Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr

URL

initial url

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\017a9d03-b27e-4e10-846c-3af8a4c00f9a.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\842a5274-4f22-4210-87bd-e0791868038f.tmp

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\92dea4d3-1c38-45e3-90bd-f4a469befe3f.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\9aae0cfb-440d-441d-9739-15701c35174e.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1205099d-b56d-4bac-a252-3be3abb988bf.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\43662394-a73f-491b-b25d-dadf65d899f7.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\479c5188-37ae-4362-9aea-46946c17be33.tmp

UTF-8 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7ee5ee20-5778-441f-9f1a-60961cabb3ef.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

zlib compressed data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL

SQLite 3.x database, last written using SQLite version 3032001

modified

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\70d3da1d-19eb-44fe-ae07-c2744b7fb99b.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\8f522560-96a5-408f-8ea6-b71e615dc657.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Chrome Web Store Payments.ico.md5

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\ecf51cec-8cff-4906-8ef9-59ae0a4ab825.tmp

MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b73ebcb9-306b-45b8-8b46-fce919e3aa81.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ba93d5cd-37d3-4144-94b2-a68fc2f813a7.tmp

UTF-8 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bf9c0326-77d1-4881-b428-dfac92b2e452.tmp

ASCII text, with very long lines, with no line terminators

modified

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cd1a21d1-cdf0-43d4-ada8-753f589b87f8.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

MPEG-4 LOAS

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e092c941-846d-4ca0-92ae-0bad6a7a4a2a.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f43117c8-c32d-45b2-9ca0-289f206cbafc.tmp

UTF-8 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\0c3f6955-ecb0-44f3-86e0-dd6fb8e44048.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\3bc3ff2e-5fcd-416e-9d4b-9bbdd5589dd3.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\7e8babb5-7628-4bb3-8797-c4b873789bbb.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\add8fe13-175d-496e-abde-a7ccd4b6652f.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\b564911b-f54e-4259-9034-5451d99c9559.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\f326f68b-75ea-4103-a897-c68291f47aa3.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\3bc3ff2e-5fcd-416e-9d4b-9bbdd5589dd3.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\bg\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\ca\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\cs\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\da\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\de\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\el\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\en\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\en_GB\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\es\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\es_419\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\et\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\fi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\fil\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\fr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\hi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\hr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\hu\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\id\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\it\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\ja\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\ko\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\lt\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\lv\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\nb\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\nl\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\pl\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\pt_BR\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\pt_PT\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\ro\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\ru\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\sk\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\sl\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\sr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\sv\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\th\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\tr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\uk\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\vi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\zh_CN\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\_locales\zh_TW\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\images\icon_128.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\images\icon_16.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1542486938\CRX_INSTALL\manifest.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\bg\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\ca\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\cs\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\da\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\de\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\el\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\en\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\en_GB\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\es\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\es_419\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\et\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\fi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\fil\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\fr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\hi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\hr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\hu\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\id\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\it\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\ja\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\ko\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\lt\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\lv\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\nb\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\nl\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\pl\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\pt_BR\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\pt_PT\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\ro\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\ru\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\sk\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\sl\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\sr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\sv\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\th\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\tr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\uk\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\vi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\zh_CN\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\_locales\zh_TW\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\images\icon_128.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\images\icon_16.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\CRX_INSTALL\manifest.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_1695459958\add8fe13-175d-496e-abde-a7ccd4b6652f.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\7e8babb5-7628-4bb3-8797-c4b873789bbb.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\am\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\ar\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\bg\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\bn\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\ca\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\cs\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\da\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\de\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\el\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\en\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\es\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\et\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\fa\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\fi\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\fil\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\fr\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\gu\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\hi\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\hr\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\hu\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\id\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\it\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\ja\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\kn\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\ko\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\lt\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\lv\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\ml\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\mr\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\ms\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\nb\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\nl\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\pl\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\pt\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\ro\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\ru\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\sk\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\sl\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\sr\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\sv\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\sw\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\ta\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\te\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\th\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\tr\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\uk\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\vi\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\zh\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\_locales\zh_TW\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5056_743145687\CRX_INSTALL\manifest.json

ASCII text, with very long lines, with CRLF line terminators

dropped

There are 206 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr'

Details

Is windows:	true
Is dropped:	false
PID:	5056
Target ID:	0
Parent PID:	3600
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr'
Size:	2150896
MD5:	C139654B5C1438A95B321BB01AD63EF6
Time:	13:55:28
Date:	08/04/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76d1c0000
Modulesize:	2199552
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,6792534671230322255,6132008020722060178,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1728 /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4884
Target ID:	1
Parent PID:	5056
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,6792534671230322255,6132008020722060178,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1728 /prefetch:8
Size:	2150896
MD5:	C139654B5C1438A95B321BB01AD63EF6
Time:	13:55:29
Date:	08/04/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76d1c0000
Modulesize:	2199552
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://jrschnell.com.br/site/z1/VnZE9ulGqMKjNPTs72kQOvWiXB53gJ/XFbfTQrlqO3wkBnz64ay/Qwv84IjbHADBi0sC5yJ.php

https://jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr/

unknown

https://dns.google

unknown

https://jrschnell.com.br

unknown

https://jrschnell.com.br/site/z1/VnZE9ulGqMKjNPTs72kQOvWiXB53gJ/XFbfTQrlqO3wkBnz64ay/Qwv84IjbHADBi0s

unknown

https://a.nel.cloudflare.com/report?s=zVuCYb4T5%2BCu2V1YcvmWp6nX75rMO5L0ohPHNJ1QMyQ5%2FZIOjURxxTTQ%2

unknown

https://jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr2

unknown

https://jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRrQ

unknown

https://jrschnell.com.br/favicon.ico

unknown

http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr

unknown

https://jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr2:

unknown

http://www.ztzusl.vibz.co.uk./

198.54.125.197

http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRrPlease

unknown

https://a.nel.cloudflare.com/report?s=yEANLvrb3gjrgKSDVW66NfiDAFiP5z138blbV%2BydPALy8Kpx4QDFTFv2qvQV

unknown

https://clients2.googleusercontent.com

unknown

https://jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr

unknown

http://www.ztzusl.vibz.co.uk./#jrschnell.com.br/site/z1/bGFtQHNwYXJub3JkLmRr2

unknown

https://feedback.googleusercontent.com

unknown

There are 8 hidden URLs, click here to show them.

Domains

Name

Malicious

cdn.clipart.email

104.21.52.8

clipartkind.com

104.21.69.231

a.nel.cloudflare.com

35.190.80.1

cs1100.wpc.omegacdn.net

152.199.23.37

www.ztzusl.vibz.co.uk

198.54.125.197

jrschnell.com.br

216.172.172.184

googlehosted.l.googleusercontent.com

172.217.168.33

clients2.googleusercontent.com

unknown

aadcdn.msftauth.net

unknown

aadcdn.msauth.net

unknown

IPs

Domain

Country

Malicious

192.168.2.1

unknown

104.21.52.8

cdn.clipart.email

United States

104.21.69.231

clipartkind.com

United States

198.54.125.197

www.ztzusl.vibz.co.uk

United States

216.172.172.184

jrschnell.com.br

United States

239.255.255.250

unknown

Reserved

172.217.168.33

googlehosted.l.googleusercontent.com

United States

35.190.80.1

a.nel.cloudflare.com

United States

152.199.23.37

cs1100.wpc.omegacdn.net

United States

127.0.0.1

unknown

Registry

Path

Value

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

S-1-5-21-3853321935-2125563209-4053062332-1002

C:\Program Files\Google\Chrome\Application\chrome.exe

ahfgeienlihckogmohjhadlkjgocpleb

C:\Program Files\Google\Chrome\Application\chrome.exe

gdaefkejpgkiemlaofpalmlakkmbjdnl

C:\Program Files\Google\Chrome\Application\chrome.exe

gfdkimpbcpahaombhbimeihdjnejgicl

C:\Program Files\Google\Chrome\Application\chrome.exe

kmendfapggjehodndflmmgagdbamhnfd

C:\Program Files\Google\Chrome\Application\chrome.exe

mfehgcgbbipciphmccgaenjidiccnmng

C:\Program Files\Google\Chrome\Application\chrome.exe

mhjfbmdgcfjbbpaeojofohoefgiehjai

C:\Program Files\Google\Chrome\Application\chrome.exe

neajdppkdcdipfabeoofebfddakdcjhd

C:\Program Files\Google\Chrome\Application\chrome.exe

nkeimhogjdpnpccoofpliimaahmaaome

C:\Program Files\Google\Chrome\Application\chrome.exe

nmmhkkegccagdldgiimedpiccmgmieda

C:\Program Files\Google\Chrome\Application\chrome.exe

prefs.preference_reset_time

C:\Program Files\Google\Chrome\Application\chrome.exe

gfdkimpbcpahaombhbimeihdjnejgicl

C:\Program Files\Google\Chrome\Application\chrome.exe

nmmhkkegccagdldgiimedpiccmgmieda

C:\Program Files\Google\Chrome\Application\chrome.exe

pkedcjkdefgpdelpbcmbmeomcjbeemfm

C:\Program Files\Google\Chrome\Application\chrome.exe

nmmhkkegccagdldgiimedpiccmgmieda

C:\Program Files\Google\Chrome\Application\chrome.exe

state

C:\Program Files\Google\Chrome\Application\chrome.exe

StatusCodes

C:\Program Files\Google\Chrome\Application\chrome.exe

StatusCodes

C:\Program Files\Google\Chrome\Application\chrome.exe

state

C:\Program Files\Google\Chrome\Application\chrome.exe

software_reporter.reporting

C:\Program Files\Google\Chrome\Application\chrome.exe

module_blacklist_cache_md5_digest

C:\Program Files\Google\Chrome\Application\chrome.exe

media.storage_id_salt

C:\Program Files\Google\Chrome\Application\chrome.exe

google.services.last_account_id

C:\Program Files\Google\Chrome\Application\chrome.exe

google.services.account_id

C:\Program Files\Google\Chrome\Application\chrome.exe

software_reporter.prompt_seed

C:\Program Files\Google\Chrome\Application\chrome.exe

settings_reset_prompt.last_triggered_for_homepage

C:\Program Files\Google\Chrome\Application\chrome.exe

default_search_provider_data.template_url_data

C:\Program Files\Google\Chrome\Application\chrome.exe

safebrowsing.incidents_sent

C:\Program Files\Google\Chrome\Application\chrome.exe

pinned_tabs

C:\Program Files\Google\Chrome\Application\chrome.exe

search_provider_overrides

C:\Program Files\Google\Chrome\Application\chrome.exe

settings_reset_prompt.last_triggered_for_default_search

C:\Program Files\Google\Chrome\Application\chrome.exe

prefs.preference_reset_time

C:\Program Files\Google\Chrome\Application\chrome.exe

google.services.last_username

C:\Program Files\Google\Chrome\Application\chrome.exe

session.startup_urls

C:\Program Files\Google\Chrome\Application\chrome.exe

session.restore_on_startup

C:\Program Files\Google\Chrome\Application\chrome.exe

software_reporter.prompt_version

C:\Program Files\Google\Chrome\Application\chrome.exe

settings_reset_prompt.last_triggered_for_startup_urls

C:\Program Files\Google\Chrome\Application\chrome.exe

settings_reset_prompt.prompt_wave

C:\Program Files\Google\Chrome\Application\chrome.exe

homepage

C:\Program Files\Google\Chrome\Application\chrome.exe

homepage_is_newtabpage

C:\Program Files\Google\Chrome\Application\chrome.exe

browser.show_home_button

C:\Program Files\Google\Chrome\Application\chrome.exe

user_experience_metrics.stability.exited_cleanly

C:\Program Files\Google\Chrome\Application\chrome.exe

lastrun

C:\Program Files\Google\Chrome\Application\chrome.exe

S-1-5-21-3853321935-2125563209-4053062332-1002

C:\Program Files\Google\Chrome\Application\chrome.exe

GlobalAssocChangedCounter

C:\Program Files\Google\Chrome\Application\chrome.exe

Blob

C:\Program Files\Google\Chrome\Application\chrome.exe

Blob

There are 37 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF5AA1EC000

unkown

page readonly

7FF5B2BF8000

unkown

page readonly

2504287B000

unkown

page read and write

7FF5B2EC5000

unkown

page readonly

1EF15269000

unkown

page read and write

7FF5AA194000

unkown

page readonly

7FF5B2F66000

unkown

page readonly

7FF5B2E88000

unkown

page readonly

7FF5FA9F2000

unkown

page readonly

27336FE000

unkown

page read and write

1C899A5B000

unkown

page read and write

1EF1523F000

unkown

page read and write

20E2EC60000

heap private

page read and write

20F5FE6A000

unkown

page read and write

7FF5FA9B1000

unkown

page readonly

7FF5B2E7F000

unkown

page readonly

7FF5B2F73000

unkown

page readonly

7FF5882C3000

unkown

page readonly

208870F0000

unkown

page read and write

20882518000

unkown

page read and write

7FF5FA9D5000

unkown

page readonly

25042858000

unkown

page read and write

20E2EE68000

unkown

page read and write

20F5FE69000

unkown

page read and write

1C89BA10000

unkown

page read and write

20E2EE6D000

unkown

page read and write

7FF5AA0B3000

unkown

page readonly

7FF5AA01A000

unkown

page readonly

25042800000

unkown

page read and write

7FF5AA157000

unkown

page readonly

7FF5FA661000

unkown

page readonly

7FF5AA155000

unkown

page readonly

7FF5A9A10000

unkown

page readonly

216A29D0000

unkown

page read and write

7FF557A13000

unkown

page readonly

7FF5B2EE2000

unkown

page readonly

2504287E000

unkown

page read and write

1EF15313000

unkown

page read and write

1EF15269000

unkown

page read and write

20F5FE68000

unkown

page read and write

7FF5AA203000

unkown

page readonly

20E308B0000

unkown

page readonly

CB8079E000

unkown

page read and write

20E2EE56000

unkown

page read and write

1EF15200000

unkown

page read and write

7FF5AA015000

unkown

page readonly

7FF5FA98F000

unkown

page readonly

2E33179000

unkown

page read and write

7FF5B2EDC000

unkown

page readonly

20887250000

unkown

page read and write

27892A6C000

unkown

page read and write

27334FF000

unkown

page read and write

208870FE000

unkown

page read and write

7FF5A9F6A000

unkown

page readonly

25042A00000

unkown

page readonly

25042867000

unkown

page read and write

7FF5AA1F6000

unkown

page readonly

1EF15269000

unkown

page read and write

7FF5AA10F000

unkown

page readonly

25042884000

unkown

page read and write

7FF5B2EF6000

unkown

page readonly

1C899A5B000

unkown

page read and write

1C899A4B000

unkown

page read and write

25042740000

unkown

page readonly

7FF5FA895000

unkown

page readonly

7FF5A9DDC000

unkown

page readonly

1EF15130000

unkown

page readonly

7FF5FAA83000

unkown

page readonly

1EF14FA0000

heap private

page read and write

7FF5FA65C000

unkown

page readonly

25042827000

unkown

page read and write

20E2EE68000

unkown

page read and write

7FF5FA9EC000

unkown

page readonly

7FF5A9DD0000

unkown

page readonly

25042846000

unkown

page read and write

20E2EE13000

unkown

page read and write

20F5FE69000

unkown

page read and write

20E2F000000

unkown

page readonly

7FF5FA9F9000

unkown

page readonly

20E2EE6C000

unkown

page read and write

20E2EE6B000

unkown

page read and write

2504285F000

unkown

page read and write

CB80DFE000

unkown

page read and write

20887450000

unkown

page read and write

2504283B000

unkown

page read and write

7FF5AA124000

unkown

page readonly

25042860000

unkown

page read and write

7FF5AA10B000

unkown

page readonly

7FF5FA933000

unkown

page readonly

25042902000

unkown

page read and write

1EF15000000

heap default

page read and write

1C899A5B000

unkown

page read and write

7FF5FA9FC000

unkown

page readonly

1EF15229000

unkown

page read and write

20E2EE00000

unkown

page read and write

1EF15400000

unkown

page readonly

2504282A000

unkown

page read and write

7FF5B2E94000

unkown

page readonly

25042856000

unkown

page read and write

20F5FE68000

unkown

page read and write

7FF5AA139000

unkown

page readonly

25042840000

unkown

page read and write

208871C0000

unkown

page read and write

1EF150E0000

unkown

page write copy

20887130000

unkown

page read and write

7FF5B2EB1000

unkown

page readonly

20887450000

unkown

page read and write

1C899A4B000

unkown

page read and write

1EF15269000

unkown

page read and write

2504287A000

unkown

page read and write

2504285C000

unkown

page read and write

7FF5FA9B9000

unkown

page readonly

CB80CFE000

unkown

page read and write

20E2EE02000

unkown

page read and write

7FF5AA118000

unkown

page readonly

208870F0000

unkown

page read and write

20F5FE68000

unkown

page read and write

20F61D40000

unkown

page read and write

20882558000

unkown

page read and write

273347F000

unkown

page read and write

7FF5FA9A4000

unkown

page readonly

20E2EF02000

unkown

page read and write

1EF15269000

unkown

page read and write

1EF1526D000

unkown

page read and write

7FF5FAA06000

unkown

page readonly

29BFAFC3000

unkown

page read and write

7FF525B83000

unkown

page readonly

20F61D40000

unkown

page read and write

20F5FE6A000

unkown

page read and write

7FF5FA954000

unkown

page readonly

20F5FE6A000

unkown

page read and write

7FF5A9FD5000

unkown

page readonly

20E2EDF0000

unkown

page readonly

20E2EE6A000

unkown

page read and write

7FF5B2E85000

unkown

page readonly

20E307B0000

unkown

page read and write

25042600000

heap private

page read and write

7FF5B2F04000

unkown

page readonly

7FF5B2405000

unkown

page readonly

2504286B000

unkown

page read and write

208870F8000

unkown

page read and write

20F5FE6A000

unkown

page read and write

273318B000

unkown

page read and write

20E2EE29000

unkown

page read and write

7FF5FA74F000

unkown

page readonly

1C899A4B000

unkown

page read and write

7FF5AA172000

unkown

page readonly

7FF5AA203000

unkown

page readonly

1EF15010000

unkown

page readonly

20887120000

unkown

page read and write

2E3307B000

unkown

page read and write

7FF5B23F8000

unkown

page readonly

20887134000

unkown

page read and write

20F5FE6C000

unkown

page read and write

7FF5FA7EA000

unkown

page readonly

20F5FECC000

unkown

page read and write

7FF5AA0D4000

unkown

page readonly

2E33279000

unkown

page read and write

2504286D000

unkown

page read and write

1EF15269000

unkown

page read and write

20E2EE68000

unkown

page read and write

20887450000

unkown

page read and write

7FF5FAA76000

unkown

page readonly

20E2EF00000

unkown

page read and write

20E2EE68000

unkown

page read and write

7FF5B2EE9000

unkown

page readonly

20F5FE68000

unkown

page read and write

273357A000

unkown

page read and write

20E2ECC0000

heap default

page read and write

7FF5AA1E6000

unkown

page readonly

7FF5AA120000

unkown

page readonly

7FF5FA89A000

unkown

page readonly

25042857000

unkown

page read and write

7FF5FA855000

unkown

page readonly

25042813000

unkown

page read and write

7FF5AA0B1000

unkown

page readonly

27892A66000

unkown

page read and write

20887111000

unkown

page read and write

20882518000

unkown

page read and write

7FF5B2E90000

unkown

page readonly

20E2EE40000

unkown

page read and write

1C89BA10000

unkown

page read and write

1EF15302000

unkown

page read and write

7FF508873000

unkown

page readonly

2504283D000

unkown

page read and write

7FF5FA98B000

unkown

page readonly

25042865000

unkown

page read and write

20E2EE6B000

unkown

page read and write

20887240000

unkown

page read and write

7FF5FA9C1000

unkown

page readonly

1C89BA10000

unkown

page read and write

7FF5FAA6C000

unkown

page readonly

7FF5B2CD2000

unkown

page readonly

7FF5C31B3000

unkown

page readonly

25042660000

heap default

page read and write

2E332FE000

unkown

page read and write

7FF5FAA83000

unkown

page readonly

20F61D40000

unkown

page read and write

1EF15202000

unkown

page read and write

1EF1526B000

unkown

page read and write

25042862000

unkown

page read and write

20E2EE6D000

unkown

page read and write

7FF5B2F56000

unkown

page readonly

20887114000

unkown

page read and write

1EF15256000

unkown

page read and write

7FF5B2EF9000

unkown

page readonly

2504285A000

unkown

page read and write

27335FA000

unkown

page read and write

7FF5A9ECF000

unkown

page readonly

7FF5FA931000

unkown

page readonly

CB80A7E000

unkown

page read and write

20882559000

unkown

page read and write

1EF16CA0000

unkown

page readonly

7FF5FA9A0000

unkown

page readonly

20F5FE68000

unkown

page read and write

20E2EE6D000

unkown

page read and write

25042877000

unkown

page read and write

7FF5A9DE1000

unkown

page readonly

1EF15269000

unkown

page read and write

CB80EFE000

unkown

page read and write

216A29D0000

unkown

page read and write

7FF5B2EA9000

unkown

page readonly

7FF5FA650000

unkown

page readonly

7FF5B2EA1000

unkown

page readonly

20E2EF13000

unkown

page read and write

25042750000

unkown

page readonly

2E331FF000

unkown

page read and write

7FF5AA186000

unkown

page readonly

7FF5AA16C000

unkown

page readonly

7FF5FA290000

unkown

page readonly

7FF5B2EEC000

unkown

page readonly

7FF5FAA66000

unkown

page readonly

25042832000

unkown

page read and write

20E2EDA0000

unkown

page write copy

7FF5B2F73000

unkown

page readonly

25043002000

unkown

page read and write

273367F000

unkown

page read and write

7FF52EF93000

unkown

page readonly

20E2ECD0000

unkown

page readonly

7FF5FA9D7000

unkown

page readonly

208872B7000

unkown

page read and write

7FF5A9F35000

unkown

page readonly

25042842000

unkown

page read and write

CB8071B000

unkown

page read and write

7FF5AA131000

unkown

page readonly

7FF5AA141000

unkown

page readonly

20E2EE6B000

unkown

page read and write

7FF5E0A23000

unkown

page readonly

2504286A000

unkown

page read and write

25042670000

unkown

page readonly

25042863000

unkown

page read and write

CB80BFE000

unkown

page read and write

20E2EE6B000

unkown

page read and write

1EF1526C000

unkown

page read and write

216A29D0000

unkown

page read and write

25042760000

unkown

page read and write

7FF5FA998000

unkown

page readonly

1EF15269000

unkown

page read and write

20E2EE6C000

unkown

page read and write

7FF5FA7B5000

unkown

page readonly

1EF15213000

unkown

page read and write

1EF15300000

unkown

page read and write

1EF1526C000

unkown

page read and write

7FF5AA17C000

unkown

page readonly

1EF15269000

unkown

page read and write

2E330FF000

unkown

page read and write

1EF16BA0000

unkown

page read and write

7FF5FAA14000

unkown

page readonly

7FF5AA179000

unkown

page readonly

20E2EE35000

unkown

page read and write

7FF596F73000

unkown

page readonly

208872AD000

unkown

page read and write

2504284D000

unkown

page read and write

There are 263 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://jrschnell.com.br/site/z1/VnZE9ulGqMKjNPTs72kQOvWiXB53gJ/XFbfTQrlqO3wkBnz64ay/Qwv84IjbHADBi0sC5yJ.php

Details

Filename:	93690.pages.html.dom
Url:	https://jrschnell.com.br/site/z1/VnZE9ulGqMKjNPTs72kQOvWiXB53gJ/XFbfTQrlqO3wkBnz64ay/Qwv84IjbHADBi0sC5yJ.php
Target ID:	1
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,6792534671230322255,6132008020722060178,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1728 /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish10	Phishing

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML