Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\24198557-fe73-4dcc-8048-c907e2226599.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\8eb4635c-e998-42cd-af9d-ba6345f72b80.tmp

data

modified

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\16e53972-9e5f-4bac-85d7-fd4442ca515b.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5bb249e9-b24f-4c21-a356-117fa6516f10.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\61d043c6-f0f4-404a-9281-546cd99c49a1.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.oldll (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old.. (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\33cdffcbe1f5f852_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3c506e5fbdb1dcee_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5726585c57084380_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\99bac51e6a1325bd_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d5860bee5d58db93_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e0628331b0ce8dc1_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

zlib compressed data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexrs (copy)

zlib compressed data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old. (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old.d (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last SessionR. (copy)

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabsle (copy)

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent StateB} (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old. (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesMP (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old. (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State.. (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\ad6972b3-7360-4ace-a193-84f332d6f6af.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\3a2c51b8-5b68-494e-96ba-14cf387c8f1d.tmp

ASCII text, with very long lines, with no line terminators

modified

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.old.c (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old.. (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b61c364a-1d2d-4dec-a018-dbeb0814ae19.tmp

UTF-8 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c87fe792-d7bd-4d45-963c-ccc2dcd7fe20.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d0a61bb5-4297-4e86-baf5-ae92f7ba2648.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

MPEG-4 LOAS

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old8 (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Local Stateca (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cachet (copy)

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\f17ec68c-a74a-4133-93bb-0f90cbc19056.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_metadata\verified_contents.json

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_pnacl_json

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o

ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o

ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o

ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe

ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a

current ar archive

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a

current ar archive

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a

current ar archive

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a

current ar archive

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe

ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe

ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\manifest.fingerprint

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\3460_714448071\manifest.json

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\88ad59c1-d057-4c11-a698-1a64bdadcea8.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\browser-sslkeys.log

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\cb3f5188-2d5c-4158-9c65-1f7eff044971.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\88ad59c1-d057-4c11-a698-1a64bdadcea8.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\am\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\ar\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\bg\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\bn\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\ca\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\cs\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\da\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\de\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\el\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\en\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\es\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\et\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\fa\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\fi\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\fil\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\fr\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\gu\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\hi\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\hr\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\hu\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\id\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\it\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\iw\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\ja\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\kn\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\ko\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\lt\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\lv\messages.json

UTF-8 Unicode text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\ml\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\ms\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\nl\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\pl\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\pt\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\ro\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\ru\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\sk\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\sl\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\sr\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\sv\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\sw\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\ta\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\te\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\th\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\tr\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\uk\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\zh\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_locales\zh_TW\messages.json

HTML document, ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\_metadata\verified_contents.json

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\angular.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\background_script.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\cast_sender.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\common.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\feedback.css

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\feedback.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\feedback_script.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\manifest.json

ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\material_css_min.css

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\mirroring_cast_streaming.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\mirroring_common.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\mirroring_hangouts.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_1949808103\CRX_INSTALL\mirroring_webrtc.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\bg\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\ca\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\cs\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\da\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\de\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\el\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\en\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\en_GB\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\es\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\es_419\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\et\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\fi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\fil\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\fr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\hi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\hr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\hu\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\id\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\it\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\ja\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\ko\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\lt\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\lv\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\nb\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\nl\messages.json

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\pl\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\pt_BR\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\pt_PT\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\ro\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\ru\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\sk\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\sl\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\sr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\sv\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\th\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\tr\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\uk\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\vi\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\zh_CN\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_locales\zh_TW\messages.json

UTF-8 Unicode text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\_metadata\verified_contents.json

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\craw_background.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\craw_window.js

ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\css\craw_window.css

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\html\craw_window.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\images\flapper.gif

GIF image data, version 89a, 30 x 30

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\images\icon_128.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\images\icon_16.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\images\topbar_floating_button.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\images\topbar_floating_button_close.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\images\topbar_floating_button_hover.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\images\topbar_floating_button_maximize.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\images\topbar_floating_button_pressed.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir3460_286363710\CRX_INSTALL\manifest.json

ASCII text, with CRLF line terminators

dropped

There are 222 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://creeksidecommunities-my.sharepoint.com:443/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9'

Details

Is windows:	true
Is dropped:	false
PID:	3460
Target ID:	0
Parent PID:	620
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://creeksidecommunities-my.sharepoint.com:443/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9'
Size:	2150896
MD5:	C139654B5C1438A95B321BB01AD63EF6
Time:	17:52:04
Date:	13/10/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff68b0a0000
Modulesize:	2199552
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,17265093722771451815,6809347449425903331,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1912 /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	5296
Target ID:	1
Parent PID:	3460
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,17265093722771451815,6809347449425903331,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1912 /prefetch:8
Size:	2150896
MD5:	C139654B5C1438A95B321BB01AD63EF6
Time:	17:52:06
Date:	13/10/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff68b0a0000
Modulesize:	2199552
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://creeksidecommunities-my.sharepoint.com:443/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9

https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9

40.108.137.81

https://spo.nel.measure.office.net/api/report?tenantId=31aaf59d-a890-45db-9dc1-26f9487d1020&destinat

unknown

https://www.google.com/images/cleardot.gif

unknown

https://play.google.com

unknown

https://sharepoint.com/

unknown

https://creeksidecommunities-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47CgkKBw30glciGgA=

unknown

https://www.google.com/log?format=json&hasfast=true

unknown

https://creeksidecommunities-my.sharepoint.com/personal/dcerniglia_creeksidecommunities_com/_layouts

unknown

https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmh

unknown

https://creeksidecommunities-my.sharepoint.com/ScriptResource.axd?d=_dg9PEeq8l0DZ2KgXkzXWQZmcLv9rfL10gUy543eRNNmcG_DI-13Y2Azg8pKEtTOO-cWs87MXaaed1s4yzngi_xHTlPeJM5BNCTGglQr8ORKgDqbNdpNyxsrbMn47EWeRbJWNOPaFEGVY4JFSFnRVYHHp9_N_u3Emrqi5OEUx4g1&t=ffffffffe191061b

40.108.137.81

https://sandbox.google.com/payments/v4/js/integrator.js

unknown

http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01

unknown

https://creeksidecommunities-my.sharepoint.com/ScriptResource.axd?d=_dg9PEeq8l0DZ2KgXkzXWQZmcLv9rfL1

unknown

https://accounts.google.com/MergeSession

unknown

https://creeksidecommunities-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47

40.108.137.81

https://preprod-hangouts-googleapis.sandbox.google.com

unknown

https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx

216.58.215.225

https://www.google.com

unknown

https://creeksidecommunities-my.sharepoint.com/_layouts/15/images/microsoft-logo.png

40.108.137.81

https://hangouts.clients6.google.com

unknown

https://hangouts.google.com/hangouts/_/logpref

unknown

https://accounts.google.com

unknown

https://clients2.google.com/cr/report

unknown

http://angularjs.org

unknown

https://creativecommons.org/publicdomain/zero/1.0/.

unknown

https://github.com/angular/material

unknown

https://apis.google.com

unknown

https://creeksidecommunities-my.sharepoint.com/_layouts/15/images/microsoft-logo.png0

unknown

https://www.google.com/accounts/OAuthLogin?issueuberauth=1

unknown

https://github.com/madler/zlib/blob/master/zlib.h

unknown

https://www-googleapis-staging.sandbox.google.com

unknown

https://clients2.google.com

unknown

http://www.apache.org/licenses/LICENSE-2.0

unknown

https://dns.google

unknown

https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p

unknown

https://www.google.com/intl/en-US/chrome/blank.html

unknown

https://ogs.google.com

unknown

https://support.google.com/chromecast/troubleshooter/2995236

unknown

http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions

unknown

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

216.58.212.142

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

172.217.168.45

https://payments.google.com/payments/v4/js/integrator.js

unknown

https://www.google.com;

unknown

https://chromium.googlesource.com/a/native_client/pnacl-llvm.git

unknown

https://hangouts.google.com/

unknown

https://creeksidecommunities-my.sharepoint.com/

unknown

https://creeksidecommunities-my.sharepoint.com/ScriptResource.axd?d=cWXrmrhyMSmaBM1m-7fF_hy4FmQ7ftxg

unknown

https://www.google.com/images/x2.gif

unknown

https://creeksidecommunities-my.sharepoint.com/ScriptResource.axd?d=cWXrmrhyMSmaBM1m-7fF_hy4FmQ7ftxgJydO1S5RUcLzizz9_zHD1H-DeqiMx4SfBUJ_I8y8f-32qydDRURGVpymUWjZXVUd2DaLDBXdtFnF_nKWyj1qtnw7U4cUeLWwury0F7xs_AzAAXGv79F39D36NXY2NB0y8ZuZv0hSIUCf1NL-PdP-NBlaojSiDh9u0&t=363be08

40.108.137.81

http://llvm.org/):

unknown

https://creeksidecommunities-my.sharepoint.com/WebResource.axd?d=v01qr2x_rWfS9ae1Uk8aMCM3qPL070h5AoH

unknown

https://spoprod-a.akamaihd.net/files/fabric-cdn-prod_20210115.001/assets/item-types/32/pdf.png

unknown

https://www.google.com/images/dot2.gif

unknown

https://creeksidecommunities-my.sharepoint.com/ScriptResource.axd?d=l7yw5Dmc7sEzAMoOGRE37iIOdsvj43MVLnf7foUdhHFWtpIhF2eTWy0TyEGWLbLrXBx6PCrXwAEzmlm5OnctXh5-ABL9wwg2IaEBFHXnLlImHn8yZHxYMGPwj48LD46p-OjKM6nnvTysEw5zndwKBnXHgPLOOFgXQT07LODNu3_ArgrONHFp5BCUnBq3YLkF0&t=363be08

40.108.137.81

https://meetings.clients6.google.com

unknown

https://play.google.com/log?format=json&hasfast=true

unknown

https://code.google.com/p/nativeclient/issues/entry%s:

unknown

http://tools.ietf.org/html/rfc1950

unknown

https://code.google.com/p/nativeclient/issues/entry

unknown

https://creeksidecommunities-my.sharepoint.com/WebResource.axd?d=v01qr2x_rWfS9ae1Uk8aMCM3qPL070h5AoH-69TiIRiqPjrF7MUSxNFarvXA2yyLzpDqpe46WcTNAKltmyDu9Pm5auZ2wnahvo5y-Fowy7A1&t=637453780754849868

40.108.137.81

https://support.google.com/chromecast/answer/2998456

unknown

https://clients2.googleusercontent.com

unknown

https://spoprod-a.akamaihd.net

unknown

https://creeksidecommunities-my.sharepoint.com/ScriptResource.axd?d=l7yw5Dmc7sEzAMoOGRE37iIOdsvj43MV

unknown

https://www.google.com/

unknown

https://feedback.googleusercontent.com

unknown

https://chromium.googlesource.com/a/native_client/pnacl-clang.git

unknown

https://clients2.google.com/service/update2/crx

unknown

https://clients6.google.com

unknown

There are 60 hidden URLs, click here to show them.

Domains

Name

Malicious

accounts.google.com

172.217.168.45

Details

Name:	accounts.google.com
IP:	172.217.168.45
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

18842-ipv4.farm.prod.aa-rt.sharepoint.com

40.108.137.81

Details

Name:	18842-ipv4.farm.prod.aa-rt.sharepoint.com
IP:	40.108.137.81
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

clients.l.google.com

216.58.212.142

googlehosted.l.googleusercontent.com

216.58.215.225

clients2.googleusercontent.com

unknown

Details

Name:	clients2.googleusercontent.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

clients2.google.com

unknown

Details

Name:	clients2.google.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

spoprod-a.akamaihd.net

unknown

creeksidecommunities-my.sharepoint.com

unknown

Details

Name:	creeksidecommunities-my.sharepoint.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

192.168.2.1

unknown

216.58.212.142

clients.l.google.com

United States

Details

IP:	216.58.212.142
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	clients.l.google.com

216.58.215.225

googlehosted.l.googleusercontent.com

United States

Details

IP:	216.58.215.225
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	googlehosted.l.googleusercontent.com

192.168.2.4

unknown

192.168.2.3

unknown

172.217.168.45

accounts.google.com

United States

Details

IP:	172.217.168.45
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	accounts.google.com

239.255.255.250

unknown

Reserved

40.108.137.81

18842-ipv4.farm.prod.aa-rt.sharepoint.com

United States

Details

IP:	40.108.137.81
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	8075
ASN name:	MICROSOFT-CORP-MSN-AS-BLOCKUS
Private:	false
Domain:	18842-ipv4.farm.prod.aa-rt.sharepoint.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

127.0.0.1

unknown

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gfdkimpbcpahaombhbimeihdjnejgicl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

mfehgcgbbipciphmccgaenjidiccnmng

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

pkedcjkdefgpdelpbcmbmeomcjbeemfm

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gfdkimpbcpahaombhbimeihdjnejgicl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

module_blacklist_cache_md5_digest

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_username

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

There are 35 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF52633A000

unkown image

page readonly

7FF525CB7000

unkown image

page readonly

B5D99FB000

stack

page read and write

2B4D2C40000

heap private

page read and write

2B4D3C02000

unkown

page read and write

18D3C4D0000

unkown

page read and write

2B4D2E83000

unkown

page read and write

7FF526CB1000

unkown image

page readonly

2B4D3C03000

unkown

page read and write

7FF598EA9000

unkown image

page readonly

2B4D2E29000

unkown

page read and write

2B4D3C02000

unkown

page read and write

2B4D37B9000

unkown

page read and write

2B4D2EF7000

unkown

page read and write

34D21FF000

stack

page read and write

2B4D3714000

unkown

page read and write

2B4D377F000

unkown

page read and write

7FF568BA3000

unkown image

page readonly

2B4D37D5000

unkown

page read and write

2B4D2EE9000

unkown

page read and write

1489C7B000

stack

page read and write

7FF5261AB000

unkown image

page readonly

2B4D2E53000

unkown

page read and write

2B4D3786000

unkown

page read and write

1B5CD860000

heap default

page read and write

2B4D37A1000

unkown

page read and write

2B4D2E13000

unkown

page read and write

23FF37E000

stack

page read and write

7FF598DD9000

unkown image

page readonly

2B4D376E000

unkown

page read and write

19EDD680000

unkown image

page readonly

7FF526101000

unkown image

page readonly

19EDD813000

unkown

page read and write

7DF5768B2000

unkown image

page readonly

7DF474780000

unkown image

page readonly

2B4D3C63000

unkown

page read and write

7FF526E55000

unkown image

page readonly

2B4D2E4D000

unkown

page read and write

2B4D2EB0000

unkown

page read and write

19EDDC00000

unkown image

page readonly

7FF598DC7000

unkown image

page readonly

19EDD908000

unkown

page read and write

19EDD660000

unkown image

page readonly

7DF5768D0000

unkown image

page readonly

18D3C4C1000

unkown

page read and write

2B4D3790000

unkown

page read and write

2B4D3794000

unkown

page read and write

19EDDA00000

unkown image

page readonly

7FF568BCA000

unkown image

page readonly

2B4D3C02000

unkown

page read and write

7DF534E42000

unkown image

page readonly

7FF527147000

unkown image

page readonly

7DF431E80000

unkown image

page readonly

7FF598ED1000

unkown image

page readonly

2B4D2E3C000

unkown

page read and write

2B4D3785000

unkown

page read and write

7FF526956000

unkown image

page readonly

2B4D3200000

unkown image

page readonly

2B4D3790000

unkown

page read and write

2B4D378F000

unkown

page read and write

7FF598D55000

unkown image

page readonly

2B4D3788000

unkown

page read and write

7FF526FBB000

unkown image

page readonly

2B4D3C02000

unkown

page read and write

1489EF7000

stack

page read and write

1B5CDB00000

unkown

page read and write

7FF5260A1000

unkown image

page readonly

7FF5270DD000

unkown image

page readonly

7FF5989B1000

unkown image

page readonly

7DF5768B0000

unkown image

page readonly

7FF5270F7000

unkown image

page readonly

2B4D3776000

unkown

page read and write

19EDD640000

unkown image

page read and write

7FF52622E000

unkown image

page readonly

18D3C4A2000

unkown

page read and write

7FF5270FE000

unkown image

page readonly

2B4D2F13000

unkown

page read and write

7FF5261D1000

unkown image

page readonly

1B5CE202000

unkown

page read and write

2B4D3787000

unkown

page read and write

7FF5260AF000

unkown image

page readonly

B5D95DE000

stack

page read and write

2B4D2D80000

unkown image

page readonly

7FF526017000

unkown image

page readonly

7FF525EB7000

unkown image

page readonly

7FF527051000

unkown image

page readonly

7FF598DE3000

unkown image

page readonly

B5DA078000

stack

page read and write

18D3C4C1000

unkown

page read and write

7FF52625F000

unkown image

page readonly

2B4D3380000

unkown image

page readonly

2B4D2E6B000

unkown

page read and write

7FF526341000

unkown image

page readonly

2B4D2E48000

unkown

page read and write

B5D9BFF000

stack

page read and write

19EDD650000

heap private

page read and write

7FF526350000

unkown image

page readonly

7FF5262AE000

unkown image

page readonly

B5D9E7F000

stack

page read and write

7FF598B58000

unkown image

page readonly

2B4D3787000

unkown

page read and write

7FF52714A000

unkown image

page readonly

7DF5768C0000

unkown image

page readonly

19EDD6B0000

heap default

page read and write

19EDD913000

unkown

page read and write

2B4D3779000

unkown

page read and write

7FF525ADF000

unkown image

page readonly

7FF568B5F000

unkown image

page readonly

2B4D378A000

unkown

page read and write

2B4D375D000

unkown

page read and write

7DF533FB2000

unkown image

page readonly

7DF5A6B50000

unkown image

page readonly

7FF5261CB000

unkown image

page readonly

18D3C780000

heap private

page read and write

2B4D3602000

unkown

page read and write

2B4D2E4F000

unkown

page read and write

23FF7FF000

stack

page read and write

7FF598CBB000

unkown image

page readonly

2B4D2E45000

unkown

page read and write

2B4D3797000

unkown

page read and write

2B4D3784000

unkown

page read and write

2B4D3776000

unkown

page read and write

7FF5270D9000

unkown image

page readonly

7DF534E30000

unkown image

page readonly

1B5CDB02000

unkown

page read and write

2B4D378A000

unkown

page read and write

23FF8FF000

stack

page read and write

7DF5768B0000

unkown image

page readonly

7FF568B9B000

unkown image

page readonly

7DF5A6B32000

unkown image

page readonly

7FF5262A3000

unkown image

page readonly

7DF533FB0000

unkown image

page readonly

2B4D37AC000

unkown

page read and write

1B5CDA89000

unkown

page read and write

7FF5271C1000

unkown image

page readonly

7FF527025000

unkown image

page readonly

2B4D37AA000

unkown

page read and write

2B4D37AA000

unkown

page read and write

34D20FF000

stack

page read and write

1489DFB000

stack

page read and write

18D3C420000

unkown image

page read and write

7FF52627E000

unkown image

page readonly

2B4D37A3000

unkown

page read and write

1B5CDA70000

unkown

page read and write

7DF533FC0000

unkown image

page readonly

2B4D3786000

unkown

page read and write

7FF5683DF000

unkown image

page readonly

2B4D379B000

unkown

page read and write

2B4D2E50000

unkown

page read and write

1B5CDE00000

unkown image

page readonly

23FF4FE000

stack

page read and write

23FF27B000

unkown

page read and write

7FF525F24000

unkown image

page readonly

2B4D37A5000

unkown

page read and write

2B4D3774000

unkown

page read and write

7FF52613B000

unkown image

page readonly

B5D9DFB000

stack

page read and write

1B5CD810000

unkown image

page readonly

7DF5A6B50000

unkown image

page readonly

7FF52622A000

unkown image

page readonly

2B4D37B6000

unkown

page read and write

18D3C590000

unkown image

page readonly

7FF5260B5000

unkown image

page readonly

7DF5A6B42000

unkown image

page readonly

2B4D37AC000

unkown

page read and write

7FF526094000

unkown image

page readonly

7DF5A6B42000

unkown image

page readonly

7DF533FC2000

unkown image

page readonly

B5D9AF7000

stack

page read and write

2B4D2CA0000

heap default

page read and write

7DF5A6B32000

unkown image

page readonly

1B5CDB13000

unkown

page read and write

7FF598D2B000

unkown image

page readonly

2B4D3795000

unkown

page read and write

7DF5A6B40000

unkown image

page readonly

7FF598B55000

unkown image

page readonly

7FF598EB4000

unkown image

page readonly

2B4D377B000

unkown

page read and write

18D3C2A0000

unkown image

page readonly

7FF5261BC000

unkown image

page readonly

2B4D379B000

unkown

page read and write

2B4D3761000

unkown

page read and write

7FF52611D000

unkown image

page readonly

2B4D37D6000

unkown

page read and write

34D207A000

unkown

page read and write

2B4D2E55000

unkown

page read and write

1489FFF000

stack

page read and write

7FF5270F0000

unkown image

page readonly

7FF568C45000

unkown image

page readonly

2B4D3790000

unkown

page read and write

2B4D34C0000

unkown

page read and write

7FF526259000

unkown image

page readonly

2B4D37A8000

unkown

page read and write

1B5CDA02000

unkown

page read and write

2B4D3784000

unkown

page read and write

2B4D37B8000

unkown

page read and write

2B4D2EDA000

unkown

page read and write

2B4D3700000

unkown

page read and write

7FF526212000

unkown image

page readonly

7FF5260D6000

unkown image

page readonly

7FF526329000

unkown image

page readonly

7FF525CBB000

unkown image

page readonly

1B5CD940000

unkown image

page readonly

B5D955D000

stack

page read and write

1489A7C000

unkown

page read and write

18D3C4A7000

heap default

page read and write

7FF568C3A000

unkown image

page readonly

7FF525E31000

unkown image

page readonly

B5D94DB000

unkown

page read and write

18D3C4D0000

unkown

page read and write

18D3C49B000

heap default

page read and write

7FF525E37000

unkown image

page readonly

2B4D378F000

unkown

page read and write

2B4D2C80000

unkown image

page readonly

2B4D3798000

unkown

page read and write

7FF5688D9000

unkown image

page readonly

19EDD790000

unkown image

page readonly

7DF432D00000

unkown image

page readonly

2B4D3799000

unkown

page read and write

2B4D378D000

unkown

page read and write

7FF52623E000

unkown image

page readonly

2B4D3790000

unkown

page read and write

23FF5FB000

stack

page read and write

7DF5768C2000

unkown image

page readonly

7FF598ECA000

unkown image

page readonly

2B4D37A7000

unkown

page read and write

7FF598CDF000

unkown image

page readonly

1B5CD810000

unkown image

page readonly

2B4D376B000

unkown

page read and write

2B4D378B000

unkown

page read and write

7FF568B5D000

unkown image

page readonly

7FF598656000

unkown image

page readonly

18D3C4BA000

unkown

page read and write

1B5CDA53000

unkown

page read and write

7FF526F56000

unkown image

page readonly

2B4D34C0000

unkown

page read and write

7DF534E40000

unkown image

page readonly

2B4D3786000

unkown

page read and write

1489B7E000

stack

page read and write

2B4D2E80000

unkown

page read and write

7DF5A6B30000

unkown image

page readonly

7FF5271BA000

unkown image

page readonly

7FF526162000

unkown image

page readonly

7FF598E1B000

unkown image

page readonly

2B4D37BB000

unkown

page read and write

7FF52711B000

unkown image

page readonly

7DF533FB0000

unkown image

page readonly

2B4D3C6A000

unkown

page read and write

7DF533FB2000

unkown image

page readonly

2B4D3777000

unkown

page read and write

7FF525F27000

unkown image

page readonly

7FF568C34000

unkown image

page readonly

2B4D3790000

unkown

page read and write

B5D9F7C000

stack

page read and write

7FF5989B7000

unkown image

page readonly

7FF598DFE000

unkown image

page readonly

2B4D379C000

unkown

page read and write

7FF526351000

unkown image

page readonly

34D237F000

stack

page read and write

2B4D3795000

unkown

page read and write

18D3C4CE000

unkown

page read and write

2B4D2E4B000

unkown

page read and write

2B4D2C30000

unkown image

page read and write

1B5CDA3C000

unkown

page read and write

2B4D378F000

unkown

page read and write

7DF5768C2000

unkown image

page readonly

7FF568B66000

unkown image

page readonly

7DF534E50000

unkown image

page readonly

18D3C4A7000

unkown

page read and write

2B4D2E56000

unkown

page read and write

2B4D3794000

unkown

page read and write

2B4D378A000

unkown

page read and write

7DF533FC0000

unkown image

page readonly

2B4D3794000

unkown

page read and write

7FF526322000

unkown image

page readonly

2B4D3786000

unkown

page read and write

7FF526CB7000

unkown image

page readonly

34D22F9000

stack

page read and write

7FF598DF7000

unkown image

page readonly

7FF598D25000

unkown image

page readonly

2B4D2F16000

unkown

page read and write

7DF533FD0000

unkown image

page readonly

2B4D378E000

unkown

page read and write

2B4D3781000

unkown

page read and write

7FF5271CA000

unkown image

page readonly

7FF526022000

unkown image

page readonly

1B5CDA4D000

unkown

page read and write

19EDD854000

unkown

page read and write

19EDD902000

unkown

page read and write

7FF5270DF000

unkown image

page readonly

7DF533FC2000

unkown image

page readonly

2B4D3C20000

unkown

page read and write

2B4D3C00000

unkown

page read and write

1B5CD840000

unkown image

page readonly

7FF526120000

unkown image

page readonly

7FF568C41000

unkown image

page readonly

2B4D2DA0000

unkown

page read and write

7FF526FDF000

unkown image

page readonly

1B5CD7F0000

unkown image

page read and write

2B4D3787000

unkown

page read and write

2B4D379C000

unkown

page read and write

7FF526E58000

unkown image

page readonly

7FF5270F3000

unkown image

page readonly

18D3C3B0000

unkown

page read and write

7FF568C4A000

unkown image

page readonly

2B4D3787000

unkown

page read and write

7FF568B63000

unkown image

page readonly

7FF52702B000

unkown image

page readonly

1B5CDC00000

unkown image

page readonly

7FF568C51000

unkown image

page readonly

7DF5A6B30000

unkown image

page readonly

7FF598EA2000

unkown image

page readonly

7FF568B7E000

unkown image

page readonly

7DF534E32000

unkown image

page readonly

2B4D3C02000

unkown

page read and write

7FF526F9D000

unkown image

page readonly

7FF598DDF000

unkown image

page readonly

18D3C790000

unkown image

page readonly

2B4D2C70000

unkown image

page readonly

2B4D3795000

unkown

page read and write

18D3C710000

unkown image

page readonly

7FF525FD9000

unkown image

page readonly

7FF5261A5000

unkown image

page readonly

2B4D3712000

unkown

page read and write

18D3C410000

unkown image

page readonly

7FF526FA0000

unkown image

page readonly

2B4D3788000

unkown

page read and write

18D3C49E000

heap default

page read and write

2B4D37A1000

unkown

page read and write

18D3C400000

unkown image

page readonly

2B4D37A7000

unkown

page read and write

1B5CDB08000

unkown

page read and write

18D3C280000

unkown image

page read and write

2B4D34C0000

unkown

page read and write

2B4D3787000

unkown

page read and write

2B4D3784000

unkown

page read and write

7FF527107000

unkown image

page readonly

2B4D2C50000

unkown image

page readonly

2B4D2EED000

unkown

page read and write

1B5CD830000

unkown image

page readonly

7FF598C56000

unkown image

page readonly

7FF525EB9000

unkown image

page readonly

7DF5A6B40000

unkown image

page readonly

7FF568BCD000

unkown image

page readonly

7FF598EC1000

unkown image

page readonly

19EDDD80000

unkown image

page readonly

7FF52712E000

unkown image

page readonly

B5DA17F000

stack

page read and write

2B4D2F08000

unkown

page read and write

2B4D2E44000

unkown

page read and write

19EDD83C000

unkown

page read and write

7DF534E30000

unkown image

page readonly

1B5CDA13000

unkown

page read and write

7FF526109000

unkown image

page readonly

7FF5262C7000

unkown image

page readonly

2B4D2EC6000

unkown

page read and write

7FF526233000

unkown image

page readonly

7FF5271A2000

unkown image

page readonly

7FF5262CD000

unkown image

page readonly

7FF598C81000

unkown image

page readonly

1B5CDA81000

unkown

page read and write

1B5CDA2A000

unkown

page read and write

19EDD800000

unkown

page read and write

18D3C4D0000

unkown

page read and write

7DF533FD0000

unkown image

page readonly

34D217F000

stack

page read and write

7FF598EBA000

unkown image

page readonly

7FF5271D1000

unkown image

page readonly

2B4D3798000

unkown

page read and write

7FF598C9D000

unkown image

page readonly

2B4D2EEC000

unkown

page read and write

7DF5768B2000

unkown image

page readonly

7DF4A4A00000

unkown image

page readonly

7FF525CCC000

unkown image

page readonly

2B4D3786000

unkown

page read and write

7FF568B77000

unkown image

page readonly

7FF52714D000

unkown image

page readonly

7FF526F81000

unkown image

page readonly

23FF2FE000

stack

page read and write

18D3C3D0000

unkown

page read and write

7FF598CA0000

unkown image

page readonly

7FF52634A000

unkown image

page readonly

18D3C4D0000

unkown

page read and write

2B4D2E4C000

unkown

page read and write

2B4D2E00000

unkown

page read and write

19EDD690000

unkown image

page readonly

2B4D3751000

unkown

page read and write

7FF598DDD000

unkown image

page readonly

23FF6F7000

stack

page read and write

7FF526247000

unkown image

page readonly

7FF52629B000

unkown image

page readonly

7FF526334000

unkown image

page readonly

34D227C000

stack

page read and write

2B4D3776000

unkown

page read and write

7FF52695C000

unkown image

page readonly

7FF598E2E000

unkown image

page readonly

7FF598D51000

unkown image

page readonly

7FF526287000

unkown image

page readonly

7DF5768C0000

unkown image

page readonly

7FF568C51000

unkown image

page readonly

7FF5271A9000

unkown image

page readonly

19EDD660000

unkown image

page readonly

18D3C490000

heap default

page read and write

7FF568B70000

unkown image

page readonly

7FF526270000

unkown image

page readonly

2B4D3784000

unkown

page read and write

2B4D3794000

unkown

page read and write

2B4D3790000

unkown

page read and write

7FF598ED1000

unkown image

page readonly

2B4D3786000

unkown

page read and write

2B4D3C02000

unkown

page read and write

7DF534E40000

unkown image

page readonly

7FF526167000

unkown image

page readonly

1489CFE000

stack

page read and write

7FF5270C7000

unkown image

page readonly

7FF527055000

unkown image

page readonly

7FF526201000

unkown image

page readonly

7FF526105000

unkown image

page readonly

2B4D2F02000

unkown

page read and write

2B4D378C000

unkown

page read and write

2B4D2EA6000

unkown

page read and write

7FF526277000

unkown image

page readonly

7FF598E4D000

unkown image

page readonly

19EDD88B000

unkown

page read and write

2B4D3777000

unkown

page read and write

7FF598DF0000

unkown image

page readonly

2B4D2C50000

unkown image

page readonly

7DF534E42000

unkown image

page readonly

2B4D3784000

unkown

page read and write

2B4D2EBF000

unkown

page read and write

19EDD7B0000

unkown

page read and write

2B4D3797000

unkown

page read and write

2B4D2EE3000

unkown

page read and write

19EDE002000

unkown

page read and write

18D3C4B8000

unkown

page read and write

2B4D2E49000

unkown

page read and write

2B4D2DC0000

unkown image

page readonly

2B4D376F000

unkown

page read and write

7FF598E47000

unkown image

page readonly

2B4D34D0000

unkown image

page read and write

2B4D2E8A000

unkown

page read and write

7FF568C29000

unkown image

page readonly

2B4D3790000

unkown

page read and write

1B5CD960000

unkown

page read and write

2B4D3784000

unkown

page read and write

7FF5271B4000

unkown image

page readonly

19EDD871000

unkown

page read and write

2B4D378F000

unkown

page read and write

19EDD87F000

unkown

page read and write

7FF598E23000

unkown image

page readonly

2B4D3784000

unkown

page read and write

7FF5262CA000

unkown image

page readonly

2B4D3784000

unkown

page read and write

7FF526096000

unkown image

page readonly

7FF598E4A000

unkown image

page readonly

19EDD802000

unkown

page read and write

7FF568B73000

unkown image

page readonly

2B4D3460000

unkown image

page write copy

19EDD84E000

unkown

page read and write

7FF5270E3000

unkown image

page readonly

2B4D3C02000

unkown

page read and write

2B4D2EA6000

unkown

page read and write

2B4D3719000

unkown

page read and write

7FF568BAE000

unkown image

page readonly

2B4D378A000

unkown

page read and write

2B4D2E51000

unkown

page read and write

19EDD827000

unkown

page read and write

148A0FE000

stack

page read and write

2B4D3000000

unkown image

page readonly

7FF525AD6000

unkown image

page readonly

B5D9CFA000

stack

page read and write

7FF525ADC000

unkown image

page readonly

7DF534E32000

unkown image

page readonly

7FF5261FF000

unkown image

page readonly

7FF5271D1000

unkown image

page readonly

2B4D379C000

unkown

page read and write

7FF52703C000

unkown image

page readonly

2B4D3786000

unkown

page read and write

18D3C2C0000

unkown image

page readonly

2B4D377A000

unkown

page read and write

1B5CD800000

heap private

page read and write

7FF568C22000

unkown image

page readonly

7DF5768D0000

unkown image

page readonly

2B4D378C000

unkown

page read and write

7FF598DF3000

unkown image

page readonly

7FF598D3C000

unkown image

page readonly

18D3C785000

heap private

page read and write

7FF526273000

unkown image

page readonly

18D3C4CD000

unkown

page read and write

1B5CDA00000

unkown

page read and write

7FF526263000

unkown image

page readonly

7FF525FD5000

unkown image

page readonly

2B4D3786000

unkown

page read and write

1489AFE000

stack

page read and write

7FF598E07000

unkown image

page readonly

2B4D3787000

unkown

page read and write

7FF5261D5000

unkown image

page readonly

2B4D37D5000

unkown

page read and write

7FF59865C000

unkown image

page readonly

1B5CDF80000

unkown image

page readonly

2B4D3795000

unkown

page read and write

7FF52625D000

unkown image

page readonly

2B4D378C000

unkown

page read and write

7DF534E50000

unkown image

page readonly

2B4D377A000

unkown

page read and write

18D3C2A0000

unkown image

page readonly

7FF52605B000

unkown image

page readonly

19EDD900000

unkown

page read and write

34D23FF000

stack

page read and write

7FF527123000

unkown image

page readonly

2B4D378E000

unkown

page read and write

7FF52615F000

unkown image

page readonly

2B4D378A000

unkown

page read and write

There are 503 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9

Details

Filename:	36770.0.pages.html.dom
Url:	https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9
Target ID:	1
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,17265093722771451815,6809347449425903331,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1912 /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish10	Phishing

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML