b.amplifyapp.com/css/hover.css/

108.139.243.120

https://main.dypuej5ogfl2b.amplifyapp.com/css/hover.css

108.139.243.120

https://main.dypuej5ogfl2b.amplifyapp.com/#

unknown

https://main.dypuej5ogfl2b.amplifyapp.com/css/bootstrap.min.css

108.139.243.120

https://main.dypuej5ogfl2b.amplifyapp.com/2

unknown

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jskf

unknown

http://www.mail.

unknown

https://ka-f.fontawesome.com

unknown

https://www.google.com/images/cleardot.gif

unknown

https://code.jquery.com/jquery-3.2.1.slim.min.js

unknown

https://play.google.com

unknown

https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

unknown

https://easylist.to/)

unknown

https://sandbox.google.com/payments/v4/js/integrator.js

unknown

https://www.google.com/s2/favicons?domain=webmail.websrvcs.com?v=BUILD_HASHChIKBw1TVYG1GgAKBw2MV9u3G

unknown

https://accounts.google.com/MergeSession

unknown

https://creativecommons.org/compatiblelicenses

unknown

https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx

142.250.185.97

https://www.google.com

unknown

https://www.google.com/s2/favicons?domain=webmail.websrvcs.com?v=BUILD_HASH

142.250.185.228

https://github.com/easylist)

unknown

https://creativecommons.org/.

unknown

https://accounts.google.com

unknown

https://apis.google.com

unknown

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.10.207

https://kit.fontawesome.com/585b051251.js

unknown

https://www.google.com/accounts/OAuthLogin?issueuberauth=1

unknown

https://www-googleapis-staging.sandbox.google.com

unknown

https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers

unknown

https://clients2.google.com

unknown

https://dns.google

unknown

https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p

unknown

https://www.google.com/intl/en-US/chrome/blank.html

unknown

https://ogs.google.com

unknown

https://support.google.com/chromecast/troubleshooter/2995236

unknown

https://a.nel.cloudflare.com/report/v3?s=wDtrgv66HYHDqRILkuN3Sx0DwC7y7UkgffJdeAUdnXjGMNUXIHs15Z03JlO

unknown

https://code.jquery.com/jquery-3.1.1.min.js

unknown

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

216.58.212.141

https://payments.google.com/payments/v4/js/integrator.js

unknown

https://www.google.com;

unknown

https://hangouts.google.com/

unknown

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.11.207

https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2

unknown

https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251

unknown

https://csp.withgoogle.com/csp/hosted-libraries-pushers

unknown

https://www.google.com/images/x2.gif

unknown

https://www.google.com/s2/favicons?domain=

unknown

https://code.jquery.com/jquery-3.3.1.js

unknown

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

unknown

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

142.250.74.206

https://www.google.com/images/dot2.gif

unknown

https://kit.fontawesome.com

unknown

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.16.18.94

https://a.nel.cloudflare.com/report/v3?s=zKRMNpyFTxUi1J03aLMq5CfY84v%2FP07xtVTG9hj9iL%2BblO3dKtnQPDR

unknown

https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:

unknown

https://support.google.com/chromecast/answer/2998456

unknown

https://nomoejunk.com/nxt.php

unknown

https://clients2.googleusercontent.com

unknown

https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external

unknown

https://www.google.com/

unknown

https://feedback.googleusercontent.com

unknown

https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk

unknown

https://clients2.google.com/service/update2/crx

unknown

There are 60 hidden URLs, click here to show them.

Domains

Name

Malicious

gstaticadssl.l.google.com

142.250.185.99

stackpath.bootstrapcdn.com

104.18.11.207

accounts.google.com

216.58.212.141

cdnjs.cloudflare.com

104.16.18.94

maxcdn.bootstrapcdn.com

104.18.10.207

www.google.com

142.250.185.228

main.dypuej5ogfl2b.amplifyapp.com

108.139.243.120

clients.l.google.com

142.250.74.206

googlehosted.l.googleusercontent.com

142.250.185.97

clients2.googleusercontent.com

unknown

clients2.google.com

unknown

ka-f.fontawesome.com

unknown

code.jquery.com

unknown

kit.fontawesome.com

unknown

There are 4 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

142.250.185.99

gstaticadssl.l.google.com

United States

142.250.185.228

www.google.com

United States

192.168.2.1

unknown

104.18.10.207

maxcdn.bootstrapcdn.com

United States

142.250.74.206

clients.l.google.com

United States

104.18.11.207

stackpath.bootstrapcdn.com

United States

239.255.255.250

unknown

Reserved

108.139.243.120

main.dypuej5ogfl2b.amplifyapp.com

United States

216.58.212.141

accounts.google.com

United States

104.16.18.94

cdnjs.cloudflare.com

United States

127.0.0.1

unknown

142.250.185.97

googlehosted.l.googleusercontent.com

United States

There are 2 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

module_blacklist_cache_md5_digest

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_username

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

There are 20 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF540B5A000

unkown image

page readonly

13F62400000

unkown image

page readonly

18983E5F000

unkown

page read and write

7DF555CF2000

unkown image

page readonly

13F62269000

unkown

page read and write

7FF540BB4000

unkown image

page readonly

13F62313000

unkown

page read and write

7FF514029000

unkown image

page readonly

7FF540BC4000

unkown image

page readonly

7FF513FAA000

unkown image

page readonly

7FF513F14000

unkown image

page readonly

7DF58C912000

unkown image

page readonly

13F62302000

unkown

page read and write

7FF540C5A000

unkown image

page readonly

5DAE57D000

stack

page read and write

5E8C9B000

unkown

page read and write

18983E7E000

unkown

page read and write

5E8D9F000

stack

page read and write

7FF540ADC000

unkown image

page readonly

7FF513B70000

unkown image

page readonly

13F6226A000

unkown

page read and write

7FF513FDF000

unkown image

page readonly

7FF540B9C000

unkown image

page readonly

7FF513E91000

unkown image

page readonly

13F62308000

unkown

page read and write

7FF540B7B000

unkown image

page readonly

7FF513F03000

unkown image

page readonly

13F62A02000

unkown

page read and write

7FF540AC3000

unkown image

page readonly

7DF529120000

unkown image

page readonly

7FF540730000

unkown image

page readonly

7DF529140000

unkown image

page readonly

13F62050000

unkown image

page read and write

7DF58C920000

unkown image

page readonly

18983E87000

unkown

page read and write

7FF513F1C000

unkown image

page readonly

7FF5140A2000

unkown image

page readonly

13F6223C000

unkown

page read and write

7FF513EFD000

unkown image

page readonly

7FF513D27000

unkown image

page readonly

7DF555CF2000

unkown image

page readonly

13F6225F000

unkown

page read and write

189840D0000

unkown image

page readonly

2A2C4090000

unkown image

page readonly

7FF513FBB000

unkown image

page readonly

18983F02000

unkown

page read and write

13F62070000

unkown image

page readonly

13F6225E000

unkown

page read and write

5DAE4FE000

stack

page read and write

7FF540736000

unkown image

page readonly

13F62229000

unkown

page read and write

7DF529130000

unkown image

page readonly

7FF540016000

unkown image

page readonly

7FF540C54000

unkown image

page readonly

7FF540A6B000

unkown image

page readonly

7DF555CE0000

unkown image

page readonly

13F62264000

unkown

page read and write

5E92F7000

stack

page read and write

7FF513FC7000

unkown image

page readonly

18983D00000

unkown image

page read and write

5E94FF000

stack

page read and write

7DF58C922000

unkown image

page readonly

7DF555CF0000

unkown image

page readonly

13F62090000

unkown image

page readonly

18983DA0000

unkown

page read and write

18983D40000

unkown image

page readonly

18983E27000

unkown

page read and write

7FF540A31000

unkown image

page readonly

5E93FE000

stack

page read and write

7FF513F9A000

unkown image

page readonly

7FF514094000

unkown image

page readonly

7DF58C930000

unkown image

page readonly

7FF540B6E000

unkown image

page readonly

7FF513EAB000

unkown image

page readonly

13F620A0000

unkown image

page readonly

18983D70000

heap default

page read and write

7FF540BE6000

unkown image

page readonly

7DF453BB0000

unkown image

page readonly

7FF540BBA000

unkown image

page readonly

7FF513D30000

unkown image

page readonly

5DAE8F7000

stack

page read and write

13F62267000

unkown

page read and write

13F62780000

unkown image

page readonly

7FF514004000

unkown image

page readonly

7FF540BED000

unkown image

page readonly

18983E5C000

unkown

page read and write

7DF529140000

unkown image

page readonly

18983E52000

unkown

page read and write

7FF540C62000

unkown image

page readonly

7FF513FDC000

unkown image

page readonly

7FF513FB0000

unkown image

page readonly

18983F13000

unkown

page read and write

7FF540AD4000

unkown image

page readonly

18983D10000

heap private

page read and write

7DF555CE0000

unkown image

page readonly

7FF513FB5000

unkown image

page readonly

7FF513FF4000

unkown image

page readonly

7FF513EAE000

unkown image

page readonly

7FF514026000

unkown image

page readonly

13F6226B000

unkown

page read and write

13F62070000

unkown image

page readonly

18983E13000

unkown

page read and write

5DAE9FF000

stack

page read and write

13F62266000

unkown

page read and write

7FF5408E7000

unkown image

page readonly

7FF540A51000

unkown image

page readonly

7FF513FE7000

unkown image

page readonly

7FF513E71000

unkown image

page readonly

7FF540BD8000

unkown image

page readonly

13F62254000

unkown

page read and write

18984450000

unkown image

page readonly

13F621C0000

unkown

page read and write

7DF555D00000

unkown image

page readonly

7DF555CF0000

unkown image

page readonly

13F62200000

unkown

page read and write

7DF529122000

unkown image

page readonly

18984602000

unkown

page read and write

7DF529132000

unkown image

page readonly

7FF513E53000

unkown image

page readonly

18983D20000

unkown image

page readonly

7FF540B70000

unkown image

page readonly

7DF529120000

unkown image

page readonly

18983E64000

unkown

page read and write

7FF540BDE000

unkown image

page readonly

7FF513B76000

unkown image

page readonly

18983E00000

unkown

page read and write

7FF5408F0000

unkown image

page readonly

7FF513FFA000

unkown image

page readonly

7DF58C910000

unkown image

page readonly

7DF555CE2000

unkown image

page readonly

18983D50000

unkown image

page readonly

7FF513F9C000

unkown image

page readonly

5E95FF000

stack

page read and write

7FF513FAE000

unkown image

page readonly

7FF51401E000

unkown image

page readonly

13F621A0000

unkown image

page readonly

7FF513E01000

unkown image

page readonly

13F6228B000

unkown

page read and write

13F62213000

unkown

page read and write

7FF540BA7000

unkown image

page readonly

5DAE7FE000

stack

page read and write

13F62300000

unkown

page read and write

5E91FB000

stack

page read and write

18983E3C000

unkown

page read and write

18983E5A000

unkown

page read and write

18983F00000

unkown

page read and write

5DAE47B000

unkown

page read and write

5E8D1F000

stack

page read and write

7FF540B75000

unkown image

page readonly

18983D20000

unkown image

page readonly

7FF577892000

unkown image

page readonly

5DAE77B000

stack

page read and write

7FF514018000

unkown image

page readonly

7FF540B6A000

unkown image

page readonly

7FF51400F000

unkown image

page readonly

7FF51402D000

unkown image

page readonly

13F62060000

heap private

page read and write

7FF513B85000

unkown image

page readonly

7FF540745000

unkown image

page readonly

7FF540BCF000

unkown image

page readonly

5DAEAFF000

stack

page read and write

13F62262000

unkown

page read and write

7DF426FF0000

unkown image

page readonly

7FF5140A1000

unkown image

page readonly

18983D80000

unkown image

page readonly

7FF540B5C000

unkown image

page readonly

7FF540B87000

unkown image

page readonly

7FF540ABD000

unkown image

page readonly

13F62261000

unkown

page read and write

18983E29000

unkown

page read and write

13F62600000

unkown image

page readonly

7FF540BE9000

unkown image

page readonly

7FF540B9F000

unkown image

page readonly

13F6225C000

unkown

page read and write

7DF529122000

unkown image

page readonly

7DF529132000

unkown image

page readonly

13F62282000

unkown

page read and write

13F620C0000

heap default

page read and write

7DF529130000

unkown image

page readonly

7FF540C61000

unkown image

page readonly

7FF51409A000

unkown image

page readonly

189842D0000

unkown image

page readonly

7DF555CE2000

unkown image

page readonly

7FF540A13000

unkown image

page readonly

18983F08000

unkown

page read and write

7FF540A6E000

unkown image

page readonly

7DF555D00000

unkown image

page readonly

7FF5409C1000

unkown image

page readonly

There are 178 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://main.dypuej5ogfl2b.amplifyapp.com/

Details

Filename:	44581.0.pages.html.dom
Url:	https://main.dypuej5ogfl2b.amplifyapp.com/
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,13697681952374870177,3520927636459733860,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish10	Phishing

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML