IOC Report
https://express.adobe.com/page/QSpEtjTBWEere/

loading gif

Files

File Path
Type
Category
Malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\27a016a7-313a-4fea-a06e-80fca7ef8ede.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\4927f5c3-f8bb-4c84-8ee0-f02802047416.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\709d8bb9-c17e-4afc-ac8c-0e3339de77a4.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\7d5d964b-78f9-4f7f-9e77-a4ee97f78d45.tmp
SysEx File -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\9892867c-905f-4b79-ac8a-f0602d4f01cc.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0a7047a5-3592-41e7-bd99-61fc42019fc1.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2886b6ad-ab63-4799-91f8-40407181f0ae.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2ff535d1-fe6f-4d1e-baf3-76c5fff8fb99.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3ef79956-b817-40ab-ac60-8c18be43cffc.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8507cdbc-4b73-42d4-a942-ff7663b72b13.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8ae8b0bc-7794-4328-ba01-06743ae513fd.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index (copy)
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\a98b08b0-43d5-47e7-a74f-c8b2f493a9ef.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\0f25ce2b-a737-407c-8110-84d4234450ba.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e82f5442-0663-4b36-b5be-9f40d0972250.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f6e43385-86df-4424-9082-4eaf1c861a4e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ff721e75-de78-4e39-83d4-ff11f3857379.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\a6d5d7b4-b740-4436-98a3-8b8a825a6353.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\dcca05ac-97f0-4ad6-9fb2-536ebdbde734.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\e380db3d-e053-4d07-825e-919efa7c09c7.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\40212a03-e0ad-48db-b4a3-7035593adebd.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\41be5f9c-4016-4134-bef8-2736450dabf5.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\41be5f9c-4016-4134-bef8-2736450dabf5.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2492_211076532\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
There are 87 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://express.adobe.com/page/QSpEtjTBWEere/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,3426159670808259283,2010510569848056573,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8

URLs

Name
IP
Malicious
https://express.adobe.com/page/QSpEtjTBWEere/
https://www.google.com
unknown
https://www.google.com/images/dot2.gif
unknown
https://dns.google
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://ogs.google.com
unknown
https://www.google.com/images/cleardot.gif
unknown
https://play.google.com
unknown
https://accounts.google.com
unknown
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://clients2.googleusercontent.com
unknown
https://apis.google.com
unknown
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
https://www.google.com/images/x2.gif
unknown
https://www.google.com/
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://accounts.google.com/MergeSession
unknown
https://clients2.google.com
unknown
https://clients2.google.com/service/update2/crx
unknown
There are 10 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
142.250.185.109
unknown
United States
192.168.2.1
unknown
unknown
13.225.239.122
unknown
United States
8.8.8.8
unknown
United States
15.188.95.229
unknown
United States
52.215.98.143
unknown
United States
54.194.254.72
unknown
United States
13.225.239.31
unknown
United States
52.215.108.43
unknown
United States
142.250.185.238
unknown
United States
104.16.149.64
unknown
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown
There are 3 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
There are 33 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
157B0CE1000
trusted library allocation
page read and write
1EC11BA000
stack
page read and write
157AC200000
trusted library allocation
page read and write
9D9547E000
stack
page read and write
1F463E71000
heap
page read and write
21A24F00000
heap
page read and write
157AB858000
heap
page read and write
157AC159000
heap
page read and write
157AB7F3000
trusted library allocation
page read and write
157B0F02000
heap
page read and write
1F34FDA0000
heap
page read and write
157B0EFB000
heap
page read and write
B22707E000
stack
page read and write
21A24E02000
heap
page read and write
1F463E00000
heap
page read and write
2171223C000
heap
page read and write
46575F7000
stack
page read and write
309FFF000
stack
page read and write
56821FE000
stack
page read and write
21A24E3C000
heap
page read and write
1D8AA83D000
heap
page read and write
157B0E61000
heap
page read and write
B22717B000
stack
page read and write
16D91402000
trusted library allocation
page read and write
1F35006E000
heap
page read and write
21712229000
heap
page read and write
21A24D90000
trusted library allocation
page read and write
1349988B000
heap
page read and write
1D8AA730000
heap
page read and write
1D8AA84B000
heap
page read and write
41101FC000
stack
page read and write
2AD7EFF000
stack
page read and write
157B0CC0000
trusted library allocation
page read and write
157B0CE0000
trusted library allocation
page read and write
21A24E00000
heap
page read and write
21712308000
heap
page read and write
94F437E000
stack
page read and write
7B9555E000
stack
page read and write
157B0F0B000
heap
page read and write
E3CBA77000
stack
page read and write
157B0ED5000
heap
page read and write
1F350000000
heap
page read and write
465727E000
stack
page read and write
1D8AA847000
heap
page read and write
21A24F13000
heap
page read and write
2AD80FC000
stack
page read and write
1F34FDB0000
heap
page read and write
157AB8FD000
heap
page read and write
411067D000
stack
page read and write
1F463D00000
heap
page read and write
21712313000
heap
page read and write
157B0BB0000
trusted library allocation
page read and write
56820FE000
stack
page read and write
2AD81FE000
stack
page read and write
41102FB000
stack
page read and write
157ACB60000
trusted library allocation
page read and write
157AB770000
trusted library section
page read and write
94F48FB000
stack
page read and write
157B0EF9000
heap
page read and write
16D90C52000
heap
page read and write
7B959FE000
stack
page read and write
13499830000
unkown
page read and write
1D8AA842000
heap
page read and write
21EAF6A0000
heap
page read and write
1F3500BB000
heap
page read and write
279B0629000
heap
page read and write
2AD737C000
stack
page read and write
22272D02000
heap
page read and write
279B0600000
heap
page read and write
13499880000
heap
page read and write
94F4AFF000
stack
page read and write
21EAFEA0000
remote allocation
page read and write
157B1000000
trusted library allocation
page read and write
1D8AA86B000
heap
page read and write
157B0EF5000
heap
page read and write
B22757C000
stack
page read and write
16D90C8A000
heap
page read and write
2AD7777000
stack
page read and write
157AC500000
trusted library allocation
page read and write
279B0679000
heap
page read and write
1D8AA813000
heap
page read and write
1F463F00000
heap
page read and write
30997B000
stack
page read and write
1F3500CC000
heap
page read and write
2171224E000
heap
page read and write
217121B0000
heap
page read and write
94F49FB000
stack
page read and write
2AD79FA000
stack
page read and write
1D8AA87B000
heap
page read and write
21A24F02000
heap
page read and write
21A24E59000
heap
page read and write
157AC118000
heap
page read and write
157B0CC5000
trusted library allocation
page read and write
157B1140000
trusted library allocation
page read and write
1D8AA832000
heap
page read and write
16D90B20000
heap
page read and write
410FDCB000
stack
page read and write
1F350700000
heap
page read and write
157AC7D0000
trusted library section
page readonly
94F42FB000
stack
page read and write
21A24E79000
heap
page read and write
1EC15FC000
unkown
page read and write
157AC7E0000
trusted library section
page readonly
157AB82A000
heap
page read and write
21712271000
heap
page read and write
46576FE000
stack
page read and write
21EAF800000
heap
page read and write
157AB926000
heap
page read and write
21A24C90000
heap
page read and write
21712249000
heap
page read and write
279B063C000
heap
page read and write
1D8AA82D000
heap
page read and write
157AB865000
heap
page read and write
157B0D90000
trusted library allocation
page read and write
1D8AA760000
trusted library allocation
page read and write
1D8AA874000
heap
page read and write
21712213000
heap
page read and write
7B95BFE000
stack
page read and write
279B0679000
heap
page read and write
E3CB77D000
stack
page read and write
157AC7C0000
trusted library section
page readonly
1D8AA832000
heap
page read and write
157AB89E000
heap
page read and write
1D8AA85E000
heap
page read and write
157B0B60000
trusted library allocation
page read and write
157B0E00000
heap
page read and write
22272C66000
heap
page read and write
157AB913000
heap
page read and write
279B065E000
heap
page read and write
1D8AA83B000
heap
page read and write
E3CBBFE000
stack
page read and write
1F34FFE0000
trusted library allocation
page read and write
22272D00000
heap
page read and write
22272C60000
heap
page read and write
56825FD000
stack
page read and write
411037F000
stack
page read and write
1D8AA831000
heap
page read and write
1F34FE10000
heap
page read and write
157B1050000
remote allocation
page read and write
157AB86D000
heap
page read and write
1D8AA840000
heap
page read and write
22272B50000
trusted library allocation
page read and write
9D9527C000
stack
page read and write
157AC100000
heap
page read and write
9D9507F000
stack
page read and write
2AD767E000
stack
page read and write
46572FE000
stack
page read and write
30A1FF000
stack
page read and write
1D8AA849000
heap
page read and write
22272C29000
heap
page read and write
1D8AA862000
heap
page read and write
1F350040000
heap
page read and write
3095CE000
stack
page read and write
21A24E63000
heap
page read and write
157B0DF0000
trusted library allocation
page read and write
21712302000
heap
page read and write
2AD78FA000
stack
page read and write
21712150000
heap
page read and write
13499810000
unkown
page read and write
9D9537D000
stack
page read and write
279B0590000
heap
page read and write
157AC118000
heap
page read and write
22272C87000
heap
page read and write
157B0EB5000
heap
page read and write
1D8AA6D0000
heap
page read and write
157B1190000
trusted library allocation
page read and write
279B0520000
heap
page read and write
1D8AA861000
heap
page read and write
279B0702000
heap
page read and write
157B0DE0000
trusted library allocation
page read and write
157B0CC8000
trusted library allocation
page read and write
568217F000
stack
page read and write
1F463E3C000
heap
page read and write
157AB760000
trusted library allocation
page read and write
1D8AA866000
heap
page read and write
22272C13000
heap
page read and write
157AB5F0000
heap
page read and write
1EC167F000
unkown
page read and write
157B0F26000
heap
page read and write
30A0FF000
stack
page read and write
309AFD000
stack
page read and write
157B0EF0000
heap
page read and write
5681D7B000
stack
page read and write
B226DEE000
stack
page read and write
41100FE000
stack
page read and write
157AC6E0000
trusted library allocation
page read and write
279B0661000
heap
page read and write
16D90C00000
heap
page read and write
157B1010000
trusted library allocation
page read and write
1D8AB002000
trusted library allocation
page read and write
2AD7E7F000
stack
page read and write
B22747E000
stack
page read and write
30987D000
stack
page read and write
4656F8B000
stack
page read and write
1D8AA85C000
heap
page read and write
157B0D00000
trusted library allocation
page read and write
21EAF802000
heap
page read and write
1F350113000
heap
page read and write
157B0F13000
heap
page read and write
2AD837D000
stack
page read and write
279B065F000
heap
page read and write
21EAF6B0000
heap
page read and write
16D90D02000
heap
page read and write
1F464530000
unkown
page write copy
157B0CCE000
trusted library allocation
page read and write
157AC118000
heap
page read and write
1F350602000
heap
page read and write
157B0EFF000
heap
page read and write
134998AB000
heap
page read and write
157B2000000
heap
page read and write
157AB83F000
heap
page read and write
279B0654000
heap
page read and write
157AC159000
heap
page read and write
16D90C02000
heap
page read and write
2AD7FF9000
stack
page read and write
157AC7F0000
trusted library section
page readonly
157B0E20000
trusted library allocation
page read and write
1EC147F000
unkown
page read and write
16D90D13000
heap
page read and write
157AC000000
heap
page read and write
1D8AA82E000
heap
page read and write
157AB86A000
heap
page read and write
2AD7DFF000
stack
page read and write
309EFF000
stack
page read and write
B22727B000
stack
page read and write
157B1150000
trusted library allocation
page read and write
1F463E8A000
heap
page read and write
157B1050000
remote allocation
page read and write
13499870000
unkown
page readonly
21EB0002000
trusted library allocation
page read and write
21EAF813000
heap
page read and write
9D94DFC000
stack
page read and write
279B0613000
heap
page read and write
21712282000
heap
page read and write
13499C40000
heap
page read and write
22272C52000
heap
page read and write
9D949EB000
stack
page read and write
1D8AA884000
heap
page read and write
157B0E1B000
heap
page read and write
21A24E28000
heap
page read and write
279B065D000
heap
page read and write
157AC113000
heap
page read and write
309CFF000
stack
page read and write
217121E0000
trusted library allocation
page read and write
22272C3C000
heap
page read and write
157B0F1F000
heap
page read and write
157B0CC6000
trusted library allocation
page read and write
157B1050000
remote allocation
page read and write
16D90C29000
heap
page read and write
5681DFE000
stack
page read and write
157B0EAB000
heap
page read and write
94F47FB000
stack
page read and write
E3CBCFA000
stack
page read and write
157AB600000
heap
page read and write
13499C50000
unkown
page readonly
21712200000
heap
page read and write
E3CB977000
stack
page read and write
9D950FC000
stack
page read and write
1F463F02000
heap
page read and write
1F3500E0000
heap
page read and write
1F350068000
heap
page read and write
22273402000
trusted library allocation
page read and write
13499E50000
unkown
page readonly
1F350013000
heap
page read and write
3099FF000
stack
page read and write
1D8AA897000
heap
page read and write
157AC118000
heap
page read and write
157B0E4A000
heap
page read and write
21A24C20000
heap
page read and write
222729F0000
heap
page read and write
1D8AA875000
heap
page read and write
7B954DB000
stack
page read and write
157AB7F0000
trusted library allocation
page read and write
2AD7AFF000
stack
page read and write
22272D08000
heap
page read and write
30A2FF000
stack
page read and write
157B0E10000
trusted library allocation
page read and write
21712A02000
trusted library allocation
page read and write
157AB813000
heap
page read and write
279B0530000
heap
page read and write
157AB902000
heap
page read and write
157AB7D1000
trusted library allocation
page read and write
157AB660000
heap
page read and write
1D8AA877000
heap
page read and write
46577FF000
stack
page read and write
9D951FD000
stack
page read and write
21EAFE70000
trusted library allocation
page read and write
1F463D60000
heap
page read and write
134998B0000
heap
page read and write
2AD7D7E000
stack
page read and write
21A24E13000
heap
page read and write
16D90B90000
heap
page read and write
1F350066000
heap
page read and write
1F350102000
heap
page read and write
134997B0000
heap
page read and write
1F463D90000
trusted library allocation
page read and write
279B0658000
heap
page read and write
1EC16FC000
unkown
page read and write
21712140000
heap
page read and write
22272C00000
heap
page read and write
21A24E6C000
heap
page read and write
222729E0000
heap
page read and write
279B067D000
heap
page read and write
16D90BC0000
trusted library allocation
page read and write
157ABFC0000
trusted library allocation
page read and write
157AC1DD000
heap
page read and write
157AC19A000
heap
page read and write
21EAF902000
heap
page read and write
46573FB000
stack
page read and write
2AD77FE000
stack
page read and write
157B0F05000
heap
page read and write
157B0E28000
heap
page read and write
279B0688000
heap
page read and write
157AC800000
trusted library section
page readonly
1F463DB0000
unkown
page readonly
411007F000
stack
page read and write
157B0F02000
heap
page read and write
279B065C000
heap
page read and write
411077F000
stack
page read and write
22272C7C000
heap
page read and write
1F464602000
trusted library allocation
page read and write
21A24E77000
heap
page read and write
157B0EFF000
heap
page read and write
2AD7BFB000
stack
page read and write
2AD817D000
stack
page read and write
7B95AFE000
stack
page read and write
E3CB67B000
stack
page read and write
279B0700000
heap
page read and write
1D8AA83A000
heap
page read and write
1D8AA87A000
heap
page read and write
1F350029000
heap
page read and write
1F350087000
heap
page read and write
157B0E3D000
heap
page read and write
1F463E13000
heap
page read and write
1F463CF0000
heap
page read and write
2AD7CFE000
stack
page read and write
56824FF000
stack
page read and write
568227F000
stack
page read and write
2AD7C7E000
stack
page read and write
21A24C30000
heap
page read and write
21EAF710000
heap
page read and write
279B0713000
heap
page read and write
157AB800000
heap
page read and write
13499C45000
heap
page read and write
13499860000
unkown
page readonly
B227377000
stack
page read and write
157B0F04000
heap
page read and write
21EAF829000
heap
page read and write
279B0662000
heap
page read and write
7B955DE000
stack
page read and write
157B0DD0000
trusted library allocation
page read and write
9D94F7F000
stack
page read and write
157B0E09000
heap
page read and write
1D8AA86D000
heap
page read and write
157B0EDA000
heap
page read and write
1D8AA6C0000
heap
page read and write
1D8AA845000
heap
page read and write
1D8AA846000
heap
page read and write
46574FB000
stack
page read and write
21EAF840000
heap
page read and write
1F463E9E000
heap
page read and write
1F463E29000
heap
page read and write
1D8AA87E000
heap
page read and write
21EAF85C000
heap
page read and write
1F3500C3000
heap
page read and write
568247D000
stack
page read and write
22272D13000
heap
page read and write
568237E000
stack
page read and write
309BFD000
stack
page read and write
411057F000
stack
page read and write
157B0CF0000
trusted library allocation
page read and write
2AD73FE000
stack
page read and write
1EC1578000
unkown
page read and write
E3CB6FE000
stack
page read and write
1D8AA829000
heap
page read and write
21712253000
heap
page read and write
157B0F2C000
heap
page read and write
1D8AA800000
heap
page read and write
16D90C13000
heap
page read and write
16D90C6B000
heap
page read and write
157AB86F000
heap
page read and write
157AC002000
heap
page read and write
1D8AA864000
heap
page read and write
2AD847D000
stack
page read and write
1D8AA85F000
heap
page read and write
21EAFEA0000
remote allocation
page read and write
157B0F16000
heap
page read and write
157AC015000
heap
page read and write
157AB88C000
heap
page read and write
157B0F26000
heap
page read and write
22272A50000
heap
page read and write
16D90B30000
heap
page read and write
157B0CE4000
trusted library allocation
page read and write
309DFD000
stack
page read and write
21EAFEA0000
remote allocation
page read and write
157B0BA0000
trusted library allocation
page read and write
21A25602000
trusted library allocation
page read and write
2171224C000
heap
page read and write
B226D6B000
stack
page read and write
1EC14FF000
unkown
page read and write
279B0708000
heap
page read and write
157AB893000
heap
page read and write
21712276000
heap
page read and write
E3CB87C000
stack
page read and write
1D8AA869000
heap
page read and write
56826FF000
stack
page read and write
279B0659000
heap
page read and write
157B0D04000
trusted library allocation
page read and write
16D90C41000
heap
page read and write
157B0CC0000
trusted library allocation
page read and write
1D8AA902000
heap
page read and write
279B0E02000
trusted library allocation
page read and write
9D9557E000
stack
page read and write
279B05C0000
trusted library allocation
page read and write
30954C000
stack
page read and write
21712300000
heap
page read and write
1F463E81000
heap
page read and write
568207E000
stack
page read and write
157ABFE0000
trusted library allocation
page read and write
1F463F13000
heap
page read and write
4110477000
stack
page read and write
157AC810000
trusted library section
page readonly
157B0CF0000
trusted library allocation
page read and write
22272C5A000
heap
page read and write
E3CBAFF000
stack
page read and write
157ABFD0000
trusted library allocation
page read and write
157B0CC1000
trusted library allocation
page read and write
There are 417 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://express.adobe.com/page/QSpEtjTBWEere/
https://www.adobe.com/express/