Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https _upgrade.4nmn.com_microsoft.html
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\02ce6b6a-d41d-4e97-8bf5-38167890726d.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\0a7c3365-3fee-463f-b83c-f99ea791e292.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\1b452038-28f8-4ca4-9b1e-7fe06031d2a2.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\4acef85a-c474-4cbc-90bb-371d3f562e2f.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\5a70aee6-9d85-485a-881e-80acc75f3bca.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\8b520f17-c436-49f2-aa28-53fd5b86c27f.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\9fd167c0-02c1-4934-8635-772c0b6f8a95.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\04323f5a-59b1-4080-b051-db1977d3426e.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1d17540e-b414-473a-aa6f-91d44c8566e0.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\27774372-7747-400b-bac4-0e103b25a075.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5fcdb12a-0b2d-43da-88e4-74a77ef300cd.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7237786b-1668-4ce9-a3d0-426d6b34e112.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\2a7277a3-09ca-4c9d-b8fe-740b0320abf9.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\7a981445-80d9-412e-8701-e39b09407644.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a332f3ea-b8f2-451b-a953-6c00ad7a4ad6.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b2f80275-3e69-48d2-8f23-82a1a8a7dd6c.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d099daac-887b-4fd6-8845-4f7026281701.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e4f89507-cfc4-4d5d-9381-d315c33dd085.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fd5debd9-618f-4499-908d-e68b1e7c42d3.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\ade2f3b5-5b40-4203-9964-18e9a9341d3b.tmp
|
SysEx File -
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\ca681f94-e5b4-498d-be22-3f8b2b9ffb8c.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\eedcf8ad-25da-48a9-9910-b86b983f99a1.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1049018818\LICENSE
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1049018818\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1049018818\crl-set
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1049018818\manifest.fingerprint
|
ASCII text, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1049018818\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_pnacl_json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_1590695861\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_2075379255\Recovery.crx3
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_2075379255\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_2075379255\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5832_2075379255\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6b775e50-0c76-4674-8713-f12bb3578ddc.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bfd77bde-bfd8-4727-b8df-4e6b16c06f85.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\6b775e50-0c76-4674-8713-f12bb3578ddc.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5832_1805816554\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 113 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\https
_upgrade.4nmn.com_microsoft.html
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,2681105224516204291,3312708106763195913,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://upgrade.4nmn.com/microsoft.html:
|
unknown
|
|
|
|
https://upgrade.4nmn.com/microsoft.html
|
unknown
|
|
|
|
file:///C:/Users/user/Desktop/https%20_upgrade.4nmn.com_microsoft.html
|
|
||
|
https://dns.google
|
unknown
|
||
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
|
https://ogs.google.com
|
unknown
|
||
|
https://www.google.com/images/cleardot.gif
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.203.110
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
172.217.168.45
|
||
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
|
unknown
|
||
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://www.google.com/images/x2.gif
|
unknown
|
||
|
https://accounts.google.com/MergeSession
|
unknown
|
||
|
http://llvm.org/):
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/images/dot2.gif
|
unknown
|
||
|
https://code.google.com/p/nativeclient/issues/entry%s:
|
unknown
|
||
|
https://code.google.com/p/nativeclient/issues/entry
|
unknown
|
||
|
https://accounts.google.com
|
unknown
|
||
|
https://clients2.googleusercontent.com
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
|
unknown
|
||
|
https://clients2.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
accounts.google.com
|
172.217.168.45
|
||
|
clients.l.google.com
|
142.250.203.110
|
||
|
clients2.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
142.250.203.110
|
clients.l.google.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
172.217.168.45
|
accounts.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.255
|
unknown
|
unknown
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E324718000
|
trusted library allocation
|
page read and write
|
||
|
2890C370000
|
heap
|
page read and write
|
||
|
427EDAE000
|
stack
|
page read and write
|
||
|
1E31FA00000
|
heap
|
page read and write
|
||
|
1E31F090000
|
heap
|
page read and write
|
||
|
2BD6E9EF000
|
heap
|
page read and write
|
||
|
2890C488000
|
heap
|
page read and write
|
||
|
1E324850000
|
trusted library allocation
|
page read and write
|
||
|
2BD6F4D1000
|
heap
|
page read and write
|
||
|
1C19C428000
|
heap
|
page read and write
|
||
|
2E1CE665000
|
heap
|
page read and write
|
||
|
1E324714000
|
trusted library allocation
|
page read and write
|
||
|
2CE69118000
|
heap
|
page read and write
|
||
|
E48BD7B000
|
stack
|
page read and write
|
||
|
2BD6EA73000
|
heap
|
page read and write
|
||
|
1E31FB08000
|
heap
|
page read and write
|
||
|
2890C490000
|
heap
|
page read and write
|
||
|
1E31EF10000
|
heap
|
page read and write
|
||
|
2CE6917F000
|
heap
|
page read and write
|
||
|
2E1CE67E000
|
heap
|
page read and write
|
||
|
25837A70000
|
heap
|
page read and write
|
||
|
2BD6E9FD000
|
heap
|
page read and write
|
||
|
2CE688FA000
|
heap
|
page read and write
|
||
|
1F693F13000
|
heap
|
page read and write
|
||
|
2BD6E8E0000
|
heap
|
page read and write
|
||
|
1E31FBA0000
|
heap
|
page read and write
|
||
|
F16C3FC000
|
stack
|
page read and write
|
||
|
2CE69187000
|
heap
|
page read and write
|
||
|
2E1CE66E000
|
heap
|
page read and write
|
||
|
1E324740000
|
trusted library allocation
|
page read and write
|
||
|
2BD6E9C1000
|
heap
|
page read and write
|
||
|
1E31FF00000
|
trusted library allocation
|
page read and write
|
||
|
2CE69180000
|
heap
|
page read and write
|
||
|
1C19C478000
|
heap
|
page read and write
|
||
|
1E320570000
|
trusted library allocation
|
page read and write
|
||
|
2CE68866000
|
heap
|
page read and write
|
||
|
1E324AF6000
|
heap
|
page read and write
|
||
|
2CE69618000
|
heap
|
page read and write
|
||
|
1F694602000
|
trusted library allocation
|
page read and write
|
||
|
E48BC7B000
|
stack
|
page read and write
|
||
|
2CE69171000
|
heap
|
page read and write
|
||
|
2E1CE66E000
|
heap
|
page read and write
|
||
|
E48BDFE000
|
stack
|
page read and write
|
||
|
1F693E4F000
|
heap
|
page read and write
|
||
|
2BD6EA6E000
|
heap
|
page read and write
|
||
|
1CA364E8000
|
heap
|
page read and write
|
||
|
9D202FF000
|
stack
|
page read and write
|
||
|
1E31F07B000
|
heap
|
page read and write
|
||
|
2CE68880000
|
heap
|
page read and write
|
||
|
2E1CE890000
|
heap
|
page read and write
|
||
|
2CE69182000
|
heap
|
page read and write
|
||
|
1E324750000
|
trusted library allocation
|
page read and write
|
||
|
2CE688B0000
|
heap
|
page read and write
|
||
|
427F5FE000
|
stack
|
page read and write
|
||
|
2542113C000
|
heap
|
page read and write
|
||
|
1E31FB18000
|
heap
|
page read and write
|
||
|
1E324800000
|
trusted library allocation
|
page read and write
|
||
|
1E31EFB0000
|
trusted library section
|
page read and write
|
||
|
427F17C000
|
stack
|
page read and write
|
||
|
1E324717000
|
trusted library allocation
|
page read and write
|
||
|
1E31EF70000
|
heap
|
page read and write
|
||
|
ECA5179000
|
stack
|
page read and write
|
||
|
2CE688B3000
|
heap
|
page read and write
|
||
|
F16BF4F000
|
stack
|
page read and write
|
||
|
2E1CE66E000
|
heap
|
page read and write
|
||
|
E48BB7E000
|
stack
|
page read and write
|
||
|
2890C462000
|
heap
|
page read and write
|
||
|
E34D2FB000
|
stack
|
page read and write
|
||
|
E34D4FF000
|
stack
|
page read and write
|
||
|
1E31FB9D000
|
heap
|
page read and write
|
||
|
2CE691D9000
|
heap
|
page read and write
|
||
|
7EF8CFF000
|
stack
|
page read and write
|
||
|
1E324580000
|
trusted library allocation
|
page read and write
|
||
|
2890C457000
|
heap
|
page read and write
|
||
|
F16C279000
|
stack
|
page read and write
|
||
|
25421355000
|
heap
|
page read and write
|
||
|
2BD6EBE5000
|
heap
|
page read and write
|
||
|
1E31FA02000
|
heap
|
page read and write
|
||
|
2CE69187000
|
heap
|
page read and write
|
||
|
1E31F000000
|
heap
|
page read and write
|
||
|
1E324A4E000
|
heap
|
page read and write
|
||
|
1E324B2E000
|
heap
|
page read and write
|
||
|
2CE68886000
|
heap
|
page read and write
|
||
|
2CE69183000
|
heap
|
page read and write
|
||
|
2CE69199000
|
heap
|
page read and write
|
||
|
BAF5EFE000
|
stack
|
page read and write
|
||
|
E48C0FE000
|
stack
|
page read and write
|
||
|
25837B08000
|
heap
|
page read and write
|
||
|
1E3245F0000
|
trusted library allocation
|
page read and write
|
||
|
2CE69198000
|
heap
|
page read and write
|
||
|
2890C45C000
|
heap
|
page read and write
|
||
|
2CE68865000
|
heap
|
page read and write
|
||
|
1E3201D0000
|
trusted library section
|
page readonly
|
||
|
2CE68864000
|
heap
|
page read and write
|
||
|
25421070000
|
heap
|
page read and write
|
||
|
2E1CE656000
|
heap
|
page read and write
|
||
|
25837A53000
|
heap
|
page read and write
|
||
|
DA6537F000
|
stack
|
page read and write
|
||
|
2890C413000
|
heap
|
page read and write
|
||
|
2CE69002000
|
heap
|
page read and write
|
||
|
2CE69197000
|
heap
|
page read and write
|
||
|
2E1CE895000
|
heap
|
page read and write
|
||
|
BAF667F000
|
stack
|
page read and write
|
||
|
2CE687F0000
|
remote allocation
|
page read and write
|
||
|
D6C98FE000
|
stack
|
page read and write
|
||
|
1E324590000
|
trusted library allocation
|
page read and write
|
||
|
1E31FC81000
|
trusted library allocation
|
page read and write
|
||
|
E34D5FE000
|
stack
|
page read and write
|
||
|
25837B02000
|
heap
|
page read and write
|
||
|
7EF88BC000
|
stack
|
page read and write
|
||
|
1E324734000
|
trusted library allocation
|
page read and write
|
||
|
1E31F113000
|
heap
|
page read and write
|
||
|
2BD6E9E2000
|
heap
|
page read and write
|
||
|
2890C464000
|
heap
|
page read and write
|
||
|
2CE69602000
|
heap
|
page read and write
|
||
|
25421330000
|
trusted library allocation
|
page read and write
|
||
|
DA657FF000
|
stack
|
page read and write
|
||
|
258378E0000
|
heap
|
page read and write
|
||
|
2CE69177000
|
heap
|
page read and write
|
||
|
E34D3F7000
|
stack
|
page read and write
|
||
|
1E324740000
|
trusted library allocation
|
page read and write
|
||
|
2CE69173000
|
heap
|
page read and write
|
||
|
2BD6E970000
|
remote allocation
|
page read and write
|
||
|
1C19C250000
|
heap
|
page read and write
|
||
|
25420F40000
|
trusted library allocation
|
page read and write
|
||
|
1C19C260000
|
heap
|
page read and write
|
||
|
1F693CA0000
|
heap
|
page read and write
|
||
|
E34D0FF000
|
stack
|
page read and write
|
||
|
DA652FE000
|
stack
|
page read and write
|
||
|
1E31FB59000
|
heap
|
page read and write
|
||
|
BAF65FA000
|
stack
|
page read and write
|
||
|
E34D1FB000
|
stack
|
page read and write
|
||
|
2BD6EA6F000
|
heap
|
page read and write
|
||
|
1E3245B3000
|
trusted library allocation
|
page read and write
|
||
|
1E31F08B000
|
heap
|
page read and write
|
||
|
1C19C43E000
|
heap
|
page read and write
|
||
|
2CE68829000
|
heap
|
page read and write
|
||
|
2BD6E9EA000
|
heap
|
page read and write
|
||
|
1C19CC02000
|
trusted library allocation
|
page read and write
|
||
|
2BD6EA75000
|
heap
|
page read and write
|
||
|
25837B00000
|
heap
|
page read and write
|
||
|
1C19C500000
|
heap
|
page read and write
|
||
|
1CA364E0000
|
heap
|
page read and write
|
||
|
2890C380000
|
heap
|
page read and write
|
||
|
BAF57AC000
|
stack
|
page read and write
|
||
|
2CE6886B000
|
heap
|
page read and write
|
||
|
ECA4FFF000
|
stack
|
page read and write
|
||
|
2CE6883C000
|
heap
|
page read and write
|
||
|
1E3248A0000
|
remote allocation
|
page read and write
|
||
|
1E31F013000
|
heap
|
page read and write
|
||
|
1CA367B5000
|
heap
|
page read and write
|
||
|
2CE687F0000
|
remote allocation
|
page read and write
|
||
|
2542115F000
|
heap
|
page read and write
|
||
|
2CE68913000
|
heap
|
page read and write
|
||
|
1E32471E000
|
trusted library allocation
|
page read and write
|
||
|
1CA367B0000
|
heap
|
page read and write
|
||
|
1F693F08000
|
heap
|
page read and write
|
||
|
25837A8E000
|
heap
|
page read and write
|
||
|
1E32471A000
|
trusted library allocation
|
page read and write
|
||
|
254212C0000
|
heap
|
page readonly
|
||
|
DA6527C000
|
stack
|
page read and write
|
||
|
BAF5AFD000
|
stack
|
page read and write
|
||
|
1E324B33000
|
heap
|
page read and write
|
||
|
2CE69100000
|
heap
|
page read and write
|
||
|
25421134000
|
heap
|
page read and write
|
||
|
1E31F102000
|
heap
|
page read and write
|
||
|
1E32471C000
|
trusted library allocation
|
page read and write
|
||
|
1E324A12000
|
heap
|
page read and write
|
||
|
2BD6EA23000
|
heap
|
page read and write
|
||
|
F16BFCE000
|
stack
|
page read and write
|
||
|
2E1CE664000
|
heap
|
page read and write
|
||
|
2CE68880000
|
heap
|
page read and write
|
||
|
2BD6EA73000
|
heap
|
page read and write
|
||
|
2CE68862000
|
heap
|
page read and write
|
||
|
1E31F125000
|
heap
|
page read and write
|
||
|
1E31FB9D000
|
heap
|
page read and write
|
||
|
1E3249B0000
|
trusted library allocation
|
page read and write
|
||
|
1E324820000
|
trusted library allocation
|
page read and write
|
||
|
25838402000
|
trusted library allocation
|
page read and write
|
||
|
2BD6F4D2000
|
heap
|
page read and write
|
||
|
F16BECA000
|
stack
|
page read and write
|
||
|
2CE69184000
|
heap
|
page read and write
|
||
|
1E3201E0000
|
trusted library section
|
page readonly
|
||
|
2CE6916F000
|
heap
|
page read and write
|
||
|
1E31F058000
|
heap
|
page read and write
|
||
|
1E3248A0000
|
remote allocation
|
page read and write
|
||
|
1E324B44000
|
heap
|
page read and write
|
||
|
1E324B02000
|
heap
|
page read and write
|
||
|
2CE687F0000
|
remote allocation
|
page read and write
|
||
|
25421360000
|
trusted library allocation
|
page read and write
|
||
|
2890C429000
|
heap
|
page read and write
|
||
|
1E324B35000
|
heap
|
page read and write
|
||
|
DA656F7000
|
stack
|
page read and write
|
||
|
E34D07F000
|
stack
|
page read and write
|
||
|
25837A3C000
|
heap
|
page read and write
|
||
|
2CE69183000
|
heap
|
page read and write
|
||
|
2CE68861000
|
heap
|
page read and write
|
||
|
427F07E000
|
stack
|
page read and write
|
||
|
2BD6EA22000
|
heap
|
page read and write
|
||
|
1E324B31000
|
heap
|
page read and write
|
||
|
2CE69187000
|
heap
|
page read and write
|
||
|
BAF60FB000
|
stack
|
page read and write
|
||
|
2CE69181000
|
heap
|
page read and write
|
||
|
25857F15000
|
heap
|
page read and write
|
||
|
2CE68780000
|
trusted library allocation
|
page read and write
|
||
|
1E324AE0000
|
heap
|
page read and write
|
||
|
2CE6917F000
|
heap
|
page read and write
|
||
|
25421154000
|
heap
|
page read and write
|
||
|
2890C45F000
|
heap
|
page read and write
|
||
|
2BD6F4D0000
|
heap
|
page read and write
|
||
|
2CE69185000
|
heap
|
page read and write
|
||
|
2CE688A4000
|
heap
|
page read and write
|
||
|
2CE688C2000
|
heap
|
page read and write
|
||
|
F16C37F000
|
stack
|
page read and write
|
||
|
25837A8A000
|
heap
|
page read and write
|
||
|
25858040000
|
heap
|
page read and write
|
||
|
1E3249C0000
|
trusted library allocation
|
page read and write
|
||
|
2CE69186000
|
heap
|
page read and write
|
||
|
1E3247E0000
|
trusted library allocation
|
page read and write
|
||
|
1E324B2E000
|
heap
|
page read and write
|
||
|
1E320560000
|
trusted library allocation
|
page read and write
|
||
|
2CE69198000
|
heap
|
page read and write
|
||
|
1C19C502000
|
heap
|
page read and write
|
||
|
2890C46A000
|
heap
|
page read and write
|
||
|
1E31F9E1000
|
trusted library allocation
|
page read and write
|
||
|
2CE69184000
|
heap
|
page read and write
|
||
|
2CE68908000
|
heap
|
page read and write
|
||
|
2CE69198000
|
heap
|
page read and write
|
||
|
254212E0000
|
trusted library allocation
|
page read and write
|
||
|
2CE688D4000
|
heap
|
page read and write
|
||
|
25858060000
|
heap
|
page read and write
|
||
|
1E31FB18000
|
heap
|
page read and write
|
||
|
1E324B2E000
|
heap
|
page read and write
|
||
|
1E324B04000
|
heap
|
page read and write
|
||
|
1E324B31000
|
heap
|
page read and write
|
||
|
D6C9B7E000
|
stack
|
page read and write
|
||
|
2CE688AB000
|
heap
|
page read and write
|
||
|
1C19C413000
|
heap
|
page read and write
|
||
|
9402FB000
|
stack
|
page read and write
|
||
|
2CE69618000
|
heap
|
page read and write
|
||
|
2BD6E9FD000
|
heap
|
page read and write
|
||
|
2890C46B000
|
heap
|
page read and write
|
||
|
2E1CE656000
|
heap
|
page read and write
|
||
|
2CE6885E000
|
heap
|
page read and write
|
||
|
1C19C400000
|
heap
|
page read and write
|
||
|
1C19C456000
|
heap
|
page read and write
|
||
|
2E1CE666000
|
heap
|
page read and write
|
||
|
DA655F8000
|
stack
|
page read and write
|
||
|
2890C508000
|
heap
|
page read and write
|
||
|
2890C500000
|
heap
|
page read and write
|
||
|
25857F00000
|
heap
|
page read and write
|
||
|
1E31EF00000
|
heap
|
page read and write
|
||
|
DA654FE000
|
stack
|
page read and write
|
||
|
25837A50000
|
heap
|
page read and write
|
||
|
2BD6E9C5000
|
heap
|
page read and write
|
||
|
BAF647F000
|
stack
|
page read and write
|
||
|
1E324710000
|
trusted library allocation
|
page read and write
|
||
|
25421090000
|
heap
|
page read and write
|
||
|
1E320200000
|
trusted library section
|
page readonly
|
||
|
25837980000
|
trusted library allocation
|
page read and write
|
||
|
25837A13000
|
heap
|
page read and write
|
||
|
ECA4E7C000
|
stack
|
page read and write
|
||
|
1E324A60000
|
heap
|
page read and write
|
||
|
2CE68869000
|
heap
|
page read and write
|
||
|
2CE691A6000
|
heap
|
page read and write
|
||
|
2E1CE684000
|
heap
|
page read and write
|
||
|
2CE69187000
|
heap
|
page read and write
|
||
|
2E1CE651000
|
heap
|
page read and write
|
||
|
D6C99FD000
|
stack
|
page read and write
|
||
|
2BD6E9E7000
|
heap
|
page read and write
|
||
|
2CE69602000
|
heap
|
page read and write
|
||
|
1F693E48000
|
heap
|
page read and write
|
||
|
1E31FB13000
|
heap
|
page read and write
|
||
|
1E324750000
|
trusted library allocation
|
page read and write
|
||
|
BAF627E000
|
stack
|
page read and write
|
||
|
2CE69175000
|
heap
|
page read and write
|
||
|
2BD6E970000
|
remote allocation
|
page read and write
|
||
|
BAF61FE000
|
stack
|
page read and write
|
||
|
2BD6E9FD000
|
heap
|
page read and write
|
||
|
1C19C3C0000
|
trusted library allocation
|
page read and write
|
||
|
1E324860000
|
trusted library allocation
|
page read and write
|
||
|
2E1CE662000
|
heap
|
page read and write
|
||
|
D6C987E000
|
stack
|
page read and write
|
||
|
1E31FB00000
|
heap
|
page read and write
|
||
|
9D2027F000
|
stack
|
page read and write
|
||
|
1E324730000
|
trusted library allocation
|
page read and write
|
||
|
1E324B33000
|
heap
|
page read and write
|
||
|
2890C466000
|
heap
|
page read and write
|
||
|
2CE68902000
|
heap
|
page read and write
|
||
|
2585808B000
|
heap
|
page read and write
|
||
|
1E320563000
|
trusted library allocation
|
page read and write
|
||
|
1F693E2A000
|
heap
|
page read and write
|
||
|
2542113C000
|
heap
|
page read and write
|
||
|
2CE69199000
|
heap
|
page read and write
|
||
|
1CA364C0000
|
heap
|
page read and write
|
||
|
9401FB000
|
stack
|
page read and write
|
||
|
2E1CE5A0000
|
heap
|
page read and write
|
||
|
2BD6E9AD000
|
heap
|
page read and write
|
||
|
1F693F02000
|
heap
|
page read and write
|
||
|
BAF5CFB000
|
stack
|
page read and write
|
||
|
2CE6885F000
|
heap
|
page read and write
|
||
|
1E324B2E000
|
heap
|
page read and write
|
||
|
1E324A41000
|
heap
|
page read and write
|
||
|
1E324B2E000
|
heap
|
page read and write
|
||
|
2BD6EA13000
|
heap
|
page read and write
|
||
|
2BD6E980000
|
heap
|
page read and write
|
||
|
254210F0000
|
heap
|
page read and write
|
||
|
2CE69121000
|
heap
|
page read and write
|
||
|
1F693F00000
|
heap
|
page read and write
|
||
|
2CE69171000
|
heap
|
page read and write
|
||
|
254210F8000
|
heap
|
page read and write
|
||
|
E48BAFE000
|
stack
|
page read and write
|
||
|
2542113C000
|
heap
|
page read and write
|
||
|
2CE6918E000
|
heap
|
page read and write
|
||
|
25858080000
|
heap
|
page read and write
|
||
|
1F693E70000
|
heap
|
page read and write
|
||
|
1F6945B0000
|
trusted library allocation
|
page read and write
|
||
|
1E324830000
|
trusted library allocation
|
page read and write
|
||
|
2CE68813000
|
heap
|
page read and write
|
||
|
E48BEF7000
|
stack
|
page read and write
|
||
|
1C19C513000
|
heap
|
page read and write
|
||
|
E34D6FF000
|
stack
|
page read and write
|
||
|
2890C43C000
|
heap
|
page read and write
|
||
|
1E324B33000
|
heap
|
page read and write
|
||
|
2CE69177000
|
heap
|
page read and write
|
||
|
1F693E3C000
|
heap
|
page read and write
|
||
|
25421359000
|
heap
|
page read and write
|
||
|
1E324B07000
|
heap
|
page read and write
|
||
|
D6C997B000
|
stack
|
page read and write
|
||
|
25857F10000
|
heap
|
page read and write
|
||
|
1E3201C0000
|
trusted library section
|
page readonly
|
||
|
2890C45E000
|
heap
|
page read and write
|
||
|
1E324A76000
|
heap
|
page read and write
|
||
|
1E31FB9B000
|
heap
|
page read and write
|
||
|
F16C2F8000
|
stack
|
page read and write
|
||
|
BAF617E000
|
stack
|
page read and write
|
||
|
2BD6E9E2000
|
heap
|
page read and write
|
||
|
BAF5FFA000
|
stack
|
page read and write
|
||
|
1E31FA15000
|
heap
|
page read and write
|
||
|
25420F30000
|
heap
|
page read and write
|
||
|
2E1CE5C0000
|
heap
|
page read and write
|
||
|
1E324600000
|
trusted library allocation
|
page read and write
|
||
|
1E324711000
|
trusted library allocation
|
page read and write
|
||
|
9D1FEEB000
|
stack
|
page read and write
|
||
|
DA65A7F000
|
unkown
|
page read and write
|
||
|
2BD6E9B2000
|
heap
|
page read and write
|
||
|
D6C959E000
|
stack
|
page read and write
|
||
|
2BD6E870000
|
heap
|
page read and write
|
||
|
2BD6EA77000
|
heap
|
page read and write
|
||
|
2CE69173000
|
heap
|
page read and write
|
||
|
2890C47F000
|
heap
|
page read and write
|
||
|
1E3200E0000
|
trusted library allocation
|
page read and write
|
||
|
2890C502000
|
heap
|
page read and write
|
||
|
1E3248A0000
|
remote allocation
|
page read and write
|
||
|
1E324AF0000
|
heap
|
page read and write
|
||
|
1E324754000
|
trusted library allocation
|
page read and write
|
||
|
1E324B2F000
|
heap
|
page read and write
|
||
|
1E324AF8000
|
heap
|
page read and write
|
||
|
BAF64FE000
|
stack
|
page read and write
|
||
|
2CE69194000
|
heap
|
page read and write
|
||
|
2BD6E9C5000
|
heap
|
page read and write
|
||
|
2E1CE67F000
|
heap
|
page read and write
|
||
|
2CE688C8000
|
heap
|
page read and write
|
||
|
25837A00000
|
heap
|
page read and write
|
||
|
2CE68620000
|
heap
|
page read and write
|
||
|
2CE691C1000
|
heap
|
page read and write
|
||
|
1E324A2F000
|
heap
|
page read and write
|
||
|
1E324B1D000
|
heap
|
page read and write
|
||
|
2890C468000
|
heap
|
page read and write
|
||
|
1E324710000
|
trusted library allocation
|
page read and write
|
||
|
1C19C402000
|
heap
|
page read and write
|
||
|
1E31FB59000
|
heap
|
page read and write
|
||
|
25421270000
|
trusted library allocation
|
page read and write
|
||
|
427F3F7000
|
stack
|
page read and write
|
||
|
1E31FB9A000
|
heap
|
page read and write
|
||
|
2890C3E0000
|
heap
|
page read and write
|
||
|
25837A4C000
|
heap
|
page read and write
|
||
|
BAF62FE000
|
stack
|
page read and write
|
||
|
2CE69184000
|
heap
|
page read and write
|
||
|
2E1CE683000
|
heap
|
page read and write
|
||
|
2E1CE470000
|
heap
|
page read and write
|
||
|
2CE6916F000
|
heap
|
page read and write
|
||
|
2CE6917F000
|
heap
|
page read and write
|
||
|
2CE69602000
|
heap
|
page read and write
|
||
|
E48BA7B000
|
stack
|
page read and write
|
||
|
2BD6E988000
|
heap
|
page read and write
|
||
|
254212D0000
|
trusted library allocation
|
page read and write
|
||
|
25837A86000
|
heap
|
page read and write
|
||
|
1E31FB18000
|
heap
|
page read and write
|
||
|
1C19C2C0000
|
heap
|
page read and write
|
||
|
427F4FF000
|
stack
|
page read and write
|
||
|
ECA50FE000
|
stack
|
page read and write
|
||
|
BAF63FA000
|
stack
|
page read and write
|
||
|
1F693D10000
|
heap
|
page read and write
|
||
|
E34CDAB000
|
stack
|
page read and write
|
||
|
25421200000
|
trusted library allocation
|
page read and write
|
||
|
427F2FE000
|
stack
|
page read and write
|
||
|
2CE69199000
|
heap
|
page read and write
|
||
|
2890C426000
|
heap
|
page read and write
|
||
|
25837B13000
|
heap
|
page read and write
|
||
|
25837A2A000
|
heap
|
page read and write
|
||
|
1F693E00000
|
heap
|
page read and write
|
||
|
2890CC80000
|
trusted library allocation
|
page read and write
|
||
|
2E1CE640000
|
heap
|
page read and write
|
||
|
1E31FB18000
|
heap
|
page read and write
|
||
|
1F693E82000
|
heap
|
page read and write
|
||
|
2CE6914D000
|
heap
|
page read and write
|
||
|
1F693E9D000
|
heap
|
page read and write
|
||
|
1E31EFA0000
|
trusted library allocation
|
page read and write
|
||
|
1E31F072000
|
heap
|
page read and write
|
||
|
93FBEC000
|
stack
|
page read and write
|
||
|
ECA5079000
|
stack
|
page read and write
|
||
|
1E31F0A0000
|
heap
|
page read and write
|
||
|
1E324B2E000
|
heap
|
page read and write
|
||
|
2BD6EA73000
|
heap
|
page read and write
|
||
|
2BD6EA13000
|
heap
|
page read and write
|
||
|
254212B0000
|
trusted library allocation
|
page read and write
|
||
|
2BD6EA73000
|
heap
|
page read and write
|
||
|
2CE68855000
|
heap
|
page read and write
|
||
|
2CE68610000
|
heap
|
page read and write
|
||
|
2BD6EBE0000
|
heap
|
page read and write
|
||
|
2BD6E9E7000
|
heap
|
page read and write
|
||
|
1E3245B0000
|
trusted library allocation
|
page read and write
|
||
|
2CE68680000
|
heap
|
page read and write
|
||
|
D6C9AFF000
|
stack
|
page read and write
|
||
|
1E324A22000
|
heap
|
page read and write
|
||
|
1E324840000
|
trusted library allocation
|
page read and write
|
||
|
E48BFFF000
|
stack
|
page read and write
|
||
|
1E324A54000
|
heap
|
page read and write
|
||
|
2CE691B9000
|
heap
|
page read and write
|
||
|
1E31F03F000
|
heap
|
page read and write
|
||
|
1E32471B000
|
trusted library allocation
|
page read and write
|
||
|
1CA36390000
|
heap
|
page read and write
|
||
|
427F27B000
|
stack
|
page read and write
|
||
|
2CE69173000
|
heap
|
page read and write
|
||
|
25421100000
|
heap
|
page read and write
|
||
|
25421350000
|
heap
|
page read and write
|
||
|
2CE69600000
|
heap
|
page read and write
|
||
|
DA6547C000
|
stack
|
page read and write
|
||
|
BAF67FF000
|
stack
|
page read and write
|
||
|
25421210000
|
trusted library allocation
|
page read and write
|
||
|
DA658F7000
|
stack
|
page read and write
|
||
|
1E320210000
|
trusted library section
|
page readonly
|
||
|
2BD6E9C1000
|
heap
|
page read and write
|
||
|
1F693CB0000
|
heap
|
page read and write
|
||
|
2CE68916000
|
heap
|
page read and write
|
||
|
2CE68868000
|
heap
|
page read and write
|
||
|
2CE69178000
|
heap
|
page read and write
|
||
|
25837950000
|
heap
|
page read and write
|
||
|
1E31F095000
|
heap
|
page read and write
|
||
|
1E324710000
|
trusted library allocation
|
page read and write
|
||
|
9400FB000
|
stack
|
page read and write
|
||
|
2CE6916F000
|
heap
|
page read and write
|
||
|
1E324B33000
|
heap
|
page read and write
|
||
|
2CE6916F000
|
heap
|
page read and write
|
||
|
2890C513000
|
heap
|
page read and write
|
||
|
1E324A00000
|
heap
|
page read and write
|
||
|
2890C45D000
|
heap
|
page read and write
|
||
|
2890C465000
|
heap
|
page read and write
|
||
|
2BD6E900000
|
heap
|
page read and write
|
||
|
BAF5BF8000
|
stack
|
page read and write
|
||
|
2890C48A000
|
heap
|
page read and write
|
||
|
25837A4D000
|
heap
|
page read and write
|
||
|
25837A7A000
|
heap
|
page read and write
|
||
|
2CE69183000
|
heap
|
page read and write
|
||
|
9403FE000
|
stack
|
page read and write
|
||
|
2CE69178000
|
heap
|
page read and write
|
||
|
1E31FBA0000
|
heap
|
page read and write
|
||
|
1E324570000
|
trusted library allocation
|
page read and write
|
||
|
2CE688E1000
|
heap
|
page read and write
|
||
|
2CE69187000
|
heap
|
page read and write
|
||
|
2BD6E970000
|
remote allocation
|
page read and write
|
||
|
1E31FB18000
|
heap
|
page read and write
|
||
|
2CE6885D000
|
heap
|
page read and write
|
||
|
1E31F0FD000
|
heap
|
page read and write
|
||
|
1E324715000
|
trusted library allocation
|
page read and write
|
||
|
1F693E99000
|
heap
|
page read and write
|
||
|
1E324A96000
|
heap
|
page read and write
|
||
|
2CE69198000
|
heap
|
page read and write
|
||
|
1E31F029000
|
heap
|
page read and write
|
||
|
D6C951A000
|
stack
|
page read and write
|
||
|
1E325000000
|
heap
|
page read and write
|
||
|
1CA365E0000
|
heap
|
page read and write
|
||
|
2CE68800000
|
heap
|
page read and write
|
||
|
1E3201F0000
|
trusted library section
|
page readonly
|
||
|
2CE6885C000
|
heap
|
page read and write
|
||
|
1E324731000
|
trusted library allocation
|
page read and write
|
||
|
1E324860000
|
trusted library allocation
|
page read and write
|
||
|
2CE69197000
|
heap
|
page read and write
|
||
|
1E324B0F000
|
heap
|
page read and write
|
||
|
2890C461000
|
heap
|
page read and write
|
||
|
2890CE02000
|
trusted library allocation
|
page read and write
|
||
|
7EF8D7B000
|
stack
|
page read and write
|
||
|
1E31FB18000
|
heap
|
page read and write
|
||
|
2CE688F8000
|
heap
|
page read and write
|
||
|
2CE69172000
|
heap
|
page read and write
|
||
|
DA659FA000
|
stack
|
page read and write
|
||
|
1E324C20000
|
trusted library allocation
|
page read and write
|
||
|
BAF5DF9000
|
stack
|
page read and write
|
||
|
2890C400000
|
heap
|
page read and write
|
||
|
2BD6EA77000
|
heap
|
page read and write
|
||
|
1F693E13000
|
heap
|
page read and write
|
||
|
1E31F078000
|
heap
|
page read and write
|
||
|
1E324B2E000
|
heap
|
page read and write
|
||
|
2CE691DA000
|
heap
|
page read and write
|
||
|
25837A49000
|
heap
|
page read and write
|
||
|
427ED2C000
|
stack
|
page read and write
|
||
|
1E324716000
|
trusted library allocation
|
page read and write
|
||
|
D6C9A7B000
|
stack
|
page read and write
|
||
|
1E324870000
|
trusted library allocation
|
page read and write
|
||
|
2CE69195000
|
heap
|
page read and write
|
||
|
258378F0000
|
heap
|
page read and write
|
||
|
25421E50000
|
trusted library allocation
|
page read and write
|
||
|
1E324B1A000
|
heap
|
page read and write
|
||
|
2BD6EA13000
|
heap
|
page read and write
|
There are 505 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
file:///C:/Users/user/Desktop/https%20_upgrade.4nmn.com_microsoft.html
|