IOC Report
https://cran.r-project.org/src/contrib/fansi_1.0.3.tar.gz

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\Google\Chrome\User Data\05016b1a-1031-4ccc-8833-8ae4572cd0b7.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\693b3bcc-88a0-4eb0-82c4-b39e6f54c4d1.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\79d6731f-c655-473a-b5ea-b58b661f0616.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\94b317a5-48d2-48c3-a84b-651e7842e1dd.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\9d47748c-f74a-411f-b563-7ce51831773c.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0d2f02c8-0c06-4405-b380-d7f6ea347023.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\12053942-9224-461d-9b3e-710dd3138a04.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2905a3be-ef35-4b87-a0c2-01491d160eab.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3ee29310-2853-4b2a-b0d5-b59e7d16dca8.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5f7b48c3-2426-4680-9b9a-ca9b71f7e2ff.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7e3c0874-5ff1-4157-b1a3-fa9190674698.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
PGP\011Secret Key -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\8135de14-17be-421c-bd30-6b80022c300e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\7b0bada7-4e37-41b9-b758-ce559423173a.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d1bb6ed4-0fc9-47ee-9bdb-16955623f9fc.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e1601f14-0baf-4c44-b944-fbc3ff095db7.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ecd3ade0-7446-4742-b7e0-0e74ce79b606.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\ac6978bf-7026-4c41-bfff-93ee96fca5b3.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\e52ab124-25e8-4e0d-a21f-e0bc333a9e33.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\ec4755f6-288a-42cd-8b80-74fcad40c1a7.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\ff8cec4f-784d-4fbc-ab99-ac62643f9375.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\009bacf4-9b7f-4e02-a72c-e856ae49f4a4.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_pnacl_json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
current ar archive
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1560_1366170689\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\3689bbbf-4517-4cc8-afbd-a661c56c9959.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\009bacf4-9b7f-4e02-a72c-e856ae49f4a4.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1560_997754626\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\Downloads\e6b43650-69d5-48e7-81c7-1890248c6b26.tmp
gzip compressed data, last modified: Thu Mar 24 07:50:02 2022, from Unix
dropped
C:\Users\user\Downloads\fansi_1.0.3.tar.gz.crdownload (copy)
gzip compressed data, last modified: Thu Mar 24 07:50:02 2022, from Unix
dropped
C:\Users\user\Downloads\fansi_1.0.3.tar.gz:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
There are 107 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://cran.r-project.org/src/contrib/fansi_1.0.3.tar.gz
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,6762221054703538292,1348112329409344656,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1568,6762221054703538292,1348112329409344656,131072 --lang=en-GB --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4772 /prefetch:8

URLs

Name
IP
Malicious
https://cran.r-project.org/src/contrib/fansi_1.0.3.tar.gz
https://dns.google
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://ogs.google.com
unknown
https://www.google.com/images/cleardot.gif
unknown
https://play.google.com
unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.184.205
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
unknown
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
https://www.google.com/images/x2.gif
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.185.110
https://accounts.google.com/MergeSession
unknown
http://llvm.org/):
unknown
https://www.google.com
unknown
https://www.google.com/images/dot2.gif
unknown
https://code.google.com/p/nativeclient/issues/entry%s:
unknown
https://cran.r-project.org/src/contrib/fansi_1.0.3.tar.gz
137.208.57.37
https://code.google.com/p/nativeclient/issues/entry
unknown
https://accounts.google.com
unknown
https://clients2.googleusercontent.com
unknown
https://apis.google.com
unknown
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://www.google.com/
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
unknown
https://clients2.google.com
unknown
https://clients2.google.com/service/update2/crx
unknown
There are 18 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
accounts.google.com
142.250.184.205
cran.wu-wien.ac.at
137.208.57.37
clients.l.google.com
142.250.185.110
cran.r-project.org
unknown
clients2.google.com
unknown

IPs

IP
Domain
Country
Malicious
137.208.57.37
cran.wu-wien.ac.at
Austria
192.168.2.1
unknown
unknown
239.255.255.250
unknown
Reserved
142.250.185.110
clients.l.google.com
United States
142.250.184.205
accounts.google.com
United States
192.168.2.3
unknown
unknown
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
There are 35 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
210D8C5B000
heap
page read and write
210D8C4A000
heap
page read and write
113DBA26000
heap
page read and write
184FD2D7000
heap
page read and write
265B73C0000
heap
page read and write
2208EC44000
heap
page read and write
2CA37C00000
heap
page read and write
1D147202000
heap
page read and write
113DBB02000
heap
page read and write
42075FE000
stack
page read and write
1CA0AB02000
heap
page read and write
42070FB000
stack
page read and write
3640F7000
stack
page read and write
210D8C5B000
heap
page read and write
210D8C00000
heap
page read and write
23357113000
heap
page read and write
184FC318000
heap
page read and write
210DA800000
trusted library allocation
page read and write
3B2D97B000
stack
page read and write
184FB880000
heap
page read and write
184FD261000
heap
page read and write
210D8C5A000
heap
page read and write
CB477FE000
stack
page read and write
265B7652000
heap
page read and write
8AE8D3B000
stack
page read and write
22A88BB000
stack
page read and write
23356E30000
heap
page read and write
265B7602000
heap
page read and write
2CA37CE1000
heap
page read and write
4206E77000
stack
page read and write
184FD30A000
heap
page read and write
1CA0AA6F000
heap
page read and write
210D8AB0000
heap
page read and write
184FD0B0000
trusted library allocation
page read and write
184FBA13000
heap
page read and write
CB479FF000
stack
page read and write
184FCEE0000
trusted library allocation
page read and write
2CA37CBB000
heap
page read and write
2CA38500000
heap
page read and write
113DB8C0000
heap
page read and write
1D147302000
heap
page read and write
184FD088000
trusted library allocation
page read and write
1CA0AA5D000
heap
page read and write
CB4717C000
stack
page read and write
CB4757C000
stack
page read and write
2208EC4E000
heap
page read and write
2778B640000
heap
page read and write
1CA0AA00000
heap
page read and write
8AE97FE000
stack
page read and write
363D7B000
stack
page read and write
31E56AB000
stack
page read and write
2CA37C43000
heap
page read and write
2208EC49000
heap
page read and write
23357000000
heap
page read and write
2208EC2E000
heap
page read and write
22A8CFE000
stack
page read and write
1CA0A8D0000
heap
page read and write
22A8DFE000
stack
page read and write
210DAC00000
remote allocation
page read and write
2208EC00000
heap
page read and write
31E57AE000
stack
page read and write
184FBA72000
heap
page read and write
2335705B000
heap
page read and write
2208EC2D000
heap
page read and write
54D1C7B000
stack
page read and write
113DBA48000
heap
page read and write
2778B628000
heap
page read and write
184FC318000
heap
page read and write
184FD298000
heap
page read and write
210D8C68000
heap
page read and write
1D147120000
heap
page read and write
2CA37A40000
heap
page read and write
113DBA52000
heap
page read and write
184FC200000
heap
page read and write
BF540AB000
stack
page read and write
22A8EFE000
stack
page read and write
8F1CC7C000
stack
page read and write
184FD0A1000
trusted library allocation
page read and write
113DBA49000
heap
page read and write
184FBA9B000
heap
page read and write
8AE96FC000
stack
page read and write
113DB960000
trusted library allocation
page read and write
113DBA55000
heap
page read and write
184FD0C0000
trusted library allocation
page read and write
36396C000
stack
page read and write
3639EE000
stack
page read and write
184FD21B000
heap
page read and write
184FD306000
heap
page read and write
184FD2D9000
heap
page read and write
184FD30D000
heap
page read and write
2778C002000
trusted library allocation
page read and write
23357029000
heap
page read and write
3B2E1FF000
stack
page read and write
42076FE000
stack
page read and write
184FC318000
heap
page read and write
184FD2FC000
heap
page read and write
8AE95FC000
stack
page read and write
8AE94FE000
stack
page read and write
2208EC61000
heap
page read and write
113DBA13000
heap
page read and write
184FD1E0000
remote allocation
page read and write
2335703F000
heap
page read and write
2778B664000
heap
page read and write
1CA0AB13000
heap
page read and write
210D8D00000
heap
page read and write
23357102000
heap
page read and write
CB475FC000
stack
page read and write
184FD08E000
trusted library allocation
page read and write
23356F30000
trusted library allocation
page read and write
22A927D000
stack
page read and write
184FD1D0000
trusted library allocation
page read and write
113DBA70000
heap
page read and write
2208EC39000
heap
page read and write
1CA0AB08000
heap
page read and write
184FD30E000
heap
page read and write
113DBA4F000
heap
page read and write
22A8C7E000
stack
page read and write
184FD4D0000
trusted library allocation
page read and write
8AE93FF000
stack
page read and write
2CA37D02000
heap
page read and write
184FD200000
heap
page read and write
184FC215000
heap
page read and write
184FD308000
heap
page read and write
31E5C7E000
stack
page read and write
113DBA29000
heap
page read and write
184FD2F4000
heap
page read and write
1CA0AA64000
heap
page read and write
8AE92FE000
stack
page read and write
23357069000
heap
page read and write
2CA37CCA000
heap
page read and write
210D8C4B000
heap
page read and write
2CA37C6B000
heap
page read and write
184FBA89000
heap
page read and write
2778B560000
heap
page read and write
2208EC42000
heap
page read and write
113DB930000
heap
page read and write
184FD23C000
heap
page read and write
184FCEC1000
trusted library allocation
page read and write
184FD2EF000
heap
page read and write
184FCB70000
trusted library section
page readonly
1CA0A8E0000
heap
page read and write
2208EC3A000
heap
page read and write
2208EC66000
heap
page read and write
210D8C7F000
heap
page read and write
54D1EFF000
stack
page read and write
3641FE000
stack
page read and write
184FD0B0000
trusted library allocation
page read and write
184FD30A000
heap
page read and write
184FD308000
heap
page read and write
3B2DDFF000
stack
page read and write
184FD2DB000
heap
page read and write
2208EC60000
heap
page read and write
210DA5B0000
trusted library allocation
page read and write
4206EFE000
stack
page read and write
2778B590000
trusted library allocation
page read and write
184FD1E0000
remote allocation
page read and write
2CA37C66000
heap
page read and write
2208EC63000
heap
page read and write
2208EC47000
heap
page read and write
1D1471E0000
remote allocation
page read and write
363C7E000
stack
page read and write
8F1CA7B000
stack
page read and write
184FC359000
heap
page read and write
54D1CFE000
stack
page read and write
2208ED02000
heap
page read and write
184FC1F3000
trusted library allocation
page read and write
184FBAF9000
heap
page read and write
23357075000
heap
page read and write
184FD1D0000
trusted library allocation
page read and write
1D147229000
heap
page read and write
184FD1E0000
trusted library allocation
page read and write
420747E000
stack
page read and write
184FD306000
heap
page read and write
2208EC67000
heap
page read and write
2CA37CCC000
heap
page read and write
1D147180000
heap
page read and write
184FB8E0000
heap
page read and write
2208EC40000
heap
page read and write
184FE000000
heap
page read and write
2CA37CE7000
heap
page read and write
184FC359000
heap
page read and write
22A907F000
stack
page read and write
2208EC62000
heap
page read and write
2778B700000
heap
page read and write
184FD084000
trusted library allocation
page read and write
2CA37C87000
heap
page read and write
2CA37C64000
heap
page read and write
113DBA3C000
heap
page read and write
3B2E2FF000
stack
page read and write
1D1471E0000
remote allocation
page read and write
184FD2FF000
heap
page read and write
1CA0A970000
trusted library allocation
page read and write
2208EA60000
heap
page read and write
184FCEF0000
trusted library allocation
page read and write
4206FFA000
stack
page read and write
2208EC48000
heap
page read and write
184FD210000
heap
page read and write
1CA0AB00000
heap
page read and write
54D1DF7000
stack
page read and write
2778B500000
heap
page read and write
1CA0AA13000
heap
page read and write
184FC359000
heap
page read and write
1CA0B402000
trusted library allocation
page read and write
2208EC41000
heap
page read and write
113DBA81000
heap
page read and write
113DBA4E000
heap
page read and write
1D147213000
heap
page read and write
184FD0A4000
trusted library allocation
page read and write
184FB870000
heap
page read and write
184FD0A0000
trusted library allocation
page read and write
184FD2FD000
heap
page read and write
2208EC46000
heap
page read and write
2208EA70000
heap
page read and write
113DBA75000
heap
page read and write
3B2DFFF000
stack
page read and write
8F1CDFE000
stack
page read and write
210D8C4B000
heap
page read and write
184FC501000
trusted library allocation
page read and write
184FBA74000
heap
page read and write
184FB9F0000
trusted library section
page read and write
113DBA54000
heap
page read and write
22A8D7E000
stack
page read and write
1D147258000
heap
page read and write
2208EC69000
heap
page read and write
2208EC6B000
heap
page read and write
31E5E7F000
stack
page read and write
2208EBD0000
trusted library allocation
page read and write
210D8C13000
heap
page read and write
2CA37C13000
heap
page read and write
184FC1F0000
trusted library allocation
page read and write
184FD30D000
heap
page read and write
184FD0C4000
trusted library allocation
page read and write
210D8C85000
heap
page read and write
113DBA56000
heap
page read and write
113DBA57000
heap
page read and write
184FD1A0000
trusted library allocation
page read and write
2778B4F0000
heap
page read and write
54D17CD000
stack
page read and write
2208EC7B000
heap
page read and write
23357013000
heap
page read and write
265B7629000
heap
page read and write
420767F000
stack
page read and write
1CA0AA3C000
heap
page read and write
1CA0AA29000
heap
page read and write
184FC300000
heap
page read and write
2CA37CC2000
heap
page read and write
2208EC4D000
heap
page read and write
184FD190000
trusted library allocation
page read and write
2208EC3D000
heap
page read and write
184FBA57000
heap
page read and write
2CA37A50000
heap
page read and write
184FD2AA000
heap
page read and write
184FD2D9000
heap
page read and write
184FCF00000
trusted library allocation
page read and write
8F1CD7B000
stack
page read and write
8F1CB7E000
stack
page read and write
265B7702000
heap
page read and write
113DBB08000
heap
page read and write
113DBB13000
heap
page read and write
42071FE000
stack
page read and write
210D8C2A000
heap
page read and write
210D8C8C000
heap
page read and write
184FD249000
heap
page read and write
42079FE000
stack
page read and write
184FD2DA000
heap
page read and write
2208EC7D000
heap
page read and write
2208EC6D000
heap
page read and write
1D147C02000
trusted library allocation
page read and write
2CA37D13000
heap
page read and write
265B7520000
trusted library allocation
page read and write
8F1CEF7000
stack
page read and write
2208EC84000
heap
page read and write
CB472FE000
stack
page read and write
CB46D0C000
stack
page read and write
1CA0AA6F000
heap
page read and write
184FD302000
heap
page read and write
CB478FD000
stack
page read and write
2CA38514000
heap
page read and write
BF546FE000
stack
page read and write
2208EC75000
heap
page read and write
184FBA2A000
heap
page read and write
184FD1F0000
trusted library allocation
page read and write
265B7420000
heap
page read and write
184FCA40000
trusted library allocation
page read and write
210DAC00000
remote allocation
page read and write
184FCB20000
trusted library section
page readonly
184FBA8E000
heap
page read and write
113DBA4C000
heap
page read and write
2778B65A000
heap
page read and write
CB4747C000
stack
page read and write
1CA0AA49000
heap
page read and write
184FCB60000
trusted library section
page readonly
265B7600000
heap
page read and write
2208EC29000
heap
page read and write
184FD29A000
heap
page read and write
184FC800000
trusted library allocation
page read and write
184FC302000
heap
page read and write
3B2DBFC000
stack
page read and write
184FD313000
heap
page read and write
8F1CFFF000
stack
page read and write
184FD085000
trusted library allocation
page read and write
2208EC13000
heap
page read and write
22A917D000
stack
page read and write
23356DC0000
heap
page read and write
2778B713000
heap
page read and write
184FD302000
heap
page read and write
CB476FC000
stack
page read and write
2208EC30000
heap
page read and write
113DBA4B000
heap
page read and write
210D8D02000
heap
page read and write
184FD30B000
heap
page read and write
184FBA6D000
heap
page read and write
23356DD0000
heap
page read and write
184FD302000
heap
page read and write
54D174C000
stack
page read and write
184FBA77000
heap
page read and write
184FD2A7000
heap
page read and write
265B7613000
heap
page read and write
2208EC74000
heap
page read and write
2208EC6F000
heap
page read and write
2CA38402000
heap
page read and write
54D1A7E000
stack
page read and write
42077FC000
stack
page read and write
265B768D000
heap
page read and write
BF544FE000
stack
page read and write
CB473FE000
stack
page read and write
2208EC45000
heap
page read and write
184FCB50000
trusted library section
page readonly
184FBB13000
heap
page read and write
1D1471B0000
trusted library allocation
page read and write
2208F402000
trusted library allocation
page read and write
1CA0AA99000
heap
page read and write
210DAC00000
remote allocation
page read and write
184FC318000
heap
page read and write
184FD229000
heap
page read and write
265B7E02000
trusted library allocation
page read and write
184FD1E0000
remote allocation
page read and write
2778B702000
heap
page read and write
42072FA000
stack
page read and write
184FD304000
heap
page read and write
2CA37C24000
heap
page read and write
184FBA00000
heap
page read and write
31E5D7E000
stack
page read and write
210D8C40000
heap
page read and write
184FD080000
trusted library allocation
page read and write
22A8FFD000
stack
page read and write
2CA37AB0000
heap
page read and write
31E5B7F000
stack
page read and write
113DBA51000
heap
page read and write
23357002000
heap
page read and write
1CA0AA27000
heap
page read and write
8F1D0FF000
stack
page read and write
363FFE000
stack
page read and write
BF545FB000
stack
page read and write
210DA5D0000
trusted library allocation
page read and write
210DA840000
trusted library allocation
page read and write
3B2D50B000
stack
page read and write
184FBA3D000
heap
page read and write
3B2E0FF000
stack
page read and write
184FCF60000
trusted library allocation
page read and write
363EFB000
stack
page read and write
184FD303000
heap
page read and write
184FCB30000
trusted library section
page readonly
184FB9E0000
trusted library allocation
page read and write
184FBB02000
heap
page read and write
2208EAD0000
heap
page read and write
1CA0A940000
heap
page read and write
210D8B10000
heap
page read and write
2CA37BB0000
trusted library allocation
page read and write
4206C7C000
stack
page read and write
2778B600000
heap
page read and write
113DBB00000
heap
page read and write
184FCF70000
trusted library allocation
page read and write
1CA0AA5F000
heap
page read and write
42073FB000
stack
page read and write
BF547FE000
stack
page read and write
1D147250000
heap
page read and write
3B2DCFF000
stack
page read and write
184FD1C0000
trusted library allocation
page read and write
1D147200000
heap
page read and write
184FD150000
trusted library allocation
page read and write
2778B613000
heap
page read and write
42074FF000
stack
page read and write
113DBA00000
heap
page read and write
184FD306000
heap
page read and write
184FD1B0000
trusted library allocation
page read and write
184FD081000
trusted library allocation
page read and write
1CA0AA7C000
heap
page read and write
8AE917C000
stack
page read and write
184FD30D000
heap
page read and write
3B2DAFF000
stack
page read and write
1D147110000
heap
page read and write
1CA0AA54000
heap
page read and write
184FC359000
heap
page read and write
210D8D18000
heap
page read and write
265B763C000
heap
page read and write
2208EC7E000
heap
page read and write
210DA602000
trusted library allocation
page read and write
1CA0AA5A000
heap
page read and write
363DFE000
stack
page read and write
8F1CAFE000
stack
page read and write
184FD302000
heap
page read and write
265B7689000
heap
page read and write
2778B679000
heap
page read and write
420757E000
stack
page read and write
184FE010000
heap
page read and write
184FD080000
trusted library allocation
page read and write
2778B668000
heap
page read and write
2208EC5F000
heap
page read and write
184FC313000
heap
page read and write
2208EC64000
heap
page read and write
210D8AA0000
heap
page read and write
3B2DEFD000
stack
page read and write
210D8D13000
heap
page read and write
184FC39A000
heap
page read and write
184FD300000
heap
page read and write
18480000000
trusted library allocation
page read and write
54D1FFF000
stack
page read and write
3B2E3FF000
stack
page read and write
1D1471E0000
remote allocation
page read and write
113DC402000
trusted library allocation
page read and write
113DB8D0000
heap
page read and write
1CA0AA88000
heap
page read and write
265B7687000
heap
page read and write
23357802000
trusted library allocation
page read and write
265B73B0000
heap
page read and write
265B7713000
heap
page read and write
2208EC4B000
heap
page read and write
184FD254000
heap
page read and write
184FCB40000
trusted library section
page readonly
2778B602000
heap
page read and write
31E572E000
stack
page read and write
184FC202000
heap
page read and write
1D147240000
heap
page read and write
There are 424 hidden memdumps, click here to show them.