Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,5534151309402295221,11728340676976103501,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" "http://smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com#YXRvbC5vbmxpbmVAY2FhLmNvLnVr
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com#YXRvbC5vbmxpbmVAY2FhLmNvLnVr
|
|||
https://www.smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com
|
40.69.190.41
|
||
http://www.smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com
|
40.69.190.41
|
||
http://smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com
|
40.69.190.41
|
||
https://yylinvaant.bureaurid.tech/favicon.ico
|
199.192.25.226
|
||
https://smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com
|
40.69.190.41
|
||
http://xx6v1x.caobatours.com/
|
185.244.151.84
|
||
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.185.77
|
||
https://yylinvaant.bureaurid.tech/assets/style.css
|
199.192.25.226
|
||
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=94.0.4606.61&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
216.58.212.142
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
accounts.google.com
|
142.250.185.77
|
||
xx6v1x.caobatours.com
|
185.244.151.84
|
||
yylinvaant.bureaurid.tech
|
199.192.25.226
|
||
www.google.com
|
142.250.186.68
|
||
clients.l.google.com
|
216.58.212.142
|
||
smenet.org
|
40.69.190.41
|
||
clients2.google.com
|
unknown
|
||
www.smenet.org
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.185.77
|
accounts.google.com
|
United States
|
||
142.250.186.68
|
www.google.com
|
United States
|
||
216.58.212.142
|
clients.l.google.com
|
United States
|
||
40.69.190.41
|
smenet.org
|
United States
|
||
185.244.151.84
|
xx6v1x.caobatours.com
|
Netherlands
|
||
192.168.11.20
|
unknown
|
unknown
|
||
199.192.25.226
|
yylinvaant.bureaurid.tech
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
EF431FE000
|
stack
|
page read and write
|
||
2E805960000
|
heap
|
page read and write
|
||
2E80579B000
|
heap
|
page read and write
|
||
2E8057CA000
|
heap
|
page read and write
|
||
EF4327F000
|
stack
|
page read and write
|
||
2E8059D0000
|
heap
|
page read and write
|
||
2E805730000
|
unclassified section
|
page readonly
|
||
2E805B00000
|
heap
|
page read and write
|
||
2E8056D0000
|
heap
|
page read and write
|
||
EF42D8C000
|
stack
|
page read and write
|
||
2E805B05000
|
heap
|
page read and write
|
||
EF4317F000
|
stack
|
page read and write
|
||
EF432FA000
|
stack
|
page read and write
|
||
2E805790000
|
heap
|
page read and write
|
||
2E805740000
|
unclassified section
|
page readonly
|
||
2E8057C5000
|
heap
|
page read and write
|
||
2E8057B9000
|
heap
|
page read and write
|
||
EF430FE000
|
stack
|
page read and write
|
||
2E8056E0000
|
unclassified section
|
page readonly
|
||
EF4307E000
|
stack
|
page read and write
|
There are 10 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr
|
||
https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr
|
||
https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr
|
||
https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr
|
||
https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr
|
||
https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr
|