Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\086dda27-f745-44b8-94ab-ba8b6ac61b32.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\30b0081c-bdb9-4e20-9da2-b9d71b90d53c.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\5ecad9ab-3e42-45be-b945-e911d4b6f84f.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\6c6a0a2f-a887-4066-b512-65cb3e77fc9d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\731254e2-7898-4d5d-bb22-6d2909cf2801.tmp
|
SysEx File -
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\94aae6bc-374c-4115-a4c7-edd0075d992b.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1df751d8-d58f-4cc2-91af-afc1f2a0a7af.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1f1d84e3-6e92-4d48-84d6-b3daf31d9a84.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\26c64c90-d440-4d06-992f-05567e6e720a.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\342d06f8-becd-4196-ae18-f29cd9961fb9.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\539f4c29-0538-49fc-90ee-d20ac32635ba.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\62a275ec-5489-4b19-9458-c013e7b1974b.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\633358e7-c7f3-4f89-8d83-94ce757453a9.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\63b8ac16-cd70-47d8-9cc4-a2966b7e5414.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9e2b98f2-a0b2-49bb-a0bb-da60df2d9536.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_onenote.officeapps.live.com_0.indexeddb.leveldb\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_onenote.officeapps.live.com_0.indexeddb.leveldb\CURRENT
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_onenote.officeapps.live.com_0.indexeddb.leveldb\MANIFEST-000001
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\6b006fd1-2d16-41e3-af96-3f08c2d9df9a.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\df65693d-31b6-4c80-b26d-d65c02a3e5be.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b5ba8a12-ab39-4364-b5c0-8fa8fd010a19.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d83903ff-e649-4d9f-bbf2-ba112ab04227.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir2912_265036453\Ruleset Data
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\c50c5c5f-72c3-4d69-9527-c4a53ec79026.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\d522c0ee-6c80-4905-96d1-8ed746da792d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\f0236d04-1c65-4778-83b9-40c8ea6c4aac.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_1837665677\Filtering Rules
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_1837665677\LICENSE.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_1837665677\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_1837665677\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_1837665677\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_2145922573\_platform_specific\x86_64\pnacl_public_pnacl_json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_2145922573\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_2145922573\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_2145922573\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_2145922573\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_2145922573\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_2145922573\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_742143674\Recovery.crx3
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_742143674\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_742143674\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2912_742143674\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4b81576d-c52b-449b-96ab-b87469f2c343.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\e1462bfa-6d0d-414d-956a-e46a1cffcf59.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir2912_1000190791\e1462bfa-6d0d-414d-956a-e46a1cffcf59.tmp
|
Google Chrome extension, version 3
|
dropped
|
There are 110 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://1drv.ms:443/o/s!BH45_lCByG8fgpJ9gXzw1ulhl-qQkQ?e=yvEgUVzG9ES2PfoKuGIEfw&at=9
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,9226078963959691659,2122446891408978629,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://1drv.ms:443/o/s!BH45_lCByG8fgpJ9gXzw1ulhl-qQkQ?e=yvEgUVzG9ES2PfoKuGIEfw&at=9
|
 |
||
|
https://verbena-woolly-clutch.glitch.me/favicon.ico
|
52.22.91.148
|
||
|
https://dns.google
|
unknown
|
||
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
|
https://ogs.google.com
|
unknown
|
||
|
https://onedrive.live.com/redir?resid=1F6FC88150FE397E
|
unknown
|
||
|
https://1drv.ms/o/s!BH45_lCByG8fgpJ9gXzw1ulhl-qQkQ?e=yvEgUVzG9ES2PfoKuGIEfw&at=9
|
13.107.42.12
|
||
|
https://onedrive.live.com/view.aspx?resid=1F6FC88150FE397E
|
unknown
|
||
|
https://onedrive.live.com/redir?resid=1F6FC88150FE397E%2135197&authkey=%21AoF88NbpYZfqkJE&page=View&wd=target%28Quick%20Notes.one%7C5d7d8a2d-e7c2-4f4c-8bbd-8958bcaab581%2FKinetre%20Inc%7C98a50910-a8d3-4348-9fa8-39684459cbc8%2F%29&wdorigin=NavigationUrl
|
|||
|
https://www.google.com/images/cleardot.gif
|
unknown
|
||
|
https://play.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.251.36.238
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.251.36.205
|
||
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
|
unknown
|
||
|
https://easylist.to/)
|
unknown
|
||
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://www.google.com/images/x2.gif
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
|
104.18.11.207
|
||
|
https://accounts.google.com/MergeSession
|
unknown
|
||
|
http://llvm.org/):
|
unknown
|
||
|
https://creativecommons.org/compatiblelicenses
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/images/dot2.gif
|
unknown
|
||
|
https://verbena-woolly-clutch.glitch.me/toy.htm
|
52.22.91.148
|
||
|
https://github.com/easylist)
|
unknown
|
||
|
https://verbena-woolly-clutch.glitch.me/toy.htm
|
|||
|
https://creativecommons.org/.
|
unknown
|
||
|
https://onedrive.live.com/view.aspx?resid=1F6FC88150FE397E!35197&ithint=onenote&authkey=!AoF88NbpYZfqkJE
|
|||
|
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
|
104.17.25.14
|
||
|
https://accounts.google.com
|
unknown
|
||
|
https://1drv.ms/o/s
|
unknown
|
||
|
https://verbena-woolly-clutch.glitch.me/css/hover.css
|
52.22.91.148
|
||
|
https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=10.21153.1&market=EN-US&wrapperId=suiteshell
|
13.107.219.60
|
||
|
https://clients2.googleusercontent.com
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
|
104.18.11.207
|
||
|
https://spoprod-a.akamaihd.net
|
unknown
|
||
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
|
unknown
|
||
|
https://clients2.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 34 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
b-0016.b-msedge.net
|
13.107.6.171
|
||
|
gstaticadssl.l.google.com
|
142.251.36.227
|
||
|
accounts.google.com
|
142.251.36.205
|
||
|
dual-a-0001.a-msedge.net
|
204.79.197.200
|
||
|
cdnjs.cloudflare.com
|
104.17.25.14
|
||
|
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
||
|
clients.l.google.com
|
142.251.36.238
|
||
|
i-db3p-cor006.api.p001.1drv.com
|
13.104.208.165
|
||
|
part-0032.t-0009.fbs1-t-msedge.net
|
13.107.219.60
|
||
|
1drv.ms
|
13.107.42.12
|
||
|
verbena-woolly-clutch.glitch.me
|
52.22.91.148
|
||
|
onenoteonlinesync.onenote.com
|
unknown
|
||
|
ka-f.fontawesome.com
|
unknown
|
||
|
kit.fontawesome.com
|
unknown
|
||
|
c.live.com
|
unknown
|
||
|
storage.live.com
|
unknown
|
||
|
ajax.aspnetcdn.com
|
unknown
|
||
|
clients2.google.com
|
unknown
|
||
|
code.jquery.com
|
unknown
|
||
|
onedrive.live.com
|
unknown
|
||
|
p.sfx.ms
|
unknown
|
||
|
amcdn.msftauth.net
|
unknown
|
||
|
spoprod-a.akamaihd.net
|
unknown
|
||
|
www.onenote.com
|
unknown
|
||
|
messaging.engagement.office.com
|
unknown
|
There are 15 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
13.107.219.60
|
part-0032.t-0009.fbs1-t-msedge.net
|
United States
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
204.79.197.200
|
dual-a-0001.a-msedge.net
|
United States
|
||
|
142.251.36.205
|
accounts.google.com
|
United States
|
||
|
142.251.36.227
|
gstaticadssl.l.google.com
|
United States
|
||
|
13.107.6.171
|
b-0016.b-msedge.net
|
United States
|
||
|
13.104.208.165
|
i-db3p-cor006.api.p001.1drv.com
|
United States
|
||
|
52.22.91.148
|
verbena-woolly-clutch.glitch.me
|
United States
|
||
|
142.251.36.238
|
clients.l.google.com
|
United States
|
||
|
104.18.11.207
|
maxcdn.bootstrapcdn.com
|
United States
|
||
|
13.107.42.12
|
1drv.ms
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
127.0.0.1
|
unknown
|
unknown
|
||
|
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
There are 4 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
There are 34 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
11400000000
|
trusted library allocation
|
page read and write
|
||
|
1E51C7E0000
|
trusted library allocation
|
page read and write
|
||
|
21F62200000
|
heap
|
page read and write
|
||
|
1147B79B000
|
heap
|
page read and write
|
||
|
71937C000
|
stack
|
page read and write
|
||
|
ADBB1FE000
|
stack
|
page read and write
|
||
|
1E51C879000
|
heap
|
page read and write
|
||
|
1C415D70000
|
heap
|
page read and write
|
||
|
1147B470000
|
trusted library allocation
|
page read and write
|
||
|
1C415E44000
|
heap
|
page read and write
|
||
|
1BA9E0E2000
|
heap
|
page read and write
|
||
|
1147AE00000
|
heap
|
page read and write
|
||
|
ADBAB9E000
|
stack
|
page read and write
|
||
|
1B463102000
|
heap
|
page read and write
|
||
|
26AAC629000
|
heap
|
page read and write
|
||
|
41B81FD000
|
stack
|
page read and write
|
||
|
1BA9E0BB000
|
heap
|
page read and write
|
||
|
1147B7DB000
|
heap
|
page read and write
|
||
|
1147C371000
|
trusted library allocation
|
page read and write
|
||
|
D48727F000
|
stack
|
page read and write
|
||
|
1147C702000
|
heap
|
page read and write
|
||
|
1147AF13000
|
heap
|
page read and write
|
||
|
23DF1646000
|
heap
|
page read and write
|
||
|
1BA9E065000
|
heap
|
page read and write
|
||
|
1C415E6D000
|
heap
|
page read and write
|
||
|
D48737F000
|
stack
|
page read and write
|
||
|
26AAC664000
|
heap
|
page read and write
|
||
|
1E51D002000
|
trusted library allocation
|
page read and write
|
||
|
29C11802000
|
trusted library allocation
|
page read and write
|
||
|
21F6223E000
|
heap
|
page read and write
|
||
|
1B463057000
|
heap
|
page read and write
|
||
|
1BA9E802000
|
heap
|
page read and write
|
||
|
1147C370000
|
trusted library allocation
|
page read and write
|
||
|
29C10E20000
|
heap
|
page read and write
|
||
|
1B462F50000
|
heap
|
page read and write
|
||
|
1147C1C0000
|
trusted library allocation
|
page read and write
|
||
|
21F62180000
|
heap
|
page read and write
|
||
|
1E51C802000
|
heap
|
page read and write
|
||
|
1BA9E03E000
|
heap
|
page read and write
|
||
|
21F62229000
|
heap
|
page read and write
|
||
|
1147C6EF000
|
heap
|
page read and write
|
||
|
1BA9E013000
|
heap
|
page read and write
|
||
|
26AAC67F000
|
heap
|
page read and write
|
||
|
1C415E84000
|
heap
|
page read and write
|
||
|
1147C5E0000
|
trusted library allocation
|
page read and write
|
||
|
1147C4A0000
|
trusted library allocation
|
page read and write
|
||
|
D486BBD000
|
stack
|
page read and write
|
||
|
1147C706000
|
heap
|
page read and write
|
||
|
23DF1678000
|
heap
|
page read and write
|
||
|
26AAC713000
|
heap
|
page read and write
|
||
|
1C415E47000
|
heap
|
page read and write
|
||
|
ADBAFFB000
|
stack
|
page read and write
|
||
|
1147C210000
|
trusted library allocation
|
page read and write
|
||
|
ADBAA9C000
|
stack
|
page read and write
|
||
|
427B57F000
|
stack
|
page read and write
|
||
|
74BF7FB000
|
stack
|
page read and write
|
||
|
1147C4C0000
|
trusted library allocation
|
page read and write
|
||
|
23DF1652000
|
heap
|
page read and write
|
||
|
71A2FF000
|
stack
|
page read and write
|
||
|
21F62980000
|
remote allocation
|
page read and write
|
||
|
1E51C856000
|
heap
|
page read and write
|
||
|
26AAC700000
|
heap
|
page read and write
|
||
|
1C415E7A000
|
heap
|
page read and write
|
||
|
719F7E000
|
stack
|
page read and write
|
||
|
26AACC70000
|
trusted library allocation
|
page read and write
|
||
|
1147C708000
|
heap
|
page read and write
|
||
|
1C415D80000
|
heap
|
page read and write
|
||
|
1147C37E000
|
trusted library allocation
|
page read and write
|
||
|
1BA9DE10000
|
heap
|
page read and write
|
||
|
21F62950000
|
trusted library allocation
|
page read and write
|
||
|
1147B718000
|
heap
|
page read and write
|
||
|
1147BC80000
|
trusted library section
|
page readonly
|
||
|
7198FA000
|
stack
|
page read and write
|
||
|
62F8EFE000
|
stack
|
page read and write
|
||
|
1C415E29000
|
heap
|
page read and write
|
||
|
1147B759000
|
heap
|
page read and write
|
||
|
1BA9DE00000
|
heap
|
page read and write
|
||
|
1C415E33000
|
heap
|
page read and write
|
||
|
1147C61B000
|
heap
|
page read and write
|
||
|
427B07E000
|
stack
|
page read and write
|
||
|
1B463076000
|
heap
|
page read and write
|
||
|
26AAC4A0000
|
heap
|
page read and write
|
||
|
1147C708000
|
heap
|
page read and write
|
||
|
ADBB3FF000
|
stack
|
page read and write
|
||
|
1147C3B4000
|
trusted library allocation
|
page read and write
|
||
|
D486ABB000
|
stack
|
page read and write
|
||
|
1147C390000
|
trusted library allocation
|
page read and write
|
||
|
1C415E58000
|
heap
|
page read and write
|
||
|
1147C450000
|
trusted library allocation
|
page read and write
|
||
|
6F8DAFE000
|
stack
|
page read and write
|
||
|
1147C1D0000
|
trusted library allocation
|
page read and write
|
||
|
41B7F7D000
|
stack
|
page read and write
|
||
|
29C10E90000
|
heap
|
page read and write
|
||
|
719DFF000
|
stack
|
page read and write
|
||
|
1147BC90000
|
trusted library section
|
page readonly
|
||
|
1147AE8A000
|
heap
|
page read and write
|
||
|
23DF1540000
|
heap
|
page read and write
|
||
|
1E51C913000
|
heap
|
page read and write
|
||
|
21F62302000
|
heap
|
page read and write
|
||
|
1BA9DE70000
|
heap
|
page read and write
|
||
|
1147C6FF000
|
heap
|
page read and write
|
||
|
1147C213000
|
trusted library allocation
|
page read and write
|
||
|
698077E000
|
stack
|
page read and write
|
||
|
21F62A02000
|
trusted library allocation
|
page read and write
|
||
|
1147C6F5000
|
heap
|
page read and write
|
||
|
29C11091000
|
heap
|
page read and write
|
||
|
1147AD10000
|
heap
|
page read and write
|
||
|
1147C250000
|
trusted library allocation
|
page read and write
|
||
|
1147B718000
|
heap
|
page read and write
|
||
|
6F8D4FB000
|
stack
|
page read and write
|
||
|
1147C5C0000
|
trusted library allocation
|
page read and write
|
||
|
1147C706000
|
heap
|
page read and write
|
||
|
698067F000
|
stack
|
page read and write
|
||
|
29C11113000
|
heap
|
page read and write
|
||
|
1147AEBB000
|
heap
|
page read and write
|
||
|
1B462EF0000
|
heap
|
page read and write
|
||
|
1147C3B0000
|
trusted library allocation
|
page read and write
|
||
|
74BF6FF000
|
stack
|
page read and write
|
||
|
29C10E30000
|
heap
|
page read and write
|
||
|
41B827E000
|
stack
|
page read and write
|
||
|
ADBB0F7000
|
stack
|
page read and write
|
||
|
1147C6A3000
|
heap
|
page read and write
|
||
|
1147C370000
|
trusted library allocation
|
page read and write
|
||
|
1147AE8E000
|
heap
|
page read and write
|
||
|
1147C70C000
|
heap
|
page read and write
|
||
|
1147B718000
|
heap
|
page read and write
|
||
|
1147BCB0000
|
trusted library section
|
page readonly
|
||
|
1147C800000
|
trusted library allocation
|
page read and write
|
||
|
69FFE7B000
|
stack
|
page read and write
|
||
|
1BA9E900000
|
heap
|
page read and write
|
||
|
1E51C83C000
|
heap
|
page read and write
|
||
|
23DF167A000
|
heap
|
page read and write
|
||
|
1147C70F000
|
heap
|
page read and write
|
||
|
1147C3A0000
|
trusted library allocation
|
page read and write
|
||
|
26AAC648000
|
heap
|
page read and write
|
||
|
23DF1670000
|
heap
|
page read and write
|
||
|
1147C70C000
|
heap
|
page read and write
|
||
|
29C11082000
|
heap
|
page read and write
|
||
|
21F62256000
|
heap
|
page read and write
|
||
|
1147B718000
|
heap
|
page read and write
|
||
|
719E7F000
|
stack
|
page read and write
|
||
|
1147B79A000
|
heap
|
page read and write
|
||
|
1147AE9F000
|
heap
|
page read and write
|
||
|
1C415E74000
|
heap
|
page read and write
|
||
|
29C10F90000
|
trusted library allocation
|
page read and write
|
||
|
1C415E45000
|
heap
|
page read and write
|
||
|
29C11029000
|
heap
|
page read and write
|
||
|
26AACE02000
|
trusted library allocation
|
page read and write
|
||
|
1B463000000
|
heap
|
page read and write
|
||
|
26AAC65E000
|
heap
|
page read and write
|
||
|
1147C378000
|
trusted library allocation
|
page read and write
|
||
|
1C415E13000
|
heap
|
page read and write
|
||
|
1147C391000
|
trusted library allocation
|
page read and write
|
||
|
1E51C868000
|
heap
|
page read and write
|
||
|
1C415E69000
|
heap
|
page read and write
|
||
|
1E51C800000
|
heap
|
page read and write
|
||
|
1147C394000
|
trusted library allocation
|
page read and write
|
||
|
ADBAEFC000
|
stack
|
page read and write
|
||
|
1C415E7E000
|
heap
|
page read and write
|
||
|
1BA9E08A000
|
heap
|
page read and write
|
||
|
1E51C740000
|
heap
|
page read and write
|
||
|
D48707E000
|
stack
|
page read and write
|
||
|
23DF162A000
|
heap
|
page read and write
|
||
|
1C415E4E000
|
heap
|
page read and write
|
||
|
29C11071000
|
heap
|
page read and write
|
||
|
427B17C000
|
stack
|
page read and write
|
||
|
719CFB000
|
stack
|
page read and write
|
||
|
1147C600000
|
heap
|
page read and write
|
||
|
698057B000
|
stack
|
page read and write
|
||
|
69804FD000
|
stack
|
page read and write
|
||
|
7193FE000
|
stack
|
page read and write
|
||
|
1C415F02000
|
heap
|
page read and write
|
||
|
719D7F000
|
stack
|
page read and write
|
||
|
26AAC651000
|
heap
|
page read and write
|
||
|
1147AEB4000
|
heap
|
page read and write
|
||
|
1147C375000
|
trusted library allocation
|
page read and write
|
||
|
69803FC000
|
stack
|
page read and write
|
||
|
21F62980000
|
remote allocation
|
page read and write
|
||
|
74BF8F7000
|
stack
|
page read and write
|
||
|
1147B602000
|
heap
|
page read and write
|
||
|
1147C1E0000
|
trusted library allocation
|
page read and write
|
||
|
41B7E7E000
|
stack
|
page read and write
|
||
|
1147C70D000
|
heap
|
page read and write
|
||
|
1147C70B000
|
heap
|
page read and write
|
||
|
1147C711000
|
heap
|
page read and write
|
||
|
1147BCA0000
|
trusted library section
|
page readonly
|
||
|
1BA9E113000
|
heap
|
page read and write
|
||
|
23DF15B0000
|
heap
|
page read and write
|
||
|
1E51C750000
|
heap
|
page read and write
|
||
|
1C415E5C000
|
heap
|
page read and write
|
||
|
1B462F80000
|
trusted library allocation
|
page read and write
|
||
|
74BF47B000
|
stack
|
page read and write
|
||
|
1147C490000
|
trusted library allocation
|
page read and write
|
||
|
1147C1F0000
|
trusted library allocation
|
page read and write
|
||
|
1C415E5F000
|
heap
|
page read and write
|
||
|
1147C500000
|
remote allocation
|
page read and write
|
||
|
ADBB2FD000
|
stack
|
page read and write
|
||
|
41B7D7E000
|
stack
|
page read and write
|
||
|
D487177000
|
stack
|
page read and write
|
||
|
62F8F7E000
|
stack
|
page read and write
|
||
|
719777000
|
stack
|
page read and write
|
||
|
62F8E7B000
|
stack
|
page read and write
|
||
|
1147AE3E000
|
heap
|
page read and write
|
||
|
1C415DE0000
|
heap
|
page read and write
|
||
|
23DF1708000
|
heap
|
page read and write
|
||
|
1C415E32000
|
heap
|
page read and write
|
||
|
1147C702000
|
heap
|
page read and write
|
||
|
1E51C813000
|
heap
|
page read and write
|
||
|
23DF1613000
|
heap
|
page read and write
|
||
|
1147C71D000
|
heap
|
page read and write
|
||
|
1147BB00000
|
trusted library allocation
|
page read and write
|
||
|
1C415E5A000
|
heap
|
page read and write
|
||
|
1147B759000
|
heap
|
page read and write
|
||
|
698027F000
|
stack
|
page read and write
|
||
|
71A1FD000
|
stack
|
page read and write
|
||
|
1147C711000
|
heap
|
page read and write
|
||
|
1147B700000
|
heap
|
page read and write
|
||
|
1147C500000
|
remote allocation
|
page read and write
|
||
|
26AAC613000
|
heap
|
page read and write
|
||
|
1147AE29000
|
heap
|
page read and write
|
||
|
6F8DBFF000
|
stack
|
page read and write
|
||
|
719FFF000
|
stack
|
page read and write
|
||
|
1147C714000
|
heap
|
page read and write
|
||
|
1147B800000
|
trusted library allocation
|
page read and write
|
||
|
29C1103C000
|
heap
|
page read and write
|
||
|
1BA9DF70000
|
trusted library allocation
|
page read and write
|
||
|
23DF164C000
|
heap
|
page read and write
|
||
|
1BA9E06C000
|
heap
|
page read and write
|
||
|
1147C629000
|
heap
|
page read and write
|
||
|
1147C6FF000
|
heap
|
page read and write
|
||
|
D486EFD000
|
stack
|
page read and write
|
||
|
23DF1E02000
|
trusted library allocation
|
page read and write
|
||
|
1147B580000
|
trusted library section
|
page read and write
|
||
|
26AAC602000
|
heap
|
page read and write
|
||
|
23DF1650000
|
heap
|
page read and write
|
||
|
1C415E57000
|
heap
|
page read and write
|
||
|
1147C71D000
|
heap
|
page read and write
|
||
|
1147B713000
|
heap
|
page read and write
|
||
|
427B47F000
|
stack
|
page read and write
|
||
|
1147C370000
|
trusted library allocation
|
page read and write
|
||
|
1C415E60000
|
heap
|
page read and write
|
||
|
1147C706000
|
heap
|
page read and write
|
||
|
23DF1684000
|
heap
|
page read and write
|
||
|
1147ACB0000
|
heap
|
page read and write
|
||
|
1147B718000
|
heap
|
page read and write
|
||
|
1147C610000
|
heap
|
page read and write
|
||
|
1E51C900000
|
heap
|
page read and write
|
||
|
1147AEFD000
|
heap
|
page read and write
|
||
|
21F62213000
|
heap
|
page read and write
|
||
|
1147C6AC000
|
heap
|
page read and write
|
||
|
1147ACA0000
|
heap
|
page read and write
|
||
|
1147C70B000
|
heap
|
page read and write
|
||
|
1147BC60000
|
trusted library section
|
page readonly
|
||
|
26AAC4B0000
|
heap
|
page read and write
|
||
|
74BF67B000
|
stack
|
page read and write
|
||
|
21F62202000
|
heap
|
page read and write
|
||
|
1147C480000
|
trusted library allocation
|
page read and write
|
||
|
1147B615000
|
heap
|
page read and write
|
||
|
1C415E75000
|
heap
|
page read and write
|
||
|
74BF4FE000
|
stack
|
page read and write
|
||
|
1147AF26000
|
heap
|
page read and write
|
||
|
21F62980000
|
remote allocation
|
page read and write
|
||
|
1147C70C000
|
heap
|
page read and write
|
||
|
29C11021000
|
heap
|
page read and write
|
||
|
719EFE000
|
stack
|
page read and write
|
||
|
1147C71D000
|
heap
|
page read and write
|
||
|
698037F000
|
stack
|
page read and write
|
||
|
1147B5E1000
|
trusted library allocation
|
page read and write
|
||
|
1C415E46000
|
heap
|
page read and write
|
||
|
41B7CFE000
|
stack
|
page read and write
|
||
|
1147C711000
|
heap
|
page read and write
|
||
|
1B46305B000
|
heap
|
page read and write
|
||
|
1147AE8C000
|
heap
|
page read and write
|
||
|
719AFF000
|
stack
|
page read and write
|
||
|
29C11013000
|
heap
|
page read and write
|
||
|
1C415E40000
|
heap
|
page read and write
|
||
|
1147C72E000
|
heap
|
page read and write
|
||
|
719BFA000
|
stack
|
page read and write
|
||
|
1C415E6B000
|
heap
|
page read and write
|
||
|
1147C706000
|
heap
|
page read and write
|
||
|
1E51C902000
|
heap
|
page read and write
|
||
|
1147BC70000
|
trusted library section
|
page readonly
|
||
|
1B463041000
|
heap
|
page read and write
|
||
|
1147AE66000
|
heap
|
page read and write
|
||
|
21F62224000
|
heap
|
page read and write
|
||
|
26AAC702000
|
heap
|
page read and write
|
||
|
1147AE6B000
|
heap
|
page read and write
|
||
|
427AB0C000
|
stack
|
page read and write
|
||
|
23DF1700000
|
heap
|
page read and write
|
||
|
1147C711000
|
heap
|
page read and write
|
||
|
74BF57E000
|
stack
|
page read and write
|
||
|
1147C5F0000
|
trusted library allocation
|
page read and write
|
||
|
698097F000
|
stack
|
page read and write
|
||
|
74BFAFE000
|
stack
|
page read and write
|
||
|
1C415E3D000
|
heap
|
page read and write
|
||
|
62F917E000
|
stack
|
page read and write
|
||
|
1C415E62000
|
heap
|
page read and write
|
||
|
62F927E000
|
stack
|
page read and write
|
||
|
1C415E42000
|
heap
|
page read and write
|
||
|
1147C70F000
|
heap
|
page read and write
|
||
|
21F6225F000
|
heap
|
page read and write
|
||
|
23DF164F000
|
heap
|
page read and write
|
||
|
1BA9E029000
|
heap
|
page read and write
|
||
|
1147C37D000
|
trusted library allocation
|
page read and write
|
||
|
1147AF02000
|
heap
|
page read and write
|
||
|
6F8D9FB000
|
stack
|
page read and write
|
||
|
1147AE58000
|
heap
|
page read and write
|
||
|
26AAC689000
|
heap
|
page read and write
|
||
|
1147C70B000
|
heap
|
page read and write
|
||
|
29C11000000
|
heap
|
page read and write
|
||
|
1B463002000
|
heap
|
page read and write
|
||
|
71A0FA000
|
stack
|
page read and write
|
||
|
41B7FFF000
|
stack
|
page read and write
|
||
|
74BF9FF000
|
stack
|
page read and write
|
||
|
41B7A7C000
|
stack
|
page read and write
|
||
|
1C415E5E000
|
heap
|
page read and write
|
||
|
1BA9E000000
|
heap
|
page read and write
|
||
|
1BA9E0CC000
|
heap
|
page read and write
|
||
|
62F937F000
|
stack
|
page read and write
|
||
|
1C416602000
|
trusted library allocation
|
page read and write
|
||
|
41B80FD000
|
stack
|
page read and write
|
||
|
427B87F000
|
stack
|
page read and write
|
||
|
1147C723000
|
heap
|
page read and write
|
||
|
1147C70C000
|
heap
|
page read and write
|
||
|
1147C4D0000
|
trusted library allocation
|
page read and write
|
||
|
1147C3A0000
|
trusted library allocation
|
page read and write
|
||
|
23DF163C000
|
heap
|
page read and write
|
||
|
1C415E7B000
|
heap
|
page read and write
|
||
|
1147B718000
|
heap
|
page read and write
|
||
|
427B77F000
|
stack
|
page read and write
|
||
|
1E51C7B0000
|
heap
|
page read and write
|
||
|
6F8DCFB000
|
stack
|
page read and write
|
||
|
1147C440000
|
trusted library allocation
|
page read and write
|
||
|
1BA9E0C3000
|
heap
|
page read and write
|
||
|
1147C702000
|
heap
|
page read and write
|
||
|
698087D000
|
stack
|
page read and write
|
||
|
427B67E000
|
stack
|
page read and write
|
||
|
1C416540000
|
trusted library allocation
|
page read and write
|
||
|
69800FC000
|
stack
|
page read and write
|
||
|
23DF1713000
|
heap
|
page read and write
|
||
|
23DF164B000
|
heap
|
page read and write
|
||
|
23DF15E0000
|
trusted library allocation
|
page read and write
|
||
|
1147BDA0000
|
trusted library allocation
|
page read and write
|
||
|
23DF1600000
|
heap
|
page read and write
|
||
|
1147C4B0000
|
trusted library allocation
|
page read and write
|
||
|
D486B3E000
|
stack
|
page read and write
|
||
|
1147C640000
|
heap
|
page read and write
|
||
|
1147B79B000
|
heap
|
page read and write
|
||
|
1147C1C3000
|
trusted library allocation
|
page read and write
|
||
|
26AAC510000
|
heap
|
page read and write
|
||
|
1147B79B000
|
heap
|
page read and write
|
||
|
1147C260000
|
trusted library allocation
|
page read and write
|
||
|
1E51C828000
|
heap
|
page read and write
|
||
|
23DF1550000
|
heap
|
page read and write
|
||
|
1147C372000
|
trusted library allocation
|
page read and write
|
||
|
1147C4C0000
|
trusted library allocation
|
page read and write
|
||
|
1BA9E102000
|
heap
|
page read and write
|
||
|
1147B600000
|
heap
|
page read and write
|
||
|
1147C37C000
|
trusted library allocation
|
page read and write
|
||
|
26AAC600000
|
heap
|
page read and write
|
||
|
1C415E02000
|
heap
|
page read and write
|
||
|
1C415E77000
|
heap
|
page read and write
|
||
|
21F62190000
|
heap
|
page read and write
|
||
|
427AF7B000
|
stack
|
page read and write
|
||
|
1147D000000
|
heap
|
page read and write
|
||
|
427B37D000
|
stack
|
page read and write
|
||
|
ADBAB1D000
|
stack
|
page read and write
|
||
|
1147B881000
|
trusted library allocation
|
page read and write
|
||
|
1147C37B000
|
trusted library allocation
|
page read and write
|
||
|
1BA9E932000
|
heap
|
page read and write
|
||
|
1147C500000
|
remote allocation
|
page read and write
|
||
|
1147AE93000
|
heap
|
page read and write
|
||
|
1B463013000
|
heap
|
page read and write
|
||
|
1147C664000
|
heap
|
page read and write
|
||
|
1147AE13000
|
heap
|
page read and write
|
||
|
1147C64D000
|
heap
|
page read and write
|
||
|
1147C70E000
|
heap
|
page read and write
|
||
|
7199FA000
|
stack
|
page read and write
|
||
|
26AAC63C000
|
heap
|
page read and write
|
||
|
1C415E3B000
|
heap
|
page read and write
|
||
|
1C415E00000
|
heap
|
page read and write
|
||
|
29C11102000
|
heap
|
page read and write
|
||
|
427B27E000
|
stack
|
page read and write
|
||
|
21F621F0000
|
heap
|
page read and write
|
||
|
1147AE61000
|
heap
|
page read and write
|
||
|
1147C71D000
|
heap
|
page read and write
|
||
|
1B463802000
|
trusted library allocation
|
page read and write
|
||
|
26AAC708000
|
heap
|
page read and write
|
||
|
1147C70C000
|
heap
|
page read and write
|
||
|
1147C377000
|
trusted library allocation
|
page read and write
|
||
|
1C415E66000
|
heap
|
page read and write
|
||
|
1B463113000
|
heap
|
page read and write
|
||
|
1147B79B000
|
heap
|
page read and write
|
||
|
1B463029000
|
heap
|
page read and write
|
||
|
23DF1702000
|
heap
|
page read and write
|
||
|
D486FFB000
|
stack
|
page read and write
|
||
|
1147C371000
|
trusted library allocation
|
page read and write
|
||
|
1B462EE0000
|
heap
|
page read and write
|
||
|
1C415E64000
|
heap
|
page read and write
|
||
|
23DF164D000
|
heap
|
page read and write
|
There are 390 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://verbena-woolly-clutch.glitch.me/toy.htm
|
|
|
|
https://onedrive.live.com/view.aspx?resid=1F6FC88150FE397E!35197&ithint=onenote&authkey=!AoF88NbpYZfqkJE
|
||
|
https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=mnfhyzLCdkOTWRS%2FhUuNkA.0&wopisrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffolders%2F1F6FC88150FE397E!35197&wdo=2&sc=host%3D%26qt%3DDefault&wdp=7&uih=OneDrive&wdorigin=Unknown&wdhostclicktime=1656639760502&jsapi=1&jsapiver=v1&newsession=1&corrid=98985cba-b3dc-48e7-ae9f-7bbc12744030&usid=98985cba-b3dc-48e7-ae9f-7bbc12744030&sftc=1&readonly=1&wdredirectionreason=Force_SingleStepBoot
|
||
|
https://onedrive.live.com/redir?resid=1F6FC88150FE397E%2135197&authkey=%21AoF88NbpYZfqkJE&page=View&wd=target%28Quick%20Notes.one%7C5d7d8a2d-e7c2-4f4c-8bbd-8958bcaab581%2FKinetre%20Inc%7C98a50910-a8d3-4348-9fa8-39684459cbc8%2F%29&wdorigin=NavigationUrl
|