IOC Report
https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo

loading gif

Files

File Path
Type
Category
Malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\08491245-0b86-4c03-8516-f65c22c4307c.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\6467ae4c-43ea-4ce1-84db-8ed5ca8e39c7.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\67a604ee-9aa0-4eb8-aad0-c191d0d6b590.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\7e8c8658-282b-4edb-b5d3-a993eb38d56a.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\02195076-a379-4e59-9cc3-c8b8695ab29e.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\18a4e6ca-9a93-49dd-91f0-ccb57dbba01e.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\251abd2e-4a3c-4f25-8473-f400965fb07f.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\ec7c974b-d1fc-4542-9501-ab21b469a52a.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\2c7c40c0-5cfd-461f-9221-aca85076d819.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ab670571-7835-4be0-ab1e-783c5d498a6a.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f7d662cd-f80b-46a3-8860-2828c87030a5.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\cbb5fc14-c1a1-4147-bfbe-f6e2a9672044.tmp
data
modified
C:\Users\user\AppData\Local\Temp\7a86a18d-5b36-48cc-8b0a-206f9b2a5c72.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\bd221500-0d01-4227-8a43-5733d9d1cf7e.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\7a86a18d-5b36-48cc-8b0a-206f9b2a5c72.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir908_842739600\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
There are 80 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1616,14634851570262047367,15075039812273795490,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1948 /prefetch:8

URLs

Name
IP
Malicious
https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo
https://dns.google
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://ogs.google.com
unknown
https://www.google.com/images/cleardot.gif
unknown
https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo
142.250.186.84
https://play.google.com
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.185.238
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.185.109
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
https://www.google.com/images/x2.gif
unknown
https://accounts.google.com/MergeSession
unknown
https://www.google.com
unknown
https://www.google.com/images/dot2.gif
unknown
https://accounts.google.com
unknown
https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo
https://clients2.googleusercontent.com
unknown
https://apis.google.com
unknown
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://www.google.com/
unknown
https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX3
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://clients2.google.com
unknown
https://clients2.google.com/service/update2/crx
unknown
There are 15 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
accounts.google.com
142.250.185.109
gsrzhggshb-dot-yamm-track.appspot.com
142.250.186.84
clients.l.google.com
142.250.185.238
clients2.google.com
unknown

IPs

IP
Domain
Country
Malicious
142.250.185.109
accounts.google.com
United States
192.168.2.1
unknown
unknown
239.255.255.250
unknown
Reserved
142.250.186.84
gsrzhggshb-dot-yamm-track.appspot.com
United States
142.250.185.238
clients.l.google.com
United States
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
There are 33 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1F60D402000
trusted library allocation
page read and write
257FE260000
heap
page read and write
1BBAA42A000
heap
page read and write
1F60CC57000
heap
page read and write
278F92A0000
trusted library allocation
page read and write
1F60CC3C000
heap
page read and write
278F9224000
trusted library allocation
page read and write
720977F000
stack
page read and write
7F4F17F000
stack
page read and write
1F60CC13000
heap
page read and write
1DE83F10000
heap
page read and write
1B395C29000
heap
page read and write
278F3A9F000
heap
page read and write
278F9088000
heap
page read and write
257FE26C000
heap
page read and write
257FE26A000
heap
page read and write
56EB5FC000
stack
page read and write
278F3A3F000
heap
page read and write
278F3A9D000
heap
page read and write
1BBAAC02000
heap
page read and write
278F9102000
heap
page read and write
278F8E40000
trusted library allocation
page read and write
257FE258000
heap
page read and write
1BBAA413000
heap
page read and write
BA452FE000
stack
page read and write
72095FE000
stack
page read and write
1BBAA502000
heap
page read and write
257FE278000
heap
page read and write
1B395BC0000
remote allocation
page read and write
1BBAAD00000
heap
page read and write
278F9200000
trusted library allocation
page read and write
278F3A6F000
heap
page read and write
257FE302000
heap
page read and write
F90F74E000
stack
page read and write
F90FF7F000
stack
page read and write
257FE226000
heap
page read and write
1FE68628000
heap
page read and write
1F60CC02000
heap
page read and write
1BBAA4C6000
heap
page read and write
1B395BC0000
remote allocation
page read and write
278F4358000
heap
page read and write
278F3900000
heap
page read and write
1FE68E02000
trusted library allocation
page read and write
278F39A0000
trusted library allocation
page read and write
7209AFF000
stack
page read and write
7F4E8FE000
stack
page read and write
278F903B000
heap
page read and write
1F60CB80000
heap
page read and write
1DE84013000
heap
page read and write
278F9010000
heap
page read and write
BA4527B000
stack
page read and write
1DE84113000
heap
page read and write
F91077F000
stack
page read and write
278F3AA5000
heap
page read and write
A20767E000
stack
page read and write
F9102FF000
stack
page read and write
278F3A74000
heap
page read and write
257FE259000
heap
page read and write
56EBFFE000
stack
page read and write
7F4ED7F000
stack
page read and write
278F8FE0000
trusted library allocation
page read and write
3A5E9DB000
stack
page read and write
278F39B0000
trusted library section
page read and write
278F41A0000
trusted library section
page readonly
56EB4FD000
stack
page read and write
257FE241000
heap
page read and write
A20735B000
stack
page read and write
257FE242000
heap
page read and write
278F8FD0000
trusted library allocation
page read and write
1F60CC29000
heap
page read and write
1FE68530000
heap
page read and write
278F8FD0000
trusted library allocation
page read and write
A2073DE000
stack
page read and write
278F9300000
trusted library allocation
page read and write
278F49E0000
trusted library allocation
page read and write
278F3A13000
heap
page read and write
A2079FE000
stack
page read and write
F90FDFE000
stack
page read and write
1BBAA290000
heap
page read and write
257FE130000
heap
page read and write
1BBAA43E000
heap
page read and write
1DE84065000
heap
page read and write
278F4318000
heap
page read and write
1B395D02000
heap
page read and write
1DE84075000
heap
page read and write
257FE25A000
heap
page read and write
278F8EC0000
trusted library allocation
page read and write
278F3A8B000
heap
page read and write
1DE8405B000
heap
page read and write
7F4F27D000
stack
page read and write
1FE6867B000
heap
page read and write
7F4EEFD000
stack
page read and write
1FE68600000
heap
page read and write
3A5EDFB000
stack
page read and write
3A5EEFB000
stack
page read and write
278F90F3000
heap
page read and write
1BBAA400000
heap
page read and write
1DE84029000
heap
page read and write
1FE68700000
heap
page read and write
257FEA02000
trusted library allocation
page read and write
F91007E000
stack
page read and write
278F9214000
trusted library allocation
page read and write
1DE84670000
trusted library allocation
page read and write
F90F7CE000
stack
page read and write
1BBAA46E000
heap
page read and write
F9100FE000
stack
page read and write
7F4F07C000
stack
page read and write
278F4318000
heap
page read and write
278F9330000
remote allocation
page read and write
F91047E000
stack
page read and write
257FE257000
heap
page read and write
BA4577F000
stack
page read and write
1F60CC69000
heap
page read and write
278F90A6000
heap
page read and write
A2078FE000
stack
page read and write
278F9208000
trusted library allocation
page read and write
278F8E30000
trusted library allocation
page read and write
1F60CD08000
heap
page read and write
1B395C3D000
heap
page read and write
257FE255000
heap
page read and write
72091AE000
stack
page read and write
F91057A000
stack
page read and write
278F90A3000
heap
page read and write
F90FEFB000
stack
page read and write
257FE213000
heap
page read and write
278F9102000
heap
page read and write
257FE229000
heap
page read and write
1BBAAA60000
trusted library allocation
page read and write
257FE23D000
heap
page read and write
1BBAA300000
heap
page read and write
7F4F37E000
stack
page read and write
7F4EDFC000
stack
page read and write
278F4501000
trusted library allocation
page read and write
278F3A00000
heap
page read and write
56EBDFF000
stack
page read and write
F90FAF7000
stack
page read and write
278F3A8D000
heap
page read and write
BA4587F000
stack
page read and write
278F41C0000
trusted library section
page readonly
257FE256000
heap
page read and write
1F60CD13000
heap
page read and write
257FE261000
heap
page read and write
278F8EB0000
trusted library allocation
page read and write
278F902A000
heap
page read and write
56EB37E000
stack
page read and write
257FE27F000
heap
page read and write
1B395B90000
trusted library allocation
page read and write
278F3910000
heap
page read and write
1BBAA487000
heap
page read and write
278F3AFD000
heap
page read and write
1F60CD00000
heap
page read and write
7F4EF7B000
stack
page read and write
257FE285000
heap
page read and write
1B395A20000
heap
page read and write
278F3A58000
heap
page read and write
278F3AB2000
heap
page read and write
7F4E97D000
stack
page read and write
278F41D0000
trusted library section
page readonly
F90F6CB000
stack
page read and write
1DE83EA0000
heap
page read and write
278FA000000
heap
page read and write
278F4E20000
trusted library allocation
page read and write
720947E000
stack
page read and write
1FE68613000
heap
page read and write
F90FCFA000
stack
page read and write
1FE684D0000
heap
page read and write
1DE84000000
heap
page read and write
1B395C00000
heap
page read and write
BA4557B000
stack
page read and write
257FE27B000
heap
page read and write
56EB8FF000
stack
page read and write
56EB6FE000
stack
page read and write
720987D000
stack
page read and write
72099FD000
stack
page read and write
278F3B13000
heap
page read and write
278F90DC000
heap
page read and write
278F3B02000
heap
page read and write
1F60CC64000
heap
page read and write
278F3A79000
heap
page read and write
278F9100000
heap
page read and write
F91027C000
stack
page read and write
1FE68713000
heap
page read and write
1F60CBF0000
heap
page read and write
278F90E2000
heap
page read and write
F90FBFD000
stack
page read and write
278F41E0000
trusted library section
page readonly
56EBCFF000
stack
page read and write
257FE246000
heap
page read and write
278F92E0000
trusted library allocation
page read and write
278F3B26000
heap
page read and write
1B395C13000
heap
page read and write
1FE6865A000
heap
page read and write
278F4E01000
trusted library allocation
page read and write
278F9200000
trusted library allocation
page read and write
257FE27C000
heap
page read and write
56EB47B000
stack
page read and write
1FE68702000
heap
page read and write
BA4567E000
stack
page read and write
1DE83EB0000
heap
page read and write
7F4EC7F000
stack
page read and write
56EB2FD000
stack
page read and write
278F90FD000
heap
page read and write
257FE23B000
heap
page read and write
1BBAAD32000
heap
page read and write
1B395A30000
heap
page read and write
278F920E000
trusted library allocation
page read and write
1FE68666000
heap
page read and write
257FE262000
heap
page read and write
56EBEFE000
stack
page read and write
1B395C5C000
heap
page read and write
56EBAFF000
stack
page read and write
278F9048000
heap
page read and write
1B395BC0000
remote allocation
page read and write
278F8FE0000
trusted library allocation
page read and write
278F4302000
heap
page read and write
3A5F1FE000
stack
page read and write
1DE84802000
trusted library allocation
page read and write
278F9221000
trusted library allocation
page read and write
3A5ECFF000
stack
page read and write
F9103FE000
stack
page read and write
1FE68602000
heap
page read and write
720912B000
stack
page read and write
1B396402000
trusted library allocation
page read and write
56EB9FD000
stack
page read and write
278F41B0000
trusted library section
page readonly
278F901C000
heap
page read and write
7F4EAFE000
stack
page read and write
278F3A29000
heap
page read and write
1DE84002000
heap
page read and write
1FE684C0000
heap
page read and write
257FE200000
heap
page read and write
278F3970000
heap
page read and write
278F4313000
heap
page read and write
72094FF000
stack
page read and write
278F3A92000
heap
page read and write
257FE0D0000
heap
page read and write
278F4E23000
trusted library allocation
page read and write
1F60CC8A000
heap
page read and write
278F4200000
heap
page read and write
278F90F9000
heap
page read and write
A2077FE000
stack
page read and write
1BBAA4CD000
heap
page read and write
7F4E87B000
stack
page read and write
F91067C000
stack
page read and write
1B395C02000
heap
page read and write
1B395C25000
heap
page read and write
257FE267000
heap
page read and write
278F9330000
remote allocation
page read and write
278F3A76000
heap
page read and write
257FE0C0000
heap
page read and write
278F9210000
trusted library allocation
page read and write
257FE240000
heap
page read and write
1FE68560000
trusted library allocation
page read and write
278F92F0000
trusted library allocation
page read and write
72098FF000
stack
page read and write
1FE6866A000
heap
page read and write
278F905F000
heap
page read and write
56EB27C000
stack
page read and write
1FE6863C000
heap
page read and write
1BBAA2A0000
heap
page read and write
1F60CD02000
heap
page read and write
1BBAA4BC000
heap
page read and write
1DE8403D000
heap
page read and write
278F9000000
heap
page read and write
56EB7FE000
stack
page read and write
278F4300000
heap
page read and write
257FE24D000
heap
page read and write
278F9310000
trusted library allocation
page read and write
1BBAA513000
heap
page read and write
F90FFFF000
stack
page read and write
7F4EA7C000
stack
page read and write
BA4537E000
stack
page read and write
3A5EFF7000
stack
page read and write
1BBAA4E2000
heap
page read and write
278F4E30000
trusted library allocation
page read and write
1DE84026000
heap
page read and write
1F60CB90000
heap
page read and write
278F9200000
trusted library allocation
page read and write
257FE26E000
heap
page read and write
278F90FB000
heap
page read and write
1DE84102000
heap
page read and write
3A5EC7E000
stack
page read and write
257FE25C000
heap
page read and write
257FE232000
heap
page read and write
257FE25F000
heap
page read and write
1DE8406F000
heap
page read and write
A207AFF000
stack
page read and write
278F4202000
heap
page read and write
56EBBFE000
stack
page read and write
720967E000
stack
page read and write
1B395A90000
heap
page read and write
1F60CC00000
heap
page read and write
278F41F0000
trusted library section
page readonly
3A5F0FF000
stack
page read and write
257FE160000
trusted library allocation
page read and write
278F4215000
heap
page read and write
1DE84064000
heap
page read and write
1F60D350000
trusted library allocation
page read and write
278F9330000
remote allocation
page read and write
F91017E000
stack
page read and write
There are 290 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo