Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Sept. 18, 2021, 7:45 p.m. | Sept. 18, 2021, 7:49 p.m. |
-
-
-
taskkill.exe taskkill /f /im chrome.exe
2200
-
-
xcopy.exe xcopy "C:\Users\test22\AppData\Local\Google\Chrome\User Data" "C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
1784 -
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\test22\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
2448-
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb8,0xbc,0xc0,0x8c,0xc4,0x7fef1a86e00,0x7fef1a86e10,0x7fef1a86e20
2984
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.wsrygoq.com | 188.225.87.175 | |
www.listincode.com | 144.202.76.47 | |
www.iyiqian.com | 103.155.92.58 | |
iplogger.org | 88.99.66.31 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49163 -> 144.202.76.47:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49165 -> 88.99.66.31:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49163 144.202.76.47:443 |
C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=listincode.com | 84:23:95:42:66:09:11:39:0d:e6:22:7f:eb:b3:cc:79:dd:fa:36:ed |
TLSv1 192.168.56.102:49165 88.99.66.31:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.iplogger.org | 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
pdb_path | F:\facebook_svn\trunk\database\Release\DiskScan.pdb |
file | C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Locales |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
section | .iggwrgj |
resource name | ZIP |
suspicious_features | POST method with no referer header | suspicious_request | POST http://www.wsrygoq.com/Home/Index/lkdinl |
request | GET http://www.iyiqian.com/ |
request | POST http://www.wsrygoq.com/Home/Index/lkdinl |
request | GET https://www.listincode.com/ |
request | GET https://iplogger.org/1GWfv7 |
request | POST http://www.wsrygoq.com/Home/Index/lkdinl |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\101.3.34.11\manifest.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\common.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\hi\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\page_embed_script.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\de |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fi\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_pnacl_json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2209.0\_platform_specific |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\es_419\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\5ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\el\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\pt_PT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\ja |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\zh_HK\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ca |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\ca |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\el\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\tr\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\cs |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\cs |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ru |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\english_wikipedia.txt |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2209.0 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_metadata\computed_hashes.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\91.265.200\em002_64.dll |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\da |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\index |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\messages.json |
name | ZIP | language | LANG_CHINESE | filetype | Zip archive data, at least v1.0 to extract | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00156b50 | size | 0x0000cc07 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | dBase III DBT, version number 0, next free block index 40 | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00146180 | size | 0x00010828 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x001569a8 | size | 0x00000014 | ||||||||||||||||||
name | RT_VERSION | language | LANG_CHINESE | filetype | PGP symmetric key encrypted data - Plaintext or unencrypted data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x001569c0 | size | 0x0000018c |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\main.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\software_reporter_tool.exe |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_cast_streaming.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\mode-ecb.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\content.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_hangouts.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\jquery-3.3.1.min.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_background.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em004_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\background.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\pad-nopadding.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\aes.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\background_script.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em005_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\main.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\edls_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\pad-nopadding.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\WidevineCdm\4.10.2209.0\_platform_specific\win_x64\widevinecdm.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\PepperFlash\32.0.0.445\pepflashplayer.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em002_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em003_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em000_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\angular.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\jquery-3.3.1.min.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\mode-ecb.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\common.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\eventpage_bin_prod.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_webrtc.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_common.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\recovery\101.3.34.11\ChromeRecovery.exe |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\page_embed_script.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\aes.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\content.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SwReporter\91.265.200\em001_64.dll |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\cast_sender.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\feedback_script.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_window.js |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\main.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\js\background.js |
cmdline | cmd.exe /c taskkill /f /im chrome.exe |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\recovery\101.3.34.11\ChromeRecovery.exe |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe") |
section | {u'size_of_data': u'0x0001da00', u'virtual_address': u'0x00146000', u'entropy': 6.931167777465486, u'name': u'.rsrc', u'virtual_size': u'0x0001d8d8'} | entropy | 6.93116777747 | description | A section with a high entropy has been found |
cmdline | taskkill /f /im chrome.exe |
cmdline | cmd.exe /c taskkill /f /im chrome.exe |
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1108,5769315423985373555,2642203425044427596,131072 --user-data-dir="C:\Users\test22\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1128 /prefetch:2 | ||||||
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb8,0xbc,0xc0,0x8c,0xc4,0x7fef1a86e00,0x7fef1a86e10,0x7fef1a86e20 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\UrlCsdWhitelist.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Session Storage\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Sessions\Tabs_13270130856398073 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Crashpad\metadata |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\TLSDeprecationConfig\4\tls_deprecation_config.pb |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_2 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\ShaderCache\GPUCache\data_1 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\shared_proto_db\000003.log |
file | c:\users\test22\appdata\local\temp\cghjgasaaz99\crashpadmetrics.pma |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extension Rules\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SafetyTips\2659\safety_tips.pb |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\History Provider Cache |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\ThirdPartyModuleList64\2018.8.8.0\module_list_proto |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\UrlSubresourceFilter.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\UrlMalBin.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\CertCsdDownloadWhitelist.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\File System\Origins\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Sessions\Session_13270130856303325 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Translate Ranker Model |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\FileTypePolicies\43\download_file_types.pb |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\GrShaderCache\GPUCache\index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\ChromeExtMalware.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\SSLErrorAssistant\7\ssl_error_assistant.pb |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extension State\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\WidevineCdm\4.10.2209.0\_platform_specific\win_x64\widevinecdm.dll.sig |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\BrowserMetrics\BrowserMetrics-60E58FA8-748.pma |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Module Info Cache |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\FontLookupTableCache\font_unique_name_table.pb |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Safe Browsing\ChromeUrlClientIncident.store |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\CertificateRevocation\6738\crl-set |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\PnaclTranslationCache\data_1 |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Subresource Filter\Indexed Rules\27\9.28.0\Ruleset Data |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Cache\index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\000003.log |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Subresource Filter\Unindexed Rules\9.28.0\Filtering Rules |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Last Browser |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index |
Bkav | W32.LungQ.Trojan |
Elastic | malicious (high confidence) |
DrWeb | Trojan.Siggen13.57604 |
MicroWorld-eScan | Gen:Variant.Zusy.371633 |
CAT-QuickHeal | Trojan.DisbukRI.S19305183 |
ALYac | Gen:Variant.Zusy.371633 |
Zillya | Trojan.Disbuk.Win32.207 |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Spyware ( 005690661 ) |
K7GW | Spyware ( 005690661 ) |
Cybereason | malicious.0b0414 |
BitDefenderTheta | Gen:NN.ZexaF.34142.y10@aak6HOoj |
Cyren | W32/Socelars.G.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Spy.Socelars.S |
APEX | Malicious |
Paloalto | generic.ml |
ClamAV | Win.Malware.Razy-9789744-0 |
Kaspersky | HEUR:Trojan.Script.Generic |
BitDefender | Gen:Variant.Zusy.371633 |
SUPERAntiSpyware | Trojan.Agent/Gen-SpySocelars |
Avast | Win32:PWSX-gen [Trj] |
Tencent | Malware.Win32.Gencirc.10cea1fd |
Ad-Aware | Gen:Variant.Zusy.371633 |
TACHYON | Trojan/W32.Agent.1448448.AA |
Emsisoft | Trojan-Spy.Socelars (A) |
McAfee-GW-Edition | BehavesLike.Win32.Generic.th |
FireEye | Generic.mg.5eb27790b04148fa |
Sophos | Troj/Agent-BGVO |
Jiangmin | Trojan.PSW.Disbuk.da |
MaxSecure | Trojan.Malware.300983.susgen |
Avira | HEUR/AGEN.1124060 |
Antiy-AVL | Trojan/Generic.ASMalwS.345DB2F |
Microsoft | TrojanSpy:Win32/Socelars.PAA!MTB |
Arcabit | Trojan.Zusy.D5ABB1 |
GData | Gen:Variant.Zusy.371633 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Infostealer/Win.Socelars.R372531 |
McAfee | GenericRXLT-RQ!5EB27790B041 |
MAX | malware (ai score=84) |
VBA32 | BScope.Trojan.Agentb |
Malwarebytes | Glupteba.Backdoor.Bruteforce.DDS |
Rising | Stealer.FBAdsCard!1.CE03 (CLASSIC) |
SentinelOne | Static AI - Malicious PE |
AVG | Win32:PWSX-gen [Trj] |
Panda | Trj/Genetic.gen |