Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Doc11245.htm
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\357d26ee-551f-4bfd-be33-4c96fc3487fc.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\82358cdb-3f4f-43e0-90e8-7c222e2b8204.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\968eded4-213e-4335-8466-c66fa7fa0bf4.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\06bb092b-83a5-4b87-be5c-ae7869be22e2.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2c788f32-1960-49c7-a2cb-0f863c0463f8.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3d422c6e-850d-43cc-9116-54e57add4d5d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5668f941-21eb-45ec-8447-ad1322ae6c2a.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5a60856f-f623-4d96-a4f2-dfde67537cc2.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7a4628b9-b5ff-4e62-ac67-9353b89bdb9d.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9a453915-f6b6-48ee-8e06-d73fb1df0326.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\5ade4b7f-6346-4de7-bcd8-d0f705025fd5.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\CURRENT
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001
|
PGP\011Secret Key -
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\11298af9-ca87-4913-90df-e36f3f324c25.tmp
|
ASCII text, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent
State (copy)
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENT
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001
|
PGP\011Secret Key -
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a15ed646-c88c-46a5-a073-10b6533a5e05.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b0aae087-072e-4344-8288-fa4a44e44a48.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c0e9559e-64e1-40ae-8b85-9c47a69e9a7d.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\ba6e816a-a7ec-42ed-9118-3ca6a6afc810.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\d4b41f5d-c77b-412a-b2ea-1c95dd26dc1e.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\13965899-5c90-4780-a345-e6c9514e1b65.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1769dc19-002a-4a4c-ba86-40abba487afc.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2cf6ce9a-7d44-44e3-ac14-b6a67341c71f.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\54069964-70f0-4c11-9903-6a9285329d2a.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\8138a6f7-2e08-49b9-a602-b096471339dc.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\96a21478-8f2c-4225-8449-e4eca0901cc7.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\a71db759-a905-4b5d-933a-d92732b82381.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aab5c5a0-bfcb-4902-88b4-98d03d3918df.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\nb\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir6556_1886960998\aab5c5a0-bfcb-4902-88b4-98d03d3918df.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.acl
|
Little-endian UTF-16 Unicode text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
|
Little-endian UTF-16 Unicode text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
|
Little-endian UTF-16 Unicode text, with no line terminators
|
dropped
|
There are 96 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Doc11245.htm
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,9626963572075201491,17379349607548025094,131072
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://znrton.gq/new/Odrivenew/file/Odrivex/next.php
|
unknown
|
|
|
|
file:///C:/Users/user/Desktop/Doc11245.htm
|
|
||
|
https://iwujch.cf/ado/Odrivenew/file/next.php
|
162.240.215.126
|
|
|
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
|
https://ogs.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=92.0.4515.107&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.185.142
|
||
|
https://www.google.com/images/cleardot.gif
|
unknown
|
||
|
https://code.jquery.com/jquery-3.2.1.slim.min.js
|
unknown
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.186.173
|
||
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
|
104.18.10.207
|
||
|
https://me.kis.v2.scr.kaspersky-labs.com/FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js?attr=LBLzR8kxf
|
unknown
|
||
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://www.google.com/images/x2.gif
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
|
104.18.10.207
|
||
|
https://accounts.google.com/MergeSession
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/images/dot2.gif
|
unknown
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
|
104.17.24.14
|
||
|
https://accounts.google.com
|
unknown
|
||
|
https://clients2.googleusercontent.com
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
|
104.18.10.207
|
||
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
|
https://clients2.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iwujch.cf
|
162.240.215.126
|
|
|
|
stackpath.bootstrapcdn.com
|
104.18.10.207
|
||
|
gstaticadssl.l.google.com
|
142.251.36.35
|
||
|
accounts.google.com
|
142.250.186.173
|
||
|
cdnjs.cloudflare.com
|
104.17.24.14
|
||
|
maxcdn.bootstrapcdn.com
|
104.18.10.207
|
||
|
me.kis.v2.scr.kaspersky-labs.com
|
185.85.13.154
|
||
|
clients.l.google.com
|
142.250.185.142
|
||
|
clients2.google.com
|
unknown
|
||
|
code.jquery.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
162.240.215.126
|
iwujch.cf
|
United States
|
|
|
|
104.17.24.14
|
cdnjs.cloudflare.com
|
United States
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
104.18.10.207
|
stackpath.bootstrapcdn.com
|
United States
|
||
|
142.250.186.173
|
accounts.google.com
|
United States
|
||
|
185.85.13.154
|
me.kis.v2.scr.kaspersky-labs.com
|
Russian Federation
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.185.142
|
clients.l.google.com
|
United States
|
||
|
142.251.36.35
|
gstaticadssl.l.google.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-2660496737-530772487-1027249058-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blocklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-2660496737-530772487-1027249058-1002
|
There are 39 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1C9345A1000
|
trusted library allocation
|
page read and write
|
||
|
1C933281000
|
heap
|
page read and write
|
||
|
65BCDFE000
|
unkown
|
page read and write
|
||
|
227889E0000
|
heap
|
page read and write
|
||
|
845D77E000
|
stack
|
page read and write
|
||
|
1C933B84000
|
heap
|
page read and write
|
||
|
1C938685000
|
trusted library allocation
|
page read and write
|
||
|
845DB7A000
|
stack
|
page read and write
|
||
|
1C934040000
|
trusted library section
|
page readonly
|
||
|
1C938675000
|
trusted library allocation
|
page read and write
|
||
|
1C938790000
|
unkown
|
page read and write
|
||
|
1C938741000
|
trusted library allocation
|
page read and write
|
||
|
5157EFE000
|
stack
|
page read and write
|
||
|
1C9386C3000
|
trusted library allocation
|
page read and write
|
||
|
65BC57E000
|
stack
|
page read and write
|
||
|
515847E000
|
stack
|
page read and write
|
||
|
1C933B4E000
|
heap
|
page read and write
|
||
|
5157F7E000
|
stack
|
page read and write
|
||
|
22788D70000
|
heap
|
page read and write
|
||
|
515827C000
|
stack
|
page read and write
|
||
|
1C933270000
|
heap
|
page read and write
|
||
|
23737030000
|
heap
|
page read and write
|
||
|
1C938A11000
|
unkown
|
page read and write
|
||
|
1C933B37000
|
heap
|
page read and write
|
||
|
1C93867D000
|
trusted library allocation
|
page read and write
|
||
|
1C9332A0000
|
heap
|
page read and write
|
||
|
5157E7B000
|
stack
|
page read and write
|
||
|
1C933F40000
|
trusted library allocation
|
page read and write
|
||
|
2373725B000
|
heap
|
page read and write
|
||
|
1C9386BF000
|
trusted library allocation
|
page read and write
|
||
|
22788D75000
|
heap
|
page read and write
|
||
|
845DA7F000
|
stack
|
page read and write
|
||
|
227889C0000
|
heap
|
page read and write
|
||
|
1C933B5B000
|
heap
|
page read and write
|
||
|
1C933860000
|
trusted library allocation
|
page read and write
|
||
|
1C9386A0000
|
trusted library allocation
|
page read and write
|
||
|
1C938610000
|
trusted library allocation
|
page read and write
|
||
|
1C9387B0000
|
unkown
|
page read and write
|
||
|
1C9386B0000
|
trusted library allocation
|
page read and write
|
||
|
1C933B42000
|
heap
|
page read and write
|
||
|
1C933B61000
|
heap
|
page read and write
|
||
|
1C938A5F000
|
unkown
|
page read and write
|
||
|
1C938753000
|
trusted library allocation
|
page read and write
|
||
|
1C933090000
|
heap
|
page read and write
|
||
|
845D6FC000
|
stack
|
page read and write
|
||
|
1C93325B000
|
heap
|
page read and write
|
||
|
1C9385D0000
|
trusted library allocation
|
page read and write
|
||
|
227889A0000
|
heap
|
page read and write
|
||
|
1C933276000
|
heap
|
page read and write
|
||
|
1C933A00000
|
heap
|
page read and write
|
||
|
1C938A13000
|
unkown
|
page read and write
|
||
|
1C938683000
|
trusted library allocation
|
page read and write
|
||
|
1C933313000
|
heap
|
page read and write
|
||
|
23737276000
|
heap
|
page read and write
|
||
|
1C938690000
|
trusted library allocation
|
page read and write
|
||
|
1C9345D0000
|
trusted library allocation
|
page read and write
|
||
|
23737313000
|
heap
|
page read and write
|
||
|
65BC77E000
|
stack
|
page read and write
|
||
|
1C93322B000
|
heap
|
page read and write
|
||
|
1C933245000
|
heap
|
page read and write
|
||
|
1C93867B000
|
trusted library allocation
|
page read and write
|
||
|
845DAFD000
|
stack
|
page read and write
|
||
|
1C933A15000
|
heap
|
page read and write
|
||
|
23737200000
|
heap
|
page read and write
|
||
|
515857F000
|
stack
|
page read and write
|
||
|
1C933272000
|
heap
|
page read and write
|
||
|
1C9332E4000
|
heap
|
page read and write
|
||
|
65BCEFE000
|
unkown
|
page read and write
|
||
|
1C93332C000
|
heap
|
page read and write
|
||
|
227889E8000
|
heap
|
page read and write
|
||
|
1C9385E0000
|
trusted library allocation
|
page read and write
|
||
|
1C933B00000
|
heap
|
page read and write
|
||
|
1C93876C000
|
trusted library allocation
|
page read and write
|
||
|
1C93867F000
|
trusted library allocation
|
page read and write
|
||
|
1C933254000
|
heap
|
page read and write
|
||
|
1C938A02000
|
unkown
|
page read and write
|
||
|
1C9386BC000
|
trusted library allocation
|
page read and write
|
||
|
1C9387D0000
|
trusted library allocation
|
page read and write
|
||
|
23737229000
|
heap
|
page read and write
|
||
|
65BC67B000
|
stack
|
page read and write
|
||
|
2373728C000
|
heap
|
page read and write
|
||
|
65BCA7E000
|
stack
|
page read and write
|
||
|
1C938766000
|
trusted library allocation
|
page read and write
|
||
|
22788A09000
|
heap
|
page read and write
|
||
|
65BC87F000
|
stack
|
page read and write
|
||
|
65BCCFD000
|
unkown
|
page read and write
|
||
|
1C9330A0000
|
heap
|
page read and write
|
||
|
1C93875A000
|
trusted library allocation
|
page read and write
|
||
|
1C933B47000
|
heap
|
page read and write
|
||
|
1C938687000
|
trusted library allocation
|
page read and write
|
||
|
1C9387C0000
|
unkown
|
page read and write
|
||
|
1C93874A000
|
trusted library allocation
|
page read and write
|
||
|
65BCAFE000
|
unkown
|
page read and write
|
||
|
1C933200000
|
heap
|
page read and write
|
||
|
1C933213000
|
heap
|
page read and write
|
||
|
23737300000
|
heap
|
page read and write
|
||
|
227889EF000
|
heap
|
page read and write
|
||
|
1C938679000
|
trusted library allocation
|
page read and write
|
||
|
2373723F000
|
heap
|
page read and write
|
||
|
1C938750000
|
unkown
|
page read and write
|
||
|
22788940000
|
heap
|
page read and write
|
||
|
1C938720000
|
unkown
|
page read and write
|
||
|
1C933100000
|
heap
|
page read and write
|
||
|
1C938740000
|
unkown
|
page read and write
|
||
|
515837C000
|
stack
|
page read and write
|
||
|
1C93875D000
|
trusted library allocation
|
page read and write
|
||
|
23737790000
|
trusted library allocation
|
page read and write
|
||
|
23736FD0000
|
heap
|
page read and write
|
||
|
1C933B13000
|
heap
|
page read and write
|
||
|
51583FC000
|
stack
|
page read and write
|
||
|
1C9332EB000
|
heap
|
page read and write
|
||
|
1C9386B9000
|
trusted library allocation
|
page read and write
|
||
|
1C9345C0000
|
trusted library allocation
|
page read and write
|
||
|
1C9387D0000
|
unkown
|
page read and write
|
||
|
1C934180000
|
trusted library allocation
|
page read and write
|
||
|
1C933B77000
|
heap
|
page read and write
|
||
|
1C933B6D000
|
heap
|
page read and write
|
||
|
1C938A5B000
|
unkown
|
page read and write
|
||
|
1C93324A000
|
heap
|
page read and write
|
||
|
23736FC0000
|
heap
|
page read and write
|
||
|
1C938650000
|
trusted library allocation
|
page read and write
|
||
|
23737213000
|
heap
|
page read and write
|
||
|
1C933B02000
|
heap
|
page read and write
|
||
|
1C9386CE000
|
trusted library allocation
|
page read and write
|
||
|
65BC97A000
|
stack
|
page read and write
|
||
|
65BCFFA000
|
unkown
|
page read and write
|
||
|
1C933259000
|
heap
|
page read and write
|
||
|
1C938677000
|
trusted library allocation
|
page read and write
|
||
|
1C93325E000
|
heap
|
page read and write
|
||
|
1C933302000
|
heap
|
page read and write
|
||
|
1C938670000
|
trusted library allocation
|
page read and write
|
||
|
1C938A37000
|
unkown
|
page read and write
|
||
|
65BC4FE000
|
stack
|
page read and write
|
||
|
23737802000
|
trusted library allocation
|
page read and write
|
||
|
65BCBFB000
|
unkown
|
page read and write
|
||
|
845D7FE000
|
stack
|
page read and write
|
||
|
1C933C01000
|
trusted library allocation
|
page read and write
|
||
|
1C938681000
|
trusted library allocation
|
page read and write
|
||
|
515817B000
|
stack
|
page read and write
|
||
|
1C938A00000
|
unkown
|
page read and write
|
||
|
1C938746000
|
trusted library allocation
|
page read and write
|
||
|
65BC9FE000
|
stack
|
page read and write
|
||
|
23737318000
|
heap
|
page read and write
|
||
|
65BC47B000
|
stack
|
page read and write
|
||
|
1C9387A0000
|
unkown
|
page read and write
|
||
|
1C9386C5000
|
trusted library allocation
|
page read and write
|
||
|
23737302000
|
heap
|
page read and write
|
||
|
1C933A02000
|
heap
|
page read and write
|
||
|
1C938670000
|
trusted library allocation
|
page read and write
|
||
|
23737258000
|
heap
|
page read and write
|
||
|
1C9391C0000
|
unkown
|
page read and write
|
There are 141 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
file:///C:/Users/user/Desktop/Doc11245.htm
|
|