IOC Report
https://gmail.us14.list-manage.com/track/click?u=957e6b6833ddd63bbe471b4e4&id=18858b02d6&e=7ce018b90e#*giangaddo.prati@barilla.com*

loading gif

Files

File Path
Type
Category
Malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\2144eb76-9988-4814-bb3c-eb1b507b70af.tmp
SysEx File -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\24fe8e84-07a8-48b2-9c23-033ac95a1ac6.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\405177b2-0f7d-4cc0-a1d6-ed6daf9867bb.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\4105089a-6552-48c9-b3c4-e297fdabad08.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\90794f5d-3bc7-4264-a72e-c6700a93214f.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\16448de7-8bcb-4156-82bd-e699b25fabc2.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\65663aee-0d9b-4769-92bb-037263a6287b.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\77bd5fc6-5583-47f9-a2ea-d79864a3b8d7.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\833a5906-20c8-4671-8c0b-7681c7770a6e.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8ae7a63b-de1a-490f-a2fa-893ef24b8dba.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\fa5b6e79-5033-4bc0-90b7-e3b9fbc7d5bc.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\a04363b4-0d0b-4d00-8c82-588863241020.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e1885e46-a4f7-4312-880e-62bd9bf9b4af.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ed68d658-0c94-475a-a0ab-07aec225e10c.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f211fdcc-7adc-4791-84dc-46d680fa51bb.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f2ecfbba-9eb7-42ae-bb62-70f4df5081a4.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\bda09afe-3f78-4cad-ab4f-99f832745be2.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d4c07509-270f-4050-a2af-d874a90cbf3f.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\f903a02f-8c44-424e-a7a6-489b9f2fd02c.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\33bfeec9-b370-46cf-832c-3c6aa0b27512.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_pnacl_json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped
dropped
C:\Users\user\AppData\Local\Temp\6004_270929196\manifest.fingerprint
ASCII text, with no line terminators
modified
C:\Users\user\AppData\Local\Temp\6004_270929196\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\6004_858776472\Recovery.crx3
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\6004_858776472\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6004_858776472\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6004_858776472\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\f206e525-44c4-415a-b8e9-b4cfd8ccda37.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6004_2102744300\f206e525-44c4-415a-b8e9-b4cfd8ccda37.tmp
Google Chrome extension, version 3
dropped
There are 105 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://gmail.us14.list-manage.com/track/click?u=957e6b6833ddd63bbe471b4e4&id=18858b02d6&e=7ce018b90e#*giangaddo.prati@barilla.com*
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,9824543988290587951,10821341976103592091,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8

URLs

Name
IP
Malicious
https://gmail.us14.list-manage.com/track/click?u=957e6b6833ddd63bbe471b4e4&id=18858b02d6&e=7ce018b90e#*giangaddo.prati@barilla.com*
malicious
https://shafquatarefeen.com/favicon.ico
192.154.231.67
malicious
https://shafquatarefeen.com/uhg.html
192.154.231.67
malicious
https://shafquatarefeen.com/uhg.html#*giangaddo.prati@barilla.com*
malicious
https://shafquatarefeen.com/wp-includes/images/w-logo-blue-white-bg.png
192.154.231.67
malicious
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
https://www.google.com/images/cleardot.gif
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/personal_account_0f72b5950600f24e7f9a604b186f3945.png
152.199.23.37
https://shafquatarefeen.com/uhg.html#
unknown
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
104.18.10.207
https://accounts.google.com/MergeSession
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_7916a894ebde7d29c2cc29b267f1299f.jpg
152.199.23.37
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_kx1da7l2dz6nhe9kugk19a2.js
152.199.23.37
https://www.google.com
unknown
https://accounts.google.com
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
152.199.23.37
https://apis.google.com
unknown
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://clients2.google.com
unknown
https://dns.google
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://ogs.google.com
unknown
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
104.17.25.14
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
152.199.23.37
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
104.18.10.207
https://trocha.com.co/gvx
69.172.198.108
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.251.36.238
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.251.36.205
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css
152.199.23.37
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo.png
152.199.23.37
https://www.google.com/images/x2.gif
unknown
http://llvm.org/):
unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
152.199.23.37
https://www.google.com/images/dot2.gif
unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
104.17.25.14
https://i.ibb.co/phX2vBj/0-a5dbd4393ff6a725c7e62b61df7e72f0.jpg
51.210.32.132
https://code.google.com/p/nativeclient/issues/entry%s:
unknown
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.10.207
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
152.199.23.37
https://code.google.com/p/nativeclient/issues/entry
unknown
https://clients2.googleusercontent.com
unknown
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
152.199.23.37
https://www.google.com/
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/work_account_1963c6b1926b773986f53f844ce4c32e.png
152.199.23.37
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
unknown
https://clients2.google.com/service/update2/crx
unknown
There are 40 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
shafquatarefeen.com
192.154.231.67
malicious
stackpath.bootstrapcdn.com
104.18.10.207
cs1100.wpc.omegacdn.net
152.199.23.37
accounts.google.com
142.251.36.205
cdnjs.cloudflare.com
104.17.25.14
part-0017.t-0009.fbs1-t-msedge.net
13.107.219.45
maxcdn.bootstrapcdn.com
104.18.10.207
trocha.com.co
69.172.198.108
clients.l.google.com
142.251.36.238
i.ibb.co
51.210.32.132
gmail.us14.list-manage.com
unknown
aadcdn.msftauth.net
unknown
clients2.google.com
unknown
secure.aadcdn.microsoftonline-p.com
unknown
code.jquery.com
unknown
login.microsoftonline.com
unknown
There are 6 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.5
unknown
unknown
malicious
192.154.231.67
shafquatarefeen.com
United States
malicious
192.168.2.1
unknown
unknown
104.18.10.207
stackpath.bootstrapcdn.com
United States
142.251.36.205
accounts.google.com
United States
142.251.36.238
clients.l.google.com
United States
69.172.198.108
trocha.com.co
Canada
192.168.2.3
unknown
unknown
51.210.32.132
i.ibb.co
France
239.255.255.250
unknown
Reserved
152.199.23.37
cs1100.wpc.omegacdn.net
United States
127.0.0.1
unknown
unknown
104.17.25.14
cdnjs.cloudflare.com
United States
There are 3 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
There are 33 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1DE61615000
heap
page read and write
14305F90000
heap
page read and write
1DE61F70000
trusted library section
page readonly
1DE66702000
heap
page read and write
2498C100000
heap
page read and write
1DE6670D000
heap
page read and write
1DE60F13000
heap
page read and write
1DE66300000
trusted library allocation
page read and write
1DE665E0000
trusted library allocation
page read and write
1F436B90000
heap
page read and write
1DE61700000
heap
page read and write
2498C802000
trusted library allocation
page read and write
1B026E02000
trusted library allocation
page read and write
33A69FD000
stack
page read and write
1DE66705000
heap
page read and write
5707377000
stack
page read and write
14306048000
heap
page read and write
1A0BBBD0000
trusted library allocation
page read and write
1DE61713000
heap
page read and write
5A59A7F000
stack
page read and write
1DE60E8C000
heap
page read and write
5A590BB000
stack
page read and write
1DE66715000
heap
page read and write
1DE666FC000
heap
page read and write
1DE66930000
trusted library allocation
page read and write
14306200000
trusted library allocation
page read and write
1A0BBC4F000
heap
page read and write
14306230000
heap
page read and write
1DE664C1000
trusted library allocation
page read and write
1A87FFE000
stack
page read and write
1DE60E3D000
heap
page read and write
14305E60000
trusted library allocation
page read and write
1DE62300000
trusted library allocation
page read and write
1B026428000
heap
page read and write
1A0BBC70000
heap
page read and write
1DE66940000
trusted library allocation
page read and write
1DE60CA0000
heap
page read and write
14306235000
heap
page read and write
2498C102000
heap
page read and write
1DE66710000
heap
page read and write
1DE664AA000
trusted library allocation
page read and write
2498C069000
heap
page read and write
1DE622F3000
trusted library allocation
page read and write
143061E0000
heap
page readonly
1F436D00000
heap
page read and write
C4D2BFC000
stack
page read and write
1DE666DE000
heap
page read and write
2498BE10000
heap
page read and write
2498C03C000
heap
page read and write
1DE665B0000
trusted library allocation
page read and write
1A0BBC13000
heap
page read and write
1DE6179B000
heap
page read and write
1DE6670D000
heap
page read and write
1DE669A0000
trusted library allocation
page read and write
14306D30000
trusted library allocation
page read and write
1DE615A0000
trusted library allocation
page read and write
1DE665F0000
trusted library allocation
page read and write
1A0BBC02000
heap
page read and write
1DE61901000
trusted library allocation
page read and write
1DE61602000
heap
page read and write
1B026400000
heap
page read and write
1B026413000
heap
page read and write
1A0BBA60000
heap
page read and write
1B026502000
heap
page read and write
14306240000
trusted library allocation
page read and write
1DE66703000
heap
page read and write
1DE66706000
heap
page read and write
1DE666A9000
heap
page read and write
1F436D02000
heap
page read and write
5A5997F000
stack
page read and write
1DE664D0000
trusted library allocation
page read and write
5559CFB000
stack
page read and write
1F436C6A000
heap
page read and write
5706D6C000
stack
page read and write
1DE664E4000
trusted library allocation
page read and write
1DE60EFE000
heap
page read and write
1F437602000
trusted library allocation
page read and write
1A0BBD08000
heap
page read and write
1DE66800000
remote allocation
page read and write
1F436B20000
heap
page read and write
5559FFE000
stack
page read and write
1DE666E0000
heap
page read and write
1DE66702000
heap
page read and write
1A0BBA70000
heap
page read and write
1DE61718000
heap
page read and write
1DE664C0000
trusted library allocation
page read and write
1B02647C000
heap
page read and write
1A87EFE000
stack
page read and write
2498C069000
heap
page read and write
1B026340000
heap
page read and write
1B026402000
heap
page read and write
1DE664A5000
trusted library allocation
page read and write
1DE60E73000
heap
page read and write
5A59777000
stack
page read and write
1DE61F50000
trusted library section
page readonly
1A87DFF000
stack
page read and write
1DE66800000
remote allocation
page read and write
5559DFB000
stack
page read and write
2498C113000
heap
page read and write
2498BF80000
trusted library allocation
page read and write
C4D27FB000
stack
page read and write
1DE66720000
heap
page read and write
1DE60EA1000
heap
page read and write
14306190000
trusted library allocation
page read and write
1DE664AE000
trusted library allocation
page read and write
1DE6662E000
heap
page read and write
1A0BBC56000
heap
page read and write
C4D297E000
stack
page read and write
1DE66570000
trusted library allocation
page read and write
5559EFE000
stack
page read and write
2498C04C000
heap
page read and write
1DE6670E000
heap
page read and write
1DE66621000
heap
page read and write
1DE666DE000
heap
page read and write
1DE60E13000
heap
page read and write
14306F60000
trusted library allocation
page read and write
2498C070000
heap
page read and write
1DE66800000
remote allocation
page read and write
5A5987F000
stack
page read and write
5A5913F000
stack
page read and write
55597EC000
stack
page read and write
1DE66709000
heap
page read and write
1F436C4D000
heap
page read and write
1DE66310000
trusted library allocation
page read and write
1A0BBC2A000
heap
page read and write
1DE6179B000
heap
page read and write
1DE665D0000
trusted library allocation
page read and write
5706DEE000
stack
page read and write
1DE61718000
heap
page read and write
1DE60E96000
heap
page read and write
1A0BBAD0000
heap
page read and write
1DE60E91000
heap
page read and write
5A591BF000
stack
page read and write
1F436C84000
heap
page read and write
1DE666F4000
heap
page read and write
1F436C3C000
heap
page read and write
1DE615B0000
trusted library section
page read and write
1DE61600000
heap
page read and write
1B026350000
heap
page read and write
1DE60E79000
heap
page read and write
1DE664A0000
trusted library allocation
page read and write
C4D2A7F000
stack
page read and write
1DE61E50000
trusted library allocation
page read and write
1A0BBC81000
heap
page read and write
1DE66810000
trusted library allocation
page read and write
14306020000
trusted library allocation
page read and write
1B02643C000
heap
page read and write
5559AFE000
stack
page read and write
1DE66706000
heap
page read and write
1DE61C00000
trusted library allocation
page read and write
1DE60EB1000
heap
page read and write
1DE66320000
trusted library allocation
page read and write
1A0BBC51000
heap
page read and write
C4D1F5F000
stack
page read and write
1F436C53000
heap
page read and write
1A877AE000
stack
page read and write
2498C029000
heap
page read and write
1A0BC402000
trusted library allocation
page read and write
1DE664A7000
trusted library allocation
page read and write
C4D22F7000
stack
page read and write
1DE61759000
heap
page read and write
1DE66614000
heap
page read and write
570757F000
stack
page read and write
C4D287E000
stack
page read and write
1DE666B4000
heap
page read and write
1A87D77000
stack
page read and write
1A8772B000
stack
page read and write
570717C000
stack
page read and write
C4D24FA000
stack
page read and write
33A6B79000
stack
page read and write
1DE66703000
heap
page read and write
1DE66663000
heap
page read and write
1DE666E3000
heap
page read and write
2498C002000
heap
page read and write
2498C108000
heap
page read and write
1B0263E0000
trusted library allocation
page read and write
1DE665F0000
trusted library allocation
page read and write
1DE666E0000
heap
page read and write
1F436C7A000
heap
page read and write
1F436B30000
heap
page read and write
1DE665C0000
trusted library allocation
page read and write
1DE622D1000
trusted library allocation
page read and write
1A87A7E000
stack
page read and write
C4D1EDB000
stack
page read and write
1A0BBC4B000
heap
page read and write
2498BE20000
heap
page read and write
1DE66380000
trusted library allocation
page read and write
1A0BBC8A000
heap
page read and write
1DE61718000
heap
page read and write
1F436C79000
heap
page read and write
1DE61F60000
trusted library section
page readonly
14306040000
heap
page read and write
1DE6670F000
heap
page read and write
1DE66600000
trusted library allocation
page read and write
1A87B7B000
stack
page read and write
1DE66713000
heap
page read and write
1A0BBC3C000
heap
page read and write
143061D0000
trusted library allocation
page read and write
1F436C00000
heap
page read and write
1DE60E00000
heap
page read and write
1DE66641000
heap
page read and write
2498C013000
heap
page read and write
C4D25FF000
stack
page read and write
1DE622F0000
trusted library allocation
page read and write
5A594FB000
stack
page read and write
1430608C000
heap
page read and write
1DE666AC000
heap
page read and write
1DE66390000
trusted library allocation
page read and write
1430608C000
heap
page read and write
33A697F000
stack
page read and write
1DE6179A000
heap
page read and write
1DE60E29000
heap
page read and write
1B026455000
heap
page read and write
1DE61718000
heap
page read and write
1430608E000
heap
page read and write
33A6AFE000
stack
page read and write
1DE664A0000
trusted library allocation
page read and write
33A6BFB000
stack
page read and write
1DE664D0000
trusted library allocation
page read and write
C4D23FA000
stack
page read and write
14306030000
trusted library allocation
page read and write
1DE664E0000
trusted library allocation
page read and write
1A0BBC00000
heap
page read and write
C4D2CFF000
stack
page read and write
5A5957F000
stack
page read and write
1DE60E7C000
heap
page read and write
1B026500000
heap
page read and write
1A0BBD00000
heap
page read and write
1DE66340000
trusted library allocation
page read and write
1F436BC0000
trusted library allocation
page read and write
1DE6664E000
heap
page read and write
1DE66600000
heap
page read and write
14306084000
heap
page read and write
1B0263B0000
heap
page read and write
14306050000
heap
page read and write
14305E50000
heap
page read and write
1F436D08000
heap
page read and write
570727B000
stack
page read and write
1B026513000
heap
page read and write
2498C088000
heap
page read and write
C4D26FA000
stack
page read and write
143060B2000
heap
page read and write
1A87C7B000
stack
page read and write
1DE66707000
heap
page read and write
1DE664C4000
trusted library allocation
page read and write
1DE664A1000
trusted library allocation
page read and write
1DE60C90000
heap
page read and write
1A0BBD02000
heap
page read and write
1430608C000
heap
page read and write
1F436C29000
heap
page read and write
1DE664E0000
trusted library allocation
page read and write
14305FB0000
heap
page read and write
1DE61F30000
trusted library section
page readonly
2498C04F000
heap
page read and write
14306239000
heap
page read and write
1DE61F80000
trusted library section
page readonly
1DE664A8000
trusted library allocation
page read and write
2498C000000
heap
page read and write
1DE66705000
heap
page read and write
1DE61759000
heap
page read and write
570747E000
stack
page read and write
570707E000
stack
page read and write
1DE67000000
heap
page read and write
1DE61718000
heap
page read and write
1DE666E3000
heap
page read and write
1F436D13000
heap
page read and write
1DE60E57000
heap
page read and write
5A5967B000
stack
page read and write
1DE60E8F000
heap
page read and write
C4D2AFF000
stack
page read and write
1B02646E000
heap
page read and write
1A0BBD13000
heap
page read and write
C4D28FE000
stack
page read and write
C4D29FF000
stack
page read and write
1F436C13000
heap
page read and write
2498BE80000
heap
page read and write
33A687B000
stack
page read and write
33A68FE000
stack
page read and write
1DE60D00000
heap
page read and write
1DE61F40000
trusted library section
page readonly
143061F0000
trusted library allocation
page read and write
1DE60F02000
heap
page read and write
1F436C8A000
heap
page read and write
33A6A79000
stack
page read and write
1DE61729000
heap
page read and write
2498C052000
heap
page read and write
There are 276 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://shafquatarefeen.com/uhg.html#*giangaddo.prati@barilla.com*
malicious
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392