Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\0f7be02d-d584-4971-8cbc-164c60dba589.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\5016e7fb-f46f-499e-a0e7-abddddd6c9b8.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\0ef28f1c-1ea3-4467-8b3b-e2309fc8bc13.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\41d458f1-bda2-4b34-8b66-aa1385b00e2f.tmp
|
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\6afc5c92-7c1b-42d0-824b-09fc68969c79.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)
|
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\a5832108-1ef2-45fd-a394-0a896cf1e40a.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\aba395b1-e8ce-46f0-b6f0-4267b3d6ddb8.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\b433661d-f17d-4d6b-977d-d5700aedf98f.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\c1aa3767-822d-4f57-a499-20f516fd28ce.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\fd6d6910-7834-4e5e-b361-aad7572e463c.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_pnacl_json
|
ASCII text
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
|
current ar archive
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
|
current ar archive
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9,
stripped
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\905aeff9-e6c0-434e-b123-93d1b46da840.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\bg\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\ca\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\cs\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\da\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\de\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\el\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\es\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\es_419\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\et\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\fi\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\fr\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\hi\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\hr\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\hu\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\it\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\ja\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\ko\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\lt\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\lv\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\nb\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\pl\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\pt_BR\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\pt_PT\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\ro\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
modified
|
||
|
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
|
Little-endian UTF-16 Unicode text, with no line terminators
|
dropped
|
There are 59 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://xm.b82mx.switchon.pk./#.aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnRvbmxpbmUtY29tLmh1Z3Voc2luZ3MuY29tLz91c2VybmFtZT1haGFuc3NvbkBxaWEucWE=
|
 |
||
|
http://xm.b82mx.switchon.pk./
|
173.249.15.152
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
login-microsoftonline-com.huguhsings.com
|
unknown
|
|
|
|
accounts.google.com
|
142.250.184.237
|
||
|
clients.l.google.com
|
142.250.185.142
|
||
|
xm.b82mx.switchon.pk
|
173.249.15.152
|
||
|
clients2.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
216.58.212.138
|
unknown
|
United States
|
||
|
173.249.15.152
|
xm.b82mx.switchon.pk
|
Germany
|
||
|
142.250.181.238
|
unknown
|
United States
|
||
|
142.250.181.227
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.185.142
|
clients.l.google.com
|
United States
|
||
|
142.250.186.131
|
unknown
|
United States
|
||
|
142.250.184.237
|
accounts.google.com
|
United States
|
||
|
173.194.10.104
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
||
|
172.217.16.131
|
unknown
|
United States
|
There are 2 hidden IPs, click here to show them.