IOC Report
https://huhulihu.com/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\Google\Chrome\User Data\11f32d3c-a0b2-483d-9111-7e7805e4a18a.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\5b43f2f5-4b76-4c2c-a73e-936eaa2564fd.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\9095cb33-2179-4c92-95fc-48f32ff805a8.tmp
SysEx File -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\434ddf6a-e50e-4341-8902-6a48b84b8d18.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5d061ca8-5ce1-4377-a7f1-6f63f2caf6bc.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\84429c50-9990-4d06-9574-d2df1a11839a.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8ad9ca7c-6afd-46ab-99b9-fb97250999ea.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8c6fbc98-a162-4011-b6a5-bfcc2764f447.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\5f4d2216-70b9-47d8-b24e-53f1dda889ef.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\fd39f613-e987-4adf-9ef5-3916c27f0d2d.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b0ace76d-f593-49d9-b30b-61733e9ea1b6.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c989384c-3aea-4bf8-8e41-9afc6ff91305.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d0324388-7b08-4c31-8d7b-d58f70668ce9.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e48e83cf-701f-465b-a252-a14677c41d1a.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f08501a6-bd0a-4b81-8ee0-e8c3a2f23d34.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d08ab2df-2079-48d1-9a4b-65c2665d4a6e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d8dd3d80-2eaa-4f7a-bccf-ca4098406a75.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\e7972615-4103-4e23-a5dc-41fe31b61cc0.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\fa8417df-fa1d-4f8a-b115-d5f5ee96e672.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\93edd314-b361-499c-976d-8cacc12872fc.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\dda93d0f-7435-4c08-9c2b-b5a398516c14.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2320_1201742109\dda93d0f-7435-4c08-9c2b-b5a398516c14.tmp
Google Chrome extension, version 3
dropped
There are 86 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://huhulihu.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,9253150861360257913,15331013490058668580,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1960 /prefetch:8

URLs

Name
IP
Malicious
https://huhulihu.com/
malicious
https://huhulihu.com/2
unknown
 malicious
https://huhulihu.com/
172.67.223.147
 malicious
https://huhulihu.com/favicon.ico
172.67.223.147
 malicious
https://huhulihu.com/53b31e2d-515b-42ef-a961-d3969b0b76d9.css
172.67.223.147
 malicious
https://huhulihu.com/53b31e2d-515b-42ef-a961-d3969b0b76d9.js
172.67.223.147
 malicious
https://huhulihu.com/
malicious
https://media.cobiro.com/images/8aeb2dbf-37b6-48b0-9860-ce7adeefad6d.webp?width=1920px
99.84.88.8
https://dns.google
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://ogs.google.com
unknown
https://www.google.com/images/cleardot.gif
unknown
https://media.cobiro.com/assets/css/reset.css
99.84.88.8
https://play.google.com
unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.251.36.205
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://i.imgur.com/SyO5Weq.jpg
151.101.12.193
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
https://www.google.com/images/x2.gif
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.251.36.238
https://accounts.google.com/MergeSession
unknown
https://www.google.com
unknown
https://www.google.com/images/dot2.gif
unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
104.17.24.14
https://accounts.google.com
unknown
https://clients2.googleusercontent.com
unknown
https://apis.google.com
unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
104.18.11.207
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://siasky.net/favicon.ico
94.102.51.19
https://www.google.com/
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://clients2.google.com
unknown
https://a.nel.cloudflare.com/report/v3?s=m4Xr7mN9cSOiObXRX1sncakixaLxo%2FSYMrqZpnmIaLud%2FRDGNACuXMrL2gF3qPVyrDxuTJu9xX1N736%2B2oxnd8uLecWyQ2QfEhGU%2F28gyj2VgCo0YqZx2AhjLysJTuI%3D
35.190.80.1
https://clients2.google.com/service/update2/crx
unknown
There are 25 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
gstaticadssl.l.google.com
142.251.36.227
siasky.net
94.102.51.19
a.nel.cloudflare.com
35.190.80.1
accounts.google.com
142.251.36.205
www-googletagmanager.l.google.com
142.251.37.8
maxcdn.bootstrapcdn.com
104.18.11.207
part-0032.t-0009.t-msedge.net
13.107.246.60
media.cobiro.com
99.84.88.8
part-0032.t-0009.fbs1-t-msedge.net
13.107.219.60
huhulihu.com
172.67.223.147
cdnjs.cloudflare.com
104.17.24.14
clients.l.google.com
142.251.36.238
ipv4.imgur.map.fastly.net
151.101.12.193
use.fontawesome.com
unknown
clients2.google.com
unknown
code.jquery.com
unknown
i.imgur.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.17.24.14
cdnjs.cloudflare.com
United States
13.107.219.60
part-0032.t-0009.fbs1-t-msedge.net
United States
192.168.2.1
unknown
unknown
99.84.88.8
media.cobiro.com
United States
142.251.36.238
clients.l.google.com
United States
142.251.36.205
accounts.google.com
United States
142.251.36.227
gstaticadssl.l.google.com
United States
151.101.12.193
ipv4.imgur.map.fastly.net
United States
104.18.11.207
maxcdn.bootstrapcdn.com
United States
94.102.51.19
siasky.net
Netherlands
239.255.255.250
unknown
Reserved
172.67.223.147
huhulihu.com
United States
142.251.37.8
www-googletagmanager.l.google.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
127.0.0.1
unknown
unknown
There are 5 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
There are 34 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
25126A9D000
heap
page read and write
B80CBFC000
stack
page read and write
2512C2FE000
heap
page read and write
218C5241000
heap
page read and write
99512FF000
stack
page read and write
242A1890000
heap
page read and write
1F8AD85A000
heap
page read and write
2231FE5C000
heap
page read and write
22320802000
trusted library allocation
page read and write
242A1B13000
heap
page read and write
282BAE48000
heap
page read and write
2512739A000
heap
page read and write
DA96A7F000
stack
page read and write
2512C1A0000
trusted library allocation
page read and write
5198DFE000
stack
page read and write
24730456000
heap
page read and write
2512C21D000
heap
page read and write
1B8AE877000
heap
page read and write
242A3402000
trusted library allocation
page read and write
1F8AD879000
heap
page read and write
B8F95FE000
stack
page read and write
2512C31D000
heap
page read and write
DA969FE000
stack
page read and write
24727F000
stack
page read and write
2512C1F0000
remote allocation
page read and write
B8F917F000
stack
page read and write
242A19F0000
trusted library allocation
page read and write
223206A0000
remote allocation
page read and write
2231FD60000
heap
page read and write
B80C72E000
stack
page read and write
2512C2AB000
heap
page read and write
282BAE13000
heap
page read and write
2473045A000
heap
page read and write
242A1B18000
heap
page read and write
2512C0B4000
trusted library allocation
page read and write
2512BF80000
trusted library allocation
page read and write
1F8AE002000
trusted library allocation
page read and write
2512C1B0000
trusted library allocation
page read and write
2512C1F0000
trusted library allocation
page read and write
2512C30B000
heap
page read and write
25127B70000
trusted library section
page readonly
25126A5A000
heap
page read and write
218C5200000
heap
page read and write
1FAE87E000
stack
page read and write
2472FE000
stack
page read and write
F95EE7C000
stack
page read and write
2473042E000
heap
page read and write
25127BB0000
trusted library section
page readonly
1B8AE800000
heap
page read and write
1B8AE85C000
heap
page read and write
25127983000
trusted library allocation
page read and write
2512C2DE000
heap
page read and write
B8F9A7D000
stack
page read and write
282BAC60000
heap
page read and write
B8F98FF000
stack
page read and write
F95F2FD000
stack
page read and write
2E29EAD0000
heap
page read and write
25127318000
heap
page read and write
DA968FF000
stack
page read and write
242A1880000
heap
page read and write
25127202000
heap
page read and write
242A33E0000
remote allocation
page read and write
99510FC000
stack
page read and write
2512C098000
trusted library allocation
page read and write
DA963EE000
stack
page read and write
2512C211000
heap
page read and write
2512C510000
trusted library allocation
page read and write
25127961000
trusted library allocation
page read and write
F95EC7B000
stack
page read and write
2512C160000
trusted library allocation
page read and write
218C51A0000
trusted library allocation
page read and write
282BAE86000
heap
page read and write
B80C7AD000
stack
page read and write
2512C1F0000
remote allocation
page read and write
25127358000
heap
page read and write
1B8AE790000
trusted library allocation
page read and write
B8F93FA000
stack
page read and write
242A33E0000
remote allocation
page read and write
242A1A13000
heap
page read and write
24730466000
heap
page read and write
F95F47D000
stack
page read and write
B80C6AB000
stack
page read and write
218C5213000
heap
page read and write
242A1A48000
heap
page read and write
2231FE00000
heap
page read and write
1F8AD650000
heap
page read and write
24730449000
heap
page read and write
282BAE5F000
heap
page read and write
2512C30D000
heap
page read and write
2512BF70000
trusted library allocation
page read and write
B8F8EFB000
stack
page read and write
1F8AD7B0000
trusted library allocation
page read and write
F95F17F000
stack
page read and write
B80CAFB000
stack
page read and write
2473043A000
heap
page read and write
1B8AE900000
heap
page read and write
2512C1F0000
remote allocation
page read and write
282BAE66000
heap
page read and write
2473045C000
heap
page read and write
2231FDD0000
heap
page read and write
F95F57E000
stack
page read and write
1B8AE881000
heap
page read and write
B80D0FF000
stack
page read and write
1B8AE88E000
heap
page read and write
2512C309000
heap
page read and write
1B8AE913000
heap
page read and write
B80CFFD000
stack
page read and write
1B8AE85E000
heap
page read and write
B8F90FB000
stack
page read and write
24730457000
heap
page read and write
218C5110000
heap
page read and write
F95F1FC000
stack
page read and write
282BAE00000
heap
page read and write
1B8AE876000
heap
page read and write
218C5170000
heap
page read and write
2474FB000
stack
page read and write
9950DFF000
stack
page read and write
242A1A71000
heap
page read and write
2512C22B000
heap
page read and write
2512C0D0000
trusted library allocation
page read and write
2E29E8B0000
heap
page read and write
218C5276000
heap
page read and write
1B8AE85A000
heap
page read and write
242A1A49000
heap
page read and write
2E29EA29000
heap
page read and write
282BAE5C000
heap
page read and write
DA962EB000
stack
page read and write
242A1A65000
heap
page read and write
24730C02000
trusted library allocation
page read and write
DA96B7D000
stack
page read and write
2512C31D000
heap
page read and write
2E29F202000
heap
page read and write
2E29EB13000
heap
page read and write
2512C31C000
heap
page read and write
2512C09E000
trusted library allocation
page read and write
F95ED7E000
stack
page read and write
24730462000
heap
page read and write
2512C0C0000
trusted library allocation
page read and write
282BABF0000
heap
page read and write
218C5202000
heap
page read and write
1F8AD828000
heap
page read and write
218C526B000
heap
page read and write
2231FE2A000
heap
page read and write
2512C0C0000
trusted library allocation
page read and write
1F8AD913000
heap
page read and write
9950B7E000
stack
page read and write
F95F37B000
stack
page read and write
25126B13000
heap
page read and write
1B8AE863000
heap
page read and write
242A1B00000
heap
page read and write
242A1A58000
heap
page read and write
99511FC000
stack
page read and write
223206A0000
remote allocation
page read and write
2512C316000
heap
page read and write
2512C2F6000
heap
page read and write
25126A8F000
heap
page read and write
282BAF02000
heap
page read and write
25126A9B000
heap
page read and write
2512C090000
trusted library allocation
page read and write
25126A3C000
heap
page read and write
282BAE63000
heap
page read and write
242A3640000
trusted library allocation
page read and write
242A1A59000
heap
page read and write
25127358000
heap
page read and write
B8F97FC000
stack
page read and write
242A1B1C000
heap
page read and write
2512C302000
heap
page read and write
25127318000
heap
page read and write
251268F0000
heap
page read and write
2E29EA44000
heap
page read and write
1F8AD640000
heap
page read and write
1B8AE908000
heap
page read and write
25126ABA000
heap
page read and write
218C5313000
heap
page read and write
2473043A000
heap
page read and write
25127318000
heap
page read and write
282BAE2E000
heap
page read and write
1F8AD802000
heap
page read and write
CA42F7E000
stack
page read and write
9950CFD000
stack
page read and write
2E29E920000
heap
page read and write
2E29F300000
heap
page read and write
DA96C7F000
stack
page read and write
24730350000
trusted library allocation
page read and write
22320670000
trusted library allocation
page read and write
1B8AE85F000
heap
page read and write
1FAE5FE000
stack
page read and write
2512C24F000
heap
page read and write
24730440000
heap
page read and write
519878E000
stack
page read and write
25126A75000
heap
page read and write
242A1A00000
heap
page read and write
24787F000
stack
page read and write
242A1A49000
heap
page read and write
1F8AD813000
heap
page read and write
B8F91FE000
stack
page read and write
9950EFF000
stack
page read and write
2E29EB02000
heap
page read and write
2E29EA00000
heap
page read and write
1B8AE690000
heap
page read and write
218C5302000
heap
page read and write
B8F957A000
stack
page read and write
1B8AE876000
heap
page read and write
2512C090000
trusted library allocation
page read and write
242A1A3D000
heap
page read and write
B8F8B7E000
stack
page read and write
B8F8A7C000
stack
page read and write
2E29EA87000
heap
page read and write
218C528A000
heap
page read and write
2512C1E0000
trusted library allocation
page read and write
282BAF13000
heap
page read and write
519870E000
stack
page read and write
218C525C000
heap
page read and write
24730250000
heap
page read and write
25127200000
heap
page read and write
25126A8B000
heap
page read and write
25127B90000
trusted library section
page readonly
282BAE7D000
heap
page read and write
282BAE55000
heap
page read and write
25126A77000
heap
page read and write
1F8AD6B0000
heap
page read and write
1F8AD800000
heap
page read and write
F95EEFE000
stack
page read and write
B8F96FA000
stack
page read and write
2512C30D000
heap
page read and write
242A1A02000
heap
page read and write
282BAE3C000
heap
page read and write
2473047B000
heap
page read and write
5198BFE000
stack
page read and write
1F8AD87C000
heap
page read and write
25126890000
heap
page read and write
282BAE64000
heap
page read and write
242A1A8A000
heap
page read and write
2512C2F8000
heap
page read and write
2512C1D0000
trusted library allocation
page read and write
1F8AD83E000
heap
page read and write
25127313000
heap
page read and write
247301F0000
heap
page read and write
242A33B0000
trusted library allocation
page read and write
24730413000
heap
page read and write
F95F77F000
stack
page read and write
2473FB000
stack
page read and write
2512BF30000
trusted library allocation
page read and write
1F8AD902000
heap
page read and write
25126880000
heap
page read and write
B8F8FFE000
stack
page read and write
2512C265000
heap
page read and write
24730469000
heap
page read and write
282BAD60000
trusted library allocation
page read and write
25127A90000
trusted library allocation
page read and write
251271A0000
trusted library section
page read and write
218C5263000
heap
page read and write
24730430000
heap
page read and write
282BAE55000
heap
page read and write
1B8AE620000
heap
page read and write
2E29F1C0000
trusted library allocation
page read and write
B80CEFD000
stack
page read and write
24730458000
heap
page read and write
218C5278000
heap
page read and write
282BAE6A000
heap
page read and write
9950FFF000
stack
page read and write
2231FF02000
heap
page read and write
1F8AD900000
heap
page read and write
5198CFE000
stack
page read and write
2E29EA13000
heap
page read and write
247301E0000
heap
page read and write
2512C580000
trusted library allocation
page read and write
519868B000
stack
page read and write
25126AFC000
heap
page read and write
B80D2FF000
stack
page read and write
282BAE69000
heap
page read and write
CA4337E000
stack
page read and write
1B8AE813000
heap
page read and write
B80CCFF000
stack
page read and write
2473046D000
heap
page read and write
25127581000
trusted library allocation
page read and write
2512C1E0000
trusted library allocation
page read and write
218C5C02000
trusted library allocation
page read and write
B8F8C77000
stack
page read and write
242A33E0000
remote allocation
page read and write
2473044F000
heap
page read and write
2512C31F000
heap
page read and write
2E29EAE1000
heap
page read and write
25126A72000
heap
page read and write
247677000
stack
page read and write
2512C306000
heap
page read and write
25126AAB000
heap
page read and write
251279A0000
trusted library allocation
page read and write
F95F07E000
stack
page read and write
25127990000
trusted library allocation
page read and write
2E29EA6E000
heap
page read and write
2231FE02000
heap
page read and write
B8F8CFE000
stack
page read and write
2512C0B1000
trusted library allocation
page read and write
99513FC000
stack
page read and write
24730461000
heap
page read and write
24777F000
stack
page read and write
2473047A000
heap
page read and write
282BAE49000
heap
page read and write
242A1A59000
heap
page read and write
DA9667E000
stack
page read and write
2512C304000
heap
page read and write
2512C0B0000
trusted library allocation
page read and write
25127215000
heap
page read and write
9950A7C000
stack
page read and write
25127800000
trusted library allocation
page read and write
282BAF00000
heap
page read and write
24730502000
heap
page read and write
2231FE3C000
heap
page read and write
B8F927E000
stack
page read and write
24730464000
heap
page read and write
25126A89000
heap
page read and write
251269F0000
trusted library allocation
page read and write
2E29EAC8000
heap
page read and write
CA43277000
stack
page read and write
24730442000
heap
page read and write
B8F997D000
stack
page read and write
218C5237000
heap
page read and write
282BAC00000
heap
page read and write
282BAE60000
heap
page read and write
B8F8AFD000
stack
page read and write
1F8AD864000
heap
page read and write
282BAE5B000
heap
page read and write
2512C0D4000
trusted library allocation
page read and write
2512C1C0000
trusted library allocation
page read and write
2E29EA66000
heap
page read and write
2512C305000
heap
page read and write
242A3600000
trusted library allocation
page read and write
282BAE62000
heap
page read and write
2512C2AD000
heap
page read and write
25126A13000
heap
page read and write
2473043C000
heap
page read and write
24730484000
heap
page read and write
B8F947F000
stack
page read and write
25127BA0000
trusted library section
page readonly
282BAE5D000
heap
page read and write
2512C2E5000
heap
page read and write
1B8AE851000
heap
page read and write
9950AFE000
stack
page read and write
25126A6D000
heap
page read and write
B80D1FF000
stack
page read and write
B80D3FE000
stack
page read and write
282BAF08000
heap
page read and write
2E29EABF000
heap
page read and write
2512C28A000
heap
page read and write
2512BF10000
trusted library allocation
page read and write
24757F000
stack
page read and write
242A18F0000
heap
page read and write
25127B80000
trusted library section
page readonly
F95ECFD000
stack
page read and write
24730429000
heap
page read and write
25126A29000
heap
page read and write
2231FD70000
heap
page read and write
CA42E7C000
stack
page read and write
25127F10000
trusted library allocation
page read and write
218C5224000
heap
page read and write
1B8AF002000
trusted library allocation
page read and write
25127300000
heap
page read and write
1FAED7F000
stack
page read and write
282BB602000
trusted library allocation
page read and write
218C5100000
heap
page read and write
F95F67C000
stack
page read and write
2473045E000
heap
page read and write
1B8AE630000
heap
page read and write
2512C091000
trusted library allocation
page read and write
CA42EFF000
stack
page read and write
B8F92FF000
stack
page read and write
24730477000
heap
page read and write
B80D4FE000
stack
page read and write
1F8AD868000
heap
page read and write
25127302000
heap
page read and write
2473045F000
heap
page read and write
242A1A2A000
heap
page read and write
223206A0000
remote allocation
page read and write
DA9677E000
stack
page read and write
1B8AE861000
heap
page read and write
2512C200000
heap
page read and write
2E29E8C0000
heap
page read and write
2473046B000
heap
page read and write
25127BC0000
trusted library section
page readonly
2473042C000
heap
page read and write
1B8AE85B000
heap
page read and write
B8F8DFD000
stack
page read and write
B80CDFE000
stack
page read and write
24730455000
heap
page read and write
25126A00000
heap
page read and write
1B8AE83C000
heap
page read and write
2512C242000
heap
page read and write
24730432000
heap
page read and write
1FAEB7F000
stack
page read and write
2231FE13000
heap
page read and write
CA4317B000
stack
page read and write
2E29EA64000
heap
page read and write
246FBB000
stack
page read and write
1FAEA7B000
stack
page read and write
2E29F332000
heap
page read and write
242A1B02000
heap
page read and write
1FAEC7F000
stack
page read and write
2473047E000
heap
page read and write
282BAE29000
heap
page read and write
25126B02000
heap
page read and write
DA967FE000
stack
page read and write
1FAE57C000
stack
page read and write
1B8AE829000
heap
page read and write
1B8AE902000
heap
page read and write
25127980000
trusted library allocation
page read and write
CA4347E000
stack
page read and write
DA9636E000
stack
page read and write
2512D000000
heap
page read and write
24730400000
heap
page read and write
There are 400 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://siasky.net/3AEHbFlOdPtyXsj8eGWVQ6vSXpRUpMVyXvwtj_j-7IiElg
 malicious
https://huhulihu.com/