Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
OEFKKGFCAHBECCGCKJGBNFCLCMNJGIDG_1_5_9_0 (1).crx
|
Google Chrome extension, version 3
|
initial sample
|
||
|
C:\chrome\LICENSE
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\chrome\_locales\en\messages.json
|
JSON data
|
dropped
|
||
|
C:\chrome\_locales\fr\messages.json
|
JSON data
|
dropped
|
||
|
C:\chrome\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
|
C:\chrome\css\foundation-icons\foundation-icons.css
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\chrome\css\foundation-icons\foundation-icons.eot
|
Embedded OpenType (EOT), fontcustom family
|
dropped
|
||
|
C:\chrome\css\foundation-icons\foundation-icons.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\chrome\css\foundation-icons\foundation-icons.ttf
|
TrueType Font data, 15 tables, 1st "FFTM", 14 names, Macintosh
|
dropped
|
||
|
C:\chrome\css\foundation-icons\foundation-icons.woff
|
Web Open Font Format, TrueType, length 32020, version 0.0
|
dropped
|
||
|
C:\chrome\css\foundation-icons\svgs\fi-clipboard-notes.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\chrome\css\foundation-icons\svgs\fi-loop.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\chrome\css\foundation.min.css
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\chrome\css\style.css
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\chrome\img\icon128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\chrome\img\icon16.png
|
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\chrome\img\icon32.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\chrome\img\icon48.png
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\chrome\img\loading.gif
|
GIF image data, version 89a, 80 x 80
|
dropped
|
||
|
C:\chrome\img\logo.png
|
PNG image data, 426 x 136, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\chrome\img\offline.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\chrome\js\background.js
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\chrome\js\parser.js
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\chrome\js\popup.js
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\chrome\js\selection.js
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\chrome\js\settings.js
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\chrome\manifest.json
|
JSON data
|
dropped
|
||
|
C:\chrome\view\popup.html
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\chrome\view\settings.html
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 79
|
ASCII text, with very long lines (2786)
|
downloaded
|
There are 20 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\7za.exe
|
7za.exe x -oC:\chrome "C:\Users\user\Desktop\OEFKKGFCAHBECCGCKJGBNFCLCMNJGIDG_1_5_9_0 (1).crx"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=C:\chrome
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1664 --field-trial-handle=2016,i,859544963767796602,16029275681761701210,262144
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://app.real-debrid.com/oauth/v2/token
|
unknown
|
||
|
http://fontforge.sf.net)
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.251.111.99
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGNe3mrAGIjCxSZ32kqtf1wo2hYSgiWWMiLq2BR_jmSiISbxHrDb_-NdiagK04Su2Nr5B77ol5IgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.251.111.99
|
||
|
https://real-debrid.com
|
unknown
|
||
|
https://app.real-debrid.com/rest/1.0/unrestrict/link
|
unknown
|
||
|
https://app.real-debrid.com/rest/1.0/hosts/regexFolder
|
unknown
|
||
|
https://real-debrid.com/streaming-
|
unknown
|
||
|
https://www.google.com/async/newtab_promos
|
142.251.111.99
|
||
|
http://zurb.com/playground/foundation-icon-fonts-3
|
unknown
|
||
|
https://app.real-debrid.com/oauth/v2/device/code?client_id=
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.251.111.99
|
||
|
http://fontforge.sf.net)Created
|
unknown
|
||
|
http://fontforge.sf.net)fontcustomfontcustomMediumMediumFontForge
|
unknown
|
||
|
https://app.real-debrid.com/oauth/v2/device/credentials?client_id=
|
unknown
|
||
|
https://real-debrid.com/
|
unknown
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGNe3mrAGIjDCQcX2g0chw2hR2lhqwQl7GKIAAERYj72DhBlTjaLxXCCV9uiNHZqyaKNCQKQb3CUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.251.111.99
|
||
|
https://app.real-debrid.com/rest/1.0/user
|
unknown
|
||
|
https://app.real-debrid.com/rest/1.0/unrestrict/folder
|
unknown
|
||
|
https://real-debrid.com/authorize?client_id=
|
unknown
|
||
|
https://app.real-debrid.com/rest/1.0/hosts/regex
|
unknown
|
||
|
http://oauth.net/grant_type/device/1.0
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
142.251.111.99
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.251.111.99
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.4
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
710000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
2286000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
2690000
|
trusted library allocation
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
2191000
|
heap
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
2100000
|
trusted library allocation
|
page read and write
|
||
|
95F000
|
stack
|
page read and write
|
||
|
85E000
|
stack
|
page read and write
|
||
|
6FF000
|
stack
|
page read and write
|
||
|
1FD000
|
stack
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
2191000
|
heap
|
page read and write
|
||
|
2182000
|
heap
|
page read and write
|
||
|
2175000
|
heap
|
page read and write
|
||
|
2191000
|
heap
|
page read and write
|
||
|
FC000
|
stack
|
page read and write
|
||
|
3DE000
|
stack
|
page read and write
|
||
|
728000
|
heap
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
There are 13 hidden memdumps, click here to show them.