IOCReport

loading gif

Files

File Path
Type
Category
Malicious
http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr
URL
initial url
malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\27117dd9-7858-4d4c-8374-ef16839ad30c.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\28dcbefa-31e9-44c9-98bc-b9e314d9ca01.tmp
ASCII text, with very long lines, with no line terminators
modified
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\12e68644-61a2-49ea-ac3b-c655cca306ab.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\27985dbb-12ee-42eb-805c-16dc3b9e2656.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\50152995-54ba-4d0f-9cf9-590ee46c0e55.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6c452b1a-6acf-4bcf-809d-623812ae33de.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\868740ef-3c96-408f-a507-d8764ad40bd0.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
zlib compressed data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3032001
modified
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\468071a4-6c7d-4327-9229-b9c7ff9f8d37.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\85f45a16-0382-45af-b147-50395de217b0.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\58d2f1e6-f91a-4b6b-9041-6bebaadf3f4a.tmp
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Chrome Web Store Payments.ico.md5
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a8c9cf94-5609-4a4e-84ad-1bc3f5cd5906.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ad127bc6-da92-4f19-a79a-8271871a884a.tmp
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bcda333a-3634-4e53-9325-446d3825989c.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c4bb5421-f840-49fd-bc08-9acb16fb6a5d.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
MPEG-4 LOAS
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\a661ec3e-2e2b-4b14-a3a9-33ed435d4b70.tmp
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\bcec266e-9864-43a9-92cf-1caed5c6f418.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\058afb24-1d34-4f97-9ad2-ba45e66f9ad5.tmp
Google Chrome extension, version 3
dropped
clean
C:\Users\user\AppData\Local\Temp\5e148e82-d98e-440d-8e04-e9ca27f470a5.tmp
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\66f5417e-7261-43aa-a893-b0e0ec64211c.tmp
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\a98c1461-7371-4b8f-9438-8e4a0b6c4795.tmp
Google Chrome extension, version 3
dropped
clean
C:\Users\user\AppData\Local\Temp\c1df0f8a-ad9f-4ecd-afd2-6612a1ddbc41.tmp
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\d04c78e9-9629-48f0-8ee5-3cf3c773e75c.tmp
Google Chrome extension, version 3
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\058afb24-1d34-4f97-9ad2-ba45e66f9ad5.tmp
Google Chrome extension, version 3
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_153020419\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\am\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\ar\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\bn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\en\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\fa\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\fil\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\gu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\id\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\kn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\ml\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\mr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\ms\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\nl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\pt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\sw\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\ta\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\te\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\zh\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\CRX_INSTALL\manifest.json
ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_1675720114\d04c78e9-9629-48f0-8ee5-3cf3c773e75c.tmp
Google Chrome extension, version 3
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir3880_2053652324\a98c1461-7371-4b8f-9438-8e4a0b6c4795.tmp
Google Chrome extension, version 3
dropped
clean
There are 205 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr'
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,11347640063778282216,12771895532885012560,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1688 /prefetch:8
clean

URLs

Name
IP
Malicious
https://jrschnell.com.br/site/z1/y5t4SCIjdufwm3DlF0B6gHz9h7YcZW/ptmkYZg0csRd3hfLVODo/mf6H3wg59JYA4MiDNIy.php
malicious
https://jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr/
unknown
clean
https://dns.google
unknown
clean
https://jrschnell.com.br
unknown
clean
https://jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr2
unknown
clean
https://jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRrQ
unknown
clean
https://jrschnell.com.br/favicon.ico
unknown
clean
https://jrschnell.com.br/site/z1/y5t4SCIjdufwm3DlF0B6gHz9h7YcZW/ptmkYZg0csRd3hfLVODo/mf6H3wg59JYA4Mi
unknown
clean
http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr
unknown
clean
https://jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr2:
unknown
clean
http://www.ztzusl.vibz.co.uk./
198.54.125.197
clean
http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRrPlease
unknown
clean
https://a.nel.cloudflare.com/report?s=%2Brkvlk2spclXqK6yTmx2usbGOs8A629aLK1Dqd3p0H0JYWQO71VtF1WOEgDU
unknown
clean
https://clients2.googleusercontent.com
unknown
clean
https://jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr
unknown
clean
http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr2
unknown
clean
https://feedback.googleusercontent.com
unknown
clean
https://a.nel.cloudflare.com/report?s=x%2Fk503X%2FQhaDDfvDnSBp0jVUjYJ98bFOUyn9O3pstJJ87ASzqPO11BiOuN
unknown
clean
There are 8 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cdn.clipart.email
172.67.192.199
clean
clipartkind.com
104.21.69.231
clean
a.nel.cloudflare.com
35.190.80.1
clean
cs1100.wpc.omegacdn.net
152.199.23.37
clean
www.ztzusl.vibz.co.uk
198.54.125.197
clean
jrschnell.com.br
216.172.172.184
clean
googlehosted.l.googleusercontent.com
172.217.168.33
clean
clients2.googleusercontent.com
unknown
clean
aadcdn.msftauth.net
unknown
clean
aadcdn.msauth.net
unknown
clean

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
clean
104.21.69.231
clipartkind.com
United States
clean
198.54.125.197
www.ztzusl.vibz.co.uk
United States
clean
192.168.2.6
unknown
unknown
clean
216.172.172.184
jrschnell.com.br
United States
clean
239.255.255.250
unknown
Reserved
clean
172.217.168.33
googlehosted.l.googleusercontent.com
United States
clean
172.67.192.199
cdn.clipart.email
United States
clean
35.190.80.1
a.nel.cloudflare.com
United States
clean
152.199.23.37
cs1100.wpc.omegacdn.net
United States
clean
127.0.0.1
unknown
unknown
clean
There are 1 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
S-1-5-21-3853321935-2125563209-4053062332-1002
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
ahfgeienlihckogmohjhadlkjgocpleb
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
gdaefkejpgkiemlaofpalmlakkmbjdnl
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
gfdkimpbcpahaombhbimeihdjnejgicl
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
kmendfapggjehodndflmmgagdbamhnfd
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
mfehgcgbbipciphmccgaenjidiccnmng
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
mhjfbmdgcfjbbpaeojofohoefgiehjai
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
neajdppkdcdipfabeoofebfddakdcjhd
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
nkeimhogjdpnpccoofpliimaahmaaome
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
prefs.preference_reset_time
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
gfdkimpbcpahaombhbimeihdjnejgicl
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
nmmhkkegccagdldgiimedpiccmgmieda
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
pkedcjkdefgpdelpbcmbmeomcjbeemfm
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
nmmhkkegccagdldgiimedpiccmgmieda
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
state
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
StatusCodes
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
StatusCodes
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
state
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
software_reporter.reporting
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
module_blacklist_cache_md5_digest
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
media.storage_id_salt
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
google.services.last_account_id
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
google.services.account_id
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
software_reporter.prompt_seed
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
settings_reset_prompt.last_triggered_for_homepage
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
default_search_provider_data.template_url_data
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
safebrowsing.incidents_sent
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
pinned_tabs
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
search_provider_overrides
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
settings_reset_prompt.last_triggered_for_default_search
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
prefs.preference_reset_time
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
google.services.last_username
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
session.startup_urls
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
session.restore_on_startup
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
software_reporter.prompt_version
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
settings_reset_prompt.last_triggered_for_startup_urls
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
settings_reset_prompt.prompt_wave
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
homepage
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
homepage_is_newtabpage
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
browser.show_home_button
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
user_experience_metrics.stability.exited_cleanly
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
lastrun
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
S-1-5-21-3853321935-2125563209-4053062332-1002
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
GlobalAssocChangedCounter
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
Blob
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
Blob
clean
There are 36 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
3E754FA000
unkown
page read and write
clean
7FF5A2016000
unkown
page readonly
clean
1E4A0629000
unkown
page read and write
clean
7FF561212000
unkown
page readonly
clean
7FF5DD839000
unkown
page readonly
clean
7FF5427F3000
unkown
page readonly
clean
7FF5E7F20000
unkown
page readonly
clean
7FF5E7E5C000
unkown
page readonly
clean
7FF561309000
unkown
page readonly
clean
23DBD829000
unkown
page read and write
clean
3E752FA000
unkown
page read and write
clean
7FF56126D000
unkown
page readonly
clean
7FF5612A0000
unkown
page readonly
clean
20DD2FE0000
unkown
page read and write
clean
7FF5E7D93000
unkown
page readonly
clean
23DBF7A0000
unkown
page readonly
clean
7FF5E7E5A000
unkown
page readonly
clean
7FF5A149E000
unkown
page readonly
clean
1777C800000
unkown
page readonly
clean
7FF541FF0000
unkown
page readonly
clean
7FF5425E0000
unkown
page readonly
clean
19989BF0000
unkown
page read and write
clean
23DBD86C000
unkown
page read and write
clean
20DD3802000
unkown
page read and write
clean
23DBD86C000
unkown
page read and write
clean
20DD3053000
unkown
page read and write
clean
15606E10000
unkown
page read and write
clean
1777C702000
unkown
page read and write
clean
3E751FA000
unkown
page read and write
clean
7FF5A201C000
unkown
page readonly
clean
23DBD8C8000
unkown
page read and write
clean
7FF561218000
unkown
page readonly
clean
20DD3069000
unkown
page read and write
clean
7FF542808000
unkown
page readonly
clean
7FF5E7E98000
unkown
page readonly
clean
19989C58000
unkown
page read and write
clean
6F009FE000
unkown
page read and write
clean
7FF5E7D78000
unkown
page readonly
clean
23DBD86D000
unkown
page read and write
clean
7FF5A1FFD000
unkown
page readonly
clean
20DD2EF0000
unkown
page readonly
clean
7FF5E7EAA000
unkown
page readonly
clean
156069B0000
unkown
page read and write
clean
23DBF710000
heap private
page read and write
clean
3E75379000
unkown
page read and write
clean
156069F4000
unkown
page read and write
clean
3E7557F000
unkown
page read and write
clean
1777C66B000
unkown
page read and write
clean
20DD3045000
unkown
page read and write
clean
7FF54284E000
unkown
page readonly
clean
1E4A0613000
unkown
page read and write
clean
23DBD902000
unkown
page read and write
clean
7FF5E7ECF000
unkown
page readonly
clean
23DBF943000
unkown
page read and write
clean
23DBD869000
unkown
page read and write
clean
7FF542727000
unkown
page readonly
clean
7FF542911000
unkown
page readonly
clean
20DD307C000
unkown
page read and write
clean
7FF54269F000
unkown
page readonly
clean
1777C658000
unkown
page read and write
clean
23DBD913000
unkown
page read and write
clean
23DBD872000
unkown
page read and write
clean
1777C66B000
unkown
page read and write
clean
7FF5E7F27000
unkown
page readonly
clean
20DD3049000
unkown
page read and write
clean
1777E0A0000
unkown
page readonly
clean
20DD3054000
unkown
page read and write
clean
23DBF780000
unkown
page readonly
clean
7FF542826000
unkown
page readonly
clean
7FF561245000
unkown
page readonly
clean
20DD3076000
unkown
page read and write
clean
7FF5A1FBA000
unkown
page readonly
clean
7FF542919000
unkown
page readonly
clean
23DBD8F0000
unkown
page read and write
clean
6F00AFE000
unkown
page read and write
clean
7FF561301000
unkown
page readonly
clean
7FF5427F7000
unkown
page readonly
clean
7FF5612FE000
unkown
page readonly
clean
1777C66B000
unkown
page read and write
clean
19989C48000
unkown
page read and write
clean
6F0051E000
unkown
page read and write
clean
15606E10000
unkown
page read and write
clean
7FF560FC5000
unkown
page readonly
clean
1777C66B000
unkown
page read and write
clean
7FF54266A000
unkown
page readonly
clean
7FF5427BA000
unkown
page readonly
clean
7FF5E7D97000
unkown
page readonly
clean
7FF5611BA000
unkown
page readonly
clean
7FF5A2099000
unkown
page readonly
clean
7FF5A1FA6000
unkown
page readonly
clean
1777C700000
unkown
page read and write
clean
3E74DFB000
unkown
page read and write
clean
20DD2FC0000
unkown
page readonly
clean
7FF5A1FE9000
unkown
page readonly
clean
7FF5E7F89000
unkown
page readonly
clean
20DD3046000
unkown
page read and write
clean
1777DFA0000
unkown
page read and write
clean
15606D24000
unkown
page read and write
clean
20DD3041000
unkown
page read and write
clean
7FF5A1FDF000
unkown
page readonly
clean
20DD304A000
unkown
page read and write
clean
1E4A0540000
unkown
page write copy
clean
7FF5E7F7E000
unkown
page readonly
clean
1E4A066A000
unkown
page read and write
clean
7FF5A2006000
unkown
page readonly
clean
1777C66D000
unkown
page read and write
clean
1E4A08D0000
unkown
page readonly
clean
7FF5E7E92000
unkown
page readonly
clean
7FF560F64000
unkown
page readonly
clean
20DD3050000
unkown
page read and write
clean
7FF560F77000
unkown
page readonly
clean
7FF574D59000
unkown
page readonly
clean
23DBF6F0000
unkown
page read and write
clean
156069C0000
unkown
page read and write
clean
7FF5427C7000
unkown
page readonly
clean
7FF542423000
unkown
page readonly
clean
156069F0000
unkown
page read and write
clean
7FF542855000
unkown
page readonly
clean
15601F18000
unkown
page read and write
clean
20DD3051000
unkown
page read and write
clean
23DBD7A0000
heap default
page read and write
clean
23DBDAD0000
unkown
page readonly
clean
23DBD740000
heap private
page read and write
clean
7FF5E7F89000
unkown
page readonly
clean
7FF5A200C000
unkown
page readonly
clean
15606AAF000
unkown
page read and write
clean
7FF5E7E3A000
unkown
page readonly
clean
7FF5611DC000
unkown
page readonly
clean
7FF542828000
unkown
page readonly
clean
23DBD86B000
unkown
page read and write
clean
7FF5612A7000
unkown
page readonly
clean
20DD3047000
unkown
page read and write
clean
1777C613000
unkown
page read and write
clean
20DD3078000
unkown
page read and write
clean
156069C0000
unkown
page read and write
clean
7FF5A2025000
unkown
page readonly
clean
23DBF770000
unkown
page read and write
clean
23DBF902000
unkown
page read and write
clean
4F5FB7E000
unkown
page read and write
clean
1E4A2070000
unkown
page read and write
clean
7FF5A1DBA000
unkown
page readonly
clean
7FF5E7BF3000
unkown
page readonly
clean
14B8E180000
unkown
page read and write
clean
7FF542810000
unkown
page readonly
clean
20DD306B000
unkown
page read and write
clean
20DD3075000
unkown
page read and write
clean
19989C48000
unkown
page read and write
clean
23DBD86F000
unkown
page read and write
clean
23DC0010000
unkown
page read and write
clean
7FF5E7CF0000
unkown
page readonly
clean
7FF5A1FCE000
unkown
page readonly
clean
7FF5427EC000
unkown
page readonly
clean
20DD3055000
unkown
page read and write
clean
1E4A0640000
unkown
page read and write
clean
7FF5E7EFC000
unkown
page readonly
clean
4F5FD7E000
unkown
page read and write
clean
20DD3013000
unkown
page read and write
clean
1EF0F4F000
unkown
page read and write
clean
7FF515829000
unkown
page readonly
clean
7FF5E7F81000
unkown
page readonly
clean
23DBFA00000
unkown
page readonly
clean
7FF56123E000
unkown
page readonly
clean
23DBD8A4000
unkown
page read and write
clean
7FF5A208E000
unkown
page readonly
clean
20DD3000000
unkown
page read and write
clean
7FF54BD79000
unkown
page readonly
clean
20DD304C000
unkown
page read and write
clean
15601F59000
unkown
page read and write
clean
1777C713000
unkown
page read and write
clean
7FF56105A000
unkown
page readonly
clean
15606AB1000
unkown
page read and write
clean
7FF5E7EC5000
unkown
page readonly
clean
1E4A0625000
unkown
page read and write
clean
7FF542785000
unkown
page readonly
clean
23DBD8E9000
unkown
page read and write
clean
15606D21000
unkown
page read and write
clean
1E4A0637000
unkown
page read and write
clean
7FF561117000
unkown
page readonly
clean
7FF5E7EBE000
unkown
page readonly
clean
7FF542881000
unkown
page readonly
clean
1EF0FC9000
unkown
page read and write
clean
7FF561259000
unkown
page readonly
clean
20DD3085000
unkown
page read and write
clean
20DD3052000
unkown
page read and write
clean
7FF542896000
unkown
page readonly
clean
19989C57000
unkown
page read and write
clean
6F00BFF000
unkown
page read and write
clean
7FF542812000
unkown
page readonly
clean
7FF5E7BE4000
unkown
page readonly
clean
7FF56127C000
unkown
page readonly
clean
7FF5E7E41000
unkown
page readonly
clean
1E4A0602000
unkown
page read and write
clean
1E4A066A000
unkown
page read and write
clean
19989BF0000
unkown
page read and write
clean
1EF127F000
unkown
page read and write
clean
7FF561276000
unkown
page readonly
clean
1E4A0713000
unkown
page read and write
clean
1777C66B000
unkown
page read and write
clean
7FF541FEC000
unkown
page readonly
clean
7FF54289C000
unkown
page readonly
clean
1E4A066A000
unkown
page read and write
clean
1777C590000
unkown
page write copy
clean
20DD302E000
unkown
page read and write
clean
23DBF770000
unkown
page read and write
clean
23DBD86E000
unkown
page read and write
clean
7FF542869000
unkown
page readonly
clean
7FF542708000
unkown
page readonly
clean
3E7547D000
unkown
page read and write
clean
1E4A0590000
unkown
page readonly
clean
7FF561113000
unkown
page readonly
clean
7FF5E7EF6000
unkown
page readonly
clean
7FF5610F8000
unkown
page readonly
clean
7FF542680000
unkown
page readonly
clean
23DBD856000
unkown
page read and write
clean
7FF5428A7000
unkown
page readonly
clean
7FF5E7F24000
unkown
page readonly
clean
7FF5612A4000
unkown
page readonly
clean
20DD3042000
unkown
page read and write
clean
7FF5427C4000
unkown
page readonly
clean
23DBF280000
unkown
page read and write
clean
3E7527F000
unkown
page read and write
clean
7FF5428B4000
unkown
page readonly
clean
15606D80000
unkown
page read and write
clean
23DBD813000
unkown
page read and write
clean
7FF5611C1000
unkown
page readonly
clean
23DBD83F000
unkown
page read and write
clean
7FF561297000
unkown
page readonly
clean
23DBD883000
unkown
page read and write
clean
7FF5E7C45000
unkown
page readonly
clean
1EF12FA000
unkown
page read and write
clean
7FF5E7E96000
unkown
page readonly
clean
1E4A0700000
unkown
page read and write
clean
1777C4B0000
heap default
page read and write
clean
7FF5611DA000
unkown
page readonly
clean
7FF56121A000
unkown
page readonly
clean
7FF560F73000
unkown
page readonly
clean
7FF54264C000
unkown
page readonly
clean
3E753FE000
unkown
page read and write
clean
23DBDCD0000
unkown
page readonly
clean
7FF56128C000
unkown
page readonly
clean
7FF5A1FD5000
unkown
page readonly
clean
15606AB2000
unkown
page read and write
clean
1E4A04D0000
heap private
page read and write
clean
15606E10000
unkown
page read and write
clean
20DD3048000
unkown
page read and write
clean
23DBD7B0000
unkown
page write copy
clean
1777C66B000
unkown
page read and write
clean
156069E0000
unkown
page read and write
clean
20DD302A000
unkown
page read and write
clean
7FF5C8279000
unkown
page readonly
clean
19989C58000
unkown
page read and write
clean
4F5FA7B000
unkown
page read and write
clean
7FF5425C7000
unkown
page readonly
clean
3E7517A000
unkown
page read and write
clean
7FF5609DC000
unkown
page readonly
clean
7FF5A18C8000
unkown
page readonly
clean
7FF5E7C50000
unkown
page readonly
clean
7FF54285F000
unkown
page readonly
clean
7FF5E7660000
unkown
page readonly
clean
15601F59000
unkown
page read and write
clean
20DD307E000
unkown
page read and write
clean
7FF5A1F90000
unkown
page readonly
clean
7FF5A2099000
unkown
page readonly
clean
7FF5E7E37000
unkown
page readonly
clean
7FF542583000
unkown
page readonly
clean
6F0059E000
unkown
page read and write
clean
7FF5E7ED9000
unkown
page readonly
clean
7FF54290E000
unkown
page readonly
clean
20DD3066000
unkown
page read and write
clean
23DBF760000
unkown
page readonly
clean
7FF542658000
unkown
page readonly
clean
7FF5A2037000
unkown
page readonly
clean
15601F18000
unkown
page read and write
clean
23DBD86A000
unkown
page read and write
clean
7FF542822000
unkown
page readonly
clean
22550E54000
unkown
page read and write
clean
1E4A066A000
unkown
page read and write
clean
14B8E180000
unkown
page read and write
clean
23DBD8C1000
unkown
page read and write
clean
23DBF900000
unkown
page read and write
clean
23DBF770000
unkown
page read and write
clean
7FF561309000
unkown
page readonly
clean
20DD3102000
unkown
page read and write
clean
7FF55E1E9000
unkown
page readonly
clean
20DD303E000
unkown
page read and write
clean
23DBF802000
unkown
page read and write
clean
7FF56124F000
unkown
page readonly
clean
15606D08000
unkown
page read and write
clean
7FF5A2030000
unkown
page readonly
clean
7FF561286000
unkown
page readonly
clean
20DD2EE0000
heap default
page read and write
clean
20DD3030000
unkown
page read and write
clean
7FF5A2091000
unkown
page readonly
clean
7FF5E7F17000
unkown
page readonly
clean
1777C629000
unkown
page read and write
clean
7FF5427FC000
unkown
page readonly
clean
7FF542587000
unkown
page readonly
clean
1E4A0702000
unkown
page read and write
clean
1777C4C0000
unkown
page readonly
clean
23DBF945000
unkown
page read and write
clean
7FF5611B7000
unkown
page readonly
clean
1E4A066A000
unkown
page read and write
clean
7FF54287D000
unkown
page readonly
clean
7FF5427B1000
unkown
page readonly
clean
7FF5E7EED000
unkown
page readonly
clean
7FF560FD0000
unkown
page readonly
clean
1777C602000
unkown
page read and write
clean
20DD2E80000
heap private
page read and write
clean
7FF54267E000
unkown
page readonly
clean
23DBD8D7000
unkown
page read and write
clean
3E750FF000
unkown
page read and write
clean
20DD306E000
unkown
page read and write
clean
7FF5425D5000
unkown
page readonly
clean
7FF54263B000
unkown
page readonly
clean
7FF542723000
unkown
page readonly
clean
7FF5E7BF7000
unkown
page readonly
clean
20DD3039000
unkown
page read and write
clean
4F5FCFE000
unkown
page read and write
clean
20DD304F000
unkown
page read and write
clean
20DD3043000
unkown
page read and write
clean
1777C66B000
unkown
page read and write
clean
20DD2FD0000
unkown
page readonly
clean
7FF5CB709000
unkown
page readonly
clean
7FF54283A000
unkown
page readonly
clean
7FF542574000
unkown
page readonly
clean
7FF5427CA000
unkown
page readonly
clean
1777C640000
unkown
page read and write
clean
7FF543419000
unkown
page readonly
clean
1E4A0800000
unkown
page readonly
clean
7FF5425CE000
unkown
page readonly
clean
7FF5609E0000
unkown
page readonly
clean
1EF0ECB000
unkown
page read and write
clean
20DD3200000
unkown
page readonly
clean
7FF5E7F06000
unkown
page readonly
clean
7FF5427EA000
unkown
page readonly
clean
20DD3031000
unkown
page read and write
clean
7FF561070000
unkown
page readonly
clean
20DD3039000
unkown
page read and write
clean
23DBDA00000
unkown
page readonly
clean
1E4A066A000
unkown
page read and write
clean
7FF561216000
unkown
page readonly
clean
7FF54278C000
unkown
page readonly
clean
1777C600000
unkown
page read and write
clean
23DBF380000
unkown
page readonly
clean
7FF542919000
unkown
page readonly
clean
7FF5E7E9A000
unkown
page readonly
clean
7FF5E7CDA000
unkown
page readonly
clean
19989C47000
unkown
page read and write
clean
3E7507F000
unkown
page read and write
clean
7FF54244D000
unkown
page readonly
clean
20DD307B000
unkown
page read and write
clean
7FF5A2034000
unkown
page readonly
clean
23DBD869000
unkown
page read and write
clean
7FF5A1FA8000
unkown
page readonly
clean
22550E68000
unkown
page read and write
clean
7FF5428B0000
unkown
page readonly
clean
1777C5E0000
unkown
page readonly
clean
1777C450000
heap private
page read and write
clean
15606AB4000
unkown
page read and write
clean
15606D0E000
unkown
page read and write
clean
1E4A0654000
unkown
page read and write
clean
7FF5428B7000
unkown
page readonly
clean
14B8E180000
unkown
page read and write
clean
23DBD800000
unkown
page read and write
clean
7FF5427D1000
unkown
page readonly
clean
7FF5A1E1F000
unkown
page readonly
clean
23DBF770000
unkown
page read and write
clean
23DBF700000
unkown
page readonly
clean
4F5FAFF000
unkown
page read and write
clean
7FF56122A000
unkown
page readonly
clean
23DBF943000
unkown
page read and write
clean
7FF54288C000
unkown
page readonly
clean
1E4A2170000
unkown
page readonly
clean
15606D00000
unkown
page read and write
clean
6F0049B000
unkown
page read and write
clean
1E4A066A000
unkown
page read and write
clean
23DBD872000
unkown
page read and write
clean
7FF5E7F0C000
unkown
page readonly
clean
7FF5E765C000
unkown
page readonly
clean
1E4A0600000
unkown
page read and write
clean
1E4A0530000
heap default
page read and write
clean
7FF54259C000
unkown
page readonly
clean
19989BF0000
unkown
page read and write
clean
23DBD917000
unkown
page read and write
clean
23DBF912000
unkown
page read and write
clean
1E4A066A000
unkown
page read and write
clean
4F5FBF9000
unkown
page read and write
clean
20DD306C000
unkown
page read and write
clean
1EF137E000
unkown
page read and write
clean
4F5FC79000
unkown
page read and write
clean
7FF542886000
unkown
page readonly
clean
23DBD86A000
unkown
page read and write
clean
7FF5428A5000
unkown
page readonly
clean
There are 383 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://jrschnell.com.br/site/z1/y5t4SCIjdufwm3DlF0B6gHz9h7YcZW/ptmkYZg0csRd3hfLVODo/mf6H3wg59JYA4MiDNIy.php
malicious