Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: Number of links: 0
Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: Number of links: 0

Suspicious form URL found

Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: Form action: https://uudismelecopar.website/.65ft/a1zn.php
Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: Form action: https://uudismelecopar.website/.65ft/a1zn.php

No HTML title found

Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: HTML title missing
Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: HTML title missing

Form action URLs do not match main URL

Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: Form action: https://uudismelecopar.website/.65ft/a1zn.php mobilemoolah uudismelecopar
Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: Form action: https://uudismelecopar.website/.65ft/a1zn.php mobilemoolah uudismelecopar

Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: No <meta name="author".. found
Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: No <meta name="author".. found

Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: No <meta name="copyright".. found
Source: https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 64.227.108.223:443 -> 192.168.2.3:62205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.227.108.223:443 -> 192.168.2.3:62206 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 5MB later: 10MB

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50578
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57409
Source: unknown	Network traffic detected: HTTP traffic on port 61763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53129
Source: unknown	Network traffic detected: HTTP traffic on port 60513 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55592
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60935
Source: unknown	Network traffic detected: HTTP traffic on port 58972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60513
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61763
Source: unknown	Network traffic detected: HTTP traffic on port 62205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50578 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52881
Source: unknown	Network traffic detected: HTTP traffic on port 53129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62205
Source: unknown	Network traffic detected: HTTP traffic on port 62206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55592 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54771
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59062
Source: unknown	Network traffic detected: HTTP traffic on port 50367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61994

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42

Source: unknown	HTTPS traffic detected: 64.227.108.223:443 -> 192.168.2.3:62205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.227.108.223:443 -> 192.168.2.3:62206 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Temp\e6e382af-a0ac-45a7-bb4c-8b7026be385b.tmp

Source: classification engine

Classification label: mal80.phis.win@27/80@10/211

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://dik.si/OB6x6
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,1225860649479586440,12493433813693861157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,1225860649479586440,12493433813693861157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62914E16-199C.pma

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.108.199	unknown	United States	15169	GOOGLEUS	false
142.250.185.234	unknown	United States	15169	GOOGLEUS	false
142.250.185.110	unknown	United States	15169	GOOGLEUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
172.217.23.110	clients.l.google.com	United States	15169	GOOGLEUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.227.108.223	wealthprogress.mobilemoolah.net	United States	14061	DIGITALOCEAN-ASNUS	false
188.114.96.3	dik.si	European Union	13335	CLOUDFLARENETUS	true
69.16.175.10	unknown	United States	20446	HIGHWINDS3US	false
142.250.184.237	accounts.google.com	United States	15169	GOOGLEUS	false
185.199.108.153	lipis.github.io	Netherlands	54113	FASTLYUS	false
142.250.186.42	unknown	United States	15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.184.234	unknown	United States	15169	GOOGLEUS	false
142.250.186.99	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
wealthprogress.mobilemoolah.net	64.227.108.223	true
stackpath.bootstrapcdn.com	104.18.11.207	true
dik.si	188.114.96.3	true
lipis.github.io	185.199.108.153	true
accounts.google.com	142.250.184.237	true
cdnjs.cloudflare.com	104.17.25.14	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
clients.l.google.com	172.217.23.110	true
clients2.google.com	unknown	unknown
code.jquery.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://wealthprogress.mobilemoolah.net/wp-content/plugins/lgalmgawdq/aaa/adob/adob/	true	0%, Virustotal, Browse	unknown

ID:	635131
Product:	CloudBasic
Start time:	15:17:20
Start date:	27.05.2022
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\0619541d-efde-4b97-89ac-87858b26a841.tmp	data	63E8F27DCC6773B05C2D2FEB1EBCBB85	4E4E7A1A7BE5B53047ACBB7DD1F47958F97557C6	8D48BB71F19C9097122E97BB1190D2BCB136B29F856DB7F794FCD0D69CB70F75
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\25c5704a-c4c4-45e5-bad7-da092eccf1c6.tmp	ASCII text, with very long lines, with no line terminators	21F611838444D5AC217A484205BB81B3	20C37D309252CDA567DF00E5F1BB51E52DEEE481	EF0CCBC4BA47C543B446D2B7E298F30EE0A10171A6B181DDEC4FFDCD8065BFCA
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\4f00d8ec-401a-4099-ac30-3d87fe0c9e6a.tmp	data	103E4CD8462909AC83B4A290DBCF8CA5	B320B177C746E38097E0D36B2B59A02FC0F4B3B7	5E95697F73F4BE72307270CB816A17CD64DE4A36B4F4B9B6F80D511CE55917D7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\64269ed6-12ae-4006-864a-8e675020f08d.tmp	ASCII text, with very long lines, with no line terminators	6AA7F56BE8E4ED1AEC7FD209AB1332B0	C484C9F7B68FBF4CF785A5E4265B16D381A5AE80	08613058C294BC8C1ED9B0530AA705BD4D53ED5D781A7BD2833D8F3B300BC1CB
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	FA7200D6F80CD1757911C45559E59C0E	89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88	D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\0d47c0b4-99d5-45d8-922b-159a9522a808.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\1096a981-e73d-4c14-8a47-cae7cb5d6ffe.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	13CFF5C8A78AA0AA0086727BF29B88E8	F7263D222B5909E4EDA09ED53B80FAFBD1E54C76	D4873DE9ECACACE937BA4B277DC89D7A8213ADA4ACC373F76C4A8F8A151DC2AA
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\172a1c50-8599-425d-bdd4-d45b04ff3809.tmp	ASCII text, with very long lines, with no line terminators	C6A4D257F0C34DAEB0FF5F1633C834B0	587CB8FE720AAE84EBFA76BEC6CF03BFE4B7E46F	B62490EF860AD814987E6133935A02F57FC2E3CF367A06EACFBDF28F89662E98
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\1d10d499-946d-4ce6-8a41-4e0a2b5dcf6b.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	F0502DDEE17CF9CC0B14D250E847CD32	060DD171EC6F40046D51276DE384865028271240	74F585E5E6FB01CF8F4B39D5905BCD126DF948AC6D77281A394C86CD35E55DC7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\34fa52f1-05c0-416a-8395-acd446f995c7.tmp	ASCII text, with very long lines, with no line terminators	CAB8BEABE7E66A4015C98A3C77B3698B	C960AAAEA7014E105290C7D0F09BFCA837C8E8CC	75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\5cff33d4-9fbd-4675-9b11-de0641751f64.tmp	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\7d890a49-9aa9-45f9-bba6-f733dca8abec.tmp	ASCII text, with very long lines, with no line terminators	1A666F1184C6D4FB77A1DA15B9E51F7C	53AA28A42399E9B7B29275058A5F23926AF95071	3A3844A32ABA4ADB0E2965FB6E6D5E9BAA4C5908AB1A557E72996117E91B6AA8
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\8cdfc90c-3ed5-419d-86b2-7d4b33ace0b1.tmp	ASCII text, with very long lines, with no line terminators	66754F90CA0F5614EDA3D7C492AA2608	59185F6BD3EC3802CB881EB406E0854A0DC2ABA0	43B7F7797D22B52A97639A25378CA440CFE7FC3315EE0AD8B15359DCF7E700C7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	2E2110A99AD3AE9721A458C95C64C868	72AE17599EDC0B2DC61C41D946E3E296864F2CBA	BB46BA705D5F6F43F66B07EA5DA4CC7CC0BF8FE635CCC4EBBA30A5D4A54158DE
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	05CD0CBAF4C0D701E284A82E9C77E07D	06D6D98A4AE7210DF999D53659C45EC048EC2416	FC0A5897F57B0710F0B5A61F2A3FF412E015F6D47EAB89109265C72F9AE57735
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	CAB8BEABE7E66A4015C98A3C77B3698B	C960AAAEA7014E105290C7D0F09BFCA837C8E8CC	75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	1A666F1184C6D4FB77A1DA15B9E51F7C	53AA28A42399E9B7B29275058A5F23926AF95071	3A3844A32ABA4ADB0E2965FB6E6D5E9BAA4C5908AB1A557E72996117E91B6AA8
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	4E4B9AD744E9D67195644F9F6D9F1816	62B07680161A95DD2F187634E91312B23B6AC050	EFF0B7FB69050941E2E2DFE79E2A081FA4D18F89F233D1022811861202410367
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\ce1b6615-639b-40d0-89a2-f28631b5608e.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	4E4B9AD744E9D67195644F9F6D9F1816	62B07680161A95DD2F187634E91312B23B6AC050	EFF0B7FB69050941E2E2DFE79E2A081FA4D18F89F233D1022811861202410367
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\fcda211c-ffd3-45d2-a084-fc61f74add84.tmp	ASCII text, with very long lines, with no line terminators	ACC8034618E6F7C96E7FD3109102B1F8	B2BF3E5B5974A6AE7587771CF95E175CCD7096F7	3D9C5D9EA0E571E13F0F491ECCC07CA24C8A22C22A856980805552B90B49AC03
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	3A0E5D4F452CF99191634D0FFAB744A0	F115BBB898EEFF640D8D19AD44A86C3FCDFFC0AD	B9D528D3AE283039F4700C7E4E790744C58A26353A91B536DD91CBA4F648A35F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	21F611838444D5AC217A484205BB81B3	20C37D309252CDA567DF00E5F1BB51E52DEEE481	EF0CCBC4BA47C543B446D2B7E298F30EE0A10171A6B181DDEC4FFDCD8065BFCA
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadAllowlist.store_new	data	69BA418A3AAA7E798AC9D2529D38450D	3CED151CA242772D33B65823C464983D25290971	6A8B167A771891BE2FD100E5B9012A19C53CF2C78F2150BC1E1AA05A94EF5E24
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store_new	data	0B403BC243C1962288CBCD6283D19BE2	B7811FD529BC482B690347A6B346BAD529E3D5D6	9FB910F8C545F2EB7A44EF6D8F65DDF1BB1756C5376AF8A8065E7AFAEBC44B40
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store (copy)	data	37780C7EE0D6A1144E43A63A5ED49A21	79FFFF451BCF7AFDCE2F097C652040BE96D5826A	B853EF13A189F3C0D3EE863EEA03B5D9EC88BE70A1F3BEF0414058971A2601B7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store_new	data	37780C7EE0D6A1144E43A63A5ED49A21	79FFFF451BCF7AFDCE2F097C652040BE96D5826A	B853EF13A189F3C0D3EE863EEA03B5D9EC88BE70A1F3BEF0414058971A2601B7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store_new	data	8BE60835ACBD61B21BE993962E7CCB3F	4FE69E7D62317F1B718E1B02A8E016EA7C384EE3	7CBA8B2699D54AFDBBDEC5299D51684D04C4FE4E4645866FF988C12BB2DDBA6F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store (copy)	data	5B99783DEFBFBEBF0B8BC48561BA9719	117AF9E2AC91B9372D0537F705E11870CE520393	D8CB2358A14D429A4ACD4BECB02E0AD427CC64F5EA3E77CC64F86E2B0193D86E
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store_new	data	5B99783DEFBFBEBF0B8BC48561BA9719	117AF9E2AC91B9372D0537F705E11870CE520393	D8CB2358A14D429A4ACD4BECB02E0AD427CC64F5EA3E77CC64F86E2B0193D86E
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdAllowlist.store (copy)	data	AF9C6A34368E7C2916C23D5E6A406E93	969433E292832A1AB86CB7CFBC7D7C0EBFBB2181	0CBD52E1E61702E65676DA2C07EC317A2C82D3504E9610DB89C101049EA1B433
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdAllowlist.store_new	data	AF9C6A34368E7C2916C23D5E6A406E93	969433E292832A1AB86CB7CFBC7D7C0EBFBB2181	0CBD52E1E61702E65676DA2C07EC317A2C82D3504E9610DB89C101049EA1B433
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadAllowlist.store (copy)	data	29DBFC0C369F8CD2973533008CFA1F11	893833F685E5BC722B80244BBCA1124ADC8125B8	DBBD200AA0AC84FF7C56684D0203B0901A78C4A7DC39E88D0565728BBEFCBF91
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadAllowlist.store_new	data	29DBFC0C369F8CD2973533008CFA1F11	893833F685E5BC722B80244BBCA1124ADC8125B8	DBBD200AA0AC84FF7C56684D0203B0901A78C4A7DC39E88D0565728BBEFCBF91
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store_new	data	813830870D211EA5F0D0F2C435E989DB	3DB6EA9778E8D4DEB7ED952994193B96CFE781C4	9336507C53C2E5BE7EF1EB2252EB2312665070E9E604484723324AF67B3F4CD5
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store_new	data	AE40C4946495034F4EF2C7129C21648D	BDB314C13FFB7A0EB9221C37C642DCA61C682F8C	A30DE08D5F76ACECD64C145A91D8200435DA38D2B17F9D72405E60FF07799EE3
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store_new	data	DB60D7D52510E6D6BBBCA5F1366189DC	89BEEC4A66C3D50B0B4BFEC2C40D257364FAABD9	5464271315A0AA7B4BDBCAE51AA3F6C31EE736C96F70A107674E0C17281B3FC7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\c94138de-6848-4f43-b71b-e76ac760e80c.tmp	ASCII text, with very long lines, with no line terminators	FF6FC78476ECB78274EAEE97AA3B7C8F	BE7340FFB6F0F20DF4850516E79D47AC064C7EAB	A0292FF08DDDC95FBF8864CAA5C8F01AA7B54164D5CCB214531AAAAA2C71893B
C:\Users\alfredo\AppData\Local\Temp\272f4f39-0e9b-4c7e-b99d-40cb357b043d.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\alfredo\AppData\Local\Temp\6556_1793275814\SortingLshClusters	data	0F63C5027C2425412AFDE4B88D9BDDE8	98457E193D6DD71525AEB3F48CD13B6455C35B9F	C8232B6128DC4759DB73245BD110589BA2D910DB20FB6367AFB6E6D9E4C1F54B
C:\Users\alfredo\AppData\Local\Temp\6556_1793275814\manifest.json	ASCII text	441350F2F2F1F5726A84E989F3F9BF91	C9530224671F181AE8ED47DBA82741B8AD920EA9	3640148F4EADB7D60185671799C27A8C530295076AF9179705EAA6D4C544D627
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\bg\messages.json	ASCII text, with very long lines	D7A97183BCBD5FB677AA84D464F0C564	CDBB279B864E2C0A51E0892B8714131802586506	76EFAD74EB8256B942727C42261147EB9CCA48DA284DB3CDCE5DC6A3B4346F02
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\ca\messages.json	ASCII text, with very long lines	58BA5F65ED971591D1F9D81848EE31D0	BDA3C8B74653334FC8F060CAFBCEA58DF0113AB7	CDD91587F5AF2C865776B36A5E9A07B10D21B9D911DE0B814B7A1E94B14AE885
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\cs\messages.json	ASCII text, with very long lines	43161EFFA28A0DBFC67B8F7DBE1B5184	FE0A9235A59B51B7F564F14FF564344927F035B8	3A04421DF5218E8ABD3B0E2AFE11E8338D7BDCBCD1ADB122416944B102BC9696
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\da\messages.json	ASCII text, with very long lines	31264DDBF251A95DE82D0A67FA47DB3A	3A48DC7AF26A153594C7849E1D92AAC31296459B	EDB51898A6C73D0090D6916B7B72EBAC71E964EABB5BA7CD68E21966024F0D23
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\de\messages.json	ASCII text, with very long lines	7639B300B40DDAF95318D2177D3265F9	BF9EFDF073231CB3FCFCA5CCCA25B079ECFC45BD	356A9D4ADFEC484DA824E7A72059B724B1686FC90082F4A4B667630436D593B0
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\el\messages.json	ASCII text, with very long lines	3026E922B17DBEE2674FDAEE960DF584	76602B1E3449F1B67DE42FD31A581B0821BFEFF0	876845B5A061FAB3CF2A1466E01015DC40DF8449F1CB4205F575CEBED8717BAD
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\en\messages.json	ASCII text, with very long lines	DBEDF86FA9AFB3A23DBB126674F166D2	5628AFFBCF6F897B9D7FD9C17DEB9AA75036F1CC	C0945DD5FDECAB40C45361BEC068D1996E6AE01196DCE524266D740808F753FE
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\es\messages.json	ASCII text, with very long lines	3F4B0F56C2839839FC3E3270ED4CB7B6	0D74EA655EAE3990E95BD26F6E1467EDF3EB3478	1912EA5E0A62BBC669DC14AB5A5BD5514B0502C483EE1F27C3F8834384187079
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\es_419\messages.json	ASCII text, with very long lines	1FD5DAF46C4D7C4F571C263EC37B943B	A57EE5EF6861F88005C2230EA3D633A1B4CA105A	BCC2CF06F66E9E3BB4B7887D0EE0AE4A72A6C49F4B2A578A7733B78208984417
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\et\messages.json	ASCII text, with very long lines	0293A7BAE6EEE62C4067A80E262D6A2D	E76B07BD49FFBBFB6841B7335CBE7A9620714402	D06F20D4D68D1DBB89EF7D8E405D9499CB2EB2560217CD5B4A51AB1DD50CAB44
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\fi\messages.json	ASCII text, with very long lines	E5BBE7DBBE75F45BDCD49DB8C797106E	0F069D7D19768180945F0D8B67DC71262FD586A2	BFFB2248B4C66306133FA6ECBB1541F44B3BE22CC8D9A338D690E0B1D0C85532
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with very long lines	658DAD2AF2DC3AC1567D84E8B95F68B0	EE1121215960EC5ED5F7B6BDB8E4680731EBF83D	978BA6D814CF290016833BBAC22DC7C05C2C575B1D6429B9BB14F8C2156BCF29
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\fr\messages.json	ASCII text, with very long lines	1E32A78526E3AC8108E73D384F17450B	BFE2E47D888BA530A27DD1BDE25C46433C2A545C	80F6EE69F1E022812BCCC1DE1CDC53772CDF90F4E93224161B23FA607D45136A
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\hi\messages.json	ASCII text, with very long lines	B739E3B798D3EEB8AFB3E368455A8E97	56E206DD0AC7EB7B179911BE3F7DD78059CBD4F3	BA7A53A1398168719F2ACD58CC5FE06AB0B769ECA896D70E7208B18085B42FFA
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\hr\messages.json	ASCII text, with very long lines	9CF848209FF50DBF68F5292B3421831C	D29880B7B15102469123D8747BF645706CE8595B	EA1744C3CFBAA684A31A00067E8493ED114EFF3E878C797C9C55A7B122D855CD
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\hu\messages.json	ASCII text, with very long lines	4AD92AFDE3408FBBE43B0C3C71677650	3488901077F336A3196F9AE116E36DF1674E1ACA	61258FE04C23AE14FDC99EE846CEA71CC703990CC0F80C3934299646E86C475E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\id\messages.json	ASCII text, with very long lines	9008516AA1D8F8C2B8ECE70B7E4963AD	EA7AD4BE77A80A4B9FB1E59A340010830E494747	89CAB0AF2B53C6ABEB93C8C628DDCBDD286A7A2672FE03440411BB654E3A0675
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\it\messages.json	ASCII text, with very long lines	BB9C32BA62DDA02F9471C64B5F9CF916	9825037D5D9185C58456CDD887C77B10A41D8C84	43A0B113D3773BA78F82BB9E42DDC46F6892D0FBBB351F94A7C105E4A146E9C1
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\ja\messages.json	ASCII text, with very long lines	96C8CBD161D3CE9CB1A46CB2CD0C6583	78BBFCF035B5B620E353C8E520653ADD3F4E7DB8	81D8F1D9F72B3139BC5D9845BCF82990308FB6175D07514D8238B1E6D5D02E8A
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\ko\messages.json	ASCII text, with very long lines	3CAF23A8EA2332D78B725B6C99EC3202	95C3504F55A929449EF2E3AB92014562AACD39AD	BFE72BBC492B9018A599CB6575366696E431E6A38400E4B2ED06EAE3340D3AE5
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\lt\messages.json	ASCII text, with very long lines	41F2D63952202E528DBBB683B480F99C	9DD998542DBE6609299D4A5A25364A32FA7D7865	FF7C083CD1E6134DD8263C634336EB852274BAD1BFAD18762814C42BC65309D8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6556_981249767\CRX_INSTALL\manifest.json	ASCII text	6CA25F3EF585B63F01BCDF8635120704	00C063811E31EA5F9A00F175A71EA25E7821F621	49D9DE983F7436BA786E6E04A5A20C10F41687AE06B266B1B6553F696719563D
C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209

Windows Analysis Report
https://dik.si/OB6x6

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://dik.si/OB6x6

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://dik.si/OB6x6