Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | June 16, 2024, 9:59 a.m. | June 16, 2024, 10:02 a.m. |
-
-
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
2092-
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3e36e00,0x7fef3e36e10,0x7fef3e36e20
2180
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\PATH |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-666E9B75-82C.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\20e7de99-ef04-4c87-a647-eb32597a15be.dmp |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3 |
section | {u'size_of_data': u'0x00046200', u'virtual_address': u'0x000d4000', u'entropy': 7.844106627602887, u'name': u'.rsrc', u'virtual_size': u'0x0004617c'} | entropy | 7.8441066276 | description | A section with a high entropy has been found | |||||||||
entropy | 0.246485061511 | description | Overall entropy of this PE file is high |
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3e36e00,0x7fef3e36e10,0x7fef3e36e20 | ||||||
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,405328435193604317,3726656886444491162,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1052 /prefetch:2 |
Lionic | Trojan.Win32.AutoIt.4!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 99) |
Skyhigh | BehavesLike.Win32.RealProtect.tc |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan ( 005b26d31 ) |
K7GW | Trojan ( 005b26d31 ) |
VirIT | Trojan.Win32.AutoIT.DYWA |
ESET-NOD32 | a variant of Win32/Autoit.OQF |
Kaspersky | Trojan-Spy.Script.AutoIt.b |
F-Secure | Trojan.TR/AutoIt.zstul |
DrWeb | Trojan.Inject5.5665 |
McAfeeD | Real Protect-LS!8F7AAF6053A1 |
FireEye | Generic.mg.8f7aaf6053a15203 |
Sophos | Generic ML PUA (PUA) |
Ikarus | Trojan.Win32.Autoit |
Jiangmin | Trojan.Script.awbz |
Detected | |
Avira | TR/AutoIt.zstul |
Microsoft | Trojan:Win32/Phonzy.C!ml |
ZoneAlarm | Trojan-Spy.Script.AutoIt.b |
Varist | W32/AutoIt.XQ.gen!Eldorado |
BitDefenderTheta | Gen:NN.ZexaCO.36806.hvW@ayCrJ!pi |
TACHYON | Trojan/W32.Agent.1166336.C |
DeepInstinct | MALICIOUS |
Malwarebytes | Backdoor.NetWiredRC.AutoIt.Generic |
MaxSecure | Win.MxResIcn.Heur.Gen |
Fortinet | AutoIt/Agent.OQF!tr |