Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\15f30535-bb9d-4e3a-9874-6ee193a2e98f.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\227c84e5-a814-40c6-bba2-4b27d39d35a0.tmp
|
SysEx File -
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\4977120e-ab98-44e4-aa03-87608b796362.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\89a54fcc-2f3f-476a-af7e-053f29dd2229.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\9df95275-086d-4b48-ab14-12af502b7e05.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\01297bb9-9604-40c0-ae07-cda5c409bff6.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\563d1f68-1e7f-49cf-95b5-5aba8653d6ed.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5be07fa1-ccbd-401f-a548-6648548bf40b.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\94cb139c-5db3-44df-b17d-c74f0e4c05e4.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\120193ba-0a86-4a54-9836-e68e52baf3d2.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d1d589aa-f29a-4400-8545-7f3988e27b0a.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\de2ec36e-0b84-4b61-8527-33130458a3b8.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
SysEx File -
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\42d57711-867b-4052-ac5b-de1fc9d5eba4.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\8b83a463-ed04-4238-9c6b-58bdd40b2c8e.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\42d57711-867b-4052-ac5b-de1fc9d5eba4.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\fi\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\fr\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\hi\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\hr\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\hu\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\it\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\ja\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\ko\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\lt\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\lv\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\nb\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\pl\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\pt_BR\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\pt_PT\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\ro\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\ru\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\sk\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\sl\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\sr\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\sv\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\th\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\tr\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\uk\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\vi\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\zh_CN\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_locales\zh_TW\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir1416_124225580\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 77 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://gmail.us14.list-manage.com/track/click?u=957e6b6833ddd63bbe471b4e4&id=18858b02d6&e=7ce018b90e#*peter.boyd@southside.com*
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,15411392373280957286,14155618800222134520,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1916 /prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://gmail.us14.list-manage.com/track/click?u=957e6b6833ddd63bbe471b4e4&id=18858b02d6&e=7ce018b90e#*peter.boyd@southside.com*
|
 |
||
|
https://shafquatarefeen.com/uhg.html#
|
unknown
|
|
|
|
https://shafquatarefeen.com/uhg.html#*peter.boyd@southside.com*
|
|
||
|
https://shafquatarefeen.com/wp-includes/images/w-logo-blue-white-bg.png
|
192.154.231.67
|
|
|
|
https://shafquatarefeen.com/favicon.ico
|
192.154.231.67
|
|
|
|
https://shafquatarefeen.com/uhg.html
|
192.154.231.67
|
|
|
|
https://dns.google
|
unknown
|
||
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
|
https://ogs.google.com
|
unknown
|
||
|
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
|
|||
|
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
|
104.17.24.14
|
||
|
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
|
152.199.23.37
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
|
104.18.11.207
|
||
|
https://www.google.com/images/cleardot.gif
|
unknown
|
||
|
https://trocha.com.co/gvx
|
69.172.198.108
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.251.36.238
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.251.36.205
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/personal_account_0f72b5950600f24e7f9a604b186f3945.png
|
152.199.23.37
|
||
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo.png
|
152.199.23.37
|
||
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://www.google.com/images/x2.gif
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
|
104.18.11.207
|
||
|
https://accounts.google.com/MergeSession
|
unknown
|
||
|
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
|
152.199.23.37
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_7916a894ebde7d29c2cc29b267f1299f.jpg
|
152.199.23.37
|
||
|
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_kx1da7l2dz6nhe9kugk19a2.js
|
152.199.23.37
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/images/dot2.gif
|
unknown
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
|
104.17.24.14
|
||
|
https://i.ibb.co/phX2vBj/0-a5dbd4393ff6a725c7e62b61df7e72f0.jpg
|
51.210.3.236
|
||
|
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
|
104.18.10.207
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
|
152.199.23.37
|
||
|
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_9lddfuhsopopkddlczwbda2.css
|
152.199.23.37
|
||
|
https://accounts.google.com
|
unknown
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
|
152.199.23.37
|
||
|
https://clients2.googleusercontent.com
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
|
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
|
152.199.23.37
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/work_account_1963c6b1926b773986f53f844ce4c32e.png
|
152.199.23.37
|
||
|
https://clients2.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 35 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
shafquatarefeen.com
|
192.154.231.67
|
|
|
|
stackpath.bootstrapcdn.com
|
104.18.10.207
|
||
|
cs1100.wpc.omegacdn.net
|
152.199.23.37
|
||
|
accounts.google.com
|
142.251.36.205
|
||
|
cdnjs.cloudflare.com
|
104.17.24.14
|
||
|
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
||
|
trocha.com.co
|
69.172.198.108
|
||
|
clients.l.google.com
|
142.251.36.238
|
||
|
part-0032.t-0009.fbs1-t-msedge.net
|
13.107.219.60
|
||
|
i.ibb.co
|
51.210.3.236
|
||
|
gmail.us14.list-manage.com
|
unknown
|
||
|
aadcdn.msftauth.net
|
unknown
|
||
|
clients2.google.com
|
unknown
|
||
|
secure.aadcdn.microsoftonline-p.com
|
unknown
|
||
|
code.jquery.com
|
unknown
|
||
|
login.microsoftonline.com
|
unknown
|
There are 6 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.154.231.67
|
shafquatarefeen.com
|
United States
|
|
|
|
104.17.24.14
|
cdnjs.cloudflare.com
|
United States
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
104.18.10.207
|
stackpath.bootstrapcdn.com
|
United States
|
||
|
142.251.36.205
|
accounts.google.com
|
United States
|
||
|
142.251.36.238
|
clients.l.google.com
|
United States
|
||
|
69.172.198.108
|
trocha.com.co
|
Canada
|
||
|
51.210.3.236
|
i.ibb.co
|
France
|
||
|
104.18.11.207
|
maxcdn.bootstrapcdn.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
152.199.23.37
|
cs1100.wpc.omegacdn.net
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 2 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
There are 31 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
275B5280000
|
trusted library allocation
|
page read and write
|
||
|
275B03E1000
|
trusted library allocation
|
page read and write
|
||
|
1775DA3C000
|
heap
|
page read and write
|
||
|
A68AA7A000
|
stack
|
page read and write
|
||
|
A68AFFF000
|
stack
|
page read and write
|
||
|
275B0415000
|
heap
|
page read and write
|
||
|
275AFB13000
|
heap
|
page read and write
|
||
|
275B0AB0000
|
trusted library section
|
page readonly
|
||
|
275AF9D0000
|
heap
|
page read and write
|
||
|
275B0270000
|
trusted library allocation
|
page read and write
|
||
|
A68AB7E000
|
stack
|
page read and write
|
||
|
1775DB08000
|
heap
|
page read and write
|
||
|
10DC47B000
|
stack
|
page read and write
|
||
|
275B5270000
|
remote allocation
|
page read and write
|
||
|
275B5400000
|
heap
|
page read and write
|
||
|
275B5502000
|
heap
|
page read and write
|
||
|
275B0FC0000
|
trusted library allocation
|
page read and write
|
||
|
275B51A0000
|
trusted library allocation
|
page read and write
|
||
|
1775D950000
|
heap
|
page read and write
|
||
|
275B5190000
|
trusted library allocation
|
page read and write
|
||
|
275B0518000
|
heap
|
page read and write
|
||
|
10DC67F000
|
stack
|
page read and write
|
||
|
275AF970000
|
heap
|
page read and write
|
||
|
275B6000000
|
heap
|
page read and write
|
||
|
275B52C0000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD27A000
|
heap
|
page read and write
|
||
|
1DFCD202000
|
heap
|
page read and write
|
||
|
275B5171000
|
trusted library allocation
|
page read and write
|
||
|
1775DA02000
|
heap
|
page read and write
|
||
|
275B0BA0000
|
trusted library allocation
|
page read and write
|
||
|
275B54E7000
|
heap
|
page read and write
|
||
|
1775DA59000
|
heap
|
page read and write
|
||
|
275B5050000
|
trusted library allocation
|
page read and write
|
||
|
275B5170000
|
trusted library allocation
|
page read and write
|
||
|
A68B17D000
|
stack
|
page read and write
|
||
|
10DC77F000
|
stack
|
page read and write
|
||
|
275B0402000
|
heap
|
page read and write
|
||
|
275B0A60000
|
trusted library section
|
page readonly
|
||
|
275B52C0000
|
trusted library allocation
|
page read and write
|
||
|
1775E402000
|
trusted library allocation
|
page read and write
|
||
|
275B0518000
|
heap
|
page read and write
|
||
|
1DFCD258000
|
heap
|
page read and write
|
||
|
275B5170000
|
trusted library allocation
|
page read and write
|
||
|
1775DA5C000
|
heap
|
page read and write
|
||
|
A68A67B000
|
stack
|
page read and write
|
||
|
275B0601000
|
trusted library allocation
|
page read and write
|
||
|
275AFA8E000
|
heap
|
page read and write
|
||
|
1DFCD200000
|
heap
|
page read and write
|
||
|
1775DA87000
|
heap
|
page read and write
|
||
|
275B5519000
|
heap
|
page read and write
|
||
|
A68A97A000
|
stack
|
page read and write
|
||
|
275B54A2000
|
heap
|
page read and write
|
||
|
A68AD7B000
|
stack
|
page read and write
|
||
|
1DFCD0F0000
|
heap
|
page read and write
|
||
|
275B543D000
|
heap
|
page read and write
|
||
|
275AFA6E000
|
heap
|
page read and write
|
||
|
275B5600000
|
unkown
|
page read and write
|
||
|
275AFA13000
|
heap
|
page read and write
|
||
|
10DC27E000
|
stack
|
page read and write
|
||
|
275B51A0000
|
trusted library allocation
|
page read and write
|
||
|
275B0A90000
|
trusted library section
|
page readonly
|
||
|
1775DA54000
|
heap
|
page read and write
|
||
|
A68B27C000
|
stack
|
page read and write
|
||
|
275B5500000
|
heap
|
page read and write
|
||
|
275B0500000
|
heap
|
page read and write
|
||
|
1DFCD228000
|
heap
|
page read and write
|
||
|
275B51B4000
|
trusted library allocation
|
page read and write
|
||
|
275B517E000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD302000
|
heap
|
page read and write
|
||
|
A68B2FD000
|
stack
|
page read and write
|
||
|
275AFA8A000
|
heap
|
page read and write
|
||
|
275B0FD0000
|
trusted library allocation
|
page read and write
|
||
|
275AFB02000
|
heap
|
page read and write
|
||
|
275B541F000
|
heap
|
page read and write
|
||
|
275AFA9E000
|
heap
|
page read and write
|
||
|
844695C000
|
stack
|
page read and write
|
||
|
1DFCD213000
|
heap
|
page read and write
|
||
|
A68ADFE000
|
stack
|
page read and write
|
||
|
84469DF000
|
stack
|
page read and write
|
||
|
275B4FD0000
|
trusted library allocation
|
page read and write
|
||
|
275B059A000
|
heap
|
page read and write
|
||
|
275B0900000
|
trusted library allocation
|
page read and write
|
||
|
275B52A0000
|
trusted library allocation
|
page read and write
|
||
|
275B0502000
|
heap
|
page read and write
|
||
|
A68AF7E000
|
stack
|
page read and write
|
||
|
10DC577000
|
stack
|
page read and write
|
||
|
275B52B0000
|
trusted library allocation
|
page read and write
|
||
|
1775D960000
|
heap
|
page read and write
|
||
|
275B5504000
|
heap
|
page read and write
|
||
|
275B54EA000
|
heap
|
page read and write
|
||
|
275B551D000
|
heap
|
page read and write
|
||
|
8446F7B000
|
stack
|
page read and write
|
||
|
A68AE7E000
|
stack
|
page read and write
|
||
|
1775DB00000
|
heap
|
page read and write
|
||
|
275AFA57000
|
heap
|
page read and write
|
||
|
844707F000
|
stack
|
page read and write
|
||
|
1DFCD240000
|
heap
|
page read and write
|
||
|
275B4FF0000
|
trusted library allocation
|
page read and write
|
||
|
275B51B0000
|
trusted library allocation
|
page read and write
|
||
|
1775DA29000
|
heap
|
page read and write
|
||
|
275B5240000
|
trusted library allocation
|
page read and write
|
||
|
275AFB25000
|
heap
|
page read and write
|
||
|
275B544A000
|
heap
|
page read and write
|
||
|
275B0A80000
|
trusted library section
|
page readonly
|
||
|
275B5504000
|
heap
|
page read and write
|
||
|
275B5060000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD160000
|
heap
|
page read and write
|
||
|
275B5270000
|
remote allocation
|
page read and write
|
||
|
A68AC7A000
|
stack
|
page read and write
|
||
|
275AFA29000
|
heap
|
page read and write
|
||
|
1775DA64000
|
heap
|
page read and write
|
||
|
10DBFED000
|
stack
|
page read and write
|
||
|
A68B07E000
|
stack
|
page read and write
|
||
|
275AF960000
|
heap
|
page read and write
|
||
|
1DFCD190000
|
trusted library allocation
|
page read and write
|
||
|
275B5178000
|
trusted library allocation
|
page read and write
|
||
|
275B542B000
|
heap
|
page read and write
|
||
|
275B52D0000
|
trusted library allocation
|
page read and write
|
||
|
1775DA00000
|
heap
|
page read and write
|
||
|
275AFA3D000
|
heap
|
page read and write
|
||
|
8446C7F000
|
stack
|
page read and write
|
||
|
275B0558000
|
heap
|
page read and write
|
||
|
A68B37F000
|
stack
|
page read and write
|
||
|
275B0513000
|
heap
|
page read and write
|
||
|
1775DB02000
|
heap
|
page read and write
|
||
|
275AFA93000
|
heap
|
page read and write
|
||
|
1775DA5F000
|
heap
|
page read and write
|
||
|
275B54E3000
|
heap
|
page read and write
|
||
|
275B54FB000
|
heap
|
page read and write
|
||
|
1DFCD276000
|
heap
|
page read and write
|
||
|
275B0AA0000
|
trusted library section
|
page readonly
|
||
|
1775DA13000
|
heap
|
page read and write
|
||
|
1775D9C0000
|
heap
|
page read and write
|
||
|
275B5010000
|
trusted library allocation
|
page read and write
|
||
|
275B5463000
|
heap
|
page read and write
|
||
|
275AFA73000
|
heap
|
page read and write
|
||
|
275B0FC3000
|
trusted library allocation
|
page read and write
|
||
|
275B0A70000
|
trusted library section
|
page readonly
|
||
|
10DC37B000
|
stack
|
page read and write
|
||
|
10DBF6B000
|
stack
|
page read and write
|
||
|
275B0400000
|
heap
|
page read and write
|
||
|
275B540F000
|
heap
|
page read and write
|
||
|
8446E7B000
|
stack
|
page read and write
|
||
|
1DFCD300000
|
heap
|
page read and write
|
||
|
275AFAB4000
|
heap
|
page read and write
|
||
|
275B0558000
|
heap
|
page read and write
|
||
|
275AFABB000
|
heap
|
page read and write
|
||
|
275AFA00000
|
heap
|
page read and write
|
||
|
275AFAFD000
|
heap
|
page read and write
|
||
|
275B5270000
|
remote allocation
|
page read and write
|
||
|
275B54AF000
|
heap
|
page read and write
|
||
|
1DFCD100000
|
heap
|
page read and write
|
||
|
275B5191000
|
trusted library allocation
|
page read and write
|
||
|
275B54A5000
|
heap
|
page read and write
|
||
|
1775DB13000
|
heap
|
page read and write
|
||
|
1775D9F0000
|
trusted library allocation
|
page read and write
|
||
|
1775DA7D000
|
heap
|
page read and write
|
||
|
A68AEFE000
|
stack
|
page read and write
|
||
|
1DFCD326000
|
heap
|
page read and write
|
||
|
275B5194000
|
trusted library allocation
|
page read and write
|
||
|
275B5290000
|
trusted library allocation
|
page read and write
|
||
|
275AFA78000
|
heap
|
page read and write
|
||
|
844717E000
|
stack
|
page read and write
|
||
|
1DFCDC02000
|
trusted library allocation
|
page read and write
|
||
|
A68A6FE000
|
stack
|
page read and write
|
||
|
1DFCD313000
|
heap
|
page read and write
|
||
|
A68A878000
|
stack
|
page read and write
|
||
|
275B4FE0000
|
trusted library allocation
|
page read and write
|
||
|
A68A77E000
|
stack
|
page read and write
|
||
|
275B0380000
|
trusted library section
|
page read and write
|
There are 160 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://shafquatarefeen.com/uhg.html#*peter.boyd@southside.com*
|
|
|
|
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
|