IOC Report

loading gif

Files

File Path
Type
Category
Malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\1068543d-b0e5-408e-971d-b823727c5b8e.tmp
SysEx File -
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\7e65ee24-f3ce-4ba0-a4d8-474e9ef11d69.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\347d2345-3c65-436e-af50-73ffaafe3976.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\39c4196b-c4b0-48e9-89c5-ff730e290d95.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6ad50c76-1714-405b-bf37-d24bcfb960d3.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9609840c-0a3f-4208-bf0c-a24148425f11.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old. (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old. (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old S (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.oldm (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old0 (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last SessionV (copy)
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabsnd (copy)
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldBE (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old)e (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencestt (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3032001
modified
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.t (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent StateMP (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\cfe5249c-a7bf-470a-8735-be38a2d9af35.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldp, (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bd351d88-e0ff-451b-bdcb-1ccff7f0167c.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old92 (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
MPEG-4 LOAS
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old8 (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\a8ed4d4a-e9f2-4468-8878-16523345fec6.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\b41686e3-78fe-4c62-99b5-ad11a5a7f415.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\76abfd82-309d-4d00-955a-b4936a704a63.tmp
Google Chrome extension, version 3
dropped
 clean
C:\Users\user\AppData\Local\Temp\79ba0fbf-03db-4f1e-95e0-1822f2264485.tmp
very short file (no magic)
dropped
 clean
C:\Users\user\AppData\Local\Temp\browser-sslkeys.log
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Temp\e9c0dc0a-dde9-4995-a070-f82e34160266.tmp
very short file (no magic)
dropped
 clean
C:\Users\user\AppData\Local\Temp\eea78b4f-2728-4742-9d25-fcdaf8114077.tmp
Google Chrome extension, version 3
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_45948481\76abfd82-309d-4d00-955a-b4936a704a63.tmp
Google Chrome extension, version 3
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_45948481\CRX_INSTALL\_locales\am\messages.json
HTML document, ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_45948481\CRX_INSTALL\_locales\ar\messages.json
HTML document, ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_45948481\CRX_INSTALL\_locales\bg\messages.json
HTML document, ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
modified
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6332_930881146\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
 clean
There are 135 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://www.ismyrotaryclub.org//Click/?_uid=800004603&_ctid=1972187&redirect=https://1n0w8.codesandbox.io/?af=c3ZsYWhvc0BoZW5pZmYuY29t&c=E,1,FJHQu0BaUNW2EmcbdiRTgtURJIcHjpkpBtdySk8R0BzuLYaKtuvn0RLXz2_ec72HBkiTlqr3hUTe6mwS5MV6Eo7EGAaDtmK0oMDh0TOHT6TH99A-DMU,&typo=1'
 clean
C:\Program Files\Google\Chrome\Application\chrome.exe
'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,518076434186642424,16272077229608225117,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1900 /prefetch:8
clean

URLs

Name
IP
Malicious
https://www.ismyrotaryclub.org//Click/?_uid=800004603&_ctid=1972187&redirect=https://1n0w8.codesandbox.io/?af=c3ZsYWhvc0BoZW5pZmYuY29t&c=E,1,FJHQu0BaUNW2EmcbdiRTgtURJIcHjpkpBtdySk8R0BzuLYaKtuvn0RLXz2_ec72HBkiTlqr3hUTe6mwS5MV6Eo7EGAaDtmK0oMDh0TOHT6TH99A-DMU,&typo=1
malicious
https://www.ismyrotaryclub.org//Click/?_uid=800004603&_ctid=1972187&redirect=https://1n0w8.codesandbox.io/?af=c3ZsYWhvc0BoZW5pZmYuY29t&c=E,1,FJHQu0BaUNW2EmcbdiRTgtURJIcHjpkpBtdySk8R0BzuLYaKtuvn0RLXz2_ec72HBkiTlqr3hUTe6mwS5MV6Eo7EGAaDtmK0oMDh0TOHT6TH99A-DMU,&typo=1
184.175.102.136
 malicious
https://1n0w8.codesandbox.io/?af=c3ZsYWhvc0BoZW5pZmYuY29t&c=E
unknown
 clean
http://crl.pki.goog/gsr1/gsr1.crl0;
unknown
 clean
https://www.google.com/images/cleardot.gif
unknown
 clean
https://www.ismyrotaryclub.org//Click/?_uid=800004603&_ctid=1972187&redirect=https://1n0w8.codesandb
unknown
 clean
https://1n0w8.codesandbox.io
unknown
 clean
https://aadcdn.msauthimages.net/dbd5a2dd-swiciiwlrx3ix3dgsdhwoiqgw7ephukyz29uqiufp5g/logintenantbranding/0/bannerlogo?ts=637571358467473201
152.199.23.72
 clean
https://play.google.com
unknown
 clean
https://a.nel.cloudflare.com/report/v3?s=YmXb7lN2dphQ%2F81UF10QRrsSk2MSBsFgjp7uwoy5yLZlY%2B68Kx09XCY
unknown
 clean
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
 clean
https://beatitbar.com/wp-content/plugins/fatboyoffice/call.php?u=svlahos
unknown
 clean
https://accounts.google.com/MergeSession
unknown
 clean
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx
216.58.212.161
 clean
http://pki.goog/repo/certs/gtsr1.der04
unknown
 clean
https://www.google.com
unknown
 clean
https://1n0w8.codesandbox.io/?af=c3ZsYWhvc0BoZW5pZmYuY29t&c=E,1,FJHQu0BaUNW2EmcbdiRTgtURJIcHjpkpBtdySk8R0BzuLYaKtuvn0RLXz2_ec72HBkiTlqr3hUTe6mwS5MV6Eo7EGAaDtmK0oMDh0TOHT6TH99A-DMU,&typo=1
104.18.23.207
 clean
http://crls.pki.goog/gts1c3/QOvJ0N1sT2A.crl0
unknown
 clean
https://accounts.google.com
unknown
 clean
https://apis.google.com
unknown
 clean
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
 clean
https://codesandbox.io/
unknown
 clean
https://www-googleapis-staging.sandbox.google.com
unknown
 clean
https://clients2.google.com
unknown
 clean
https://dns.google
unknown
 clean
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
 clean
https://www.google.com/intl/en-US/chrome/blank.html
unknown
 clean
https://ogs.google.com
unknown
 clean
https://codesandbox.io/public/sse-hooks/sse-hooks.f648b14c15c640a14a557113a991cb8d.js
104.18.22.207
 clean
https://bzxnheiwoa-opoiute-lskfhfg.s3.eu-west-2.amazonaws.com/index.html
52.95.150.90
 clean
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.74.206
 clean
https://bzxnheiwoa-opoiute-lskfhfg.s3.eu-west-2.amazonaws.com/index.html#svlahos
unknown
 clean
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
216.58.212.141
 clean
https://payments.google.com/payments/v4/js/integrator.js
unknown
 clean
http://crl.pki.goog/gtsr1/gtsr1.crl0W
unknown
 clean
http://pki.goog/gsr1/gsr1.crt02
unknown
 clean
https://static.cloudflareinsights.com/beacon.min.js
104.16.94.65
 clean
https://pki.goog/repository/0
unknown
 clean
https://www.google.com/images/x2.gif
unknown
 clean
https://bzxnheiwoa-opoiute-lskfhfg.s3.eu-west-2.amazonaws.com/favicon.ico
52.95.150.90
 clean
https://aadcdn.msauthimages.net/dbd5a2dd-swiciiwlrx3ix3dgsdhwoiqgw7ephukyz29uqiufp5g/logintenantbranding/0/illustration?ts=637571358460486893
152.199.23.72
 clean
https://www.google.com/images/dot2.gif
unknown
 clean
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
104.16.18.94
 clean
https://codesandbox.io/static/js/banner.be879265d.js
104.18.22.207
 clean
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.jspB
unknown
 clean
https://codesandbox.io/api/v1/sandboxes/1n0w8/phishing
104.18.22.207
 clean
https://aadcdn.msauthimages.net/dbd5a2dd-swiciiwlrx3ix3dgsdhwoiqgw7ephukyz29uqiufp5g/logintenantbran
unknown
 clean
https://beatitbar.com/wp-content/plugins/fatboyoffice/call.php?u=svlahos@heniff.com
162.241.70.225
 clean
https://codesandbox.io/public/sse-hooks/sse-hooks.f648b14c15c640a14a557113a991cb8d.jsK
unknown
 clean
https://clients2.googleusercontent.com
unknown
 clean
https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
unknown
 clean
https://bzxnheiwoa-opoiute-lskfhfg.s3.eu-west-2.amazonaws.com/index.html#svlahos@heniff.com
clean
https://www.google.com/
unknown
 clean
https://static.cloudflareinsights.com/beacon.min.js4
unknown
 clean
https://clients2.google.com/service/update2/crx
unknown
 clean
http://pki.goog/repo/certs/gts1c3.der0
unknown
 clean
There are 45 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
1n0w8.codesandbox.io
104.18.23.207
 clean
static.cloudflareinsights.com
104.16.94.65
 clean
accounts.google.com
216.58.212.141
 clean
codesandbox.io
104.18.22.207
 clean
cdnjs.cloudflare.com
104.16.18.94
 clean
ismyrotaryclub.org
184.175.102.136
 clean
s3-r-w.eu-west-2.amazonaws.com
52.95.150.90
 clean
beatitbar.com
162.241.70.225
 clean
clients.l.google.com
142.250.74.206
 clean
cs1025.wpc.upsiloncdn.net
152.199.23.72
 clean
googlehosted.l.googleusercontent.com
216.58.212.161
 clean
aadcdn.msauthimages.net
unknown
 clean
clients2.googleusercontent.com
unknown
 clean
clients2.google.com
unknown
 clean
www.ismyrotaryclub.org
unknown
 clean
bzxnheiwoa-opoiute-lskfhfg.s3.eu-west-2.amazonaws.com
unknown
 clean
There are 6 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.18.23.207
1n0w8.codesandbox.io
United States
clean
192.168.2.1
unknown
unknown
clean
152.199.23.72
cs1025.wpc.upsiloncdn.net
United States
clean
142.250.74.206
clients.l.google.com
United States
clean
52.95.150.90
s3-r-w.eu-west-2.amazonaws.com
United States
clean
162.241.70.225
beatitbar.com
United States
clean
184.175.102.136
ismyrotaryclub.org
United States
clean
239.255.255.250
unknown
Reserved
clean
104.18.22.207
codesandbox.io
United States
clean
216.58.212.161
googlehosted.l.googleusercontent.com
United States
clean
216.58.212.141
accounts.google.com
United States
clean
104.16.18.94
cdnjs.cloudflare.com
United States
clean
127.0.0.1
unknown
unknown
clean
104.16.94.65
static.cloudflareinsights.com
United States
clean
There are 4 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
 clean
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
 clean
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
 clean
There are 32 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
18BF2402000
unkown
page read and write
 clean
7FF5ADBAD000
unkown image
page readonly
 clean
18BF1E00000
unkown image
page readonly
 clean
7FF5ADAB5000
unkown image
page readonly
 clean
7FF5ADA85000
unkown image
page readonly
 clean
7DF5BB892000
unkown image
page readonly
 clean
18BF1C7D000
unkown
page read and write
 clean
F942F7000
stack
page read and write
 clean
18BF1B20000
heap default
page read and write
 clean
7FF5ADA1B000
unkown image
page readonly
 clean
7FF5ADB83000
unkown image
page readonly
 clean
7FF5ADB53000
unkown image
page readonly
 clean
7FF5ADB43000
unkown image
page readonly
 clean
7FF5ADB7B000
unkown image
page readonly
 clean
7FF5ADA00000
unkown image
page readonly
 clean
7FF5AD028000
unkown image
page readonly
 clean
7FF5ADC14000
unkown image
page readonly
 clean
7FF5ADC2A000
unkown image
page readonly
 clean
7DF5BB8A0000
unkown image
page readonly
 clean
18BF1C5F000
unkown
page read and write
 clean
18BF1AB0000
unkown image
page read and write
 clean
7FF5AD717000
unkown image
page readonly
 clean
18BF1C88000
unkown
page read and write
 clean
7FF5ADC31000
unkown image
page readonly
 clean
7FF5ADB3F000
unkown image
page readonly
 clean
7FF5ADBAA000
unkown image
page readonly
 clean
7DF5BB8A2000
unkown image
page readonly
 clean
7FF5ADC1A000
unkown image
page readonly
 clean
18BF2010000
unkown image
page readonly
 clean
7FF5ADB5E000
unkown image
page readonly
 clean
F940FB000
stack
page read and write
 clean
7DF5BB8A2000
unkown image
page readonly
 clean
7FF5ADB50000
unkown image
page readonly
 clean
18BF1C13000
unkown
page read and write
 clean
F93CEB000
unkown
page read and write
 clean
7FF5ADA8B000
unkown image
page readonly
 clean
18BF1C62000
unkown
page read and write
 clean
18BF1C5E000
unkown
page read and write
 clean
18BF1C29000
unkown
page read and write
 clean
18BF1C61000
unkown
page read and write
 clean
7FF5ADB57000
unkown image
page readonly
 clean
F944FD000
stack
page read and write
 clean
18BF1D13000
unkown
page read and write
 clean
F93DEF000
stack
page read and write
 clean
7FF5ADB8E000
unkown image
page readonly
 clean
7FF5ADB3D000
unkown image
page readonly
 clean
18BF1AD0000
unkown image
page readonly
 clean
18BF1D08000
unkown
page read and write
 clean
7FF5ADC31000
unkown image
page readonly
 clean
7DF5BB890000
unkown image
page readonly
 clean
7FF5AD022000
unkown image
page readonly
 clean
7FF5ADC21000
unkown image
page readonly
 clean
F93D6E000
stack
page read and write
 clean
7FF5ADB27000
unkown image
page readonly
 clean
18BF1B00000
unkown image
page readonly
 clean
7DF5BB8A0000
unkown image
page readonly
 clean
7FF5ADA3F000
unkown image
page readonly
 clean
7FF5ADC09000
unkown image
page readonly
 clean
18BF1C5C000
unkown
page read and write
 clean
7DF5BB890000
unkown image
page readonly
 clean
7FF5ADC02000
unkown image
page readonly
 clean
7DF5BB8B0000
unkown image
page readonly
 clean
7FF5AD711000
unkown image
page readonly
 clean
18BF1AC0000
heap private
page read and write
 clean
7FF5ADBA7000
unkown image
page readonly
 clean
7FF5ADB67000
unkown image
page readonly
 clean
18BF1C00000
unkown
page read and write
 clean
7DF5BB8B0000
unkown image
page readonly
 clean
18BF1D02000
unkown
page read and write
 clean
7DF4B9760000
unkown image
page readonly
 clean
18BF1D00000
unkown
page read and write
 clean
18BF1C5D000
unkown
page read and write
 clean
18BF1AF0000
unkown image
page readonly
 clean
7FF5AD9E1000
unkown image
page readonly
 clean
7FF5AD9B6000
unkown image
page readonly
 clean
18BF2000000
unkown image
page readonly
 clean
18BF1C3C000
unkown
page read and write
 clean
18BF2280000
unkown
page read and write
 clean
18BF1C54000
unkown
page read and write
 clean
18BF1AD0000
unkown image
page readonly
 clean
F943FE000
stack
page read and write
 clean
F941FB000
stack
page read and write
 clean
7FF5ADB39000
unkown image
page readonly
 clean
7FF5AD8B5000
unkown image
page readonly
 clean
7FF5ADAB1000
unkown image
page readonly
 clean
18BF2190000
unkown image
page readonly
 clean
7FF5AD9FD000
unkown image
page readonly
 clean
18BF1C64000
unkown
page read and write
 clean
7FF5ADA9C000
unkown image
page readonly
 clean
7DF5BB892000
unkown image
page readonly
 clean
There are 80 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://bzxnheiwoa-opoiute-lskfhfg.s3.eu-west-2.amazonaws.com/index.html#svlahos@heniff.com
 malicious