Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
0e46.scr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\0e46.scr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat May 4 07:03:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat May 4 07:03:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat May 4 07:03:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat May 4 07:03:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat May 4 07:03:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 76
|
ASCII text, with very long lines (1657)
|
downloaded
|
||
|
Chrome Cache Entry: 77
|
ASCII text, with very long lines (2294)
|
downloaded
|
||
|
Chrome Cache Entry: 78
|
ASCII text, with very long lines (814)
|
downloaded
|
||
|
Chrome Cache Entry: 79
|
ASCII text, with very long lines (2956)
|
downloaded
|
||
|
Chrome Cache Entry: 80
|
PNG image data, 106 x 5210, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 81
|
ASCII text, with very long lines (2200)
|
downloaded
|
||
|
Chrome Cache Entry: 82
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 83
|
ASCII text, with very long lines (736)
|
downloaded
|
||
|
Chrome Cache Entry: 84
|
ASCII text, with very long lines (3572), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 85
|
ASCII text, with very long lines (769)
|
downloaded
|
||
|
Chrome Cache Entry: 86
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
|
Chrome Cache Entry: 87
|
PNG image data, 106 x 5210, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 88
|
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 89
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 90
|
ASCII text, with very long lines (2124)
|
downloaded
|
||
|
Chrome Cache Entry: 91
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
dropped
|
||
|
Chrome Cache Entry: 92
|
HTML document, ASCII text, with very long lines (21071)
|
downloaded
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\0e46.scr.exe
|
"C:\Users\user\Desktop\0e46.scr.exe"
|
|
|
|
C:\Users\user\Desktop\0e46.scr.exe
|
"C:\Users\user\Desktop\0e46.scr.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2040,i,3301420170973166231,14062020265948935474,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com/async/ddljson?async=ntp:2
|
172.217.14.68
|
||
|
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
|
unknown
|
||
|
https://ogs.google.com/
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
172.217.14.68
|
||
|
http://www.broofa.com
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://csp.withgoogle.com/csp/lcreport/
|
unknown
|
||
|
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|
|||
|
https://apis.google.com/js/api.js
|
unknown
|
||
|
https://www.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://www.google.com/async/newtab_promos
|
172.217.14.68
|
||
|
https://play.google.com/log?format=json&hasfast=true&authuser=0
|
142.250.189.14
|
||
|
http://cp5ua.hyperhost.ua
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
172.217.14.68
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://ogs.google.com/widget/app/so
|
unknown
|
||
|
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
|
unknown
|
||
|
https://domains.google.com/suggest/flow
|
unknown
|
||
|
https://clients6.google.com
|
unknown
|
||
|
https://plus.google.com
|
unknown
|
||
|
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cp5ua.hyperhost.ua
|
91.235.128.141
|
||
|
plus.l.google.com
|
142.251.40.46
|
||
|
www3.l.google.com
|
142.250.72.142
|
||
|
play.google.com
|
142.250.189.14
|
||
|
www.google.com
|
172.217.14.68
|
||
|
ogs.google.com
|
unknown
|
||
|
apis.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.68.110
|
unknown
|
United States
|
||
|
172.217.14.68
|
www.google.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
91.235.128.141
|
cp5ua.hyperhost.ua
|
Ukraine
|
||
|
142.250.72.142
|
www3.l.google.com
|
United States
|
||
|
142.250.189.14
|
play.google.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
502000
|
remote allocation
|
page execute and read and write
|
|
|
|
2469000
|
trusted library allocation
|
page read and write
|
|
|
|
243E000
|
trusted library allocation
|
page read and write
|
|
|
|
23F1000
|
trusted library allocation
|
page read and write
|
|
|
|
3F7A000
|
trusted library allocation
|
page read and write
|
|
|
|
56DE000
|
stack
|
page read and write
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
||
|
2471000
|
trusted library allocation
|
page read and write
|
||
|
33F1000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
trusted library section
|
page read and write
|
||
|
126A000
|
heap
|
page read and write
|
||
|
4936000
|
trusted library allocation
|
page read and write
|
||
|
ACB000
|
trusted library allocation
|
page execute and read and write
|
||
|
FBE000
|
stack
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
4A80000
|
trusted library allocation
|
page read and write
|
||
|
49E8000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
571E000
|
stack
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page read and write
|
||
|
23B4000
|
trusted library allocation
|
page read and write
|
||
|
243C000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
45EE000
|
stack
|
page read and write
|
||
|
23C0000
|
trusted library allocation
|
page read and write
|
||
|
54AE000
|
stack
|
page read and write
|
||
|
13BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
B5B000
|
stack
|
page read and write
|
||
|
5394000
|
trusted library allocation
|
page read and write
|
||
|
3455000
|
trusted library allocation
|
page read and write
|
||
|
5E50000
|
heap
|
page read and write
|
||
|
56FE000
|
stack
|
page read and write
|
||
|
494E000
|
trusted library allocation
|
page read and write
|
||
|
5ABE000
|
stack
|
page read and write
|
||
|
49AC000
|
stack
|
page read and write
|
||
|
237C000
|
stack
|
page read and write
|
||
|
3419000
|
trusted library allocation
|
page read and write
|
||
|
5590000
|
trusted library section
|
page read and write
|
||
|
59E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2158000
|
trusted library allocation
|
page read and write
|
||
|
A32000
|
unkown
|
page readonly
|
||
|
5541000
|
trusted library allocation
|
page read and write
|
||
|
2380000
|
trusted library allocation
|
page execute and read and write
|
||
|
2465000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
trusted library allocation
|
page read and write
|
||
|
ABA000
|
trusted library allocation
|
page execute and read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
13C4000
|
trusted library allocation
|
page read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
1267000
|
heap
|
page read and write
|
||
|
AB0000
|
trusted library allocation
|
page read and write
|
||
|
5355000
|
trusted library allocation
|
page read and write
|
||
|
AB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
61BF000
|
stack
|
page read and write
|
||
|
2478000
|
trusted library allocation
|
page read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
5585000
|
trusted library allocation
|
page read and write
|
||
|
493B000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
2446000
|
trusted library allocation
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
5399000
|
trusted library allocation
|
page read and write
|
||
|
7F1B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
552B000
|
trusted library allocation
|
page read and write
|
||
|
5AD0000
|
trusted library allocation
|
page read and write
|
||
|
5A5000
|
heap
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
4FDE000
|
stack
|
page read and write
|
||
|
3F78000
|
trusted library allocation
|
page read and write
|
||
|
2457000
|
trusted library allocation
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
786000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page execute and read and write
|
||
|
AC2000
|
trusted library allocation
|
page read and write
|
||
|
5360000
|
heap
|
page execute and read and write
|
||
|
716000
|
heap
|
page read and write
|
||
|
617E000
|
stack
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
23A0000
|
trusted library allocation
|
page read and write
|
||
|
49E0000
|
trusted library allocation
|
page read and write
|
||
|
11AE000
|
heap
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
5986000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
4DDC000
|
stack
|
page read and write
|
||
|
495D000
|
trusted library allocation
|
page read and write
|
||
|
13DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
A94000
|
trusted library allocation
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
500000
|
remote allocation
|
page execute and read and write
|
||
|
2100000
|
trusted library allocation
|
page read and write
|
||
|
535D000
|
trusted library allocation
|
page read and write
|
||
|
539C000
|
trusted library allocation
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
4930000
|
trusted library allocation
|
page read and write
|
||
|
2EA1000
|
trusted library allocation
|
page read and write
|
||
|
13B4000
|
trusted library allocation
|
page read and write
|
||
|
59DE000
|
stack
|
page read and write
|
||
|
6200000
|
trusted library allocation
|
page execute and read and write
|
||
|
A30000
|
unkown
|
page readonly
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
AC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
4962000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
5EA8000
|
heap
|
page read and write
|
||
|
535A000
|
trusted library allocation
|
page read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
5E40000
|
heap
|
page read and write
|
||
|
13B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
701000
|
heap
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
119E000
|
stack
|
page read and write
|
||
|
A9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
23B0000
|
trusted library allocation
|
page read and write
|
||
|
3EA5000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
A80000
|
trusted library allocation
|
page read and write
|
||
|
AC5000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C87000
|
trusted library allocation
|
page read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
4AA0000
|
heap
|
page read and write
|
||
|
553E000
|
trusted library allocation
|
page read and write
|
||
|
59DE000
|
stack
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
5A7F000
|
stack
|
page read and write
|
||
|
5C7D000
|
stack
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
5555000
|
trusted library allocation
|
page read and write
|
||
|
5980000
|
trusted library allocation
|
page read and write
|
||
|
2C98000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
13EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
5522000
|
trusted library allocation
|
page read and write
|
||
|
3EA1000
|
trusted library allocation
|
page read and write
|
||
|
5AC7000
|
trusted library allocation
|
page read and write
|
||
|
5546000
|
trusted library allocation
|
page read and write
|
||
|
A93000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
5EC3000
|
heap
|
page read and write
|
||
|
6E8000
|
heap
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page execute and read and write
|
||
|
4956000
|
trusted library allocation
|
page read and write
|
||
|
11C8000
|
heap
|
page read and write
|
||
|
11CE000
|
heap
|
page read and write
|
||
|
5560000
|
trusted library allocation
|
page read and write
|
||
|
5AC0000
|
trusted library allocation
|
page read and write
|
||
|
714000
|
heap
|
page read and write
|
||
|
5524000
|
trusted library allocation
|
page read and write
|
||
|
139E000
|
stack
|
page read and write
|
||
|
4934000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB2000
|
trusted library allocation
|
page read and write
|
||
|
58DF000
|
stack
|
page read and write
|
||
|
AAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
494A000
|
trusted library allocation
|
page read and write
|
||
|
61F0000
|
heap
|
page read and write
|
||
|
214E000
|
stack
|
page read and write
|
||
|
55DE000
|
stack
|
page read and write
|
||
|
4A8C000
|
trusted library allocation
|
page read and write
|
||
|
49F0000
|
heap
|
page execute and read and write
|
||
|
22FE000
|
stack
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
2CA0000
|
heap
|
page execute and read and write
|
||
|
13E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4951000
|
trusted library allocation
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
60BE000
|
stack
|
page read and write
|
||
|
4942000
|
trusted library allocation
|
page read and write
|
||
|
44EF000
|
stack
|
page read and write
|
||
|
539E000
|
trusted library allocation
|
page read and write
|
||
|
2C80000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
4A93000
|
heap
|
page read and write
|
||
|
11E3000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
11A8000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
144E000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
5E82000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
AC6000
|
unkown
|
page readonly
|
||
|
1AA000
|
stack
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
63C0000
|
heap
|
page read and write
|
||
|
11D6000
|
heap
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
493E000
|
trusted library allocation
|
page read and write
|
There are 197 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|
||
|
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|
||
|
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|