popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

askinstall52.exe

Trojan_PWS_Stealer Credential User Data Malicious Library UPX Malicious Packer SQLite Cookie PWS PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 16, 2021, 5:05 p.m. Aug. 16, 2021, 5:20 p.m.
Size 1.4MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ed8353cf1e80cb6afd65dedd1f83071a
SHA256 c8d28298cf83e95158d8eb811ca0251af61a866d3eb55447ce092dc7c79c0952
CRC32 1A4F65C2
ssdeep 24576:PIVFA1pqtg/TnMbX0lwyh0FVmEByA1EwFYyOsFTceoCSPZVjQMYfsowP:eFA1pvTMbOwa0TmUyMYEh1oCSPnQMYEB
PDB Path F:\facebook_svn\trunk\database\Release\DiskScan.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Credential_User_Data_Check_Zero - Credential User Data Check
  • Malicious_Library_Zero - Malicious_Library
  • SQLite_cookies_Check_Zero - SQLite Cookie Check... select
  • IsPE32 - (no description)
  • Trojan_PWS_Stealer_1_Zero - Trojan.PWS.Stealer Zero

Name Response Post-Analysis Lookup
www.listincode.com
A 144.202.76.47
144.202.76.47
iplogger.org
A 88.99.66.31
88.99.66.31
IP Address Status Action
144.202.76.47 Active Moloch
164.124.101.2 Active Moloch
88.99.66.31 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49165 -> 88.99.66.31:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49163 -> 144.202.76.47:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49165
88.99.66.31:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=*.iplogger.org 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb
TLSv1
192.168.56.102:49163
144.202.76.47:443 		C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=listincode.com 84:23:95:42:66:09:11:39:0d:e6:22:7f:eb:b3:cc:79:dd:fa:36:ed

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: ERROR: The process "chrome.exe" not found.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Browser
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Module Info Cache
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60E58FA8-748.pma
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6738\crl-set
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6738\LICENSE
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6738\manifest.fingerprint
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6738\manifest.json
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6738\_metadata\verified_contents.json
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\manifest.fingerprint
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\manifest.json
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_metadata\verified_contents.json
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\03019df3fd85a69a8ebd1facc6da9ba73e469774fe77f579fc5a08b8328c1d6b.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\07b75c1be57d68fff1b0c61d2315c7bae6577c5794b76aeebc613a1a69d3a21c.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\084114980071532c16190460bcfc47fdc2653afa292c72b37ff863ae29ccc9f0.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\2245450759552456963fa12ff1f76d86e0232663adc04b7f5dc6835c6ee20f02.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\2979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc784.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\35cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\41c8cab1df22464a10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f6.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\4494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a8.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\46a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d47.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\51a3b0f5fd01799c566db837788f0ca47acc1b27cbf79e88429a0dfed48b05e5.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\5581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\5cdc4392fee6ab4544b15e9ad456e61037fbd5fa47dca17394b25ee6f6c70eca.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\5ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\63f2dbcde83bcc2ccf0b728427576b33a48d61778fbd75a638b1c768544bd88d.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\6f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d913.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\7a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb52.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\7d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d7.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\8775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185.sth
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565.sth
console_handle: 0x00000013
1 1 0
pdb_path F:\facebook_svn\trunk\database\Release\DiskScan.pdb
file C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\resources.pak
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
section .dgtyivf
resource name ZIP
request GET https://www.listincode.com/
request GET https://iplogger.org/1G7Sc7
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\ka\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\fil
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ko
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ko
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ca\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\hi\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\page_embed_script.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\128.png
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny\2021.6.21.1141\manifest.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ro
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56.sth
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\id\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\lo\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\de
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\da
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ms\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pt_BR\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\fil\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\blob_storage\2c7f7a43-4064-43d4-9d00-5bb02ee9c129
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f2893019dddf1dbfe.sth
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\en_CA\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ko
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\th\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565.sth
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Download Service
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fi\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata\verified_contents.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\tr\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\sv\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\id\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\es_419\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs-journal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths
name ZIP language LANG_CHINESE filetype Zip archive data, at least v1.0 to extract sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00156b50 size 0x0000cc53
name RT_ICON language LANG_CHINESE filetype dBase III DBT, version number 0, next free block index 40 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00146180 size 0x00010828
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001569a8 size 0x00000014
name RT_VERSION language LANG_CHINESE filetype PGP symmetric key encrypted data - Plaintext or unencrypted data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001569c0 size 0x0000018c
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\main.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\eventpage_bin_prod.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\page_embed_script.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\main.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\main.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js
cmdline cmd.exe /c taskkill /f /im chrome.exe
wmi SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 1376
thread_handle: 0x000004d8
process_identifier: 1088
current_directory:
filepath:
track: 1
command_line: xcopy "C:\Users\test22\AppData\Local\Google\Chrome\User Data" "C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
inherit_handles: 0
process_handle: 0x00000514
1 1 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeCreateTokenPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeMachineAccountPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeTcbPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeSecurityPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeTakeOwnershipPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeLoadDriverPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeBackupPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeRestorePrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeRemoteShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeEnableDelegationPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeManageVolumePrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeCreateGlobalPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeTrustedCredManAccessPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adblocker
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adblocker
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000004b8
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000004b8
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000004d8
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0
cmdline taskkill /f /im chrome.exe
cmdline cmd.exe /c taskkill /f /im chrome.exe
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.371633
FireEye Generic.mg.ed8353cf1e80cb6a
CAT-QuickHeal Trojan.DisbukRI.S19305183
McAfee GenericRXLT-RQ!ED8353CF1E80
Sangfor Trojan.Win32.Save.a
K7AntiVirus Spyware ( 005690661 )
K7GW Spyware ( 005690661 )
Cybereason malicious.f1e80c
BitDefenderTheta Gen:NN.ZexaF.34058.y10@aaLmawcj
Cyren W32/Socelars.G.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Spy.Socelars.S
Paloalto generic.ml
ClamAV Win.Malware.Razy-9789744-0
Kaspersky HEUR:Trojan.Script.Generic
BitDefender Gen:Variant.Zusy.371633
SUPERAntiSpyware Trojan.Agent/Gen-SpySocelars
Avast Win32:PWSX-gen [Trj]
Tencent Malware.Win32.Gencirc.11c8be30
Ad-Aware Gen:Variant.Zusy.371633
Sophos Troj/Agent-BGVO
DrWeb Trojan.Siggen13.57604
Zillya Trojan.Generic.Script.15
McAfee-GW-Edition BehavesLike.Win32.Dropper.th
SentinelOne Static AI - Suspicious PE
Emsisoft Trojan-Spy.Socelars (A)
APEX Malicious
Jiangmin Trojan.PSW.Disbuk.da
Avira HEUR/AGEN.1124060
MAX malware (ai score=82)
Antiy-AVL Trojan/Generic.ASMalwS.345DB2F
Gridinsoft Spy.Win32.Keylogger.oa!s1
Microsoft TrojanSpy:Win32/Socelars.PAA!MTB
ZoneAlarm HEUR:Trojan.Script.Generic
GData Gen:Variant.Zusy.371633
Cynet Malicious (score: 100)
AhnLab-V3 Infostealer/Win.Socelars.R372531
ALYac Gen:Variant.Zusy.371633
TACHYON Trojan/W32.Agent.1448448.AA
VBA32 BScope.Trojan.Agentb
Malwarebytes Glupteba.Backdoor.Bruteforce.DDS
Rising Stealer.FBAdsCard!1.CE03 (CLASSIC)
Yandex TrojanSpy.Socelars!cR8/2/A6ePo
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Agent.BGVO!tr
AVG Win32:PWSX-gen [Trj]
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_60% (D)