Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
Chrome Cache Entry: 51
|
ASCII text, with very long lines (1746)
|
downloaded
|
||
|
Chrome Cache Entry: 52
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 53
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
|
Chrome Cache Entry: 54
|
ASCII text, with very long lines (3572), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 55
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 56
|
ASCII text, with very long lines (2124)
|
downloaded
|
||
|
Chrome Cache Entry: 57
|
ASCII text
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe
|
"C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2496,i,13517212685356134340,2370661816050994569,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1124 --field-trial-handle=2028,i,13329251012211762179,12573226295212013179,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
nmds.duckdns.org
|
|
||
|
https://www.google.com/async/ddljson?async=ntp:2
|
172.253.115.147
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
http://www.broofa.com
|
unknown
|
||
|
https://csp.withgoogle.com/csp/lcreport/
|
unknown
|
||
|
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
|
172.253.122.102
|
||
|
https://www.google.com/async/newtab_promos
|
172.253.115.147
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
172.253.115.147
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
|
unknown
|
||
|
https://domains.google.com/suggest/flow
|
unknown
|
||
|
https://clients6.google.com
|
unknown
|
||
|
https://plus.google.com
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
nmds.duckdns.org
|
87.121.105.4
|
|
|
|
google.com
|
172.253.63.100
|
||
|
plus.l.google.com
|
172.253.122.102
|
||
|
www.google.com
|
172.253.115.147
|
||
|
apis.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.4
|
unknown
|
unknown
|
|
|
|
87.121.105.4
|
nmds.duckdns.org
|
Bulgaria
|
|
|
|
172.253.122.102
|
plus.l.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
172.253.115.147
|
www.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\082C2C722F273426B981
|
4DA7B92DD81FF96931AA9012EABAA0878D13C78DC3CD840B102CE7E15FEC4B7B
|
||
|
HKEY_CURRENT_USER\SOFTWARE\082C2C722F273426B981
|
91E582DD0FE0224A74B326FAA35161958AAE425DF4B6151646B9C330E7BD5487
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
322000
|
unkown
|
page readonly
|
|
|
|
24E1000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C160000
|
trusted library allocation
|
page read and write
|
||
|
254B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1BE8B000
|
stack
|
page read and write
|
||
|
1B163000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1B0BC000
|
heap
|
page read and write
|
||
|
7F2000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
8A7000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
1B540000
|
heap
|
page read and write
|
||
|
26B2000
|
trusted library allocation
|
page read and write
|
||
|
1CCBC000
|
stack
|
page read and write
|
||
|
1AFAA000
|
stack
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
2558000
|
trusted library allocation
|
page read and write
|
||
|
2556000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
2538000
|
trusted library allocation
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
2548000
|
trusted library allocation
|
page read and write
|
||
|
2535000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1B125000
|
heap
|
page read and write
|
||
|
1B110000
|
heap
|
page read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
801000
|
heap
|
page read and write
|
||
|
BBB000
|
stack
|
page read and write
|
||
|
1B165000
|
heap
|
page read and write
|
||
|
1CA8D000
|
heap
|
page read and write
|
||
|
1BD7C000
|
stack
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
1B97E000
|
stack
|
page read and write
|
||
|
2563000
|
trusted library allocation
|
page read and write
|
||
|
253E000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
heap
|
page execute and read and write
|
||
|
1CBB0000
|
heap
|
page read and write
|
||
|
1C0B0000
|
heap
|
page read and write
|
||
|
6F1000
|
stack
|
page read and write
|
||
|
1C29B000
|
stack
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
AB5000
|
heap
|
page read and write
|
||
|
1C39C000
|
stack
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
84F000
|
heap
|
page read and write
|
||
|
2541000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
256D000
|
trusted library allocation
|
page read and write
|
||
|
255D000
|
trusted library allocation
|
page read and write
|
||
|
269A000
|
trusted library allocation
|
page read and write
|
||
|
257B000
|
trusted library allocation
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
1CA80000
|
heap
|
page read and write
|
||
|
750000
|
trusted library allocation
|
page read and write
|
||
|
7CC000
|
heap
|
page read and write
|
||
|
82D000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1A510000
|
trusted library allocation
|
page read and write
|
||
|
1BA79000
|
stack
|
page read and write
|
||
|
1B0F7000
|
heap
|
page read and write
|
||
|
7FFD9B99F000
|
trusted library allocation
|
page read and write
|
||
|
1AA6D000
|
stack
|
page read and write
|
||
|
2553000
|
trusted library allocation
|
page read and write
|
||
|
255F000
|
trusted library allocation
|
page read and write
|
||
|
1B0B0000
|
heap
|
page read and write
|
||
|
2698000
|
trusted library allocation
|
page read and write
|
||
|
320000
|
unkown
|
page readonly
|
||
|
793000
|
heap
|
page read and write
|
||
|
1B53F000
|
stack
|
page read and write
|
||
|
1BD80000
|
trusted library section
|
page read and write
|
||
|
1C49D000
|
stack
|
page read and write
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
256B000
|
trusted library allocation
|
page read and write
|
||
|
1C090000
|
trusted library section
|
page read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E2000
|
trusted library allocation
|
page read and write
|
||
|
1B15C000
|
heap
|
page read and write
|
||
|
1D5C0000
|
heap
|
page read and write
|
||
|
8A3000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
2543000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
7EA000
|
heap
|
page read and write
|
||
|
7A3000
|
trusted library allocation
|
page read and write
|
||
|
124F1000
|
trusted library allocation
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
1BB76000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
320000
|
unkown
|
page readonly
|
||
|
1B15F000
|
heap
|
page read and write
|
||
|
124E1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
1CBB4000
|
heap
|
page read and write
|
||
|
1B3AE000
|
stack
|
page read and write
|
||
|
7FFD9B9D5000
|
trusted library allocation
|
page read and write
|
||
|
259C000
|
trusted library allocation
|
page read and write
|
||
|
7DF000
|
heap
|
page read and write
|
||
|
25EA000
|
trusted library allocation
|
page read and write
|
||
|
833000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B116000
|
heap
|
page read and write
|
||
|
770000
|
trusted library allocation
|
page read and write
|
||
|
1B4AE000
|
stack
|
page read and write
|
||
|
258A000
|
trusted library allocation
|
page read and write
|
||
|
1CA83000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
1B14F000
|
heap
|
page read and write
|
||
|
12502000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
1BF8B000
|
stack
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
A8B000
|
stack
|
page read and write
|
||
|
7FF4C7F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
254D000
|
trusted library allocation
|
page read and write
|
||
|
254F000
|
trusted library allocation
|
page read and write
|
||
|
1B2AE000
|
stack
|
page read and write
|
||
|
7E3000
|
heap
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D5D0000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
25BE000
|
trusted library allocation
|
page read and write
|
||
|
1AEA5000
|
stack
|
page read and write
|
||
|
7FFD9B9A8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B91C000
|
trusted library allocation
|
page read and write
|
||
|
1B0A4000
|
stack
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B94B000
|
trusted library allocation
|
page read and write
|
||
|
1BC7E000
|
stack
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C088000
|
stack
|
page read and write
|
||
|
257D000
|
trusted library allocation
|
page read and write
|
There are 140 hidden memdumps, click here to show them.