Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\21e02d86-7315-4a7b-9604-ced31a974c48.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\4b316f2d-5d0d-40a7-80a3-08da6e5d1d25.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\14720b77-1f95-483d-89de-9674bd010ae7.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\47c92f43-69a6-4d8b-9232-a68d20799244.tmp
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\628a060f-90e8-406d-a29a-938b45f2c71a.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\09971034-ffcf-4adb-84e9-f9936a2aa628.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d03d9413-92fd-4e9a-8997-24bb47753c8c.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e83c5194-303e-4bef-b1d5-1a1ea17406ce.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f11c6353-0e47-4696-9f20-ce16a0854bc8.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\a4e30257-942c-4773-8dfc-f69b4277c3fb.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\2ea90228-ca6a-4b57-ad59-70b53967baaf.tmp
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\9f2bd4a6-b845-44a3-8233-44881dd45f37.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\9f2bd4a6-b845-44a3-8233-44881dd45f37.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\bg\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\ca\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\cs\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\da\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\de\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\el\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\es\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\es_419\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\et\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\fi\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\fr\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\hi\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\hr\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\hu\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\it\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\ja\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\ko\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\lt\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\lv\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\nb\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\_locales\pl\messages.json
|
ASCII text, with very long lines
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\scoped_dir5980_429269721\CRX_INSTALL\manifest.json
|
ASCII text
|
dropped
|
There are 47 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://gmail.us14.list-manage.com/track/click?u=957e6b6833ddd63bbe471b4e4&id=18858b02d6&e=7ce018b90e#*giangaddo.prati@barilla.com*
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,8847407165348421056,15175356157772939675,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://gmail.us14.list-manage.com/track/click?u=957e6b6833ddd63bbe471b4e4&id=18858b02d6&e=7ce018b90e#*giangaddo.prati@barilla.com*
|
|||
https://shafquatarefeen.com/uhg.html#*giangaddo.prati@barilla.com*
|
|||
https://shafquatarefeen.com/wp-includes/images/w-logo-blue-white-bg.png
|
192.154.231.67
|
||
https://shafquatarefeen.com/favicon.ico
|
192.154.231.67
|
||
https://shafquatarefeen.com/uhg.html
|
192.154.231.67
|
||
https://dns.google
|
unknown
|
||
https://ogs.google.com
|
unknown
|
||
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
|
|||
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
|
104.17.25.14
|
||
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
|
152.199.23.37
|
||
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
|
104.18.11.207
|
||
https://trocha.com.co/gvx
|
69.172.198.108
|
||
https://play.google.com
|
unknown
|
||
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.251.36.238
|
||
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.251.36.205
|
||
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
https://shafquatarefeen.com/uhg.html#
|
unknown
|
||
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
|
104.18.11.207
|
||
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
|
152.199.23.37
|
||
https://www.google.com
|
unknown
|
||
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
|
104.17.25.14
|
||
https://i.ibb.co/phX2vBj/0-a5dbd4393ff6a725c7e62b61df7e72f0.jpg
|
51.210.32.106
|
||
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
|
104.18.11.207
|
||
https://accounts.google.com
|
unknown
|
||
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc
|
142.251.36.238
|
||
https://clients2.googleusercontent.com
|
unknown
|
||
https://apis.google.com
|
unknown
|
||
https://www.google.com/
|
unknown
|
||
https://clients2.google.com
|
unknown
|
||
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 20 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
shafquatarefeen.com
|
192.154.231.67
|
||
stackpath.bootstrapcdn.com
|
104.18.11.207
|
||
cs1100.wpc.omegacdn.net
|
152.199.23.37
|
||
accounts.google.com
|
142.251.36.205
|
||
cdnjs.cloudflare.com
|
104.17.25.14
|
||
part-0017.t-0009.fbs1-t-msedge.net
|
13.107.219.45
|
||
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
||
trocha.com.co
|
69.172.198.108
|
||
clients.l.google.com
|
142.251.36.238
|
||
i.ibb.co
|
51.210.32.106
|
||
gmail.us14.list-manage.com
|
unknown
|
||
aadcdn.msftauth.net
|
unknown
|
||
clients2.google.com
|
unknown
|
||
secure.aadcdn.microsoftonline-p.com
|
unknown
|
||
code.jquery.com
|
unknown
|
||
login.microsoftonline.com
|
unknown
|
There are 6 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.154.231.67
|
shafquatarefeen.com
|
United States
|
||
192.168.2.1
|
unknown
|
unknown
|
||
13.107.219.45
|
part-0017.t-0009.fbs1-t-msedge.net
|
United States
|
||
142.251.36.238
|
clients.l.google.com
|
United States
|
||
142.251.36.205
|
accounts.google.com
|
United States
|
||
51.210.32.106
|
i.ibb.co
|
France
|
||
69.172.198.108
|
trocha.com.co
|
Canada
|
||
104.18.11.207
|
stackpath.bootstrapcdn.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
152.199.23.37
|
cs1100.wpc.omegacdn.net
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
||
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
There are 2 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
There are 32 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
DAB757E000
|
stack
|
page read and write
|
||
248078B1000
|
heap
|
page read and write
|
||
24803480000
|
trusted library allocation
|
page read and write
|
||
166DCA26000
|
heap
|
page read and write
|
||
27BEB813000
|
heap
|
page read and write
|
||
24400F90000
|
trusted library allocation
|
page read and write
|
||
24802918000
|
heap
|
page read and write
|
||
7ACC27F000
|
stack
|
page read and write
|
||
24802918000
|
heap
|
page read and write
|
||
20440502000
|
heap
|
page read and write
|
||
E0A3B7D000
|
stack
|
page read and write
|
||
24401064000
|
heap
|
page read and write
|
||
24802802000
|
heap
|
page read and write
|
||
E0A387C000
|
stack
|
page read and write
|
||
24802000000
|
heap
|
page read and write
|
||
DAB6FFB000
|
stack
|
page read and write
|
||
24803110000
|
trusted library section
|
page readonly
|
||
248078E0000
|
heap
|
page read and write
|
||
269BFA76000
|
heap
|
page read and write
|
||
24802FE0000
|
trusted library allocation
|
page read and write
|
||
24401057000
|
heap
|
page read and write
|
||
269BFA4D000
|
heap
|
page read and write
|
||
DAB767F000
|
stack
|
page read and write
|
||
269BFA68000
|
heap
|
page read and write
|
||
24807490000
|
trusted library allocation
|
page read and write
|
||
24807644000
|
trusted library allocation
|
page read and write
|
||
F8A2EFE000
|
stack
|
page read and write
|
||
269BFA5C000
|
heap
|
page read and write
|
||
24807620000
|
trusted library allocation
|
page read and write
|
||
27BEB878000
|
heap
|
page read and write
|
||
DAB717F000
|
stack
|
page read and write
|
||
24802064000
|
heap
|
page read and write
|
||
24802096000
|
heap
|
page read and write
|
||
7ACC1FA000
|
stack
|
page read and write
|
||
248078A8000
|
heap
|
page read and write
|
||
DAB747B000
|
stack
|
page read and write
|
||
24802013000
|
heap
|
page read and write
|
||
204404E0000
|
heap
|
page read and write
|
||
24802900000
|
heap
|
page read and write
|
||
27BEB840000
|
heap
|
page read and write
|
||
166DD202000
|
trusted library allocation
|
page read and write
|
||
56460FE000
|
stack
|
page read and write
|
||
269BFA65000
|
heap
|
page read and write
|
||
20440424000
|
heap
|
page read and write
|
||
24801F60000
|
heap
|
page read and write
|
||
166DC990000
|
remote allocation
|
page read and write
|
||
E0A407E000
|
stack
|
page read and write
|
||
24401002000
|
heap
|
page read and write
|
||
E0A347C000
|
stack
|
page read and write
|
||
269BFA29000
|
heap
|
page read and write
|
||
24807850000
|
heap
|
page read and write
|
||
248020A2000
|
heap
|
page read and write
|
||
F8A2FFF000
|
stack
|
page read and write
|
||
248078F7000
|
heap
|
page read and write
|
||
E0A397E000
|
stack
|
page read and write
|
||
20440A02000
|
heap
|
page read and write
|
||
20440400000
|
heap
|
page read and write
|
||
24807660000
|
trusted library allocation
|
page read and write
|
||
7ACC07F000
|
stack
|
page read and write
|
||
269BF8E0000
|
heap
|
page read and write
|
||
248030D0000
|
trusted library section
|
page readonly
|
||
564667D000
|
stack
|
page read and write
|
||
24802913000
|
heap
|
page read and write
|
||
269BFA75000
|
heap
|
page read and write
|
||
248030C0000
|
trusted library section
|
page readonly
|
||
9C2E9EE000
|
stack
|
page read and write
|
||
24807780000
|
trusted library allocation
|
page read and write
|
||
166DCA00000
|
heap
|
page read and write
|
||
269BFA62000
|
heap
|
page read and write
|
||
269BFA85000
|
heap
|
page read and write
|
||
248078DB000
|
heap
|
page read and write
|
||
E0A377F000
|
stack
|
page read and write
|
||
DAB72FB000
|
stack
|
page read and write
|
||
24400F00000
|
heap
|
page read and write
|
||
24401028000
|
heap
|
page read and write
|
||
248078E6000
|
heap
|
page read and write
|
||
20440489000
|
heap
|
page read and write
|
||
269BFA42000
|
heap
|
page read and write
|
||
166DC990000
|
remote allocation
|
page read and write
|
||
7ACBC7A000
|
stack
|
page read and write
|
||
269BFA5F000
|
heap
|
page read and write
|
||
166DC990000
|
remote allocation
|
page read and write
|
||
7ACC37F000
|
stack
|
page read and write
|
||
7ACC2FF000
|
stack
|
page read and write
|
||
24807641000
|
trusted library allocation
|
page read and write
|
||
20440468000
|
heap
|
page read and write
|
||
9C2EFFB000
|
stack
|
page read and write
|
||
248027F0000
|
trusted library allocation
|
page read and write
|
||
E0A3D7E000
|
stack
|
page read and write
|
||
564657F000
|
stack
|
page read and write
|
||
DAB73FC000
|
stack
|
page read and write
|
||
E0A3F7F000
|
stack
|
page read and write
|
||
269BFA00000
|
heap
|
page read and write
|
||
2440103E000
|
heap
|
page read and write
|
||
24401113000
|
heap
|
page read and write
|
||
269BFA3A000
|
heap
|
page read and write
|
||
204404CC000
|
heap
|
page read and write
|
||
269BFA78000
|
heap
|
page read and write
|
||
269BFA13000
|
heap
|
page read and write
|
||
166DCA02000
|
heap
|
page read and write
|
||
166DCB02000
|
heap
|
page read and write
|
||
DAB6BAB000
|
stack
|
page read and write
|
||
27BEB790000
|
trusted library allocation
|
page read and write
|
||
24807650000
|
trusted library allocation
|
page read and write
|
||
24802815000
|
heap
|
page read and write
|
||
7ACB72B000
|
stack
|
page read and write
|
||
24807818000
|
heap
|
page read and write
|
||
269BFA60000
|
heap
|
page read and write
|
||
27BEB800000
|
heap
|
page read and write
|
||
27BEB85C000
|
heap
|
page read and write
|
||
269BF970000
|
trusted library allocation
|
page read and write
|
||
269BFA46000
|
heap
|
page read and write
|
||
24401102000
|
heap
|
page read and write
|
||
24802090000
|
heap
|
page read and write
|
||
2480203D000
|
heap
|
page read and write
|
||
24807510000
|
trusted library allocation
|
page read and write
|
||
248030F0000
|
trusted library section
|
page readonly
|
||
20440B00000
|
heap
|
page read and write
|
||
24807780000
|
remote allocation
|
page read and write
|
||
269BFA56000
|
heap
|
page read and write
|
||
F8A29EE000
|
stack
|
page read and write
|
||
24803100000
|
trusted library section
|
page readonly
|
||
7ACBD7A000
|
stack
|
page read and write
|
||
27BEB802000
|
heap
|
page read and write
|
||
7ACC47D000
|
stack
|
page read and write
|
||
20440413000
|
heap
|
page read and write
|
||
27BEB867000
|
heap
|
page read and write
|
||
166DCA29000
|
heap
|
page read and write
|
||
9C2E8EB000
|
stack
|
page read and write
|
||
24807730000
|
trusted library allocation
|
page read and write
|
||
269BFA6A000
|
heap
|
page read and write
|
||
204404C4000
|
heap
|
page read and write
|
||
27BEB829000
|
heap
|
page read and write
|
||
24807480000
|
trusted library allocation
|
page read and write
|
||
20440444000
|
heap
|
page read and write
|
||
269BFA41000
|
heap
|
page read and write
|
||
24801FF0000
|
trusted library allocation
|
page read and write
|
||
248030E0000
|
trusted library section
|
page readonly
|
||
20440B3A000
|
heap
|
page read and write
|
||
7ACC0FF000
|
stack
|
page read and write
|
||
269BF940000
|
heap
|
page read and write
|
||
27BEB620000
|
heap
|
page read and write
|
||
269BFA3C000
|
heap
|
page read and write
|
||
DAB777C000
|
stack
|
page read and write
|
||
166DCA13000
|
heap
|
page read and write
|
||
24807650000
|
trusted library allocation
|
page read and write
|
||
27BEB902000
|
heap
|
page read and write
|
||
7ACB7AF000
|
stack
|
page read and write
|
||
56464FD000
|
stack
|
page read and write
|
||
269BF8D0000
|
heap
|
page read and write
|
||
20440471000
|
heap
|
page read and write
|
||
24807628000
|
trusted library allocation
|
page read and write
|
||
166DCA23000
|
heap
|
page read and write
|
||
24401100000
|
heap
|
page read and write
|
||
E0A3E7F000
|
stack
|
page read and write
|
||
5645DFB000
|
stack
|
page read and write
|
||
24808000000
|
heap
|
page read and write
|
||
248027F3000
|
trusted library allocation
|
page read and write
|
||
166DCA50000
|
heap
|
page read and write
|
||
24807640000
|
trusted library allocation
|
page read and write
|
||
24802113000
|
heap
|
page read and write
|
||
E0A3C7F000
|
stack
|
page read and write
|
||
DAB6EFE000
|
stack
|
page read and write
|
||
24802100000
|
heap
|
page read and write
|
||
24807760000
|
trusted library allocation
|
page read and write
|
||
269BFA58000
|
heap
|
page read and write
|
||
166DCA3D000
|
heap
|
page read and write
|
||
20440466000
|
heap
|
page read and write
|
||
24807664000
|
trusted library allocation
|
page read and write
|
||
7ACBA7F000
|
stack
|
page read and write
|
||
27BEB690000
|
heap
|
page read and write
|
||
27BEB863000
|
heap
|
page read and write
|
||
7ACBFFF000
|
stack
|
page read and write
|
||
564617F000
|
stack
|
page read and write
|
||
E0A417E000
|
stack
|
page read and write
|
||
24807780000
|
remote allocation
|
page read and write
|
||
2480782C000
|
heap
|
page read and write
|
||
24803461000
|
trusted library allocation
|
page read and write
|
||
7ACBE7F000
|
stack
|
page read and write
|
||
F8A30FF000
|
stack
|
page read and write
|
||
166DC7F0000
|
heap
|
page read and write
|
||
24807770000
|
trusted library allocation
|
page read and write
|
||
166DC860000
|
heap
|
page read and write
|
||
269BFA25000
|
heap
|
page read and write
|
||
24401000000
|
heap
|
page read and write
|
||
2480205E000
|
heap
|
page read and write
|
||
269BFA64000
|
heap
|
page read and write
|
||
20440513000
|
heap
|
page read and write
|
||
24807843000
|
heap
|
page read and write
|
||
248076F0000
|
trusted library allocation
|
page read and write
|
||
F8A296C000
|
stack
|
page read and write
|
||
24807750000
|
trusted library allocation
|
page read and write
|
||
269BFA5A000
|
heap
|
page read and write
|
||
269BFA55000
|
heap
|
page read and write
|
||
27BEB913000
|
heap
|
page read and write
|
||
269BFA7A000
|
heap
|
page read and write
|
||
204404BB000
|
heap
|
page read and write
|
||
269BFA7B000
|
heap
|
page read and write
|
||
9C2EEFB000
|
stack
|
page read and write
|
||
269BFA59000
|
heap
|
page read and write
|
||
27BEB630000
|
heap
|
page read and write
|
||
24807780000
|
remote allocation
|
page read and write
|
||
9C2E96E000
|
stack
|
page read and write
|
||
564627F000
|
stack
|
page read and write
|
||
24401079000
|
heap
|
page read and write
|
||
E0A357D000
|
stack
|
page read and write
|
||
E0A34FE000
|
stack
|
page read and write
|
||
27BEC002000
|
trusted library allocation
|
page read and write
|
||
56462FE000
|
stack
|
page read and write
|
||
24802068000
|
heap
|
page read and write
|
||
204403F0000
|
trusted library allocation
|
page read and write
|
||
24802029000
|
heap
|
page read and write
|
||
7ACBB77000
|
stack
|
page read and write
|
||
166DC800000
|
heap
|
page read and write
|
||
24401013000
|
heap
|
page read and write
|
||
27BEB86B000
|
heap
|
page read and write
|
||
269C0202000
|
trusted library allocation
|
page read and write
|
||
24807620000
|
trusted library allocation
|
page read and write
|
||
24802066000
|
heap
|
page read and write
|
||
248078B6000
|
heap
|
page read and write
|
||
269BFA40000
|
heap
|
page read and write
|
||
24401802000
|
trusted library allocation
|
page read and write
|
||
DAB727F000
|
stack
|
page read and write
|
||
166DC960000
|
trusted library allocation
|
page read and write
|
||
E0A367B000
|
stack
|
page read and write
|
||
F8A2DFE000
|
stack
|
page read and write
|
||
DAB787F000
|
stack
|
page read and write
|
||
9C2F0FE000
|
stack
|
page read and write
|
||
564677F000
|
stack
|
page read and write
|
||
20440220000
|
heap
|
page read and write
|
||
2480762E000
|
trusted library allocation
|
page read and write
|
||
24802730000
|
trusted library section
|
page read and write
|
||
7ACC57F000
|
stack
|
page read and write
|
||
24802902000
|
heap
|
page read and write
|
||
24807800000
|
heap
|
page read and write
|
||
24807500000
|
trusted library allocation
|
page read and write
|
||
24400F60000
|
heap
|
page read and write
|
||
269BFA7C000
|
heap
|
page read and write
|
||
269BFB02000
|
heap
|
page read and write
|
||
269BFA7F000
|
heap
|
page read and write
|
||
269BFA6B000
|
heap
|
page read and write
|
||
166DCA57000
|
heap
|
page read and write
|
||
24801F50000
|
heap
|
page read and write
|
||
24401068000
|
heap
|
page read and write
|
||
24801FC0000
|
heap
|
page read and write
|
||
248020B9000
|
heap
|
page read and write
|
||
20440B12000
|
heap
|
page read and write
|
||
269BFA31000
|
heap
|
page read and write
|
||
24400EF0000
|
heap
|
page read and write
|
||
204401B0000
|
heap
|
page read and write
|
||
204401C0000
|
heap
|
page read and write
|
||
248020A4000
|
heap
|
page read and write
|
||
56463FE000
|
stack
|
page read and write
|
||
269BFA67000
|
heap
|
page read and write
|
||
269BFA57000
|
heap
|
page read and write
|
||
564607E000
|
stack
|
page read and write
|
||
269BFA61000
|
heap
|
page read and write
|
||
9C2EDFB000
|
stack
|
page read and write
|
||
24802800000
|
heap
|
page read and write
|
||
24802102000
|
heap
|
page read and write
|
||
E0A3A7F000
|
stack
|
page read and write
|
||
24807740000
|
trusted library allocation
|
page read and write
|
||
2480781F000
|
heap
|
page read and write
|
||
7ACBF7B000
|
stack
|
page read and write
|
||
24802B01000
|
trusted library allocation
|
page read and write
|
||
F8A2C7E000
|
stack
|
page read and write
|
||
24802092000
|
heap
|
page read and write
|
||
269BFA63000
|
heap
|
page read and write
|
||
269BFA6E000
|
heap
|
page read and write
|
||
DAB6E7D000
|
stack
|
page read and write
|
||
24807864000
|
heap
|
page read and write
|
There are 261 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://shafquatarefeen.com/uhg.html#*giangaddo.prati@barilla.com*
|
||
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
|