IOC Report

loading gifFilesProcessesURLsDomainsIPsRegistryMemdumpsDOM108642010010Label

Files

File Path
Type
Category
Malicious
Download
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\099695c3-6035-4124-a6b1-6f136b73835e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\19a56dee-9088-43e7-9ed3-476166115f4f.tmp
SysEx File -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\2b477162-4e57-43f3-970d-2b76389e302f.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\33a70f25-d5bd-4f8e-8abc-1406591bebc6.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\4534a1f8-d36d-451d-973a-90a1320a3fb5.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\679a509e-476c-4930-bb34-ac639f894c4c.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\7973fe94-1984-4a9a-bee9-a599d288ad2b.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0a4a6058-d422-4703-be98-4574384b304f.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\165a8378-f10d-4a9e-9dee-1dfccada9f20.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\29335cdd-86d6-4f3d-8413-57382d2e0536.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4ab450bc-7dd4-4bb0-8095-5117ef8a74ed.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4fea363e-f686-46a5-a814-74d8dcd5abac.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\515409e7-6b24-47c4-b784-0832b2cdb72f.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\53a21b2a-3951-4c03-b07b-f1159639f252.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\696e657a-f8aa-4b81-b040-5814fcb6632c.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6d287a92-e8b8-4b3c-8074-c7822327e98d.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7171c975-6592-4bc2-8007-ca76e492ef76.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7654ac1b-8a64-4aee-a060-605b2d775bbf.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\87477827-3fa1-4073-b293-905b38f3ed65.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9c7e9906-6184-40d9-bd62-b7c328ababc4.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State} (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences. (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesl\ (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\c969abab-a3f1-4f19-81a5-e3c8ab3cb894.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\61ae7b3f-641b-4b4b-8fd6-fab4d52559d4.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\VideoDecodeStats\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\VideoDecodeStats\CURRENT. (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\VideoDecodeStats\MANIFEST-000001
PGP\011Secret Key -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\be5a96b6-dc4c-4167-a0ad-48f36a818c84.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c2197144-b737-4810-a2cc-1dec3fc16790.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c956182f-6baa-4b46-acdb-6a58a64f9ed5.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENTaa (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ec2338f8-858e-4cc3-9dfc-8d80ef46aadb.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ff02ef66-e3a8-495e-8da7-399ea17f4be1.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local Statef8 (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info CacheP. (copy)
SysEx File -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\a07e410c-de0e-4f21-a95c-aedf80ea4085.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d1729299-41ea-4c36-942d-9d72bfb1916d.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d3b274d6-bb21-4dd2-b282-7f440e843fcb.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\fb82ada5-b4ef-46e0-9b8a-7df3d84f5bf6.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\fd3d3031-301b-419a-b29e-a3bc056aab47.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\30c2578d-8631-4363-b2dc-4abc1c780ec2.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\41af2915-51f5-4897-bf38-828833c90425.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_pnacl_json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6060_1862559606\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\ce8f33da-8491-4f7c-aa69-0d87007fc9e5.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\e48990e3-bd94-4f03-b0df-5d93913bae91.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\41af2915-51f5-4897-bf38-828833c90425.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_1172677394\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\30c2578d-8631-4363-b2dc-4abc1c780ec2.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\am\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\ar\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\bn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\en\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\fa\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\fil\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\gu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\id\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\iw\messages.json
HTML document, ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\kn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\ml\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\mr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\ms\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\nl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\pt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\sw\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\ta\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\te\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\zh\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\angular.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\background_script.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\cast_sender.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\common.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\feedback.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\feedback.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\feedback_script.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\manifest.json
ASCII text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\material_css_min.css
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\mirroring_cast_streaming.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\mirroring_common.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\mirroring_hangouts.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6060_971050983\CRX_INSTALL\mirroring_webrtc.js
ASCII text, with very long lines
dropped
There are 192 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://ny-t.r-tb.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,13023897823658162512,2227868781108129078,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1544,13023897823658162512,2227868781108129078,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5072 /prefetch:8

URLs

Name
IP
Malicious
http://ny-t.r-tb.com/
malicious
http://ny-t.r-tb.com/cdn-cgi/styles/cf.errors.css
104.22.65.104
 malicious
http://ny-t.r-tb.com/cdn-cgi/images/icon-exclamation.png?1376755637
104.22.65.104
 malicious
http://ny-t.r-tb.com/
104.22.65.104
 malicious
https://iframe.videodelivery.net/36e2ecf71363317a16bd2236dfa3b8b1?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2Fd54759e4e89631c396f7741c5250b8fa%2Fimage_new-homepage_thumbnail_video_findlaw.jpg&preload=auto
malicious
http://ny-t.r-tb.com/2$Suspected
unknown
 malicious
https://iframe.videodelivery.net/652f2749728df84fc32f9a6480438364?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2F6c664e30bf2f38015fb61bd986a719c8%2Fthumbnail_stream_case-study_lendingtree.jpg&preload=auto
malicious
https://iframe.videodelivery.net/e696e3b6be9ada0fc9e9674aedb54b17?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2Fcd4f24ce8e7102f1250568b31eef4fc7%2Fimage_new-homepage_thumbnail_video_hubspot.jpg&preload=auto
malicious
http://ny-t.r-tb.com/
malicious
https://iframe.videodelivery.net/5efe5eca1517ad1a2f9ff3e75cc9cf5a?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2F49e13a9372ad387fe3f96771e6783819%2Fthumbnail_stream_case-study_customer-video.jpg&preload=auto
malicious
http://ny-t.r-tb.com/favicon.ico
104.22.65.104
 malicious
https://9309168.fls.doubleclick.net/activityi;dc_pre=CPPH_MjY3vUCFacKBgAdC0gMuA;src=9309168;type=prici0;cat=us-pr0;ord=5246337112613;gtm=2yg1q0;auiddc=1855812276.1643757326;u1=2022%20Feb%2001%2015%3A15%3A38;u2=undefined;u3=https%3A%2F%2Fwww.cloudflare.com%2Fplans%2F;u4=undefined;u10=undefined;~oref=https%3A%2F%2Fwww.cloudflare.com%2Fplans%2F?
https://www.cloudflare.com/plans/#overview
https://stats.g.doubleclick.net
unknown
https://apis.google.com/js/client.js
unknown
https://www.google.com/images/cleardot.gif
unknown
https://www.cloudflare.com/disclosure/
https://crash.corp.google.com/samples?reportid=&q=
unknown
https://benchmark.1e100cdn.net
unknown
https://www.google.com/log?format=json&hasfast=true
unknown
https://www.cloudflare.com/ssl/
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
unknown
https://9309168.fls.doubleclick.net
unknown
https://accounts.google.com/MergeSession
unknown
https://preprod-hangouts-googleapis.sandbox.google.com
unknown
https://www.google.com
unknown
https://www.googleoptimize.com
unknown
https://hangouts.clients6.google.com
unknown
https://meet.google.com
unknown
https://hangouts.google.com/hangouts/_/logpref
unknown
https://accounts.google.com
unknown
https://clients2.google.com/cr/report
unknown
http://angularjs.org
unknown
https://creativecommons.org/publicdomain/zero/1.0/.
unknown
https://github.com/angular/material
unknown
https://apis.google.com
unknown
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://github.com/madler/zlib/blob/master/zlib.h
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://clients2.google.com
unknown
https://www.cloudflare.com/5xx-error-landing/2
unknown
https://www.cloudflare.com/hp/
https://www.google.com/tools/feedback
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://dns.google
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://ogs.google.com
unknown
https://www.cloudflare.com/case-studies/
https://support.google.com/chromecast/troubleshooter/2995236
unknown
https://9309168.fls.doubleclick.net/activityi;dc_pre=CPCPlczY3vUCFfAhBgAd84oHXg;src=9309168;type=resou0;cat=us-re0;ord=1699083194691;gtm=2yg1q0;auiddc=1855812276.1643757326;u1=2022%20Feb%2001%2015%3A15%3A45;u2=undefined;u3=https%3A%2F%2Fwww.cloudflare.com%2Fcase-studies%2F;u4=undefined;u5=undefined;u6=undefined;u10=undefined;~oref=https%3A%2F%2Fwww.cloudflare.com%2Fcase-studies%2F?
https://www.cloudflare.com/trademark/
https://www.google.ae
unknown
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
unknown
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://adservice.google.com
unknown
https://www.google.com;
unknown
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
unknown
https://hangouts.google.com/
unknown
https://tr.www.cloudflare.com/ns.html?id=GTM-PKQFGQB
https://www.google.com/images/x2.gif
unknown
http://llvm.org/):
unknown
https://ad.doubleclick.net
unknown
https://www.google.com/images/dot2.gif
unknown
https://meetings.clients6.google.com
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://www.cloudflare.com/5xx-error-landing/
https://code.google.com/p/nativeclient/issues/entry%s:
unknown
https://tr.www.cloudflare.com/gtm.js?id=GTM-PKQFGQB
http://tools.ietf.org/html/rfc1950
unknown
https://code.google.com/p/nativeclient/issues/entry
unknown
https://www.cloudflare.com/5xx-error-landing2
unknown
https://support.google.com/chromecast/answer/2998456
unknown
https://clients2.googleusercontent.com
unknown
https://docs.google.com
unknown
https://www.google.com/
unknown
https://feedback.googleusercontent.com
unknown
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
unknown
https://adservice.google.ae
unknown
https://clients2.google.com/service/update2/crx
unknown
https://clients6.google.com
unknown
There are 71 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
jsdelivr.map.fastly.net
151.101.1.229
dart.l.doubleclick.net
216.58.201.70
benchmark.1e100cdn.net
35.190.26.57
static.cloudflareinsights.com
104.16.95.65
tr.www.cloudflare.com
104.16.124.96
ajax.cloudflare.com
104.17.72.14
adservice.google.com
142.251.36.130
ny-t.r-tb.com
104.22.65.104
cedexis-1.s.llnwi.net
68.142.70.14
jsdelivr.b-cdn.net
45.92.42.1
serverless-benchmarks-js.compute-pipe.com
188.114.97.7
www.google.com
142.251.36.132
cs482.wpc.edgecastcdn.net
192.229.220.19
serverless-benchmarks-rust.compute-pipe.com
188.114.97.7
d1inq1x5xtur5k.cloudfront.net
13.224.222.119
ab13.mktossl.com
104.17.73.206
ecp.map.fastly.net
151.101.13.51
embed.videodelivery.net
104.17.23.75
pagead46.l.doubleclick.net
142.251.36.130
a.nel.cloudflare.com
35.190.80.1
accounts.google.com
142.251.36.77
stats.l.doubleclick.net
142.250.102.154
videodelivery.net
104.17.22.75
sentry.io
35.188.42.15
prod.cedexis-ssl.map.fastly.net
151.101.0.65
assets.www.cloudflare.com
104.16.123.96
www.googleoptimize.com
142.251.36.78
iframe.videodelivery.net
104.17.22.75
www.cloudflare.com
104.16.123.96
ptcfc.com
104.16.53.99
api.radar.cloudflare.com
104.18.1.239
clients.l.google.com
142.251.36.142
713-xsc-918.mktoresp.com
192.28.144.124
googlehosted.l.googleusercontent.com
172.217.23.193
adserver-vpc-alb-3-890571764.eu-west-1.elb.amazonaws.com
54.73.67.72
www.google.ae
142.251.36.67
cdnetworks.cedexis-test.com.wsoversea.com
163.171.156.28
limelight-ssl.cedexis-test.com
unknown
d.adroll.com
unknown
carefully-rested-condor.edgecompute.app
unknown
testingcf.jsdelivr.net
unknown
stats.g.doubleclick.net
unknown
clients2.googleusercontent.com
unknown
clients2.google.com
unknown
partly-divine-monitor.edgecompute.app
unknown
ad.doubleclick.net
unknown
adservice.google.ae
unknown
munchkin.marketo.net
unknown
info.cloudflare.com
unknown
9309168.fls.doubleclick.net
unknown
vdms-ssl.cedexis-test.com
unknown
stackpath-map3.cedexis-test.com
unknown
fastly.jsdelivr.net
unknown
fastly.cedexis-test.com
unknown
cdnetworks.cedexis-test.com
unknown
p29.cedexis-test.com
unknown
There are 46 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.28.144.124
713-xsc-918.mktoresp.com
United States
192.168.2.1
unknown
unknown
104.16.53.99
ptcfc.com
United States
163.171.156.28
cdnetworks.cedexis-test.com.wsoversea.com
European Union
151.101.13.51
ecp.map.fastly.net
United States
45.92.42.1
jsdelivr.b-cdn.net
United Kingdom
151.101.0.65
prod.cedexis-ssl.map.fastly.net
United States
35.188.42.15
sentry.io
United States
192.229.220.19
cs482.wpc.edgecastcdn.net
United States
104.17.73.206
ab13.mktossl.com
United States
142.251.36.78
www.googleoptimize.com
United States
142.251.36.77
accounts.google.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
54.73.67.72
adserver-vpc-alb-3-890571764.eu-west-1.elb.amazonaws.com
United States
104.22.65.104
ny-t.r-tb.com
United States
172.217.23.193
googlehosted.l.googleusercontent.com
United States
104.17.22.75
videodelivery.net
United States
104.16.124.96
tr.www.cloudflare.com
United States
104.16.95.65
static.cloudflareinsights.com
United States
104.17.72.14
ajax.cloudflare.com
United States
151.101.1.229
jsdelivr.map.fastly.net
United States
142.251.36.132
www.google.com
United States
216.58.201.70
dart.l.doubleclick.net
United States
13.224.222.119
d1inq1x5xtur5k.cloudfront.net
United States
142.251.36.130
adservice.google.com
United States
188.114.97.7
serverless-benchmarks-js.compute-pipe.com
European Union
68.142.70.14
cedexis-1.s.llnwi.net
United States
239.255.255.250
unknown
Reserved
35.190.26.57
benchmark.1e100cdn.net
United States
104.18.1.239
api.radar.cloudflare.com
United States
142.250.102.154
stats.l.doubleclick.net
United States
104.17.23.75
embed.videodelivery.net
United States
127.0.0.1
unknown
unknown
104.16.123.96
assets.www.cloudflare.com
United States
There are 24 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
There are 31 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
153E3013000
unkown
page read and write
45A23FF000
stack
page read and write
1C5C1056000
trusted library allocation
page read and write
21031979000
heap
page read and write
1C5C1304000
unkown
page read and write
210318BE000
heap
page read and write
2EC897F000
stack
page read and write
18B9EC60000
heap
page read and write
2AFC1913000
unkown
page read and write
153E303C000
unkown
page read and write
1C5BC359000
unkown
page read and write
21031885000
heap
page read and write
2340EC46000
unkown
page read and write
18B9EE70000
unkown
page read and write
1DEC7308000
unkown
page read and write
1DEC7264000
unkown
page read and write
E89C477000
stack
page read and write
1355CFE000
stack
page read and write
1C5C1090000
trusted library allocation
page read and write
153E3000000
unkown
page read and write
1DEC7090000
heap
page read and write
135577C000
stack
page read and write
153E307A000
unkown
page read and write
45A1F7B000
stack
page read and write
18B9EF00000
unkown
page read and write
2340EC7B000
unkown
page read and write
1DEC7190000
unkown
page read and write
480BAFE000
stack
page read and write
2EC80DC000
stack
page read and write
21031865000
heap
page read and write
45A22FF000
stack
page read and write
2EC867E000
stack
page read and write
480BBFF000
stack
page read and write
153E3054000
unkown
page read and write
2EC85FB000
stack
page read and write
2340EC34000
unkown
page read and write
18B9EE4F000
unkown
page read and write
153E3102000
unkown
page read and write
2AFC1829000
unkown
page read and write
2340EC8A000
unkown
page read and write
2340EC64000
unkown
page read and write
1DEC7313000
unkown
page read and write
1DEC722C000
unkown
page read and write
1BEF1FD0000
remote allocation
page read and write
1DEC7300000
unkown
page read and write
2AFC2002000
unkown
page read and write
1C5C130B000
unkown
page read and write
2340EC45000
unkown
page read and write
45A207B000
stack
page read and write
18B9F602000
unkown
page read and write
1C5C1302000
unkown
page read and write
2340EC76000
unkown
page read and write
1C5C1054000
trusted library allocation
page read and write
1C5C11B0000
trusted library allocation
page read and write
1DEC7200000
unkown
page read and write
153E3029000
unkown
page read and write
1DEC7302000
unkown
page read and write
2EC8777000
stack
page read and write
2340EC63000
unkown
page read and write
1C5BC318000
unkown
page read and write
1DEC7020000
heap
page read and write
1C5BC359000
unkown
page read and write
480B6FE000
stack
page read and write
1355B7C000
stack
page read and write
2340EC57000
unkown
page read and write
2340EC60000
unkown
page read and write
1C5C1094000
trusted library allocation
page read and write
2103188D000
heap
page read and write
153E2F50000
heap
page read and write
2AFC1900000
unkown
page read and write
E89C77F000
stack
page read and write
2AFC16A0000
heap
page read and write
2340EC44000
unkown
page read and write
1C5C1540000
trusted library allocation
page read and write
18B9EF13000
unkown
page read and write
E89C07B000
stack
page read and write
2AFC1854000
unkown
page read and write
18B9EE53000
unkown
page read and write
210326B2000
heap
page read and write
18B9EE62000
unkown
page read and write
18B9EE02000
unkown
page read and write
1BEF1FD0000
remote allocation
page read and write
1DEC7030000
heap
page read and write
45A2177000
stack
page read and write
2340EC62000
unkown
page read and write
2340EC73000
unkown
page read and write
2340EC7C000
unkown
page read and write
2AFC187F000
unkown
page read and write
2340EC4E000
unkown
page read and write
2340EC70000
unkown
page read and write
2340EBF0000
unkown
page read and write
1C5BC318000
unkown
page read and write
1DEC7202000
unkown
page read and write
2340EC6C000
unkown
page read and write
2340EC89000
unkown
page read and write
2EC815E000
stack
page read and write
153E306C000
unkown
page read and write
18B9EE00000
unkown
page read and write
153E3113000
unkown
page read and write
2340EC00000
unkown
page read and write
153E2FB0000
heap
page read and write
210318A5000
heap
page read and write
1355FFC000
stack
page read and write
2340EC32000
unkown
page read and write
1C5C131A000
unkown
page read and write
1C5C1050000
trusted library allocation
page read and write
2340EC24000
unkown
page read and write
2340EC58000
unkown
page read and write
1C5C1080000
trusted library allocation
page read and write
153E3108000
unkown
page read and write
2AFC184E000
unkown
page read and write
18B9EE88000
unkown
page read and write
2340EC47000
unkown
page read and write
2340EC61000
unkown
page read and write
153E3802000
unkown
page read and write
1C5C1058000
trusted library allocation
page read and write
1C5C2010000
unkown
page read and write
1C5C1071000
trusted library allocation
page read and write
2340EC13000
unkown
page read and write
21032680000
trusted library allocation
page read and write
2340EC7F000
unkown
page read and write
2340EC3B000
unkown
page read and write
2340EC41000
unkown
page read and write
1C5BC359000
unkown
page read and write
2340EC40000
unkown
page read and write
2AFC1640000
heap
page read and write
153E306D000
unkown
page read and write
45A1B6B000
stack
page read and write
E89C17F000
stack
page read and write
153E2F40000
heap
page read and write
1BEF1FD0000
remote allocation
page read and write
153E3100000
unkown
page read and write
2340EC67000
unkown
page read and write
2340EC5C000
unkown
page read and write
210318B0000
heap
page read and write
2AFC1851000
unkown
page read and write
18B9EE4C000
unkown
page read and write
2EC84FB000
stack
page read and write
480B9FE000
stack
page read and write
210318A1000
heap
page read and write
1DEC7229000
unkown
page read and write
E89C27B000
stack
page read and write
2340EC5F000
unkown
page read and write
1DEC7252000
unkown
page read and write
210318A5000
heap
page read and write
18B9EBF0000
heap
page read and write
1C5C130B000
unkown
page read and write
153E3027000
unkown
page read and write
1DEC7A02000
unkown
page read and write
2EC81DE000
stack
page read and write
2103188D000
heap
page read and write
2340EC1A000
unkown
page read and write
1C5C1317000
unkown
page read and write
2EC887F000
stack
page read and write
2AFC183C000
unkown
page read and write
1DEC7213000
unkown
page read and write
2340EAF0000
heap
page read and write
E89C0FF000
stack
page read and write
2340EC6E000
unkown
page read and write
2AFC1908000
unkown
page read and write
18B9EF08000
unkown
page read and write
153E306F000
unkown
page read and write
2AFC1813000
unkown
page read and write
2AFC1630000
heap
page read and write
1C5C105E000
trusted library allocation
page read and write
1355DF7000
stack
page read and write
1DEC725F000
unkown
page read and write
1C5C1050000
trusted library allocation
page read and write
210318A1000
heap
page read and write
18B9EE13000
unkown
page read and write
1DEC728A000
unkown
page read and write
1DEC7259000
unkown
page read and write
1C5C1051000
trusted library allocation
page read and write
1DEC725C000
unkown
page read and write
1C5C11B0000
remote allocation
page read and write
1C5C12FC000
unkown
page read and write
1C5BC318000
unkown
page read and write
21032360000
trusted library allocation
page read and write
1C5C130B000
unkown
page read and write
2AFC1857000
unkown
page read and write
1C5C11A0000
trusted library allocation
page read and write
45A227F000
stack
page read and write
1355A7E000
stack
page read and write
2103197C000
heap
page read and write
153E2FE0000
unkown
page read and write
1C5C1120000
trusted library allocation
page read and write
2340F402000
unkown
page read and write
2340ED02000
unkown
page read and write
45A1E7E000
stack
page read and write
2340EC75000
unkown
page read and write
210318B0000
heap
page read and write
2340EC68000
unkown
page read and write
2AFC1870000
unkown
page read and write
480B8FE000
stack
page read and write
210318BD000
heap
page read and write
2340EC3D000
unkown
page read and write
18B9ED60000
unkown
page read and write
153E3074000
unkown
page read and write
2103188D000
heap
page read and write
2340EA80000
heap
page read and write
153E305F000
unkown
page read and write
1C5C1304000
unkown
page read and write
18B9EE29000
unkown
page read and write
1355EFE000
stack
page read and write
18B9EE7D000
unkown
page read and write
480B67B000
stack
page read and write
1C5C1074000
trusted library allocation
page read and write
13557FE000
stack
page read and write
2340EC6A000
unkown
page read and write
1C5BC318000
unkown
page read and write
18B9EE62000
unkown
page read and write
2340EA90000
heap
page read and write
2AFC17A0000
unkown
page read and write
2340EC6B000
unkown
page read and write
1C5C12FC000
unkown
page read and write
210318BD000
heap
page read and write
1C5C12FB000
unkown
page read and write
2340EC78000
unkown
page read and write
210326B5000
heap
page read and write
1C5C1302000
unkown
page read and write
18B9EE50000
unkown
page read and write
210318AA000
heap
page read and write
2340EC85000
unkown
page read and write
E89C57D000
stack
page read and write
2AFC1800000
unkown
page read and write
480B77E000
stack
page read and write
210318BF000
heap
page read and write
210318C4000
heap
page read and write
210326B8000
heap
page read and write
1355C7B000
stack
page read and write
18B9EE3C000
unkown
page read and write
1C5C11B0000
remote allocation
page read and write
18B9EF02000
unkown
page read and write
2340EC5A000
unkown
page read and write
E89C37C000
stack
page read and write
E89C67F000
stack
page read and write
2340EC59000
unkown
page read and write
45A1BEF000
stack
page read and write
1DEC723C000
unkown
page read and write
18B9EC00000
heap
page read and write
2340EC65000
unkown
page read and write
2AFC1902000
unkown
page read and write
2AFC1889000
unkown
page read and write
1C5C11B0000
remote allocation
page read and write
There are 234 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
http://ny-t.r-tb.com/
https://www.cloudflare.com/5xx-error-landing/
https://tr.www.cloudflare.com/gtm.js?id=GTM-PKQFGQB
https://tr.www.cloudflare.com/ns.html?id=GTM-PKQFGQB
https://www.cloudflare.com/hp/
https://www.cloudflare.com/ssl/
https://9309168.fls.doubleclick.net/activityi;dc_pre=CPPH_MjY3vUCFacKBgAdC0gMuA;src=9309168;type=prici0;cat=us-pr0;ord=5246337112613;gtm=2yg1q0;auiddc=1855812276.1643757326;u1=2022%20Feb%2001%2015%3A15%3A38;u2=undefined;u3=https%3A%2F%2Fwww.cloudflare.com%2Fplans%2F;u4=undefined;u10=undefined;~oref=https%3A%2F%2Fwww.cloudflare.com%2Fplans%2F?
https://www.cloudflare.com/plans/#overview
https://www.cloudflare.com/case-studies/
https://iframe.videodelivery.net/e696e3b6be9ada0fc9e9674aedb54b17?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2Fcd4f24ce8e7102f1250568b31eef4fc7%2Fimage_new-homepage_thumbnail_video_hubspot.jpg&preload=auto
https://9309168.fls.doubleclick.net/activityi;dc_pre=CPCPlczY3vUCFfAhBgAd84oHXg;src=9309168;type=resou0;cat=us-re0;ord=1699083194691;gtm=2yg1q0;auiddc=1855812276.1643757326;u1=2022%20Feb%2001%2015%3A15%3A45;u2=undefined;u3=https%3A%2F%2Fwww.cloudflare.com%2Fcase-studies%2F;u4=undefined;u5=undefined;u6=undefined;u10=undefined;~oref=https%3A%2F%2Fwww.cloudflare.com%2Fcase-studies%2F?
https://iframe.videodelivery.net/652f2749728df84fc32f9a6480438364?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2F6c664e30bf2f38015fb61bd986a719c8%2Fthumbnail_stream_case-study_lendingtree.jpg&preload=auto
https://iframe.videodelivery.net/36e2ecf71363317a16bd2236dfa3b8b1?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2Fd54759e4e89631c396f7741c5250b8fa%2Fimage_new-homepage_thumbnail_video_findlaw.jpg&preload=auto
https://iframe.videodelivery.net/5efe5eca1517ad1a2f9ff3e75cc9cf5a?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2F49e13a9372ad387fe3f96771e6783819%2Fthumbnail_stream_case-study_customer-video.jpg&preload=auto
https://www.cloudflare.com/disclosure/
https://www.cloudflare.com/trademark/
There are 6 hidden doms, click here to show them.