Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
xRzIkuwCyozY.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\xRzIkuwCyozY.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 52
|
ASCII text, with very long lines (1746)
|
downloaded
|
||
Chrome Cache Entry: 53
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 54
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
Chrome Cache Entry: 55
|
ASCII text, with very long lines (3572), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 56
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 57
|
ASCII text, with very long lines (2124)
|
downloaded
|
||
Chrome Cache Entry: 58
|
ASCII text
|
downloaded
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\xRzIkuwCyozY.exe
|
"C:\Users\user\Desktop\xRzIkuwCyozY.exe"
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xRzIkuwCyozY.exe"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2036,i,3006558031417863421,7263643072710997579,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=2036,i,5724583149837707848,3027707607016890056,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
berlyn777.con-ip.com
|
|||
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.190.68
|
||
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
http://www.broofa.com
|
unknown
|
||
https://csp.withgoogle.com/csp/lcreport/
|
unknown
|
||
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
|
142.250.190.110
|
||
http://go.microsoft.
|
unknown
|
||
https://www.google.com/async/newtab_promos
|
142.250.190.68
|
||
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.190.68
|
||
https://apis.google.com
|
unknown
|
||
http://go.microsoft.LinkId=42127
|
unknown
|
||
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
|
unknown
|
||
https://domains.google.com/suggest/flow
|
unknown
|
||
https://clients6.google.com
|
unknown
|
||
https://plus.google.com
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
berlyn777.con-ip.com
|
45.141.215.185
|
||
google.com
|
172.217.2.46
|
||
plus.l.google.com
|
142.250.190.110
|
||
www.google.com
|
142.250.190.68
|
||
apis.google.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
45.141.215.185
|
berlyn777.con-ip.com
|
Netherlands
|
||
192.168.2.4
|
unknown
|
unknown
|
||
142.250.190.110
|
plus.l.google.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.190.68
|
www.google.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER
|
di
|
||
HKEY_CURRENT_USER\SOFTWARE\03f62b4542954
|
[kl]
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
632000
|
unkown
|
page readonly
|
||
2CD1000
|
trusted library allocation
|
page read and write
|
||
1086000
|
heap
|
page read and write
|
||
2BD0000
|
heap
|
page read and write
|
||
A70000
|
heap
|
page read and write
|
||
630000
|
unkown
|
page readonly
|
||
4E80000
|
heap
|
page read and write
|
||
5470000
|
heap
|
page read and write
|
||
BF0000
|
heap
|
page read and write
|
||
53E0000
|
trusted library allocation
|
page execute and read and write
|
||
FB0000
|
heap
|
page read and write
|
||
1270000
|
heap
|
page read and write
|
||
66C0000
|
heap
|
page read and write
|
||
F42000
|
trusted library allocation
|
page execute and read and write
|
||
4F0B000
|
stack
|
page read and write
|
||
33DF000
|
stack
|
page read and write
|
||
4E70000
|
trusted library allocation
|
page execute and read and write
|
||
2D5C000
|
trusted library allocation
|
page read and write
|
||
A20000
|
heap
|
page read and write
|
||
F57000
|
trusted library allocation
|
page execute and read and write
|
||
EEF000
|
stack
|
page read and write
|
||
298F000
|
stack
|
page read and write
|
||
F1A000
|
trusted library allocation
|
page execute and read and write
|
||
300E000
|
unkown
|
page read and write
|
||
7C6000
|
stack
|
page read and write
|
||
3213000
|
heap
|
page read and write
|
||
7C9000
|
stack
|
page read and write
|
||
2D60000
|
trusted library allocation
|
page read and write
|
||
5460000
|
heap
|
page read and write
|
||
583B000
|
stack
|
page read and write
|
||
BBE000
|
heap
|
page read and write
|
||
F0A000
|
trusted library allocation
|
page execute and read and write
|
||
C76000
|
heap
|
page read and write
|
||
DEE000
|
stack
|
page read and write
|
||
52CE000
|
stack
|
page read and write
|
||
C6D000
|
heap
|
page read and write
|
||
2D7C000
|
trusted library allocation
|
page read and write
|
||
A30000
|
heap
|
page read and write
|
||
C60000
|
heap
|
page read and write
|
||
1080000
|
heap
|
page read and write
|
||
2D94000
|
trusted library allocation
|
page read and write
|
||
67C0000
|
heap
|
page read and write
|
||
F10000
|
trusted library allocation
|
page read and write
|
||
4E60000
|
trusted library allocation
|
page read and write
|
||
ABE000
|
stack
|
page read and write
|
||
F4A000
|
trusted library allocation
|
page execute and read and write
|
||
F40000
|
trusted library allocation
|
page read and write
|
||
3170000
|
heap
|
page read and write
|
||
F2A000
|
trusted library allocation
|
page execute and read and write
|
||
F5B000
|
trusted library allocation
|
page execute and read and write
|
||
593D000
|
stack
|
page read and write
|
||
3CD1000
|
trusted library allocation
|
page read and write
|
||
638000
|
unkown
|
page readonly
|
||
31EB000
|
heap
|
page read and write
|
||
DAE000
|
stack
|
page read and write
|
||
31E0000
|
heap
|
page read and write
|
||
528E000
|
stack
|
page read and write
|
||
2D8A000
|
trusted library allocation
|
page read and write
|
||
7FDA0000
|
trusted library allocation
|
page execute and read and write
|
||
4DCF000
|
stack
|
page read and write
|
||
4ECC000
|
stack
|
page read and write
|
||
C51000
|
heap
|
page read and write
|
||
54DC000
|
stack
|
page read and write
|
||
57E0000
|
heap
|
page read and write
|
||
53CF000
|
stack
|
page read and write
|
||
EF0000
|
trusted library allocation
|
page read and write
|
||
C0F000
|
heap
|
page read and write
|
||
F12000
|
trusted library allocation
|
page execute and read and write
|
||
312F000
|
unkown
|
page read and write
|
||
504E000
|
stack
|
page read and write
|
||
F27000
|
trusted library allocation
|
page execute and read and write
|
||
569D000
|
stack
|
page read and write
|
||
F30000
|
heap
|
page execute and read and write
|
||
3202000
|
heap
|
page read and write
|
||
316E000
|
stack
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
AD0000
|
heap
|
page read and write
|
||
4E83000
|
heap
|
page read and write
|
||
AD5000
|
heap
|
page read and write
|
||
F52000
|
trusted library allocation
|
page read and write
|
||
4E50000
|
trusted library allocation
|
page read and write
|
||
4F4C000
|
stack
|
page read and write
|
||
54E0000
|
heap
|
page read and write
|
||
BBA000
|
heap
|
page read and write
|
||
65C0000
|
heap
|
page read and write
|
||
2EFD000
|
stack
|
page read and write
|
||
4DCC000
|
stack
|
page read and write
|
||
C67000
|
heap
|
page read and write
|
||
4DE0000
|
trusted library allocation
|
page execute and read and write
|
||
4DD0000
|
trusted library allocation
|
page read and write
|
||
518E000
|
stack
|
page read and write
|
||
C01000
|
heap
|
page read and write
|
||
F02000
|
trusted library allocation
|
page execute and read and write
|
||
514F000
|
stack
|
page read and write
|
||
2B6D000
|
stack
|
page read and write
|
||
6C9000
|
stack
|
page read and write
|
||
C05000
|
heap
|
page read and write
|
||
F9E000
|
stack
|
page read and write
|
||
2BE0000
|
heap
|
page read and write
|
||
57E5000
|
heap
|
page read and write
|
||
66D0000
|
heap
|
page read and write
|
||
3020000
|
heap
|
page read and write
|
||
125C000
|
stack
|
page read and write
|
||
4F88000
|
stack
|
page read and write
|
There are 94 hidden memdumps, click here to show them.