IOCReport

loading gif

Files

File Path
Type
Category
Malicious
http://qtcheiz.northcroft.co.th/#ZGFybGFhbmRyaWNAY29sZHdlbGxiYW5rZXIuY29t#aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ==#jngdheuy
URL
initial url
malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 61020 bytes, 1 file
dropped
clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\2ef16e51-7228-406e-bcce-71431087411e.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\54b03d5d-ee80-4ee3-af08-6691f12b9736.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\5c6621a2-41f4-4417-85ef-c4c6472aab06.tmp
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\9a7ef721-87e8-43b9-80a2-bb30c044f2fd.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1fd7db45-e92e-48b6-8f0f-11a515ddfe77.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\335f0e7a-050c-4df7-aca2-3e72d5a73f9e.tmp
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\533add13-01d5-470e-a44c-be849bef5c4c.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\542fda5e-f98f-4653-865d-b5d0543a2ae2.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
modified
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\707748d8-06ef-431d-8cd1-5c81acb8cbfe.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7de7aac2-8e75-44ca-894f-8f4680534f25.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8984dc36-6988-4ca8-b60d-fbea851885df.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\29acef4d73e591ec_0
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ad9234e445d4284_0
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\86d2d4c4aefd5c8f_0
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\92a59e12c6439cb6_0
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5013d11a0f41b5a_0
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
MIPSEB-LE ECOFF executable not stripped - version 0.0
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\1b11b14c-e63c-4131-a679-2c5a3136f890.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\1bae14e2-5dba-4375-bf45-6d50510622c3.tmp
ASCII text, with very long lines, with no line terminators
modified
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b0eb5082-8b4d-4c63-8bd9-d174e896085e.tmp
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
MPEG-4 LOAS
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e937fefd-d31d-4596-b12e-c34b5efb3564.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\0b9373d3-48d8-481a-8e6e-f6cf63850e66.tmp
Google Chrome extension, version 3
dropped
clean
C:\Users\user\AppData\Local\Temp\2bafe43f-f2df-440c-90e7-4ad250faaebd.tmp
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\3b8ff664-0162-4706-8cf4-1de0b8da9385.tmp
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\browser-sslkeys.log
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Temp\cb23053c-0f37-4848-b210-5db5c6789416.tmp
Google Chrome extension, version 3
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\0b9373d3-48d8-481a-8e6e-f6cf63850e66.tmp
Google Chrome extension, version 3
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\am\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\ar\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\bn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\en\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\fa\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\fil\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\gu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\id\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\kn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\ml\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\mr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\ms\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\nl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\pt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\sw\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\ta\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\te\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\zh\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_2015828487\CRX_INSTALL\manifest.json
ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\scoped_dir5336_657342475\cb23053c-0f37-4848-b210-5db5c6789416.tmp
Google Chrome extension, version 3
dropped
clean
There are 165 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://qtcheiz.northcroft.co.th/#ZGFybGFhbmRyaWNAY29sZHdlbGxiYW5rZXIuY29t#aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ==#jngdheuy'
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,14705750287286471760,12854902564490349709,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1800 /prefetch:8
clean

URLs

Name
IP
Malicious
http://qtcheiz.northcroft.co.th
unknown
clean
https://dns.google
unknown
clean
https://ogs.google.com
unknown
clean
https://oraclecloud.com/
unknown
clean
https://support.google.com/chromecast/troubleshooter/2995236
unknown
clean
https://oraclecloud.com/GOl
unknown
clean
https://play.google.com
unknown
clean
https://payments.google.com/payments/v4/js/integrator.js
unknown
clean
https://www.google.com;
unknown
clean
https://hangouts.google.com/
unknown
clean
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
clean
https://objectstorage.eu-zurich-1.oraclecloud.com/n/zrbmvpn6wg40/b/bucket-20210712-1211/o/index1.html?authorize?client_id=-&response_type=code&fatpt=a&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rQIIAXWSPW_TUBSGc5M0NFEFFUKCMQMsSE6urz9iR-qQkMR1SK7TfDRNlihx7Npx7Osmzpd_AUhIdM6ChISQKiYECPETKiHKWgl16YCYKibEhNud5bzDeYaj9zmPI3SKzj5kGZbrZwYiJfZ5hmJFGlJ9FvEUwzE8gyA95CAzuZvY_vBi653ysiw_v1z9ePSq3liDeG9szrWUSuwTcN_wPHeaTacXi0WK6Lqp3izSnwE4A-AnAOvwhuZQrcZJeMozvMAKPMeyIqQhzQhsqjoqLpV2Z4ntotfxsak0IKwWykalaXHdguV1C6URbrb8jl2yqvbeAo_yFm7mkFLIediWVze8Xx9V2qVRFckB3_KDhFiSYcevG-fhO0pu5hnoepCJ6Wu_w3GdTOyeS6beOvIWKK7myMMnxHE01UtdY5rjmWrfM4lTmxBXm3imNt0RW-6AyowPO8v-3N49WvGZXE9mMnSuKez2jD4tmBanaOVaiS9alcG0WyaC8BT7ECqNUeeAlkTUVmpIsor7_FKrMQuvW9GJinEmT0mzglxddsdUHtXn6l7JLRt4sH9QrxozvS4Tm-RbNf59JBbUahPnNHI7OMoxh0l3QnRzrJ1Fwa_oFoxkNzcT26EHoWToTxS83gjMXX28jH79-0168-lCvfiOQ6cbaavBtdHYkg8xHJSlMWfKMzNQPWNVPY9cC9mNll9aHUmyAnfoLH0cA8ex2FUMPLsV-hL_n-vzxL3gX0QKIgqySShkGZSlhe4_0&estsfed=1&uaid=ac0c8cb48f4f494a89e479dd259f5253&fci=4345a7b9-9a63-4910-a426-&mkt=en-US#darlaandric@coldwellbanker.com
clean
https://a.nel.cloudflare.com/report/v3?s=5IIPkOp%2BzkoY0lHs%2B7B2pJ87OL7y0w9tn4Ura4K802OdT3CGak3V0Rr
unknown
clean
https://objectstorage.eu-zurich-1.oraclecloud.com/n/zrbmvpn6wg40/b/bucket-20210712-1211/o/index1.htm
unknown
clean
https://www.google.com
unknown
clean
https://kit.fontawesome.com
unknown
clean
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
unknown
clean
http://qtcheiz.northcroft.co.th/#ZGFybGFhbmRyaWNAY29sZHdlbGxiYW5rZXIuY29t#aHR0cHM6Ly93d3cuZ29vZ2xlLm
unknown
clean
https://accounts.google.com
unknown
clean
https://maxcdn.bootstrapcdn.com
unknown
clean
https://support.google.com/chromecast/answer/2998456
unknown
clean
https://a.nel.cloudflare.com/report/v3?s=fw%2BedmRu34%2BGObH9ukijh%2Fc41L8GtNItHiKgrXWyDzB4noVh%2BUo
unknown
clean
https://cdnjs.cloudflare.com
unknown
clean
https://clients2.googleusercontent.com
unknown
clean
https://apis.google.com
unknown
clean
https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
unknown
clean
https://kit.fontawesome.com/585b051251.js
unknown
clean
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
unknown
clean
https://www.google.com/
unknown
clean
https://csp.withgoogle.com/csp/report-to/downloads-lorry
unknown
clean
https://feedback.googleusercontent.com
unknown
clean
https://clients2.google.com
unknown
clean
http://qtcheiz.northcroft.co.th/
203.151.56.123
clean
https://clients2.google.com/service/update2/crx
unknown
clean
There are 24 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
gstaticadssl.l.google.com
142.250.203.99
clean
objectstorage.eu-zurich-1.oci.oraclecloud.com
134.70.88.3
clean
accounts.google.com
172.217.168.45
clean
cdnjs.cloudflare.com
104.16.19.94
clean
maxcdn.bootstrapcdn.com
104.18.11.207
clean
qtcheiz.northcroft.co.th
203.151.56.123
clean
clients.l.google.com
142.250.203.110
clean
googlehosted.l.googleusercontent.com
172.217.168.65
clean
i.ibb.co
145.239.131.51
clean
clients2.googleusercontent.com
unknown
clean
clients2.google.com
unknown
clean
ka-f.fontawesome.com
unknown
clean
code.jquery.com
unknown
clean
kit.fontawesome.com
unknown
clean
objectstorage.eu-zurich-1.oraclecloud.com
unknown
clean
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
145.239.131.51
i.ibb.co
France
clean
192.168.2.1
unknown
unknown
clean
142.250.203.110
clients.l.google.com
United States
clean
203.151.56.123
qtcheiz.northcroft.co.th
Thailand
clean
104.18.11.207
maxcdn.bootstrapcdn.com
United States
clean
172.217.168.45
accounts.google.com
United States
clean
239.255.255.250
unknown
Reserved
clean
172.217.168.65
googlehosted.l.googleusercontent.com
United States
clean
134.70.88.3
objectstorage.eu-zurich-1.oci.oraclecloud.com
United States
clean
142.250.203.99
gstaticadssl.l.google.com
United States
clean
127.0.0.1
unknown
unknown
clean
104.16.19.94
cdnjs.cloudflare.com
United States
clean
There are 2 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
ahfgeienlihckogmohjhadlkjgocpleb
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
gdaefkejpgkiemlaofpalmlakkmbjdnl
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
gfdkimpbcpahaombhbimeihdjnejgicl
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
kmendfapggjehodndflmmgagdbamhnfd
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
mfehgcgbbipciphmccgaenjidiccnmng
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
mhjfbmdgcfjbbpaeojofohoefgiehjai
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
neajdppkdcdipfabeoofebfddakdcjhd
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
nkeimhogjdpnpccoofpliimaahmaaome
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
prefs.preference_reset_time
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
S-1-5-21-3853321935-2125563209-4053062332-1002
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
gfdkimpbcpahaombhbimeihdjnejgicl
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
nmmhkkegccagdldgiimedpiccmgmieda
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
pkedcjkdefgpdelpbcmbmeomcjbeemfm
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
nmmhkkegccagdldgiimedpiccmgmieda
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
state
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
StatusCodes
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
StatusCodes
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
state
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
software_reporter.reporting
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
module_blacklist_cache_md5_digest
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
media.storage_id_salt
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
google.services.last_account_id
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
google.services.account_id
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
software_reporter.prompt_seed
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
settings_reset_prompt.last_triggered_for_homepage
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
default_search_provider_data.template_url_data
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
safebrowsing.incidents_sent
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
pinned_tabs
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
search_provider_overrides
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
settings_reset_prompt.last_triggered_for_default_search
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
prefs.preference_reset_time
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
google.services.last_username
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
session.startup_urls
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
session.restore_on_startup
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
software_reporter.prompt_version
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
settings_reset_prompt.last_triggered_for_startup_urls
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
settings_reset_prompt.prompt_wave
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
homepage
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
homepage_is_newtabpage
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
browser.show_home_button
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
user_experience_metrics.stability.exited_cleanly
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
lastrun
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
Blob
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
Blob
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
Blob
clean
C:\Program Files\Google\Chrome\Application\chrome.exe
Blob
clean
There are 36 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
290207D000
unkown
page read and write
clean
7FF553D87000
unkown
page readonly
clean
7FF5AAC88000
unkown
page readonly
clean
7FF5AA71F000
unkown
page readonly
clean
7FF553CE2000
unkown
page readonly
clean
7FF553D25000
unkown
page readonly
clean
7FF502206000
unkown
page readonly
clean
7FF502289000
unkown
page readonly
clean
2671EC00000
unkown
page readonly
clean
7FF5AADE2000
unkown
page readonly
clean
7FF5AAEE9000
unkown
page readonly
clean
807F78B000
unkown
page read and write
clean
7FF5AAE84000
unkown
page readonly
clean
20792E90000
unkown
page read and write
clean
1B848390000
unkown
page read and write
clean
7FF553B88000
unkown
page readonly
clean
22969A00000
unkown
page read and write
clean
BCA4E7E000
unkown
page read and write
clean
7FF553231000
unkown
page readonly
clean
7FF5BF649000
unkown
page readonly
clean
6184F3E000
unkown
page read and write
clean
7FF553BA8000
unkown
page readonly
clean
2901F7E000
unkown
page read and write
clean
1B848030000
unkown
page readonly
clean
22969A5B000
unkown
page read and write
clean
F68952E000
unkown
page read and write
clean
7FF5BF5BC000
unkown
page readonly
clean
7FF592B1D000
unkown
page readonly
clean
7FF5AAE56000
unkown
page readonly
clean
2671EA89000
unkown
page read and write
clean
2671E950000
unkown
page readonly
clean
207927F0000
unkown
page read and write
clean
618537D000
unkown
page read and write
clean
E79F2FF000
unkown
page read and write
clean
1B84C4E0000
unkown
page read and write
clean
7FF592B55000
unkown
page readonly
clean
7FF5AAE1E000
unkown
page readonly
clean
7FF5C5609000
unkown
page readonly
clean
7FF528A6F000
unkown
page readonly
clean
1FEDBC00000
unkown
page readonly
clean
7FF553CBA000
unkown
page readonly
clean
1B846F30000
unkown
page readonly
clean
20792857000
unkown
page read and write
clean
1B84C390000
unkown
page read and write
clean
1B847FF0000
unkown
page readonly
clean
1B84C800000
unkown
page read and write
clean
7FF5BEAB1000
unkown
page readonly
clean
800057F000
unkown
page read and write
clean
7FF592B7D000
unkown
page readonly
clean
22969A8C000
unkown
page read and write
clean
2671EA3E000
unkown
page read and write
clean
2944387D000
unkown
page read and write
clean
1B847959000
unkown
page read and write
clean
1FEDBA00000
unkown
page read and write
clean
7FF5BF3AE000
unkown
page readonly
clean
1B847800000
unkown
page read and write
clean
7FF5AAA8D000
unkown
page readonly
clean
1B848040000
unkown
page readonly
clean
7FF502180000
unkown
page readonly
clean
22969A4B000
unkown
page read and write
clean
7FF5929DB000
unkown
page readonly
clean
7FF5AAEE1000
unkown
page readonly
clean
7FF5BF3EE000
unkown
page readonly
clean
20792840000
unkown
page read and write
clean
7FF5AAA25000
unkown
page readonly
clean
294EC390000
unkown
page readonly
clean
7FF592B26000
unkown
page readonly
clean
1B847013000
unkown
page read and write
clean
1B846E50000
heap default
page read and write
clean
7FF528C5C000
unkown
page readonly
clean
2671EB13000
unkown
page read and write
clean
E79FBFE000
unkown
page read and write
clean
1B84C610000
unkown
page read and write
clean
BCA517E000
unkown
page read and write
clean
1FEDBA31000
unkown
page read and write
clean
7FF50216C000
unkown
page readonly
clean
1FEDC060000
unkown
page readonly
clean
7FF5AA331000
unkown
page readonly
clean
1B8477C0000
unkown
page read and write
clean
BCA577F000
unkown
page read and write
clean
7FF528C66000
unkown
page readonly
clean
2901CFE000
unkown
page read and write
clean
7FF5BF2CC000
unkown
page readonly
clean
62C38FE000
unkown
page read and write
clean
7FF5BF2F7000
unkown
page readonly
clean
62C36FE000
unkown
page read and write
clean
1B84C8B4000
unkown
page read and write
clean
7FF592A3C000
unkown
page readonly
clean
7FF5BF37C000
unkown
page readonly
clean
1B84C5A0000
unkown
page write copy
clean
7FF528C87000
unkown
page readonly
clean
7FF5BF4E1000
unkown
page readonly
clean
2296B3D0000
unkown
page read and write
clean
2671EABC000
unkown
page read and write
clean
7FF5C60EA000
unkown
page readonly
clean
7FF5288A3000
unkown
page readonly
clean
294EC502000
unkown
page read and write
clean
7FF5BEE84000
unkown
page readonly
clean
7FF5BF5AD000
unkown
page readonly
clean
7FF5BF527000
unkown
page readonly
clean
E79F4FF000
unkown
page read and write
clean
7FF5AAE87000
unkown
page readonly
clean
7FF553CF8000
unkown
page readonly
clean
7FF592AA5000
unkown
page readonly
clean
7FF5BF558000
unkown
page readonly
clean
7FF5BF501000
unkown
page readonly
clean
7FF528C51000
unkown
page readonly
clean
7FF528CE9000
unkown
page readonly
clean
1B84C680000
unkown
page readonly
clean
BCA547B000
unkown
page read and write
clean
1B84C840000
unkown
page read and write
clean
7FF5BF552000
unkown
page readonly
clean
1B84C4B8000
unkown
page read and write
clean
7FF528C75000
unkown
page readonly
clean
7FF592B81000
unkown
page readonly
clean
207927E0000
unkown
page readonly
clean
7FF5BF538000
unkown
page readonly
clean
2901B7E000
unkown
page read and write
clean
7FF502192000
unkown
page readonly
clean
7FF5C61C9000
unkown
page readonly
clean
22969A4B000
unkown
page read and write
clean
1B84C750000
unkown
page readonly
clean
2296B3D0000
unkown
page read and write
clean
7FF5BEE7C000
unkown
page readonly
clean
62C367B000
unkown
page read and write
clean
1B847918000
unkown
page read and write
clean
2901AFE000
unkown
page read and write
clean
7FF5021FC000
unkown
page readonly
clean
7FF501FB7000
unkown
page readonly
clean
7FF592B69000
unkown
page readonly
clean
22969880000
heap private
page read and write
clean
7FF5BEAA1000
unkown
page readonly
clean
6184EBC000
unkown
page read and write
clean
1B847913000
unkown
page read and write
clean
7FF5C610F000
unkown
page readonly
clean
7FF501E58000
unkown
page readonly
clean
7FF50213A000
unkown
page readonly
clean
7FF5BF4B5000
unkown
page readonly
clean
7FF5BF4BC000
unkown
page readonly
clean
7FF5C61C1000
unkown
page readonly
clean
29443813000
unkown
page read and write
clean
22969A2A000
unkown
page read and write
clean
22969B13000
unkown
page read and write
clean
22969C00000
unkown
page readonly
clean
7FF528BE0000
unkown
page readonly
clean
20792A00000
unkown
page readonly
clean
1FEDBA85000
unkown
page read and write
clean
207926F0000
heap default
page read and write
clean
800067D000
unkown
page read and write
clean
7FF5AACF7000
unkown
page readonly
clean
7FF501DC5000
unkown
page readonly
clean
7FF553D1E000
unkown
page readonly
clean
294EC2B0000
unkown
page readonly
clean
20792690000
heap private
page read and write
clean
29443600000
heap default
page read and write
clean
7FF50220C000
unkown
page readonly
clean
7DFE62CE8000
unkown
page readonly
clean
7FF5BF3CF000
unkown
page readonly
clean
22969A5A000
unkown
page read and write
clean
1B84C4D4000
unkown
page read and write
clean
2296B640000
unkown
page read and write
clean
1B84C8B1000
unkown
page read and write
clean
1B84C660000
unkown
page readonly
clean
7FF5C6105000
unkown
page readonly
clean
7FF592801000
unkown
page readonly
clean
1B847000000
unkown
page read and write
clean
22969A4A000
unkown
page read and write
clean
7FF528123000
unkown
page readonly
clean
7FF5AAE66000
unkown
page readonly
clean
7FF553A97000
unkown
page readonly
clean
7FF5AADF8000
unkown
page readonly
clean
1B84C4BE000
unkown
page read and write
clean
618597F000
unkown
page read and write
clean
1B8470AA000
unkown
page read and write
clean
1B84C660000
unkown
page read and write
clean
1B847E00000
unkown
page readonly
clean
29443902000
unkown
page read and write
clean
1B84C730000
unkown
page readonly
clean
7FF5BF56A000
unkown
page readonly
clean
7FF5C5606000
unkown
page readonly
clean
7FF5AACAA000
unkown
page readonly
clean
1B847071000
unkown
page read and write
clean
807FE7D000
unkown
page read and write
clean
22969A66000
unkown
page read and write
clean
7FF5C613C000
unkown
page readonly
clean
618567E000
unkown
page read and write
clean
807FAFD000
unkown
page read and write
clean
1B84C4D1000
unkown
page read and write
clean
7FF5BF523000
unkown
page readonly
clean
7FF5288A0000
unkown
page readonly
clean
294EC240000
heap private
page read and write
clean
1B847A01000
unkown
page read and write
clean
7FF528905000
unkown
page readonly
clean
7FF5AAE39000
unkown
page readonly
clean
294436E0000
unkown
page readonly
clean
7FF5BF57E000
unkown
page readonly
clean
2671ECD0000
unkown
page readonly
clean
7FF5AAE25000
unkown
page readonly
clean
807FBF7000
unkown
page read and write
clean
7FF5AAD75000
unkown
page readonly
clean
7FF553DDE000
unkown
page readonly
clean
2671EA00000
unkown
page read and write
clean
29443610000
unkown
page readonly
clean
7FF502127000
unkown
page readonly
clean
2671EA6C000
unkown
page read and write
clean
7FF592B08000
unkown
page readonly
clean
1B84C4D0000
unkown
page read and write
clean
7FF5021CF000
unkown
page readonly
clean
7FF5C60FE000
unkown
page readonly
clean
7FF592944000
unkown
page readonly
clean
7FF5BEAAC000
unkown
page readonly
clean
7FF528C4D000
unkown
page readonly
clean
1FEDBA13000
unkown
page read and write
clean
294EC400000
unkown
page read and write
clean
1B846FC1000
unkown
page read and write
clean
7FF5BF5C6000
unkown
page readonly
clean
1B84C690000
unkown
page readonly
clean
800047F000
unkown
page read and write
clean
1B847076000
unkown
page read and write
clean
7FF553DE9000
unkown
page readonly
clean
7FF5AA33E000
unkown
page readonly
clean
20792800000
unkown
page read and write
clean
229698F0000
unkown
page readonly
clean
29017DB000
unkown
page read and write
clean
7FF502178000
unkown
page readonly
clean
7FF5C6155000
unkown
page readonly
clean
22969B02000
unkown
page read and write
clean
E79F07D000
unkown
page read and write
clean
7FF5AAA21000
unkown
page readonly
clean
7FF553AB0000
unkown
page readonly
clean
E79F9FF000
unkown
page read and write
clean
294EC440000
unkown
page read and write
clean
1B84C84D000
unkown
page read and write
clean
7FF5AAE5C000
unkown
page readonly
clean
1B84C5E0000
unkown
page read and write
clean
62C3BFF000
unkown
page read and write
clean
1B84706C000
unkown
page read and write
clean
7FF5BF1D7000
unkown
page readonly
clean
1B8470F9000
unkown
page read and write
clean
7FF5BF24D000
unkown
page readonly
clean
1B847F10000
unkown
page read and write
clean
7FF592B22000
unkown
page readonly
clean
1B847056000
unkown
page read and write
clean
7FF5BF256000
unkown
page readonly
clean
7FF553D80000
unkown
page readonly
clean
80001FF000
unkown
page read and write
clean
7FF528C84000
unkown
page readonly
clean
29443900000
unkown
page read and write
clean
7FF553DE9000
unkown
page readonly
clean
1B847102000
unkown
page read and write
clean
7FF502196000
unkown
page readonly
clean
E79EDAD000
unkown
page read and write
clean
7FF553B6F000
unkown
page readonly
clean
7FF5AAE4D000
unkown
page readonly
clean
7FF501EBE000
unkown
page readonly
clean
7FF5BF5B1000
unkown
page readonly
clean
7FF501FF0000
unkown
page readonly
clean
7FF553D66000
unkown
page readonly
clean
7FF528BB7000
unkown
page readonly
clean
1B84C4E0000
unkown
page read and write
clean
7FF553D4D000
unkown
page readonly
clean
F689BFF000
unkown
page read and write
clean
7FF5C6164000
unkown
page readonly
clean
7FF5BF1DE000
unkown
page readonly
clean
7FF5C6167000
unkown
page readonly
clean
2671EA13000
unkown
page read and write
clean
7FF592C0E000
unkown
page readonly
clean
1B84C580000
unkown
page readonly
clean
294EC513000
unkown
page read and write
clean
7FF5021ED000
unkown
page readonly
clean
E79F17B000
unkown
page read and write
clean
7FF528CDE000
unkown
page readonly
clean
80000FB000
unkown
page read and write
clean
7FF502182000
unkown
page readonly
clean
7FF5BF640000
unkown
page readonly
clean
1B84C5A4000
unkown
page readonly
clean
1B84C829000
unkown
page read and write
clean
7FF553CD8000
unkown
page readonly
clean
294EC457000
unkown
page read and write
clean
7FF553D39000
unkown
page readonly
clean
7FF59284E000
unkown
page readonly
clean
7FF5927F2000
unkown
page readonly
clean
2296B3A0000
unkown
page read and write
clean
7FF5AAC13000
unkown
page readonly
clean
7FF5AAE6C000
unkown
page readonly
clean
7FF5288B4000
unkown
page readonly
clean
7FF502198000
unkown
page readonly
clean
29443E02000
unkown
page read and write
clean
7FF5AA68E000
unkown
page readonly
clean
1B84C890000
unkown
page read and write
clean
294EC3C0000
unkown
page readonly
clean
2671EACD000
unkown
page read and write
clean
2944385A000
unkown
page read and write
clean
7FF553D56000
unkown
page readonly
clean
1FEDBB02000
unkown
page read and write
clean
7FF5C60D6000
unkown
page readonly
clean
229699D0000
unkown
page readonly
clean
7FF592B9C000
unkown
page readonly
clean
E79FCFE000
unkown
page read and write
clean
7FF5BF5E4000
unkown
page readonly
clean
2901C7E000
unkown
page read and write
clean
BCA4B9D000
unkown
page read and write
clean
22969B18000
unkown
page read and write
clean
1FEDB9B0000
unkown
page readonly
clean
800087E000
unkown
page read and write
clean
1B84C5C4000
unkown
page readonly
clean
294EC429000
unkown
page read and write
clean
2296B3F0000
unkown
page readonly
clean
2296B600000
unkown
page read and write
clean
80003FF000
unkown
page read and write
clean
1B846FF0000
unkown
page read and write
clean
7FF5AAE75000
unkown
page readonly
clean
7FF5AADF2000
unkown
page readonly
clean
2944386C000
unkown
page read and write
clean
1B847029000
unkown
page read and write
clean
7FF5BF585000
unkown
page readonly
clean
7FF592B12000
unkown
page readonly
clean
7FF592B5F000
unkown
page readonly
clean
2296B3D0000
unkown
page read and write
clean
29443913000
unkown
page read and write
clean
2079285C000
unkown
page read and write
clean
7FF592B8C000
unkown
page readonly
clean
61852FC000
unkown
page read and write
clean
2296BA00000
unkown
page read and write
clean
7FF502227000
unkown
page readonly
clean
7FF592B4E000
unkown
page readonly
clean
7FF528C1E000
unkown
page readonly
clean
1B84C5D4000
unkown
page readonly
clean
29443802000
unkown
page read and write
clean
7FF501EBB000
unkown
page readonly
clean
F6895AE000
unkown
page read and write
clean
7FF592A97000
unkown
page readonly
clean
1B84C4B0000
unkown
page read and write
clean
7FF553D75000
unkown
page readonly
clean
294EC45B000
unkown
page read and write
clean
7FF5AAEDE000
unkown
page readonly
clean
7FF553A1B000
unkown
page readonly
clean
294EC402000
unkown
page read and write
clean
7FF5AA339000
unkown
page readonly
clean
1B848000000
unkown
page readonly
clean
BCA557D000
unkown
page read and write
clean
1B847089000
unkown
page read and write
clean
2671F060000
unkown
page readonly
clean
229699E0000
unkown
page read and write
clean
294EC413000
unkown
page read and write
clean
7FF5BF181000
unkown
page readonly
clean
1B846F50000
unkown
page read and write
clean
807FA7E000
unkown
page read and write
clean
20792813000
unkown
page read and write
clean
1B846DF0000
heap private
page read and write
clean
7FF553CE0000
unkown
page readonly
clean
1B847900000
unkown
page read and write
clean
807FC7E000
unkown
page read and write
clean
7FF55322C000
unkown
page readonly
clean
7FF592C19000
unkown
page readonly
clean
7FF5BF58F000
unkown
page readonly
clean
7FF5AABB0000
unkown
page readonly
clean
2671E8E0000
heap private
page read and write
clean
7FF5021F6000
unkown
page readonly
clean
1B847113000
unkown
page read and write
clean
E79F3FD000
unkown
page read and write
clean
7FF5BEDD8000
unkown
page readonly
clean
1FEDB930000
heap private
page read and write
clean
7FF5C6119000
unkown
page readonly
clean
7FF553C75000
unkown
page readonly
clean
2296B3E0000
unkown
page readonly
clean
E79F5FD000
unkown
page read and write
clean
7FF5BF410000
unkown
page readonly
clean
1B84C4F4000
unkown
page read and write
clean
7FF59297E000
unkown
page readonly
clean
294436F0000
unkown
page readonly
clean
7FF5BF25F000
unkown
page readonly
clean
1B847959000
unkown
page read and write
clean
618547F000
unkown
page read and write
clean
7FF5C60C0000
unkown
page readonly
clean
7FF5BF5E0000
unkown
page readonly
clean
800027F000
unkown
page read and write
clean
7FF5C612D000
unkown
page readonly
clean
62C39FE000
unkown
page read and write
clean
7FF5BF649000
unkown
page readonly
clean
7FF5021C5000
unkown
page readonly
clean
7FF592B86000
unkown
page readonly
clean
7FF553CF2000
unkown
page readonly
clean
7FF5BF388000
unkown
page readonly
clean
1B84C580000
unkown
page read and write
clean
7FF501DC1000
unkown
page readonly
clean
1B84C8A2000
unkown
page read and write
clean
7FF5BF1C0000
unkown
page readonly
clean
294EC2A0000
heap default
page read and write
clean
207927D0000
unkown
page readonly
clean
2296BA10000
unkown
page write copy
clean
1B84703D000
unkown
page read and write
clean
1B84C610000
unkown
page read and write
clean
20792D90000
unkown
page readonly
clean
800017E000
unkown
page read and write
clean
1B8470B7000
unkown
page read and write
clean
BCA567F000
unkown
page read and write
clean
7FF502137000
unkown
page readonly
clean
1B847590000
unkown
page readonly
clean
1FEDB9A0000
unkown
page readonly
clean
1B84C660000
unkown
page read and write
clean
1B84C84A000
unkown
page read and write
clean
22969A5B000
unkown
page read and write
clean
1B846F60000
unkown
page read and write
clean
1B84C8B6000
unkown
page read and write
clean
7FF528CE1000
unkown
page readonly
clean
1B84C670000
unkown
page readonly
clean
7FF5AADF6000
unkown
page readonly
clean
1B847802000
unkown
page read and write
clean
1FEDBA26000
unkown
page read and write
clean
7FF5C614C000
unkown
page readonly
clean
294EC472000
unkown
page read and write
clean
BCA4FFE000
unkown
page read and write
clean
807FD7B000
unkown
page read and write
clean
20792700000
unkown
page readonly
clean
7FF5BF5B6000
unkown
page readonly
clean
1B84C600000
unkown
page read and write
clean
1FEDB990000
heap default
page read and write
clean
2671F202000
unkown
page read and write
clean
7FF502280000
unkown
page readonly
clean
29443800000
unkown
page read and write
clean
290217F000
unkown
page read and write
clean
E79F7FF000
unkown
page read and write
clean
7FF5BF25C000
unkown
page readonly
clean
294435A0000
heap private
page read and write
clean
BCA52FC000
unkown
page read and write
clean
2671E940000
heap default
page read and write
clean
294EC478000
unkown
page read and write
clean
7FF5C6146000
unkown
page readonly
clean
7FF5BEE7F000
unkown
page readonly
clean
1B84C81B000
unkown
page read and write
clean
20792E80000
unkown
page read and write
clean
800037A000
unkown
page read and write
clean
7FF553CCC000
unkown
page readonly
clean
2671E9A0000
unkown
page readonly
clean
2296B402000
unkown
page read and write
clean
2671EA64000
unkown
page read and write
clean
1B847200000
unkown
page readonly
clean
7FF50227E000
unkown
page readonly
clean
1B847125000
unkown
page read and write
clean
7FF5C5F4F000
unkown
page readonly
clean
7FF592B3A000
unkown
page readonly
clean
294EC990000
unkown
page readonly
clean
294EC468000
unkown
page read and write
clean
2671E9B0000
unkown
page write copy
clean
7FF5BF542000
unkown
page readonly
clean
BCA4F7C000
unkown
page read and write
clean
7FF502215000
unkown
page readonly
clean
7FF592866000
unkown
page readonly
clean
62C3AFF000
unkown
page read and write
clean
2901DFF000
unkown
page read and write
clean
7FF5AABA5000
unkown
page readonly
clean
20792902000
unkown
page read and write
clean
7FF5927EF000
unkown
page readonly
clean
1B84C892000
unkown
page read and write
clean
294EC380000
unkown
page readonly
clean
7FF528C6C000
unkown
page readonly
clean
7FF5BF27B000
unkown
page readonly
clean
7FF5BF3FC000
unkown
page readonly
clean
22969A13000
unkown
page read and write
clean
22969F90000
unkown
page readonly
clean
22969B00000
unkown
page read and write
clean
294EC48A000
unkown
page read and write
clean
7FF553D5C000
unkown
page readonly
clean
294ECC02000
unkown
page read and write
clean
7FF5C6136000
unkown
page readonly
clean
1B84C660000
unkown
page read and write
clean
62C377E000
unkown
page read and write
clean
2671E970000
unkown
page read and write
clean
7FF5AAB4D000
unkown
page readonly
clean
BCA4B1B000
unkown
page read and write
clean
F6894AB000
unkown
page read and write
clean
1B84C8B6000
unkown
page read and write
clean
1B846F40000
unkown
page readonly
clean
7FF553BB9000
unkown
page readonly
clean
1FEDBA3C000
unkown
page read and write
clean
7FF5AAEE9000
unkown
page readonly
clean
E79F6FD000
unkown
page read and write
clean
7FF5929B8000
unkown
page readonly
clean
20792E80000
unkown
page read and write
clean
7FF5021F1000
unkown
page readonly
clean
7FF5BF310000
unkown
page readonly
clean
1B847902000
unkown
page read and write
clean
7FF592AEA000
unkown
page readonly
clean
229698E0000
heap default
page read and write
clean
7FF5BF4C7000
unkown
page readonly
clean
7FF592BA5000
unkown
page readonly
clean
7FF5AA6CC000
unkown
page readonly
clean
2296B6C0000
unkown
page readonly
clean
7FF5BF4F7000
unkown
page readonly
clean
1B847087000
unkown
page read and write
clean
7FF528BAB000
unkown
page readonly
clean
7FF5BF408000
unkown
page readonly
clean
7FF5539B8000
unkown
page readonly
clean
7FF528BF2000
unkown
page readonly
clean
7FF5BF419000
unkown
page readonly
clean
7FF553A9E000
unkown
page readonly
clean
7FF5BF401000
unkown
page readonly
clean
2671F740000
unkown
page readonly
clean
800077D000
unkown
page read and write
clean
1FEDC202000
unkown
page read and write
clean
7FF592B28000
unkown
page readonly
clean
1B84C600000
unkown
page read and write
clean
294EC600000
unkown
page readonly
clean
1B84C85E000
unkown
page read and write
clean
2671F400000
unkown
page readonly
clean
7FF5BF305000
unkown
page readonly
clean
1FEDBA29000
unkown
page read and write
clean
7FF59299F000
unkown
page readonly
clean
7FF5BF63E000
unkown
page readonly
clean
7FF5288A7000
unkown
page readonly
clean
618557F000
unkown
page read and write
clean
7FF5AACB9000
unkown
page readonly
clean
1B84C594000
unkown
page readonly
clean
294EC3A0000
unkown
page read and write
clean
7FF5C5EEA000
unkown
page readonly
clean
29443A00000
unkown
page readonly
clean
BCA527F000
unkown
page read and write
clean
7FF553CF6000
unkown
page readonly
clean
294437C0000
unkown
page readonly
clean
7FF5BF185000
unkown
page readonly
clean
7FF592B96000
unkown
page readonly
clean
7FF5C59B7000
unkown
page readonly
clean
1B84C3B0000
unkown
page read and write
clean
7FF5BF218000
unkown
page readonly
clean
2901EFD000
unkown
page read and write
clean
7FF5AAE82000
unkown
page readonly
clean
7FF5BF517000
unkown
page readonly
clean
1B84C590000
unkown
page readonly
clean
807FFFE000
unkown
page read and write
clean
1B84C4B0000
unkown
page read and write
clean
F689AFE000
unkown
page read and write
clean
294ECE00000
unkown
page readonly
clean
22969A78000
unkown
page read and write
clean
7FF528C56000
unkown
page readonly
clean
7FF553B4E000
unkown
page readonly
clean
E79ED2C000
unkown
page read and write
clean
7FF528CE9000
unkown
page readonly
clean
7FF5C61BE000
unkown
page readonly
clean
1B847815000
unkown
page read and write
clean
7FF5BF556000
unkown
page readonly
clean
20792829000
unkown
page read and write
clean
2671EA66000
unkown
page read and write
clean
7FF5C60D8000
unkown
page readonly
clean
7FF5BF5D5000
unkown
page readonly
clean
1B84C888000
unkown
page read and write
clean
22969A02000
unkown
page read and write
clean
807FF7E000
unkown
page read and write
clean
7FF5AADD8000
unkown
page readonly
clean
618587C000
unkown
page read and write
clean
E79F1FE000
unkown
page read and write
clean
7FF592C19000
unkown
page readonly
clean
7FF553D6C000
unkown
page readonly
clean
7FF5021D9000
unkown
page readonly
clean
2901A7E000
unkown
page read and write
clean
1B84C885000
unkown
page read and write
clean
20792802000
unkown
page read and write
clean
1B84C720000
unkown
page read and write
clean
7FF5BF540000
unkown
page readonly
clean
E79FAFE000
unkown
page read and write
clean
7FF5BF5CC000
unkown
page readonly
clean
7FF528C2F000
unkown
page readonly
clean
618577C000
unkown
page read and write
clean
7FF553AA5000
unkown
page readonly
clean
7FF528BE2000
unkown
page readonly
clean
1B847099000
unkown
page read and write
clean
7FF553D0A000
unkown
page readonly
clean
7FF5BF52C000
unkown
page readonly
clean
7FF5BF50B000
unkown
page readonly
clean
1FEDBCD0000
unkown
page readonly
clean
7FF592A27000
unkown
page readonly
clean
7FF592BB0000
unkown
page readonly
clean
1B848020000
unkown
page readonly
clean
1B848010000
unkown
page readonly
clean
7FF592782000
unkown
page readonly
clean
1B84C5F0000
unkown
page read and write
clean
7FF5021BE000
unkown
page readonly
clean
7FF5BF2FE000
unkown
page readonly
clean
7FF553D84000
unkown
page readonly
clean
7FF528C25000
unkown
page readonly
clean
29443829000
unkown
page read and write
clean
E79F8FE000
unkown
page read and write
clean
20793002000
unkown
page read and write
clean
2671EAC9000
unkown
page read and write
clean
1B84709B000
unkown
page read and write
clean
7FF5C6160000
unkown
page readonly
clean
BCA53FC000
unkown
page read and write
clean
7FF592A8C000
unkown
page readonly
clean
1B84C584000
unkown
page readonly
clean
7FF502224000
unkown
page readonly
clean
7FF50205A000
unkown
page readonly
clean
1FEDBA3A000
unkown
page read and write
clean
7FF5AADD4000
unkown
page readonly
clean
294437D0000
unkown
page read and write
clean
7FF592A30000
unkown
page readonly
clean
7FF5AAC50000
unkown
page readonly
clean
7FF5AADE0000
unkown
page readonly
clean
7FF592BB7000
unkown
page readonly
clean
2671EA2A000
unkown
page read and write
clean
7FF553D2F000
unkown
page readonly
clean
7FF5BF36B000
unkown
page readonly
clean
1B84C5C7000
unkown
page readonly
clean
7FF592BB4000
unkown
page readonly
clean
1B847E30000
unkown
page read and write
clean
229699C0000
unkown
page readonly
clean
22969A3D000
unkown
page read and write
clean
2671F300000
unkown
page read and write
clean
1B846E60000
unkown
page readonly
clean
7FF592C10000
unkown
page readonly
clean
1B847918000
unkown
page read and write
clean
1B84C4F0000
unkown
page read and write
clean
7FF528BF8000
unkown
page readonly
clean
F6899FB000
unkown
page read and write
clean
7FF592B10000
unkown
page readonly
clean
20792E80000
unkown
page read and write
clean
1B84C710000
unkown
page readonly
clean
2944383C000
unkown
page read and write
clean
7FF5BF599000
unkown
page readonly
clean
7FF5AAC6F000
unkown
page readonly
clean
7FF59277E000
unkown
page readonly
clean
2671EB02000
unkown
page read and write
clean
7FF592AFC000
unkown
page readonly
clean
6184FBE000
unkown
page read and write
clean
7FF5AAE2F000
unkown
page readonly
clean
7FF5BEE2C000
unkown
page readonly
clean
7FF528C39000
unkown
page readonly
clean
7FF5BF5E7000
unkown
page readonly
clean
29443867000
unkown
page read and write
clean
1B84C5D7000
unkown
page readonly
clean
2671E960000
unkown
page readonly
clean
29444000000
unkown
page readonly
clean
1B84C3A0000
unkown
page read and write
clean
7FF553DE1000
unkown
page readonly
clean
7FF502141000
unkown
page readonly
clean
1FEDB9C0000
unkown
page read and write
clean
1B84708D000
unkown
page read and write
clean
7FF5C61C9000
unkown
page readonly
clean
1B848050000
unkown
page readonly
clean
7FF502289000
unkown
page readonly
clean
1B847073000
unkown
page read and write
clean
1FEDBA55000
unkown
page read and write
clean
There are 631 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://objectstorage.eu-zurich-1.oraclecloud.com/n/zrbmvpn6wg40/b/bucket-20210712-1211/o/index1.html?authorize?client_id=-&response_type=code&fatpt=a&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rQIIAXWSPW_TUBSGc5M0NFEFFUKCMQMsSE6urz9iR-qQkMR1SK7TfDRNlihx7Npx7Osmzpd_AUhIdM6ChISQKiYECPETKiHKWgl16YCYKibEhNud5bzDeYaj9zmPI3SKzj5kGZbrZwYiJfZ5hmJFGlJ9FvEUwzE8gyA95CAzuZvY_vBi653ysiw_v1z9ePSq3liDeG9szrWUSuwTcN_wPHeaTacXi0WK6Lqp3izSnwE4A-AnAOvwhuZQrcZJeMozvMAKPMeyIqQhzQhsqjoqLpV2Z4ntotfxsak0IKwWykalaXHdguV1C6URbrb8jl2yqvbeAo_yFm7mkFLIediWVze8Xx9V2qVRFckB3_KDhFiSYcevG-fhO0pu5hnoepCJ6Wu_w3GdTOyeS6beOvIWKK7myMMnxHE01UtdY5rjmWrfM4lTmxBXm3imNt0RW-6AyowPO8v-3N49WvGZXE9mMnSuKez2jD4tmBanaOVaiS9alcG0WyaC8BT7ECqNUeeAlkTUVmpIsor7_FKrMQuvW9GJinEmT0mzglxddsdUHtXn6l7JLRt4sH9QrxozvS4Tm-RbNf59JBbUahPnNHI7OMoxh0l3QnRzrJ1Fwa_oFoxkNzcT26EHoWToTxS83gjMXX28jH79-0168-lCvfiOQ6cbaavBtdHYkg8xHJSlMWfKMzNQPWNVPY9cC9mNll9aHUmyAnfoLH0cA8ex2FUMPLsV-hL_n-vzxL3gX0QKIgqySShkGZSlhe4_0&estsfed=1&uaid=ac0c8cb48f4f494a89e479dd259f5253&fci=4345a7b9-9a63-4910-a426-&mkt=en-US#darlaandric@coldwellbanker.com
malicious