IOC Report
ClosingDoc.html

loading gif

Files

File Path
Type
Category
Malicious
ClosingDoc.html
HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
initial sample
malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\05177d59-1ac6-4172-bf90-9d4d0db75458.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\1fdbc81e-f4a3-46ca-976b-5297dc767efc.tmp
SysEx File -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\3d732c96-1dcf-4e61-bc21-37146533d5ef.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\45a7e7c8-6f04-47c9-8c63-6dcef45a9b89.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\53914a93-2093-4aa7-bad6-935287d288ca.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\5cdc808e-57e4-41f1-a10d-f9e756319a36.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\6f8db5c9-c440-491e-8eaa-2f7057031dca.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\712d8625-191a-4a96-a318-238daa121581.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\71a01078-cc72-4fff-b45e-ed1d8da38a74.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\7d14a367-b8b6-461c-813a-e2d51bb03563.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\837a1e94-5d5e-4253-a0d2-1101a64e776f.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\91617a51-4ee5-494c-9fe1-a96fc9306244.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\00afc427-620e-441b-9d55-f2fccb3b72e8.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1958cd92-269a-440d-94ce-21e9cf707246.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\64fa19b3-e5c0-44bf-bb7e-f771696cfb5c.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8573d12c-b96a-4d16-917b-88ec3b064883.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\969bdb64-81a0-4122-9156-01dfb77266cc.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\d5b098ac-4631-4a9e-b4a4-5f95b793f089.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\c3374c7e-019a-40ee-bf72-030709ff5750.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a1f83762-104f-4b3c-86cb-f81b59a166c7.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b7c55baf-1466-4b5b-8ec5-f79a396f70ce.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bb7097c4-4445-4094-8a93-0f275566722a.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ef0232b0-f2c9-454e-8a64-e82d66657865.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f28ac788-1b15-49e6-b6a9-3ff69264f316.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir5412_192052981\Ruleset Data
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\aea53507-d1b9-4e25-8112-37a6b52191e5.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\c4d69481-e7c9-454f-8517-0c34bc76516d.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\e91058a8-5ed5-4bd0-af37-7524b343cb75.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\2d2579c9-4c37-4da6-89e6-380180b88327.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\5412_2066527378\Filtering Rules
data
dropped
C:\Users\user\AppData\Local\Temp\5412_2066527378\LICENSE.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\5412_2066527378\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\5412_2066527378\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\5412_2066527378\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_pnacl_json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\5412_515056959\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\5412_75593435\Recovery.crx3
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\5412_75593435\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\5412_75593435\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\5412_75593435\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\6ad0a865-d5b4-4a63-8b44-f76c272eb0b4.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\2d2579c9-4c37-4da6-89e6-380180b88327.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_1297531633\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
There are 119 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\ClosingDoc.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1580,15663332800411292547,1156807434197202323,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8

URLs

Name
IP
Malicious
file:///C:/Users/user/Desktop/ClosingDoc.html
malicious
https://dns.google
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://ogs.google.com
unknown
https://www.google.com/images/cleardot.gif
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.185.142
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
172.217.16.205
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
unknown
https://easylist.to/)
unknown
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
https://www.google.com/images/x2.gif
unknown
https://accounts.google.com/MergeSession
unknown
http://llvm.org/):
unknown
https://creativecommons.org/compatiblelicenses
unknown
https://www.google.com
unknown
https://www.google.com/images/dot2.gif
unknown
https://github.com/easylist)
unknown
https://creativecommons.org/.
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
152.199.23.37
https://code.google.com/p/nativeclient/issues/entry%s:
unknown
https://code.google.com/p/nativeclient/issues/entry
unknown
https://accounts.google.com
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
152.199.23.37
https://clients2.googleusercontent.com
unknown
https://apis.google.com
unknown
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
152.199.23.37
https://www.google.com/
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
unknown
https://clients2.google.com
unknown
https://clients2.google.com/service/update2/crx
unknown
There are 24 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cs1100.wpc.omegacdn.net
152.199.23.37
accounts.google.com
172.217.16.205
clients.l.google.com
142.250.185.142
part-0032.t-0009.fbs1-t-msedge.net
13.107.219.60
clients2.google.com
unknown
code.jquery.com
unknown
aadcdn.msftauth.net
unknown

IPs

IP
Domain
Country
Malicious
13.107.219.60
part-0032.t-0009.fbs1-t-msedge.net
United States
192.168.2.1
unknown
unknown
172.217.16.205
accounts.google.com
United States
239.255.255.250
unknown
Reserved
142.250.185.142
clients.l.google.com
United States
152.199.23.37
cs1100.wpc.omegacdn.net
United States
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
There are 34 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2587163C000
heap
page read and write
1EEB1580000
trusted library allocation
page read and write
6289178000
stack
page read and write
4E3F4FE000
stack
page read and write
272CFCF0000
trusted library allocation
page read and write
28F3DF05000
heap
page read and write
8AA9D7E000
stack
page read and write
1EEB2403000
heap
page read and write
28F3DEB5000
heap
page read and write
1EEB1FB7000
heap
page read and write
1EEB1F4F000
heap
page read and write
1EEB1F98000
heap
page read and write
28F3DF24000
heap
page read and write
1EEB1F98000
heap
page read and write
258715D0000
trusted library allocation
page read and write
628927B000
stack
page read and write
1EEB2402000
heap
page read and write
1EEB16EC000
heap
page read and write
25872002000
trusted library allocation
page read and write
1EEB1F83000
heap
page read and write
9E1B3FE000
stack
page read and write
1EEB1F93000
heap
page read and write
1EEB164B000
heap
page read and write
25871713000
heap
page read and write
1EEB1F95000
heap
page read and write
28709A4A000
heap
page read and write
1EEB16B4000
heap
page read and write
1EEB16B5000
heap
page read and write
28F3DF0F000
heap
page read and write
9E1BA7E000
stack
page read and write
1EEB1FBC000
heap
page read and write
1EEB1F7B000
heap
page read and write
AFD947B000
stack
page read and write
272CEFAD000
heap
page read and write
1EEB2402000
heap
page read and write
1EEB1E02000
heap
page read and write
28709890000
heap
page read and write
1EEB1F74000
heap
page read and write
AFD977B000
stack
page read and write
28F3DF1F000
heap
page read and write
272CF1A9000
heap
page read and write
28F3DF26000
heap
page read and write
1EEB2402000
heap
page read and write
8AA9E7E000
stack
page read and write
272CEF9D000
heap
page read and write
1EEB1F93000
heap
page read and write
1EEB1656000
heap
page read and write
1EEB1F95000
heap
page read and write
1EEB16C9000
heap
page read and write
1EEB2402000
heap
page read and write
94FDEF9000
stack
page read and write
1EEB2402000
heap
page read and write
1EEB1629000
heap
page read and write
9E1B37E000
stack
page read and write
28709A76000
heap
page read and write
272CEF20000
heap
page read and write
258715A0000
heap
page read and write
1EEB1F7B000
heap
page read and write
1EEB1F74000
heap
page read and write
28F3DF04000
heap
page read and write
1EEB1FA6000
heap
page read and write
1EEB1F74000
heap
page read and write
18ACB7E0000
trusted library allocation
page read and write
1EEB1F9F000
heap
page read and write
1EEB2402000
heap
page read and write
1EEB2400000
heap
page read and write
1EEB1FB7000
heap
page read and write
18ACB85A000
heap
page read and write
AFD9AFD000
stack
page read and write
1EEB1410000
heap
page read and write
18ACB902000
heap
page read and write
1EEB1654000
heap
page read and write
1EEB1FA6000
heap
page read and write
272CF160000
trusted library allocation
page read and write
1EEB1FA6000
heap
page read and write
94FDE7E000
stack
page read and write
94FDBAF000
stack
page read and write
1EEB2420000
heap
page read and write
1EEB1F98000
heap
page read and write
1EEB1F95000
heap
page read and write
AFD94FE000
stack
page read and write
28F3DF06000
heap
page read and write
28F3DEE0000
heap
page read and write
1EEB1FA7000
heap
page read and write
9E1B977000
stack
page read and write
28709A00000
heap
page read and write
1EEB1F74000
heap
page read and write
28709A81000
heap
page read and write
1EEB1FBC000
heap
page read and write
1EEB1F90000
heap
page read and write
1EEB16EA000
heap
page read and write
1EEB1F8F000
heap
page read and write
1EEB1716000
heap
page read and write
272CEE90000
heap
page read and write
28709A29000
heap
page read and write
6288D7E000
stack
page read and write
1EEB1FB6000
heap
page read and write
28F3DF1C000
heap
page read and write
1EEB1F84000
heap
page read and write
28709A6F000
heap
page read and write
25871629000
heap
page read and write
25871700000
heap
page read and write
1EEB1F95000
heap
page read and write
1EEB16E7000
heap
page read and write
62892FF000
stack
page read and write
94FDF7F000
stack
page read and write
272CFF30000
heap
page readonly
1EEB1F95000
heap
page read and write
18ACB800000
heap
page read and write
1EEB1F95000
heap
page read and write
272CF1A5000
heap
page read and write
1EEB16FA000
heap
page read and write
1EEB1FB7000
heap
page read and write
8AA9DF9000
stack
page read and write
1EEB16AA000
heap
page read and write
25871540000
heap
page read and write
272CEF48000
heap
page read and write
272CEEA0000
trusted library allocation
page read and write
1EEB1F94000
heap
page read and write
1EEB1F95000
heap
page read and write
272CFF40000
trusted library allocation
page read and write
1EEB1650000
heap
page read and write
1EEB1713000
heap
page read and write
1EEB164F000
heap
page read and write
28709A13000
heap
page read and write
28F3DF1C000
heap
page read and write
1EEB16C2000
heap
page read and write
18ACB913000
heap
page read and write
1EEB1FB8000
heap
page read and write
6288CFB000
stack
page read and write
28709B02000
heap
page read and write
1EEB1F76000
heap
page read and write
18ACB750000
heap
page read and write
1EEB1F98000
heap
page read and write
1EEB2402000
heap
page read and write
272CEF8F000
heap
page read and write
1EEB1702000
heap
page read and write
2870A202000
trusted library allocation
page read and write
1EEB1F74000
heap
page read and write
1EEB1F95000
heap
page read and write
628892D000
stack
page read and write
18ACB879000
heap
page read and write
1EEB1F98000
heap
page read and write
272CEF40000
heap
page read and write
8AA9CF9000
stack
page read and write
4E3F3FE000
stack
page read and write
9E1B77E000
stack
page read and write
272CEF8F000
heap
page read and write
28F3DF20000
heap
page read and write
1EEB1F74000
heap
page read and write
1EEB1F90000
heap
page read and write
1EEB16AB000
heap
page read and write
272CEF9C000
heap
page read and write
18ACB86D000
heap
page read and write
18ACC202000
trusted library allocation
page read and write
8AA9A7C000
stack
page read and write
1EEB15F0000
remote allocation
page read and write
1EEB1F81000
heap
page read and write
1EEB1F7A000
heap
page read and write
9E1B2FB000
stack
page read and write
1EEB1F8F000
heap
page read and write
25871678000
heap
page read and write
1EEB1FA6000
heap
page read and write
1EEB1FA7000
heap
page read and write
28709A55000
heap
page read and write
272CF180000
trusted library allocation
page read and write
1EEB1F15000
heap
page read and write
1EEB1FC7000
heap
page read and write
94FDB2A000
stack
page read and write
1EEB1F00000
heap
page read and write
287098F0000
heap
page read and write
1EEB1F98000
heap
page read and write
1EEB1688000
heap
page read and write
AFD99FF000
stack
page read and write
1EEB1F95000
heap
page read and write
1EEB1600000
heap
page read and write
1EEB15F0000
remote allocation
page read and write
25871613000
heap
page read and write
1EEB1F8F000
heap
page read and write
1EEB1F7E000
heap
page read and write
272CF170000
trusted library allocation
page read and write
1EEB1F8F000
heap
page read and write
18ACB740000
heap
page read and write
AFD967C000
stack
page read and write
272CFF20000
trusted library allocation
page read and write
25871681000
heap
page read and write
1EEB1FB9000
heap
page read and write
272CEF91000
heap
page read and write
1EEB1FD6000
heap
page read and write
1EEB1F5F000
heap
page read and write
1EEB1F76000
heap
page read and write
1EEB1FB6000
heap
page read and write
1EEB163C000
heap
page read and write
1EEB1FA6000
heap
page read and write
1EEB1F1E000
heap
page read and write
18ACB900000
heap
page read and write
1EEB1F95000
heap
page read and write
28F3DEF7000
heap
page read and write
AFD97FF000
stack
page read and write
28709A50000
heap
page read and write
28F3DEF2000
heap
page read and write
1EEB15F0000
remote allocation
page read and write
28F3DCF0000
heap
page read and write
28709880000
heap
page read and write
1EEB1708000
heap
page read and write
1EEB1F7A000
heap
page read and write
94FDFFF000
stack
page read and write
1EEB1420000
heap
page read and write
9E1B6FB000
stack
page read and write
1EEB1F95000
heap
page read and write
1EEB164C000
heap
page read and write
9E1BB7E000
stack
page read and write
1EEB16C2000
heap
page read and write
28F3DF0F000
heap
page read and write
2587164F000
heap
page read and write
28709A3C000
heap
page read and write
25871702000
heap
page read and write
18ACB829000
heap
page read and write
25871708000
heap
page read and write
AFD9BFF000
stack
page read and write
18ACB813000
heap
page read and write
1EEB243E000
heap
page read and write
28F3DEED000
heap
page read and write
1EEB1F83000
heap
page read and write
1EEB1F95000
heap
page read and write
4E3EC8C000
stack
page read and write
1EEB1FA7000
heap
page read and write
28709B13000
heap
page read and write
25871600000
heap
page read and write
1EEB16E0000
heap
page read and write
AFD957E000
stack
page read and write
1EEB1F7F000
heap
page read and write
1EEB1F74000
heap
page read and write
1EEB1F98000
heap
page read and write
272CEF88000
heap
page read and write
1EEB1F7B000
heap
page read and write
1EEB1FB7000
heap
page read and write
1EEB1F7A000
heap
page read and write
28F3DE20000
heap
page read and write
9E1B87B000
stack
page read and write
6288E77000
stack
page read and write
28709A4E000
heap
page read and write
18ACB840000
heap
page read and write
94FE078000
stack
page read and write
1EEB1F8F000
heap
page read and write
1EEB1F72000
heap
page read and write
6288F77000
stack
page read and write
8AA9C79000
stack
page read and write
25871670000
heap
page read and write
1EEB1F7F000
heap
page read and write
1EEB166E000
heap
page read and write
1EEB1480000
heap
page read and write
1EEB1F8F000
heap
page read and write
1EEB164E000
heap
page read and write
1EEB1F95000
heap
page read and write
1EEB1FA6000
heap
page read and write
1EEB1F95000
heap
page read and write
18ACB802000
heap
page read and write
25871530000
heap
page read and write
1EEB1F7B000
heap
page read and write
AFD98F7000
stack
page read and write
25871655000
heap
page read and write
1EEB1F95000
heap
page read and write
1EEB1F51000
heap
page read and write
1EEB1F64000
heap
page read and write
1EEB1F7F000
heap
page read and write
1EEB1F95000
heap
page read and write
272CF1A0000
heap
page read and write
1EEB2402000
heap
page read and write
62888AC000
stack
page read and write
25871665000
heap
page read and write
628907E000
stack
page read and write
272CEF00000
heap
page read and write
62889AE000
stack
page read and write
28F3DF02000
heap
page read and write
28F3DEB0000
heap
page read and write
272CFFA0000
trusted library allocation
page read and write
18ACB877000
heap
page read and write
1EEB1F95000
heap
page read and write
272CEF8F000
heap
page read and write
272CFF50000
trusted library allocation
page read and write
1EEB1F72000
heap
page read and write
1EEB2402000
heap
page read and write
28F3DF1C000
heap
page read and write
1EEB1F92000
heap
page read and write
1EEB1F78000
heap
page read and write
4E3F2FB000
stack
page read and write
25871665000
heap
page read and write
1EEB1F98000
heap
page read and write
1EEB1FA6000
heap
page read and write
28709B08000
heap
page read and write
1EEB1F7B000
heap
page read and write
1EEB1613000
heap
page read and write
28709B00000
heap
page read and write
1EEB1F95000
heap
page read and write
1EEB1FB7000
heap
page read and write
1EEB1F95000
heap
page read and write
1EEB1F87000
heap
page read and write
4E3F1FB000
stack
page read and write
28F3DF0F000
heap
page read and write
1EEB2419000
heap
page read and write
287099F0000
trusted library allocation
page read and write
272CF1B0000
trusted library allocation
page read and write
28F3DEF7000
heap
page read and write
28F3DE40000
heap
page read and write
1EEB2403000
heap
page read and write
1EEB1F7E000
heap
page read and write
18ACB7B0000
heap
page read and write
28F3DEEB000
heap
page read and write
There are 299 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
file:///C:/Users/user/Desktop/ClosingDoc.html
malicious