IOC Report
bsalazarSecuremail#Redriverbank2602VY8-FOAT7J-SNN6eYn999.html

loading gif

Files

File Path
Type
Category
Malicious
bsalazarSecuremail#Redriverbank2602VY8-FOAT7J-SNN6eYn999.html
HTML document, ASCII text, with very long lines, with no line terminators
initial sample
malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\24daa5e9-51f7-4830-b8e1-2759578667f3.tmp
SysEx File -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\3b7ec284-c386-45f0-9d15-3fa716c9dbad.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\6b416a58-731d-4d16-9355-fe752272a170.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\9bcb409f-ff59-44d0-a895-b2cbc2a0e221.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\21899ed0-a729-4e73-9344-a9f9f420e522.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\281a3ca4-5e5d-4558-8eec-0420233d7923.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\294193eb-34f0-46ca-bce8-0f9b73156572.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3a4dc16e-51e8-4dba-a653-d47f521933b9.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4e96ab8c-b15f-4d74-a9f0-91049ffad858.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\753a11e4-444f-4e97-8932-3d73a0aeedeb.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\76a6832e-4e2e-4f36-a893-aa30bcde8378.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7af0d1a8-40d4-4d36-80bc-f4970186dcf3.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8343d203-5dd7-4185-9a5c-b7678abacfe0.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8b434215-1fbc-4de6-9d11-cf6a6afdfe3e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\915cd872-514f-4084-a459-f4b21e3a1f6e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\1ab063b0-0b11-4bdb-b1d1-979be8ed357e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\efd2cc8f-d662-4a18-8425-a1c45d4ccfa2.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a9cfb5cf-c9a5-42fe-821b-115a1a8a777a.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b0be17d4-5385-404a-8c56-da6e6e752d46.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b86c17f6-7dca-48be-ad41-8653de68c7da.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c6f42f83-3c41-41ae-95a8-8704583e55fe.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c8abc7da-0405-4b86-b0d4-e838807cee59.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c983ef26-af0d-45a8-9f68-c8b80d88663c.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d3d74c08-8c70-4c04-88c5-52bd5e777902.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d7125196-6ba5-4219-92c7-73b031301152.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ffc0c749-66f5-4094-bdea-6a3ad1ee989c.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\c0776715-09d6-49d6-a24f-d63d357d0730.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d286935c-e447-48f1-a8c0-180a96710cc4.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\dbcd7278-5b93-4193-888f-e89a32f0c9e8.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\dedfff9e-d59d-4ab5-a68b-32959dc0af2f.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\f6dfb920-945b-4dfd-956a-29dee796eb18.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\5aba1b91-3f29-4a1d-be20-5481c4ffda6f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\7164_1441336542\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\7164_1441336542\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\7164_1441336542\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\7164_441413112\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\7164_441413112\download_file_types.pb
data
dropped
C:\Users\user\AppData\Local\Temp\7164_441413112\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\7164_441413112\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\f606de6d-d69d-4bdd-8c16-ad29b018f73e.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\5aba1b91-3f29-4a1d-be20-5481c4ffda6f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7164_1772793541\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
There are 107 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\bsalazarSecuremail#Redriverbank2602VY8-FOAT7J-SNN6eYn999.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,2893178873461922982,2517917473115045809,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1556 /prefetch:8

URLs

Name
IP
Malicious
file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html
malicious
https://dns.google
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://ogs.google.com
unknown
https://www.google.com/images/cleardot.gif
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.185.238
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.186.77
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
152.199.23.37
https://lootahbf.work/prv.phpbsalazar@redriverbank.net
173.231.212.223
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
https://www.google.com/images/x2.gif
unknown
https://accounts.google.com/MergeSession
unknown
https://www.google.com
unknown
https://www.google.com/images/dot2.gif
unknown
https://accounts.google.com
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
152.199.23.37
https://clients2.googleusercontent.com
unknown
https://apis.google.com
unknown
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://www.google.com/
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://clients2.google.com
unknown
https://clients2.google.com/service/update2/crx
unknown
There are 15 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cs1100.wpc.omegacdn.net
152.199.23.37
accounts.google.com
142.250.186.77
part-0032.t-0009.t-msedge.net
13.107.246.60
clients.l.google.com
142.250.185.238
lootahbf.work
173.231.212.223
clients2.google.com
unknown
code.jquery.com
unknown
aadcdn.msftauth.net
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
173.231.212.223
lootahbf.work
United States
192.168.2.4
unknown
unknown
142.250.185.238
clients.l.google.com
United States
13.107.246.60
part-0032.t-0009.t-msedge.net
United States
192.168.2.5
unknown
unknown
239.255.255.250
unknown
Reserved
152.199.23.37
cs1100.wpc.omegacdn.net
United States
192.168.2.255
unknown
unknown
142.250.186.77
accounts.google.com
United States
127.0.0.1
unknown
unknown
There are 1 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
There are 33 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
221D82F0000
trusted library allocation
page read and write
221D33DB000
heap
page read and write
28C39200000
heap
page read and write
28C3925F000
heap
page read and write
5F6DBBE000
stack
page read and write
213B8AC4000
trusted library allocation
page read and write
221D8060000
heap
page read and write
221D7FF4000
trusted library allocation
page read and write
221D8113000
heap
page read and write
221D7E30000
trusted library allocation
page read and write
1D5DC428000
heap
page read and write
221D2B13000
heap
page read and write
221D8029000
heap
page read and write
221D804A000
heap
page read and write
221D80DD000
heap
page read and write
221D31A0000
trusted library section
page readonly
213B7F70000
trusted library allocation
page read and write
213B7D10000
heap
page read and write
91F89AB000
stack
page read and write
DE70B7F000
stack
page read and write
221D7FB0000
trusted library allocation
page read and write
DE70C7C000
stack
page read and write
91F8EFB000
stack
page read and write
213B7D48000
heap
page read and write
221D8470000
trusted library allocation
page read and write
20A71800000
heap
page read and write
221D8102000
heap
page read and write
213B8B16000
trusted library allocation
page read and write
221D7FE0000
trusted library allocation
page read and write
DE70F7E000
stack
page read and write
221D3359000
heap
page read and write
20A7184F000
heap
page read and write
221D8120000
heap
page read and write
20A71902000
heap
page read and write
1D5DC472000
heap
page read and write
20A71913000
heap
page read and write
221D8106000
heap
page read and write
221D2A00000
heap
page read and write
221D80A5000
heap
page read and write
ACDAC7F000
stack
page read and write
20A71700000
trusted library allocation
page read and write
5F6E07B000
stack
page read and write
221D3308000
heap
page read and write
DE70E77000
stack
page read and write
5F6DF7C000
stack
page read and write
221D8224000
trusted library allocation
page read and write
221D7FC6000
trusted library allocation
page read and write
221D811A000
heap
page read and write
ACDA677000
stack
page read and write
221D31D0000
trusted library section
page readonly
221D810D000
heap
page read and write
5F6DB3B000
stack
page read and write
213B8DB0000
trusted library allocation
page read and write
221D2A7A000
heap
page read and write
221D810F000
heap
page read and write
221D2AA0000
heap
page read and write
1D5DC380000
trusted library allocation
page read and write
91F91FE000
stack
page read and write
221D3800000
trusted library allocation
page read and write
221D7FC5000
trusted library allocation
page read and write
221D2810000
heap
page read and write
221D3215000
heap
page read and write
213B8D60000
trusted library allocation
page read and write
213B8D50000
trusted library allocation
page read and write
213B7FB0000
trusted library allocation
page read and write
221D82C0000
trusted library allocation
page read and write
221D27B0000
heap
page read and write
221D31E0000
trusted library section
page readonly
221D2A24000
heap
page read and write
28C39229000
heap
page read and write
221D7FCB000
trusted library allocation
page read and write
28C39A02000
trusted library allocation
page read and write
ACDAA7B000
stack
page read and write
1D5DC413000
heap
page read and write
221D2AFE000
heap
page read and write
221D3318000
heap
page read and write
ACDB07F000
stack
page read and write
28C390B0000
heap
page read and write
28C3925D000
heap
page read and write
5F6E47E000
stack
page read and write
20A71813000
heap
page read and write
221D2910000
trusted library allocation
page read and write
221D2AB1000
heap
page read and write
221D2A75000
heap
page read and write
221D810B000
heap
page read and write
5F6E37D000
stack
page read and write
221D810D000
heap
page read and write
213B7F80000
trusted library allocation
page read and write
9482979000
stack
page read and write
221D8036000
heap
page read and write
213B7D8B000
heap
page read and write
221D810E000
heap
page read and write
213B7F90000
trusted library allocation
page read and write
221D8280000
trusted library allocation
page read and write
221D8013000
heap
page read and write
221D7FC0000
trusted library allocation
page read and write
213B7FC0000
heap
page read and write
221D2AB9000
heap
page read and write
DE7107F000
stack
page read and write
213B7D40000
heap
page read and write
221D803D000
heap
page read and write
ACDAF7D000
stack
page read and write
221D8200000
trusted library allocation
page read and write
221D7E90000
trusted library allocation
page read and write
5F6E177000
stack
page read and write
221D7FB0000
trusted library allocation
page read and write
221D31B0000
trusted library section
page readonly
221D7FC1000
trusted library allocation
page read and write
221D7FE0000
trusted library allocation
page read and write
1D5DC500000
heap
page read and write
221D31F0000
trusted library section
page readonly
221D3318000
heap
page read and write
221D3200000
heap
page read and write
221D3318000
heap
page read and write
221D7E53000
trusted library allocation
page read and write
28C39202000
heap
page read and write
213B8AC2000
trusted library allocation
page read and write
213B7CA0000
heap
page read and write
28C399C0000
trusted library allocation
page read and write
221D80DA000
heap
page read and write
221D339B000
heap
page read and write
28C39252000
heap
page read and write
1D5DC502000
heap
page read and write
28C3927E000
heap
page read and write
221D2A5A000
heap
page read and write
221D3581000
trusted library allocation
page read and write
221D8300000
trusted library allocation
page read and write
221D80EE000
heap
page read and write
213B7D50000
heap
page read and write
221D7E20000
trusted library allocation
page read and write
20A71851000
heap
page read and write
221D7E10000
trusted library allocation
page read and write
94829FB000
stack
page read and write
DE70AFF000
stack
page read and write
20A7183C000
heap
page read and write
221D3358000
heap
page read and write
221D8320000
trusted library allocation
page read and write
221D8310000
remote allocation
page read and write
221D82D0000
trusted library allocation
page read and write
221D8106000
heap
page read and write
213B8AC0000
trusted library allocation
page read and write
ACDA87A000
stack
page read and write
221D800C000
heap
page read and write
5F6E27F000
stack
page read and write
221D3318000
heap
page read and write
20A71908000
heap
page read and write
ACDB27A000
stack
page read and write
ACDAD7F000
stack
page read and write
221D3359000
heap
page read and write
ACDAE7A000
stack
page read and write
948258B000
stack
page read and write
221D8053000
heap
page read and write
221D8221000
trusted library allocation
page read and write
1D5DC43E000
heap
page read and write
213B7FA0000
trusted library allocation
page read and write
213B8ACA000
trusted library allocation
page read and write
221D80A2000
heap
page read and write
213B7D8B000
heap
page read and write
DE70A7C000
stack
page read and write
91F8FFB000
stack
page read and write
221D3E10000
trusted library allocation
page read and write
1D5DC457000
heap
page read and write
ACDACFE000
stack
page read and write
221D7FF0000
trusted library allocation
page read and write
ACDA77A000
stack
page read and write
28C39300000
heap
page read and write
221D33DC000
heap
page read and write
28C3928A000
heap
page read and write
1D5DC402000
heap
page read and write
213B7FD0000
trusted library allocation
page read and write
20A71870000
heap
page read and write
213B7D8D000
heap
page read and write
221D7EA0000
trusted library allocation
page read and write
221D31C0000
trusted library section
page readonly
221D2A13000
heap
page read and write
221D8106000
heap
page read and write
1D5DCC02000
trusted library allocation
page read and write
20A71900000
heap
page read and write
221D7FCC000
trusted library allocation
page read and write
221D80D8000
heap
page read and write
20A71881000
heap
page read and write
221D3E03000
trusted library allocation
page read and write
91F90FE000
stack
page read and write
20A71876000
heap
page read and write
221D810F000
heap
page read and write
221D3318000
heap
page read and write
213B7D84000
heap
page read and write
221D8000000
heap
page read and write
221D2AB6000
heap
page read and write
221D2A8D000
heap
page read and write
213B8AC6000
trusted library allocation
page read and write
1D5DC469000
heap
page read and write
221D813F000
heap
page read and write
ACDABFE000
stack
page read and write
213B7FC5000
heap
page read and write
28C39227000
heap
page read and write
20A7184C000
heap
page read and write
221D3318000
heap
page read and write
221D84A0000
trusted library allocation
page read and write
20A71856000
heap
page read and write
221D2A94000
heap
page read and write
DE70D7B000
stack
page read and write
ACDA97F000
stack
page read and write
213B8B10000
trusted library allocation
page read and write
28C39280000
heap
page read and write
213B7D8B000
heap
page read and write
221D8208000
trusted library allocation
page read and write
213B7F10000
heap
page read and write
221D339B000
heap
page read and write
28C39213000
heap
page read and write
1D5DC210000
heap
page read and write
213B7FC9000
heap
page read and write
221D8108000
heap
page read and write
221D7E50000
trusted library allocation
page read and write
28C3923C000
heap
page read and write
28C39120000
heap
page read and write
1D5DC280000
heap
page read and write
20A72002000
trusted library allocation
page read and write
20A71590000
heap
page read and write
221D84C0000
trusted library allocation
page read and write
221D820E000
trusted library allocation
page read and write
213B8D40000
heap
page readonly
9482B79000
stack
page read and write
221D3358000
heap
page read and write
ACDAB7E000
stack
page read and write
221D2A3F000
heap
page read and write
221D29E1000
trusted library allocation
page read and write
221D7FC4000
trusted library allocation
page read and write
221D7FF0000
trusted library allocation
page read and write
9482A7E000
stack
page read and write
221D82E0000
trusted library allocation
page read and write
20A71829000
heap
page read and write
ACDA47B000
stack
page read and write
221D2A78000
heap
page read and write
221D8109000
heap
page read and write
221D8310000
remote allocation
page read and write
221D2920000
trusted library section
page read and write
221D8102000
heap
page read and write
221D8106000
heap
page read and write
ACDA4FE000
stack
page read and write
ACDA57D000
stack
page read and write
28C3925B000
heap
page read and write
221D8108000
heap
page read and write
28C39308000
heap
page read and write
221D3202000
heap
page read and write
221D39E0000
trusted library allocation
page read and write
221D27A0000
heap
page read and write
221D810D000
heap
page read and write
20A715A0000
heap
page read and write
221D339A000
heap
page read and write
221D33DC000
heap
page read and write
221D7FC0000
trusted library allocation
page read and write
221D8400000
trusted library allocation
page read and write
221D3501000
trusted library allocation
page read and write
28C39313000
heap
page read and write
221D2AA9000
heap
page read and write
5F6DE7E000
stack
page read and write
1D5DC220000
heap
page read and write
221D3E00000
trusted library allocation
page read and write
28C390C0000
heap
page read and write
221D3358000
heap
page read and write
221D8310000
remote allocation
page read and write
ACDAAFE000
stack
page read and write
221D2A70000
heap
page read and write
221D2A8F000
heap
page read and write
213B7CB0000
trusted library allocation
page read and write
1D5DC400000
heap
page read and write
221D3313000
heap
page read and write
221D80F6000
heap
page read and write
1D5DC513000
heap
page read and write
20A71600000
heap
page read and write
9482BFD000
stack
page read and write
28C39302000
heap
page read and write
221D2B02000
heap
page read and write
28C3927E000
heap
page read and write
221D3300000
heap
page read and write
221D812D000
heap
page read and write
There are 267 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html
malicious