Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\14a703eb-c787-475a-b48f-db18938bcc60.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\5b2add03-91f4-4d1a-aa29-b2eecca58011.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\5e0b1786-3f28-4e66-b8cc-e0104a32eea1.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\64f92139-ae75-4475-97d4-10df78132f69.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\6dc17962-d21c-4e74-b805-516715b402ed.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\7d0d486f-5bd1-4852-94b1-797051b56641.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\276691e2-3ad2-426a-b1d8-84747fbb286b.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\31d84669-01e0-493a-adad-18271756bf82.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3947a6cf-a1db-47f2-92f1-8c533a70acfa.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4d87e470-4378-475b-a205-1e9b4d416f00.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\562faf9f-ea2c-4e94-8954-7e048d499854.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5cff92f4-d731-4465-a1cb-b2899fee929d.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\622e9c9a-a461-4f12-88c7-f0c7ea316f79.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\76deb871-be35-4eca-9525-ebf3e0e256a4.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7eece4f6-4c0b-42ba-8e15-d559a38f0f90.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8e236fe3-82e0-4188-9758-50a18cdc9922.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\90ae0a2d-7feb-4867-8527-0f45278d5e7c.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)
|
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a5c9e995-805b-4ea0-8b11-249012cd8ba7.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a9f5aef8-e8e6-4c41-9265-460d4df24b8a.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c089eb17-6a9d-4623-a760-8781918b0b87.tmp
|
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cba3848a-f7bf-4b15-b4af-796b3080bdb1.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000014.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdAllowlist.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdAllowlist.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadAllowlist.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadAllowlist.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlHighConfidenceAllowlist.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlHighConfidenceAllowlist.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\29\scoped_dir4224_1244579940\Ruleset
Data
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\bd12f7ca-5479-4454-85c0-5c00b881b38b.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\ce4fb986-4dd3-4646-85a8-cd2ea75fa962.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\daad009f-f8d0-4dfa-bab2-8c909f39333f.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\fd91f9d2-1373-4d8e-a593-0ac15465a8cc.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\25e7b8cf-c7c6-4857-b00b-ac78cb44b316.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\321b1cb5-30f8-442e-afad-8b819307cd60.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\38b8d7b3-549d-4e53-b7fb-86b0e1daeb8a.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4224_269826788\Filtering Rules
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4224_269826788\LICENSE.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4224_269826788\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4224_269826788\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4224_269826788\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4224_269826788\manifest.json~
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7cd1e74a-3bea-4fd3-b28e-603a4fb3a56a.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\8235eb80-e89d-409f-aaa5-5c96175b37f4.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\c6b1ce35-f008-4d21-b872-8e3095174c6a.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\e8978088-a25b-4368-a402-b804b8314e61.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f8306f11-1796-4d2e-b0b0-076b0a2ffd22.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\25e7b8cf-c7c6-4857-b00b-ac78cb44b316.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir4224_516761173\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.acl
|
Little-endian UTF-16 Unicode text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
|
Little-endian UTF-16 Unicode text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
|
Little-endian UTF-16 Unicode text, with no line terminators
|
dropped
|
There are 126 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f4ncz5-oaaaa-aaaad-qcczq-cai.raw.ic0.app%2f&c=E,1,yzYGtry9tkljqbJFR2Fcl9THP5bR1sEWsz96zu1YjEpVa-GeOf64B1QO3Pqj4BfBfwPlAE-gtFsjV2hfrh_QzouozC2Fgzm-iaKMtOem3A,,&typo=1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,10268326247406231543,10987779347778780195,131072
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f4ncz5-oaaaa-aaaad-qcczq-cai.raw.ic0.app%2f&c=E,1,yzYGtry9tkljqbJFR2Fcl9THP5bR1sEWsz96zu1YjEpVa-GeOf64B1QO3Pqj4BfBfwPlAE-gtFsjV2hfrh_QzouozC2Fgzm-iaKMtOem3A,,&typo=1
|
|||
|
https://campus.barracuda.com/resources/img/logo.svg
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/css/lib/bootstrap-switch.min_c0f95027542.css
|
3.141.143.11
|
||
|
https://linkprotect.cudasvc.com/assets/js/jquery-3.1.1.min.js
|
18.196.127.75
|
||
|
https://campus.barracuda.com/resources/fonts/glyphicons/glyphicons-regular.woff2?v=123
|
3.141.143.11
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=91.0.4472.77&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.185.142
|
||
|
https://linkprotect.cudasvc.com/assets/js/main.js
|
18.196.127.75
|
||
|
https://campus.barracuda.com/resources/img/logo_barracuda_primary_reversed.svg
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/js/lib/prettify_c0f95027542.js
|
3.141.143.11
|
||
|
https://easylist.to/)
|
unknown
|
||
|
https://raw.vidyard.com/v2/player_loads
|
100.25.244.111
|
||
|
https://linkprotect.cudasvc.com:443
|
unknown
|
||
|
https://campus.barracuda.com/resources/css/lib/bootstrap_c0f95027542.css
|
3.141.143.11
|
||
|
https://raw.vidyard.com/v2/visitors
|
100.25.244.111
|
||
|
https://campus.barracuda.com/resources/css/lib/ekko-lightbox.min_c0f95027542.css
|
3.141.143.11
|
||
|
https://linkprotect.cudasvc.com/assets/images/general/barracuda_logo.png
|
18.196.127.75
|
||
|
https://campus.barracuda.com/resources/css/lib/select2.min_c0f95027542.css
|
3.141.143.11
|
||
|
https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js
|
104.16.148.64
|
||
|
https://campus.barracuda.com/resources/img/flags/US.png
|
3.141.143.11
|
||
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f4ncz5-oaaaa-aaaad-qcczq-cai.raw.ic0.app%2f&c=E,1,yzYGtry9tkljqbJFR2Fcl9THP5bR1sEWsz96zu1YjEpVa-GeOf64B1QO3Pqj4BfBfwPlAE-gtFsjV2hfrh_QzouozC2Fgzm-iaKMtOem3A,,&typo=1
|
18.196.127.75
|
||
|
https://cdn.cookielaw.org/logos/1b503826-0eee-4147-b5a6-93330b3031bb/733338cb-91fd-408a-9735-996394613c7f/logo_barracuda_primary_strapline.png
|
104.16.148.64
|
||
|
https://campus.barracuda.com/support/ajax?token=9f7f28c351f17fe681853a934748796a
|
3.141.143.11
|
||
|
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-75142252-1&cid=1685313211.1653705252&jid=603741641&gjid=207295536&_gid=2073880195.1653705252&_u=YEBAAEAAAAAAAC~&z=1210356942
|
74.125.140.157
|
||
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
|
https://campus.barracuda.com/resources/js/campus_c0f95027542.js
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/js/lib/bootstrap-v4.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://cdn.cookielaw.org/scripttemplates/6.5.0/assets/otPcTab.json
|
104.16.148.64
|
||
|
https://cdn.vidyard.com/hls-videos/ABswbQAhq1Y0sPhEXSmTqA/stream_master_4YQcdBKluY6tUgVn-Gjypg.m3u8?YoYLrBJUPFQ4pCUbZ7ZU-u05R7QKNkP0B7rCNWGR2HD79xKshn5dIE7a0-_oY4T8q4LQ9Ad8T8pfFdOUZFuX_jTHd9Spm_sMmlzhPW7dhuZO4k0s5nhjcprbSBEo0NBY_-MhqhyYwpVkx18Qjmtt_3L9OcoXq6Y6OK2-DnzaJz-yZEmoKdTH4ykAnfqYBOJfD44S
|
93.184.221.26
|
||
|
https://campus.barracuda.com/resources/js/ext/campus_utils_c0f95027542.js
|
3.141.143.11
|
||
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://www.office.com/2#Office
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f4ncz5-oaaaa-aaaad-qcczq-cai.raw.ic0.app%2f&c=E,1,yzYGtry9tkljqbJFR2Fcl9THP5bR1sEWsz96zu1YjEpVa-GeOf64B1QO3Pqj4BfBfwPlAE-gtFsjV2hfrh_QzouozC2Fgzm-iaKMtOem3A,,&typo=1
|
|||
|
https://campus.barracuda.com/product/phishline/download/12I4/what-is-phishing/
|
3.141.143.11
|
||
|
https://www.google.com/images/x2.gif
|
unknown
|
||
|
https://www.google.com/images/dot2.gif
|
unknown
|
||
|
https://cdn.cookielaw.org/scripttemplates/6.5.0/assets/otCenterRounded.json
|
104.16.148.64
|
||
|
https://campus.barracuda.com/node_modules/driver.js/dist/driver.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://linkprotect.cudasvc.com/assets/images/general/favicon.ico
|
18.196.127.75
|
||
|
https://campus.barracuda.com/resources/favicons/manifest.json
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/js/ext/vidyard_player_c0f95027542.js
|
3.141.143.11
|
||
|
https://play.vidyard.com/Q7aqpazvRqWjAQhtKJNwp7?disable_popouts=1&v=4.3.3&type=inline&view-hash=d9838857e7a6d62946426ec98a2dc70f&play-start=2022-05-27%2017%3A34%3A04&total-time=165.6&auto-play=1&watched-percentage=0&watched-seconds=0&prevent-listener=0
|
|||
|
https://campus.barracuda.com/node_modules/@vidyard/embed-code/dist/v4_c0f95027542.js
|
3.141.143.11
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
|
104.16.148.64
|
||
|
https://cdn.vidyard.com/thumbnails/22142381/tUZ-jjxfOeFSDJzVcoHE591S78m9NRwQ.jpg
|
93.184.221.26
|
||
|
https://linkprotect.cudasvc.com/assets/images/general/icons/icn-block.svg
|
18.196.127.75
|
||
|
https://campus.barracuda.com/resources/js/ext/bookmark_modal_c0f95027542.js
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/js/lib/select2/i18n/en.js?_=1653705245306
|
3.141.143.11
|
||
|
https://www.google.com/images/cleardot.gif
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f4ncz5-oaaaa-aaaad-qcczq-cai.raw.ic0.app%2f&c=E
|
unknown
|
||
|
https://campus.barracuda.com/node_modules/vue/dist/vue.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://linkprotect.cudasvc.com/assets/css/bootstrap.min.css
|
18.196.127.75
|
||
|
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
|
104.20.185.68
|
||
|
https://campus.barracuda.com/proxy/google-recaptcha_c0f95027542
|
3.141.143.11
|
||
|
https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg
|
104.16.148.64
|
||
|
https://campus.barracuda.com/resources/css/lib/fakescroll_c0f95027542.css
|
3.141.143.11
|
||
|
https://linkprotect.cudasvc.com/assets/js/bootstrap.min.js
|
18.196.127.75
|
||
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://campus.barracuda.com/resources/img/logo_square.svg
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/js/lib/fakescroll.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/js/lib/jquery-ui.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://accounts.google.com/MergeSession
|
unknown
|
||
|
https://campus.barracuda.com/video/play/12I4/what-is-phishing/
|
3.141.143.11
|
||
|
https://creativecommons.org/compatiblelicenses
|
unknown
|
||
|
https://github.com/easylist)
|
unknown
|
||
|
https://cdn.cookielaw.org/consent/310f8906-81ca-4195-9953-d2d83dd46b61/310f8906-81ca-4195-9953-d2d83dd46b61.json
|
104.16.148.64
|
||
|
https://creativecommons.org/.
|
unknown
|
||
|
https://campus.barracuda.com/resources/css/lib/jquery-ui.min_c0f95027542.css
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/js/lib/ekko-lightbox.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/css/lib/glyphicons_c0f95027542.css
|
3.141.143.11
|
||
|
https://campus.barracuda.com/to/12I4
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/img/logo_white.svg
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/favicons/favicon.ico
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/attachments/frames/Q7aqpazvRqWjAQhtKJNwp7_thumb.png
|
3.141.143.11
|
||
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
|
https://campus.barracuda.com/resources/css/campus_c0f95027542.css
|
3.141.143.11
|
||
|
https://campus.barracuda.com/node_modules/jquery/dist/jquery.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://linkprotect.cudasvc.com/assets/css/style.css
|
18.196.127.75
|
||
|
https://campus.barracuda.com/node_modules/vue-resource/dist/vue-resource.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
|
https://campus.barracuda.com/resources/js/lib/bootstrap-switch.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/css/lib/select2-bootstrap.min_c0f95027542.css
|
3.141.143.11
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.184.205
|
||
|
https://campus.barracuda.com/resources/js/lib/select2/select2.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/js/ext/bookmark.vue_c0f95027542.js
|
3.141.143.11
|
||
|
https://234-ymr-898.mktoresp.com/webevents/visitWebPage?_mchNc=1653705252041&_mchCn=&_mchId=234-YMR-898&_mchTk=_mch-barracuda.com-1653705252040-35118&_mchHo=campus.barracuda.com&_mchPo=&_mchRu=%2Fproduct%2Fphishline%2Fdownload%2F12I4%2Fwhat-is-phishing%2F&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
|
192.28.144.124
|
||
|
https://campus.barracuda.com/resources/js/ext/ajax_utils_c0f95027542.js
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/css/lib/jquery.dataTables_c0f95027542.css
|
3.141.143.11
|
||
|
https://campus.barracuda.com/product/phishline/download/12I4/what-is-phishing/
|
|||
|
https://campus.barracuda.com/resources/js/lib/mus_c0f95027542.js
|
3.141.143.11
|
||
|
https://campus.barracuda.com/resources/js/lib/tether.min_c0f95027542.js
|
3.141.143.11
|
||
|
https://cdn.cookielaw.org/consent/310f8906-81ca-4195-9953-d2d83dd46b61/a5731440-40d1-4e86-9cd7-c6cb5d11311a/en.json
|
104.16.148.64
|
||
|
https://campus.barracuda.com/proxy/typekit_c0f95027542
|
3.141.143.11
|
||
|
https://campus.barracuda.com/proxy/vzaar-google-analytics
|
3.141.143.11
|
||
|
http://campus.barracuda.com/to/12I4
|
3.141.143.11
|
||
|
https://campus.barracuda.com/node_modules/@vidyard/embed-code/dist/v4.js
|
3.141.143.11
|
||
|
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 87 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gstaticadssl.l.google.com
|
142.250.185.163
|
||
|
app-lb-2049423805.us-east-2.elb.amazonaws.com
|
3.141.143.11
|
||
|
cs6.wpc.omegacdn.net
|
93.184.221.26
|
||
|
accounts.google.com
|
142.250.184.205
|
||
|
stats.l.doubleclick.net
|
74.125.140.157
|
||
|
www-google-analytics.l.google.com
|
142.250.185.78
|
||
|
raw.vidyard.com
|
100.25.244.111
|
||
|
clients.l.google.com
|
142.250.185.142
|
||
|
linkprotect.cudasvc.com
|
18.196.127.75
|
||
|
cdn.cookielaw.org
|
104.16.148.64
|
||
|
geolocation.onetrust.com
|
104.20.185.68
|
||
|
234-ymr-898.mktoresp.com
|
192.28.144.124
|
||
|
cdn.embedly.com
|
unknown
|
||
|
use.typekit.net
|
unknown
|
||
|
js-agent.newrelic.com
|
unknown
|
||
|
munchkin.marketo.net
|
unknown
|
||
|
client.perimeterx.net
|
unknown
|
||
|
campus.barracuda.com
|
unknown
|
||
|
stats.g.doubleclick.net
|
unknown
|
||
|
play.vidyard.com
|
unknown
|
||
|
assets.vidyard.com
|
unknown
|
||
|
clients2.google.com
|
unknown
|
||
|
p.typekit.net
|
unknown
|
||
|
cdn.vidyard.com
|
unknown
|
||
|
bam-cell.nr-data.net
|
unknown
|
There are 15 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
3.141.143.11
|
app-lb-2049423805.us-east-2.elb.amazonaws.com
|
United States
|
||
|
192.28.144.124
|
234-ymr-898.mktoresp.com
|
United States
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
100.25.244.111
|
raw.vidyard.com
|
United States
|
||
|
104.16.148.64
|
cdn.cookielaw.org
|
United States
|
||
|
142.250.185.163
|
gstaticadssl.l.google.com
|
United States
|
||
|
142.250.185.142
|
clients.l.google.com
|
United States
|
||
|
142.250.184.205
|
accounts.google.com
|
United States
|
||
|
93.184.221.26
|
cs6.wpc.omegacdn.net
|
European Union
|
||
|
74.125.140.157
|
stats.l.doubleclick.net
|
United States
|
||
|
104.20.185.68
|
geolocation.onetrust.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
18.196.127.75
|
linkprotect.cudasvc.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 4 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-2660496737-530772487-1027249058-1001
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blocklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
|
TraceTimeLast
|
There are 41 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
202FF3C0000
|
trusted library allocation
|
page read and write
|
||
|
202FF390000
|
trusted library allocation
|
page read and write
|
||
|
93D407D000
|
stack
|
page read and write
|
||
|
29878FE000
|
stack
|
page read and write
|
||
|
29873F8000
|
stack
|
page read and write
|
||
|
200F32B0000
|
heap
|
page read and write
|
||
|
298727E000
|
stack
|
page read and write
|
||
|
202FF3A0000
|
trusted library allocation
|
page read and write
|
||
|
1D438E79000
|
heap
|
page read and write
|
||
|
202FF447000
|
heap
|
page read and write
|
||
|
202FF3A8000
|
trusted library allocation
|
page read and write
|
||
|
202FF4FF000
|
heap
|
page read and write
|
||
|
202FDF02000
|
heap
|
page read and write
|
||
|
202FE900000
|
trusted library allocation
|
page read and write
|
||
|
202FF660000
|
trusted library allocation
|
page read and write
|
||
|
202FE5C1000
|
trusted library allocation
|
page read and write
|
||
|
29874FB000
|
stack
|
page read and write
|
||
|
202FF4D1000
|
heap
|
page read and write
|
||
|
202FDEF0000
|
heap
|
page read and write
|
||
|
2986FBB000
|
stack
|
page read and write
|
||
|
202FDEA5000
|
heap
|
page read and write
|
||
|
202FE719000
|
heap
|
page read and write
|
||
|
202FF466000
|
heap
|
page read and write
|
||
|
202FF700000
|
trusted library allocation
|
page read and write
|
||
|
202FE7DD000
|
heap
|
page read and write
|
||
|
1D438C70000
|
heap
|
page read and write
|
||
|
202FEDB0000
|
trusted library allocation
|
page read and write
|
||
|
202FEFE0000
|
trusted library section
|
page readonly
|
||
|
A506FD000
|
stack
|
page read and write
|
||
|
202FDE7E000
|
heap
|
page read and write
|
||
|
202FF6B0000
|
trusted library allocation
|
page read and write
|
||
|
202FDE80000
|
heap
|
page read and write
|
||
|
202FF532000
|
heap
|
page read and write
|
||
|
202FF51D000
|
heap
|
page read and write
|
||
|
202FE75A000
|
heap
|
page read and write
|
||
|
200F32BF000
|
heap
|
page read and write
|
||
|
200F3290000
|
heap
|
page read and write
|
||
|
202FF532000
|
heap
|
page read and write
|
||
|
93D427E000
|
stack
|
page read and write
|
||
|
1D439602000
|
heap
|
page read and write
|
||
|
202FF522000
|
heap
|
page read and write
|
||
|
93D3DFB000
|
stack
|
page read and write
|
||
|
200F32E9000
|
heap
|
page read and write
|
||
|
202FF4F5000
|
heap
|
page read and write
|
||
|
202FDEE2000
|
heap
|
page read and write
|
||
|
93D3AFA000
|
stack
|
page read and write
|
||
|
202FF644000
|
trusted library allocation
|
page read and write
|
||
|
202FDED4000
|
heap
|
page read and write
|
||
|
29876FE000
|
stack
|
page read and write
|
||
|
202FE79C000
|
heap
|
page read and write
|
||
|
202FF516000
|
heap
|
page read and write
|
||
|
202FF543000
|
heap
|
page read and write
|
||
|
202FF50A000
|
heap
|
page read and write
|
||
|
202FF400000
|
heap
|
page read and write
|
||
|
202FF48A000
|
heap
|
page read and write
|
||
|
1D438E70000
|
heap
|
page read and write
|
||
|
202FF3D0000
|
trusted library allocation
|
page read and write
|
||
|
1D438E8B000
|
heap
|
page read and write
|
||
|
202FE79C000
|
heap
|
page read and write
|
||
|
202FF459000
|
heap
|
page read and write
|
||
|
1D438F00000
|
heap
|
page read and write
|
||
|
202FE75A000
|
heap
|
page read and write
|
||
|
202FF510000
|
heap
|
page read and write
|
||
|
202FE540000
|
trusted library section
|
page read and write
|
||
|
202FE75B000
|
heap
|
page read and write
|
||
|
1D439600000
|
heap
|
page read and write
|
||
|
202FF3D4000
|
trusted library allocation
|
page read and write
|
||
|
93D437B000
|
stack
|
page read and write
|
||
|
93D41FE000
|
stack
|
page read and write
|
||
|
29872FE000
|
stack
|
page read and write
|
||
|
202FF692000
|
trusted library allocation
|
page read and write
|
||
|
202FF521000
|
heap
|
page read and write
|
||
|
202FE79C000
|
heap
|
page read and write
|
||
|
202FDF16000
|
heap
|
page read and write
|
||
|
202FF9A0000
|
trusted library allocation
|
page read and write
|
||
|
202FDDD0000
|
heap
|
page read and write
|
||
|
200F32D8000
|
heap
|
page read and write
|
||
|
200F32CA000
|
heap
|
page read and write
|
||
|
1D438F02000
|
heap
|
page read and write
|
||
|
202FDEA3000
|
heap
|
page read and write
|
||
|
202FF3C0000
|
trusted library allocation
|
page read and write
|
||
|
202FF637000
|
trusted library allocation
|
page read and write
|
||
|
200F3160000
|
heap
|
page read and write
|
||
|
202FDE98000
|
heap
|
page read and write
|
||
|
202FF513000
|
heap
|
page read and write
|
||
|
202FF611000
|
trusted library allocation
|
page read and write
|
||
|
202FE719000
|
heap
|
page read and write
|
||
|
202FF52D000
|
heap
|
page read and write
|
||
|
202FEED0000
|
trusted library allocation
|
page read and write
|
||
|
A5047F000
|
stack
|
page read and write
|
||
|
202FF608000
|
trusted library allocation
|
page read and write
|
||
|
200F32E5000
|
heap
|
page read and write
|
||
|
A501BC000
|
stack
|
page read and write
|
||
|
202FF4D0000
|
heap
|
page read and write
|
||
|
202FF380000
|
trusted library allocation
|
page read and write
|
||
|
202FEDA0000
|
trusted library allocation
|
page read and write
|
||
|
202FF3A2000
|
trusted library allocation
|
page read and write
|
||
|
202FE713000
|
heap
|
page read and write
|
||
|
202FDD70000
|
heap
|
page read and write
|
||
|
29877FE000
|
stack
|
page read and write
|
||
|
202FF514000
|
heap
|
page read and write
|
||
|
A505FA000
|
stack
|
page read and write
|
||
|
202FF3A1000
|
trusted library allocation
|
page read and write
|
||
|
200F32D0000
|
heap
|
page read and write
|
||
|
93D3EFE000
|
stack
|
page read and write
|
||
|
202FF454000
|
heap
|
page read and write
|
||
|
A504FF000
|
stack
|
page read and write
|
||
|
202FF502000
|
heap
|
page read and write
|
||
|
202FDE13000
|
heap
|
page read and write
|
||
|
202FF6D0000
|
trusted library allocation
|
page read and write
|
||
|
93D3BFB000
|
stack
|
page read and write
|
||
|
1D438DE0000
|
trusted library allocation
|
page read and write
|
||
|
202FF504000
|
heap
|
page read and write
|
||
|
20280000000
|
trusted library allocation
|
page read and write
|
||
|
202FF673000
|
trusted library allocation
|
page read and write
|
||
|
202FF660000
|
trusted library allocation
|
page read and write
|
||
|
202FF504000
|
heap
|
page read and write
|
||
|
202FDD60000
|
heap
|
page read and write
|
||
|
200F32E5000
|
heap
|
page read and write
|
||
|
202FF4D0000
|
heap
|
page read and write
|
||
|
202FF514000
|
heap
|
page read and write
|
||
|
202FE615000
|
heap
|
page read and write
|
||
|
200F32E9000
|
heap
|
page read and write
|
||
|
202FF6E0000
|
trusted library allocation
|
page read and write
|
||
|
202FE530000
|
trusted library allocation
|
page read and write
|
||
|
202FF3A0000
|
trusted library allocation
|
page read and write
|
||
|
1D438E13000
|
heap
|
page read and write
|
||
|
202FF6F0000
|
remote allocation
|
page read and write
|
||
|
1D438E6C000
|
heap
|
page read and write
|
||
|
93D457F000
|
stack
|
page read and write
|
||
|
1D438E39000
|
heap
|
page read and write
|
||
|
93D3E7E000
|
stack
|
page read and write
|
||
|
202FF50A000
|
heap
|
page read and write
|
||
|
202FE75A000
|
heap
|
page read and write
|
||
|
202FDE7C000
|
heap
|
page read and write
|
||
|
1D438E00000
|
heap
|
page read and write
|
||
|
202FDE94000
|
heap
|
page read and write
|
||
|
202FDEC1000
|
heap
|
page read and write
|
||
|
202FF6F0000
|
remote allocation
|
page read and write
|
||
|
202FF502000
|
heap
|
page read and write
|
||
|
200F33B0000
|
heap
|
page read and write
|
||
|
A5067F000
|
stack
|
page read and write
|
||
|
202FF950000
|
trusted library allocation
|
page read and write
|
||
|
200F32E5000
|
heap
|
page read and write
|
||
|
93D38F8000
|
stack
|
page read and write
|
||
|
202FF670000
|
trusted library allocation
|
page read and write
|
||
|
1D438E2A000
|
heap
|
page read and write
|
||
|
202FDE5F000
|
heap
|
page read and write
|
||
|
93D40FF000
|
stack
|
page read and write
|
||
|
202FE79B000
|
heap
|
page read and write
|
||
|
200F32D9000
|
heap
|
page read and write
|
||
|
202FEDE0000
|
trusted library allocation
|
page read and write
|
||
|
A5077F000
|
stack
|
page read and write
|
||
|
202FDE77000
|
heap
|
page read and write
|
||
|
93D356F000
|
stack
|
page read and write
|
||
|
200F32B8000
|
heap
|
page read and write
|
||
|
1D438E7F000
|
heap
|
page read and write
|
||
|
202FEFD0000
|
trusted library section
|
page readonly
|
||
|
200F3405000
|
heap
|
page read and write
|
||
|
93D417E000
|
stack
|
page read and write
|
||
|
A5057E000
|
stack
|
page read and write
|
||
|
1D438C80000
|
heap
|
page read and write
|
||
|
202FE75B000
|
heap
|
page read and write
|
||
|
202FEFC0000
|
trusted library section
|
page readonly
|
||
|
202FEC40000
|
trusted library allocation
|
page read and write
|
||
|
202FF4B3000
|
heap
|
page read and write
|
||
|
202FF4B8000
|
heap
|
page read and write
|
||
|
202FE719000
|
heap
|
page read and write
|
||
|
202FE75A000
|
heap
|
page read and write
|
||
|
202FF6C0000
|
trusted library allocation
|
page read and write
|
||
|
29875F6000
|
stack
|
page read and write
|
||
|
1D438E40000
|
heap
|
page read and write
|
||
|
202FF390000
|
trusted library allocation
|
page read and write
|
||
|
202FF534000
|
heap
|
page read and write
|
||
|
202FF3D0000
|
trusted library allocation
|
page read and write
|
||
|
202FF543000
|
heap
|
page read and write
|
||
|
202FE700000
|
heap
|
page read and write
|
||
|
202FE602000
|
heap
|
page read and write
|
||
|
202FEDD0000
|
trusted library allocation
|
page read and write
|
||
|
202FF3A6000
|
trusted library allocation
|
page read and write
|
||
|
202FE5F0000
|
trusted library allocation
|
page read and write
|
||
|
202FF9A0000
|
unkown
|
page read and write
|
||
|
202FF50A000
|
heap
|
page read and write
|
||
|
202FF4B6000
|
heap
|
page read and write
|
||
|
1D438E49000
|
heap
|
page read and write
|
||
|
202FF614000
|
trusted library allocation
|
page read and write
|
||
|
202FE600000
|
heap
|
page read and write
|
||
|
202FDE92000
|
heap
|
page read and write
|
||
|
202FDF13000
|
heap
|
page read and write
|
||
|
202FF67B000
|
trusted library allocation
|
page read and write
|
||
|
93D3F7E000
|
stack
|
page read and write
|
||
|
202FF000000
|
trusted library section
|
page readonly
|
||
|
202FF546000
|
heap
|
page read and write
|
||
|
93D3CFA000
|
stack
|
page read and write
|
||
|
202FF9C0000
|
unkown
|
page read and write
|
||
|
93D34EB000
|
stack
|
page read and write
|
||
|
1D438E51000
|
heap
|
page read and write
|
||
|
1D438F13000
|
heap
|
page read and write
|
||
|
202FDE00000
|
heap
|
page read and write
|
||
|
1D439615000
|
heap
|
page read and write
|
||
|
202FF6F0000
|
remote allocation
|
page read and write
|
||
|
202FF3AB000
|
trusted library allocation
|
page read and write
|
||
|
202FF3A7000
|
trusted library allocation
|
page read and write
|
||
|
1D438CE0000
|
heap
|
page read and write
|
||
|
202FDE40000
|
heap
|
page read and write
|
||
|
200F32E9000
|
heap
|
page read and write
|
||
|
93D39FE000
|
stack
|
page read and write
|
||
|
200F3400000
|
heap
|
page read and write
|
||
|
202FF600000
|
trusted library allocation
|
page read and write
|
||
|
202FE719000
|
heap
|
page read and write
|
||
|
202FEFB0000
|
trusted library section
|
page readonly
|
||
|
202FF7B0000
|
unkown
|
page read and write
|
||
|
202FDE2B000
|
heap
|
page read and write
|
||
|
202FF532000
|
heap
|
page read and write
|
||
|
202FE75A000
|
heap
|
page read and write
|
||
|
202FF532000
|
heap
|
page read and write
|
||
|
202FE75B000
|
heap
|
page read and write
|
||
|
202FEFF0000
|
trusted library section
|
page readonly
|
||
|
202FF64C000
|
trusted library allocation
|
page read and write
|
||
|
202FF52E000
|
heap
|
page read and write
|
||
|
202FDF29000
|
heap
|
page read and write
|
||
|
202FF514000
|
heap
|
page read and write
|
There are 212 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f4ncz5-oaaaa-aaaad-qcczq-cai.raw.ic0.app%2f&c=E,1,yzYGtry9tkljqbJFR2Fcl9THP5bR1sEWsz96zu1YjEpVa-GeOf64B1QO3Pqj4BfBfwPlAE-gtFsjV2hfrh_QzouozC2Fgzm-iaKMtOem3A,,&typo=1
|
||
|
https://campus.barracuda.com/product/phishline/download/12I4/what-is-phishing/
|
||
|
https://play.vidyard.com/Q7aqpazvRqWjAQhtKJNwp7?disable_popouts=1&v=4.3.3&type=inline&view-hash=d9838857e7a6d62946426ec98a2dc70f&play-start=2022-05-27%2017%3A34%3A04&total-time=165.6&auto-play=1&watched-percentage=0&watched-seconds=0&prevent-listener=0
|