Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
||
|
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecoveryCRX.crx
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\2db15e99-6dfc-42b5-beea-8434781f5299.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\426527fa-1326-451c-ab76-fc2c90e7ffeb.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\4f2d5ca0-f60d-498f-965c-dc3d8f7f9e3c.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\6cd790b6-5099-416e-9dac-a9f89a1d53f5.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\8bec16de-ccc2-4bdd-884b-5a4ae16f8318.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\8e3d563a-7914-407b-945b-76d626f1938d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\9729e2f1-e929-420b-9a9e-5255264f83b0.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\066e39b9-23bd-4f7c-bb6c-a7165e9ed069.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\11da441b-c044-4c92-a38b-87f8969125b6.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\21468ea5-c2f9-4805-900a-a85c6a81064d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\67b09b8d-05f5-4327-8bbf-a835e0389c40.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\690e0051-d682-4267-8c8f-e41f19bd3b24.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6b026497-acd5-444c-9805-8f953863c848.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6ee571ac-bfb3-408d-af18-493dab2de1ae.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7ac3a54c-29a4-42d5-af80-c182e7baa737.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8d147cfb-1162-43f5-8e60-89b9195c1946.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
|
PGP\011Secret Key -
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\05187f3a-574f-40d6-b7f6-b4de239a77c6.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\0b6b6f12-a23f-4eca-9dbc-aa10a76b0d74.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir2332_2059111382\Ruleset
Data
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\a81bf1c0-ae16-4a5f-aa2d-8bd9c3fa1e24.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\dc39d5d1-11ba-416b-bebd-361cb28678c7.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\fabb3fe1-a404-4524-8479-d64489129d92.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\fc06df90-f329-4f82-8fd9-1b17e37832cc.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2332_230541184\Filtering Rules
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2332_230541184\LICENSE.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2332_230541184\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2332_230541184\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2332_230541184\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2332_230541184\manifest.json~
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2332_963267159\Recovery.crx3
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2332_963267159\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2332_963267159\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2332_963267159\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\26620b0b-e526-485b-943d-dc608904fe24.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\fdde1a6e-3537-40bb-94ac-392e6702c2fa.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\fdde1a6e-3537-40bb-94ac-392e6702c2fa.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\Downloads\63df2e5c-2c92-4e96-ab74-c8a236428abf.tmp
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\Downloads\authrootstl.cab.crdownload (copy)
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\Downloads\authrootstl.cab:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 112 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072
--lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4788 /prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
|
C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
|
||
|
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe
|
"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96}
--browser-version=85.0.4183.121 --sessionid={071c9bf8-cee5-4f16-a546-0f1aec4e4f3e} --system
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd8
|
|||
|
https://dns.google
|
unknown
|
||
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
|
https://ogs.google.com
|
unknown
|
||
|
https://www.google.com/images/cleardot.gif
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.185.110
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.184.205
|
||
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://easylist.to/)
|
unknown
|
||
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://www.google.com/images/x2.gif
|
unknown
|
||
|
https://accounts.google.com/MergeSession
|
unknown
|
||
|
https://creativecommons.org/compatiblelicenses
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/images/dot2.gif
|
unknown
|
||
|
https://github.com/easylist)
|
unknown
|
||
|
https://creativecommons.org/.
|
unknown
|
||
|
https://accounts.google.com
|
unknown
|
||
|
https://clients2.googleusercontent.com
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
|
https://clients2.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
accounts.google.com
|
142.250.184.205
|
||
|
clients.l.google.com
|
142.250.185.110
|
||
|
clients2.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
142.250.185.110
|
clients.l.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.184.205
|
accounts.google.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
There are 40 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
28AFF76D000
|
heap
|
page read and write
|
||
|
14707640000
|
heap
|
page read and write
|
||
|
22276813000
|
heap
|
page read and write
|
||
|
1B90000
|
heap
|
page read and write
|
||
|
596627F000
|
stack
|
page read and write
|
||
|
18E59647000
|
heap
|
page read and write
|
||
|
28AFF71B000
|
heap
|
page read and write
|
||
|
196F9855000
|
heap
|
page read and write
|
||
|
2227685C000
|
heap
|
page read and write
|
||
|
20DA7700000
|
heap
|
page read and write
|
||
|
196F9913000
|
heap
|
page read and write
|
||
|
DC1000
|
unkown
|
page execute read
|
||
|
DFB000
|
unkown
|
page readonly
|
||
|
147076E0000
|
heap
|
page read and write
|
||
|
28AFEE3C000
|
heap
|
page read and write
|
||
|
2227685A000
|
heap
|
page read and write
|
||
|
28AFF778000
|
heap
|
page read and write
|
||
|
246C8170000
|
trusted library allocation
|
page read and write
|
||
|
28AFEEAA000
|
heap
|
page read and write
|
||
|
22276851000
|
heap
|
page read and write
|
||
|
7518977000
|
stack
|
page read and write
|
||
|
18E59674000
|
heap
|
page read and write
|
||
|
B2A3D7B000
|
stack
|
page read and write
|
||
|
59662FE000
|
stack
|
page read and write
|
||
|
28AFEF13000
|
heap
|
page read and write
|
||
|
246C71F0000
|
heap
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
14707707000
|
heap
|
page read and write
|
||
|
20DA767F000
|
heap
|
page read and write
|
||
|
28AFF791000
|
heap
|
page read and write
|
||
|
246C74D0000
|
heap
|
page read and write
|
||
|
D8D000
|
stack
|
page read and write
|
||
|
196F9800000
|
heap
|
page read and write
|
||
|
22276902000
|
heap
|
page read and write
|
||
|
147079D5000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
49DE17E000
|
stack
|
page read and write
|
||
|
246C727D000
|
heap
|
page read and write
|
||
|
246C74D9000
|
heap
|
page read and write
|
||
|
2227683C000
|
heap
|
page read and write
|
||
|
1470772A000
|
heap
|
page read and write
|
||
|
20DA7713000
|
heap
|
page read and write
|
||
|
DFB000
|
unkown
|
page readonly
|
||
|
8B78FE000
|
stack
|
page read and write
|
||
|
28AFEE61000
|
heap
|
page read and write
|
||
|
8B73DC000
|
stack
|
page read and write
|
||
|
22276829000
|
heap
|
page read and write
|
||
|
28AFF78A000
|
heap
|
page read and write
|
||
|
196F9802000
|
heap
|
page read and write
|
||
|
A2E3DCC000
|
stack
|
page read and write
|
||
|
14707721000
|
heap
|
page read and write
|
||
|
22276720000
|
trusted library allocation
|
page read and write
|
||
|
1470771D000
|
heap
|
page read and write
|
||
|
49DE4F9000
|
stack
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
18E5965F000
|
heap
|
page read and write
|
||
|
28AFF796000
|
heap
|
page read and write
|
||
|
20DA765E000
|
heap
|
page read and write
|
||
|
DC1000
|
unkown
|
page execute read
|
||
|
28AFF784000
|
heap
|
page read and write
|
||
|
B2A407F000
|
stack
|
page read and write
|
||
|
28AFF78C000
|
heap
|
page read and write
|
||
|
28AFF78C000
|
heap
|
page read and write
|
||
|
20DA8002000
|
trusted library allocation
|
page read and write
|
||
|
DF8000
|
unkown
|
page write copy
|
||
|
28AFF7CD000
|
heap
|
page read and write
|
||
|
28AFEC00000
|
heap
|
page read and write
|
||
|
28AFEEEB000
|
heap
|
page read and write
|
||
|
20DA7550000
|
heap
|
page read and write
|
||
|
28AFEBA0000
|
heap
|
page read and write
|
||
|
246C8160000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
22276908000
|
heap
|
page read and write
|
||
|
1470772A000
|
heap
|
page read and write
|
||
|
A2E46FF000
|
unkown
|
page read and write
|
||
|
75182CB000
|
stack
|
page read and write
|
||
|
20DA765C000
|
heap
|
page read and write
|
||
|
28AFEEAA000
|
heap
|
page read and write
|
||
|
1470773D000
|
heap
|
page read and write
|
||
|
28AFF786000
|
heap
|
page read and write
|
||
|
246C70C0000
|
trusted library allocation
|
page read and write
|
||
|
246C7210000
|
heap
|
page read and write
|
||
|
22276900000
|
heap
|
page read and write
|
||
|
246C70B0000
|
heap
|
page read and write
|
||
|
28AFF722000
|
heap
|
page read and write
|
||
|
18E59654000
|
heap
|
page read and write
|
||
|
28AFF75F000
|
heap
|
page read and write
|
||
|
28AFF783000
|
heap
|
page read and write
|
||
|
5965E8A000
|
stack
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
246C7256000
|
heap
|
page read and write
|
||
|
20DA7600000
|
heap
|
page read and write
|
||
|
14707714000
|
heap
|
page read and write
|
||
|
20DA7613000
|
heap
|
page read and write
|
||
|
246C726C000
|
heap
|
page read and write
|
||
|
862F0FE000
|
stack
|
page read and write
|
||
|
B2A45FE000
|
stack
|
page read and write
|
||
|
7518B7D000
|
stack
|
page read and write
|
||
|
196F987C000
|
heap
|
page read and write
|
||
|
28AFF78C000
|
heap
|
page read and write
|
||
|
14707709000
|
heap
|
page read and write
|
||
|
14707713000
|
heap
|
page read and write
|
||
|
20DA768E000
|
heap
|
page read and write
|
||
|
18E59630000
|
heap
|
page read and write
|
||
|
1B95000
|
heap
|
page read and write
|
||
|
14707702000
|
heap
|
page read and write
|
||
|
862EDFB000
|
stack
|
page read and write
|
||
|
20DA7629000
|
heap
|
page read and write
|
||
|
246C7E80000
|
trusted library allocation
|
page read and write
|
||
|
28AFEDC0000
|
remote allocation
|
page read and write
|
||
|
246C7275000
|
heap
|
page read and write
|
||
|
147079D0000
|
heap
|
page read and write
|
||
|
28AFF74E000
|
heap
|
page read and write
|
||
|
28AFEE29000
|
heap
|
page read and write
|
||
|
14707742000
|
heap
|
page read and write
|
||
|
14707742000
|
heap
|
page read and write
|
||
|
28AFEDC0000
|
remote allocation
|
page read and write
|
||
|
28AFF78F000
|
heap
|
page read and write
|
||
|
20DA75B0000
|
heap
|
page read and write
|
||
|
20DA75E0000
|
trusted library allocation
|
page read and write
|
||
|
246C726D000
|
heap
|
page read and write
|
||
|
28AFEEC9000
|
heap
|
page read and write
|
||
|
5965F0F000
|
stack
|
page read and write
|
||
|
246C8150000
|
heap
|
page readonly
|
||
|
28AFF773000
|
heap
|
page read and write
|
||
|
A2E47FA000
|
stack
|
page read and write
|
||
|
28AFF797000
|
heap
|
page read and write
|
||
|
8B7CFF000
|
stack
|
page read and write
|
||
|
196F9790000
|
heap
|
page read and write
|
||
|
14707709000
|
heap
|
page read and write
|
||
|
DF8000
|
unkown
|
page read and write
|
||
|
13FE000
|
stack
|
page read and write
|
||
|
28AFF700000
|
heap
|
page read and write
|
||
|
246C7E90000
|
trusted library allocation
|
page read and write
|
||
|
DE7000
|
unkown
|
page readonly
|
||
|
222765C0000
|
heap
|
page read and write
|
||
|
C17000
|
stack
|
page read and write
|
||
|
DE7000
|
unkown
|
page readonly
|
||
|
2227685F000
|
heap
|
page read and write
|
||
|
147075C0000
|
heap
|
page readonly
|
||
|
196F9902000
|
heap
|
page read and write
|
||
|
49DE679000
|
stack
|
page read and write
|
||
|
862EFFB000
|
stack
|
page read and write
|
||
|
14FE000
|
stack
|
page read and write
|
||
|
14707724000
|
heap
|
page read and write
|
||
|
28AFF7D8000
|
heap
|
page read and write
|
||
|
246C74D5000
|
heap
|
page read and write
|
||
|
20DA7680000
|
heap
|
page read and write
|
||
|
1470773D000
|
heap
|
page read and write
|
||
|
DC0000
|
unkown
|
page readonly
|
||
|
49DE1FE000
|
stack
|
page read and write
|
||
|
28AFEB90000
|
heap
|
page read and write
|
||
|
ED6000
|
heap
|
page read and write
|
||
|
14707724000
|
heap
|
page read and write
|
||
|
751834E000
|
stack
|
page read and write
|
||
|
22276913000
|
heap
|
page read and write
|
||
|
196F9780000
|
heap
|
page read and write
|
||
|
18E59676000
|
heap
|
page read and write
|
||
|
14707709000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
246C7218000
|
heap
|
page read and write
|
||
|
222765B0000
|
heap
|
page read and write
|
||
|
246C7220000
|
heap
|
page read and write
|
||
|
8B7BF9000
|
stack
|
page read and write
|
||
|
A2E427F000
|
stack
|
page read and write
|
||
|
246C74E0000
|
trusted library allocation
|
page read and write
|
||
|
5966379000
|
stack
|
page read and write
|
||
|
49DE57E000
|
stack
|
page read and write
|
||
|
28AFF771000
|
heap
|
page read and write
|
||
|
22276864000
|
heap
|
page read and write
|
||
|
C1B000
|
stack
|
page read and write
|
||
|
28AFEEB4000
|
heap
|
page read and write
|
||
|
22277002000
|
trusted library allocation
|
page read and write
|
||
|
28AFEF02000
|
heap
|
page read and write
|
||
|
14707724000
|
heap
|
page read and write
|
||
|
20DA7708000
|
heap
|
page read and write
|
||
|
28AFEEA6000
|
heap
|
page read and write
|
||
|
18E59670000
|
heap
|
page read and write
|
||
|
28AFEEE4000
|
heap
|
page read and write
|
||
|
14707707000
|
heap
|
page read and write
|
||
|
28AFEE71000
|
heap
|
page read and write
|
||
|
28AFF797000
|
heap
|
page read and write
|
||
|
18E5965F000
|
heap
|
page read and write
|
||
|
A2E407F000
|
stack
|
page read and write
|
||
|
196F9813000
|
heap
|
page read and write
|
||
|
A2E40FF000
|
stack
|
page read and write
|
||
|
28AFEDC0000
|
remote allocation
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
8B7AFE000
|
stack
|
page read and write
|
||
|
18E5965F000
|
heap
|
page read and write
|
||
|
75183CE000
|
stack
|
page read and write
|
||
|
18E59657000
|
heap
|
page read and write
|
||
|
20DA7663000
|
heap
|
page read and write
|
||
|
28AFED00000
|
trusted library allocation
|
page read and write
|
||
|
28AFF602000
|
heap
|
page read and write
|
||
|
1470772A000
|
heap
|
page read and write
|
||
|
B2A42FB000
|
stack
|
page read and write
|
||
|
28AFF793000
|
heap
|
page read and write
|
||
|
196FA090000
|
trusted library allocation
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
1470773A000
|
heap
|
page read and write
|
||
|
28AFEEC2000
|
heap
|
page read and write
|
||
|
18E593F0000
|
heap
|
page read and write
|
||
|
A2E4577000
|
stack
|
page read and write
|
||
|
18E5963B000
|
heap
|
page read and write
|
||
|
196FA202000
|
trusted library allocation
|
page read and write
|
||
|
14707721000
|
heap
|
page read and write
|
||
|
18E59520000
|
heap
|
page read and write
|
||
|
B2A43F7000
|
stack
|
page read and write
|
||
|
49DE479000
|
stack
|
page read and write
|
||
|
14707721000
|
heap
|
page read and write
|
||
|
751887E000
|
stack
|
page read and write
|
||
|
246C7275000
|
heap
|
page read and write
|
||
|
28AFF773000
|
heap
|
page read and write
|
||
|
18E59656000
|
heap
|
page read and write
|
||
|
862EEFB000
|
stack
|
page read and write
|
||
|
18E59540000
|
heap
|
page read and write
|
||
|
246C725E000
|
heap
|
page read and write
|
||
|
18E59655000
|
heap
|
page read and write
|
||
|
8B73DF000
|
stack
|
page read and write
|
||
|
1470771C000
|
heap
|
page read and write
|
||
|
18E59405000
|
heap
|
page read and write
|
||
|
28AFEEF9000
|
heap
|
page read and write
|
||
|
B2A417B000
|
stack
|
page read and write
|
||
|
28AFEEEA000
|
heap
|
page read and write
|
||
|
18E59642000
|
heap
|
page read and write
|
||
|
8B77FE000
|
stack
|
page read and write
|
||
|
28AFEE83000
|
heap
|
page read and write
|
||
|
49DE5FF000
|
stack
|
page read and write
|
||
|
20DA7602000
|
heap
|
page read and write
|
||
|
49DE0FB000
|
stack
|
page read and write
|
||
|
28AFF775000
|
heap
|
page read and write
|
||
|
1FDF000
|
stack
|
page read and write
|
||
|
196F9828000
|
heap
|
page read and write
|
||
|
196F9840000
|
heap
|
page read and write
|
||
|
B2A3DFE000
|
stack
|
page read and write
|
||
|
28AFFC00000
|
heap
|
page read and write
|
||
|
28AFFC02000
|
heap
|
page read and write
|
||
|
18E59671000
|
heap
|
page read and write
|
||
|
1470773D000
|
heap
|
page read and write
|
||
|
20DA768B000
|
heap
|
page read and write
|
||
|
246C81C0000
|
trusted library allocation
|
page read and write
|
||
|
28AFF797000
|
heap
|
page read and write
|
||
|
20DA7661000
|
heap
|
page read and write
|
||
|
DC0000
|
unkown
|
page readonly
|
||
|
246C7F00000
|
trusted library allocation
|
page read and write
|
||
|
28AFF75D000
|
heap
|
page read and write
|
||
|
147075B0000
|
heap
|
page read and write
|
||
|
8B76FE000
|
stack
|
page read and write
|
||
|
20DA763C000
|
heap
|
page read and write
|
||
|
A2E437B000
|
stack
|
page read and write
|
||
|
B2A44FF000
|
stack
|
page read and write
|
||
|
246C7310000
|
heap
|
page read and write
|
||
|
22276800000
|
heap
|
page read and write
|
||
|
A2E4477000
|
stack
|
page read and write
|
||
|
A2E467E000
|
stack
|
page read and write
|
||
|
22276620000
|
heap
|
page read and write
|
||
|
22276887000
|
heap
|
page read and write
|
||
|
28AFEE89000
|
heap
|
page read and write
|
||
|
B2A41FF000
|
stack
|
page read and write
|
||
|
862E8FB000
|
stack
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
28AFEE00000
|
heap
|
page read and write
|
||
|
EB8000
|
heap
|
page read and write
|
||
|
20DA7540000
|
heap
|
page read and write
|
||
|
B1C000
|
stack
|
page read and write
|
||
|
59663FF000
|
stack
|
page read and write
|
||
|
28AFF719000
|
heap
|
page read and write
|
||
|
596647C000
|
stack
|
page read and write
|
||
|
246C8140000
|
trusted library allocation
|
page read and write
|
||
|
28AFF76D000
|
heap
|
page read and write
|
||
|
7518A7F000
|
stack
|
page read and write
|
||
|
28AFEE80000
|
heap
|
page read and write
|
||
|
28AFF78C000
|
heap
|
page read and write
|
||
|
5965F8F000
|
stack
|
page read and write
|
||
|
14707701000
|
heap
|
page read and write
|
||
|
28AFF791000
|
heap
|
page read and write
|
||
|
20DA767F000
|
heap
|
page read and write
|
||
|
20DA7654000
|
heap
|
page read and write
|
||
|
18E59400000
|
heap
|
page read and write
|
||
|
196F97F0000
|
heap
|
page read and write
|
||
|
28AFF785000
|
heap
|
page read and write
|
||
|
28AFEEE8000
|
heap
|
page read and write
|
||
|
28AFEE13000
|
heap
|
page read and write
|
||
|
18E59647000
|
heap
|
page read and write
|
||
|
A2E41FC000
|
stack
|
page read and write
|
||
|
20DA7702000
|
heap
|
page read and write
|
||
|
246C725D000
|
heap
|
page read and write
|
||
|
75187FB000
|
stack
|
page read and write
|
||
|
14707620000
|
heap
|
page read and write
|
||
|
147076F8000
|
heap
|
page read and write
|
||
|
246C725D000
|
heap
|
page read and write
|
||
|
246C7260000
|
heap
|
page read and write
|
||
|
1470773A000
|
heap
|
page read and write
|
||
|
28AFF791000
|
heap
|
page read and write
|
||
|
28AFFC02000
|
heap
|
page read and write
|
||
|
28AFF77E000
|
heap
|
page read and write
|
||
|
28AFF771000
|
heap
|
page read and write
|
||
|
246C7EF0000
|
trusted library allocation
|
page read and write
|
||
|
1ADE000
|
stack
|
page read and write
|
||
|
1470774B000
|
heap
|
page read and write
|
||
|
196F9900000
|
heap
|
page read and write
|
There are 293 hidden memdumps, click here to show them.