Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Aug. 7, 2021, 1:50 p.m. | Aug. 7, 2021, 2 p.m. |
-
-
-
taskkill.exe taskkill /f /im chrome.exe
2460
-
-
xcopy.exe xcopy "C:\Users\test22\AppData\Local\Google\Chrome\User Data" "C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
2568 -
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\test22\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
2672-
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb8,0xbc,0xc0,0x8c,0xc4,0x7fef2f76e00,0x7fef2f76e10,0x7fef2f76e20
2720
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.nincefcs.xyz | 188.225.87.175 | |
www.listincode.com | 144.202.76.47 | |
www.iyiqian.com | 103.155.92.58 | |
iplogger.org | 88.99.66.31 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49163 -> 88.99.66.31:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49161 -> 144.202.76.47:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49163 88.99.66.31:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.iplogger.org | 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb |
TLSv1 192.168.56.102:49161 144.202.76.47:443 |
C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=listincode.com | 84:23:95:42:66:09:11:39:0d:e6:22:7f:eb:b3:cc:79:dd:fa:36:ed |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
pdb_path | F:\facebook_svn\trunk\database\Release\DiskScan.pdb |
file | C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Locales |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
section | .ngehrth |
resource name | ZIP |
suspicious_features | POST method with no referer header | suspicious_request | POST http://www.nincefcs.xyz/Home/Index/lkdinl |
request | GET http://www.iyiqian.com/ |
request | POST http://www.nincefcs.xyz/Home/Index/lkdinl |
request | GET https://www.listincode.com/ |
request | GET https://iplogger.org/1Z7qd7 |
request | POST http://www.nincefcs.xyz/Home/Index/lkdinl |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\101.3.34.11\manifest.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\LOG |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\hi\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\page_embed_script.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\de |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6716\crl-set |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fi\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_pnacl_json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2209.0\_platform_specific |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\2021.7.8.2 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\es_419\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\5ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\el\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\pt_PT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\ja |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\zh_HK\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ca |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\ca |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\el\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\tr\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\cs |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\cs |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ru |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\english_wikipedia.txt |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2209.0 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_metadata\computed_hashes.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\91.265.200\em002_64.dll |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\da |
name | ZIP | language | LANG_CHINESE | filetype | Zip archive data, at least v1.0 to extract | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015cf68 | size | 0x0000cc53 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015c8d8 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015c8d8 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015c8d8 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015c8d8 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015c8d8 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015c8d8 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015c8d8 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015c8d8 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015c8d8 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015c8d8 | size | 0x00000468 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015cd40 | size | 0x00000092 | ||||||||||||||||||
name | RT_VERSION | language | LANG_CHINESE | filetype | PGP symmetric key encrypted data - Plaintext or unencrypted data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0015cdd8 | size | 0x0000018c |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\main.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_hangouts.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_background.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\edls_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\software_reporter_tool.exe |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\background_script.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em005_64.dll |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\main.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\recovery\101.3.34.11\ChromeRecovery.exe |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em004_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\WidevineCdm\4.10.2209.0\_platform_specific\win_x64\widevinecdm.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\PepperFlash\32.0.0.445\pepflashplayer.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em002_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em003_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em000_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\angular.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\main.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\common.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\eventpage_bin_prod.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_webrtc.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_common.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_cast_streaming.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\page_embed_script.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em001_64.dll |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\cast_sender.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\feedback_script.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_window.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js |
cmdline | cmd.exe /c taskkill /f /im chrome.exe |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\recovery\101.3.34.11\ChromeRecovery.exe |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe") |
cmdline | taskkill /f /im chrome.exe |
cmdline | cmd.exe /c taskkill /f /im chrome.exe |
host | 45.227.253.62 |
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=544,9055035049496761622,12436245521835868299,131072 --user-data-dir="C:\Users\test22\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1132 /prefetch:2 | ||||||
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb8,0xbc,0xc0,0x8c,0xc4,0x7fef2f76e00,0x7fef2f76e10,0x7fef2f76e20 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\UrlCsdWhitelist.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Cache\data_1 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\TLSDeprecationConfig\4\tls_deprecation_config.pb |
file | c:\users\test22\appdata\local\temp\cghjgasaaz99\browsermetrics\browsermetrics-610e548f-a70.pma |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\PnaclTranslationCache\index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_2 |
file | c:\users\test22\appdata\local\temp\cghjgasaaz99\crashpadmetrics.pma |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extension Rules\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SafetyTips\2659\safety_tips.pb |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\History Provider Cache |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\ThirdPartyModuleList64\2018.8.8.0\module_list_proto |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Cache\index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\shared_proto_db\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Sessions\Session_13270129697618663 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\UrlSubresourceFilter.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\UrlMalBin.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\CertCsdDownloadWhitelist.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\File System\Origins\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Translate Ranker Model |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Session Storage\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\ShaderCache\GPUCache\data_1 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\FileTypePolicies\43\download_file_types.pb |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\ChromeExtMalware.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SSLErrorAssistant\7\ssl_error_assistant.pb |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Sessions\Tabs_13270129697672624 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extension State\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\WidevineCdm\4.10.2209.0\_platform_specific\win_x64\widevinecdm.dll.sig |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Module Info Cache |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\GrShaderCache\GPUCache\index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SafetyTips\2658\safety_tips.pb |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\FontLookupTableCache\font_unique_name_table.pb |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\BrowserMetrics\BrowserMetrics-60E58B21-840.pma |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\ChromeUrlClientIncident.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\CertificateRevocation\6738\crl-set |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Crashpad\metadata |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\PnaclTranslationCache\data_1 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Subresource Filter\Indexed Rules\27\9.28.0\Ruleset Data |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Subresource Filter\Unindexed Rules\9.28.0\Filtering Rules |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Last Browser |
Bkav | W32.AIDetect.malware2 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Variant.Zusy.396400 |
FireEye | Generic.mg.9192eed4f3433a1f |
CAT-QuickHeal | Trojan.DisbukRI.S19305183 |
McAfee | GenericRXLT-RQ!9192EED4F343 |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Spyware ( 005690661 ) |
Alibaba | TrojanSpy:Win32/Socelars.8d59f579 |
K7GW | Spyware ( 005690661 ) |
Cybereason | malicious.4f3433 |
Cyren | W32/Trojan.GKGU-6169 |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Spy.Socelars.S |
APEX | Malicious |
Paloalto | generic.ml |
ClamAV | Win.Malware.Razy-9789744-0 |
Kaspersky | HEUR:Trojan.Script.Generic |
BitDefender | Gen:Variant.Zusy.396400 |
Avast | Win32:PWSX-gen [Trj] |
Ad-Aware | Gen:Variant.Zusy.396400 |
Sophos | Mal/Generic-R + Troj/Agent-BGVO |
DrWeb | Trojan.Siggen13.57604 |
TrendMicro | TROJ_GEN.R002C0DH321 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.th |
Emsisoft | Trojan-Spy.Socelars (A) |
Jiangmin | Trojan.Script.asxw |
Webroot | W32.Trojan.Gen |
Avira | HEUR/AGEN.1124060 |
Kingsoft | Win32.Troj.Undef.(kcloud) |
Gridinsoft | Malware.Win32.MigratedCloud.cc |
Microsoft | TrojanSpy:Win32/Socelars.PAA!MTB |
ZoneAlarm | HEUR:Trojan.Script.Generic |
GData | Gen:Variant.Zusy.396400 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Infostealer/Win.Socelars.R372531 |
BitDefenderTheta | Gen:NN.ZexaF.34058.z10@aqJUe5pj |
ALYac | Gen:Variant.Zusy.396400 |
MAX | malware (ai score=80) |
VBA32 | BScope.Trojan.Agentb |
Malwarebytes | Glupteba.Backdoor.Bruteforce.DDS |
TrendMicro-HouseCall | TROJ_GEN.R002C0DH321 |
Rising | Stealer.FBAdsCard!1.CE03 (CLASSIC) |
Yandex | TrojanSpy.Socelars!LakI5Od7RMQ |
SentinelOne | Static AI - Suspicious PE |
Fortinet | W32/Script.BGVO!tr |
AVG | Win32:PWSX-gen [Trj] |
Panda | Trj/CI.A |
CrowdStrike | win/malicious_confidence_100% (W) |