Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\Tax Forms.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\ICACHE-108D0472.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ICACHE-26455F5C.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ICACHE-27DAA93D.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ICACHE-30467910.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ICACHE-53B5DC58.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ICACHE-6B4D3983.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ICACHE-6FD7303A.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ICACHE-72D82FC5.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ILIST-12F331BD.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ILIST-1585BCAB.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ILIST-18552155.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ILIST-39AD33B0.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ILIST-3E51AEB3.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ILIST-3F8582D8.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ILIST-40794635.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ILIST-44A4623E.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ILIST-650B06DD.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ILIST-7DEA5D26.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 18:47:11 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 18:47:11 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 18:47:11 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 18:47:11 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 18:47:11 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\Tax Forms.zip.crdownload
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
Chrome Cache Entry: 124
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 125
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
downloaded
|
||
|
Chrome Cache Entry: 126
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 127
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 128
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 129
|
ASCII text, with very long lines (2274), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 130
|
ASCII text, with very long lines (33668), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 131
|
Web Open Font Format (Version 2), TrueType, length 67552, version 2.8978
|
downloaded
|
||
|
Chrome Cache Entry: 132
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 133
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 134
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 135
|
Web Open Font Format (Version 2), CFF, length 55176, version 4.0
|
downloaded
|
||
|
Chrome Cache Entry: 136
|
HTML document, ASCII text, with very long lines (11472)
|
downloaded
|
||
|
Chrome Cache Entry: 137
|
ASCII text, with very long lines (65451)
|
downloaded
|
||
|
Chrome Cache Entry: 138
|
ASCII text, with very long lines (560), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 139
|
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 140
|
Web Open Font Format (Version 2), TrueType, length 67468, version 2.8978
|
downloaded
|
||
|
Chrome Cache Entry: 141
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 142
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 143
|
ASCII text, with very long lines (546)
|
downloaded
|
||
|
Chrome Cache Entry: 144
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 145
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 146
|
Web Open Font Format (Version 2), TrueType, length 68152, version 2.8978
|
downloaded
|
||
|
Chrome Cache Entry: 147
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 148
|
Web Open Font Format (Version 2), CFF, length 54808, version 4.0
|
downloaded
|
||
|
Chrome Cache Entry: 149
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 150
|
ASCII text, with very long lines (65374)
|
downloaded
|
||
|
Chrome Cache Entry: 151
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 152
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 153
|
Web Open Font Format (Version 2), CFF, length 59724, version 4.0
|
downloaded
|
||
|
Chrome Cache Entry: 154
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 155
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
There are 49 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://workdrive.zohoexternal.com/external/e6b6caa7935dc26506daa69f1bbc974bb9ff94fe4fb64dfb0de1a223c630f65a/download
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1936,i,2894464684335535053,7787294115027878273,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Users\user\Downloads\Tax Forms\Tax Forms.exe
|
"C:\Users\user\Downloads\Tax Forms\Tax Forms.exe"
|
||
|
C:\Users\user\Downloads\Tax Forms\Tax Forms.exe
|
"C:\Users\user\Downloads\Tax Forms\Tax Forms.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://workdrive.zohoexternal.com/external/e6b6caa7935dc26506daa69f1bbc974bb9ff94fe4fb64dfb0de1a223c630f65a/download
|
|||
|
https://static.zohocdn.com/zohofonts/zohopuvi/4.0/Zoho_Puvi_Regular.woff2
|
204.141.33.48
|
||
|
https://storage.citrixonline.com/storage/files/product/g2m/path/AIR//Upload/AIR/UploadFolder
|
unknown
|
||
|
https://static.zohocdn.com/webfonts/robotomedium/font.woff2
|
204.141.33.48
|
||
|
https://audio-usability.cdn.citrixonline.com/https://i22.gotomeeting.com/island/ash/ash.tmpl/approve
|
unknown
|
||
|
https://www.zoho.com/workdrive
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/files/dist/engines-dist/wd-chooser-components/assets/engine-ea5829e90f6248fb04814ea6c5ba0f67.js
|
204.141.33.48
|
||
|
https://js.zohostatic.com/personal/stable
|
unknown
|
||
|
https://workdrive.zohoexternal.com/sheet
|
unknown
|
||
|
https://workdrive.zohoexternal.com/zwd_sw.js
|
136.143.191.16
|
||
|
https://www.handyviewer.com/donate.htmlopenS
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/files/dist/engines-dist/wd-docs-menu/assets/engine-b5e083f490a369d30240b6020dc7105f.js
|
204.141.33.48
|
||
|
https://p5.osdimg.com/g2mupdater/live/config.jsonDownloading
|
unknown
|
||
|
https://static.zohocdn.com/zohofonts/zohopuvi/4.0/Zoho_Puvi_Bold.woff2
|
204.141.33.48
|
||
|
https://www.handyviewer.com/openSV
|
unknown
|
||
|
https://css.zohostatic.com/personal/stable
|
unknown
|
||
|
https://workdrive.zohoexternal.com/show
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
https://workdrive.zohoexternal.com/writer
|
unknown
|
||
|
https://logging.citrixonline.com/report..
|
unknown
|
||
|
https://workdrive.zohoexternal.com/external/e6b6caa7935dc26506daa69f1bbc974bb9ff94fe4fb64dfb0de1a223c630f65a/download
|
|||
|
http://www.citrix.com/about/legal/citrix-online-privacy-policy-
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/files/dist/assets/vendor-c443ff360647f7450d97230139bcc018.js
|
204.141.33.48
|
||
|
https://cdn.gotomeet.at/images/whatsnew/..
|
unknown
|
||
|
https://workdrive.zohoexternal.com/services/oembed?type=json&url=https%3A%2F%2Fworkdrive.zohoexterna
|
unknown
|
||
|
https://files.zohoexternal.com/WD-Chunk-Public/v2/stream/publicupload
|
unknown
|
||
|
https://www.handyviewer.com/contact.htmlopenSV
|
unknown
|
||
|
http://s.gotomeeting.com/forgotpwd?email=
|
unknown
|
||
|
https://workdrive.zohoexternal.com/public/api/v1/license/4431844000081981116
|
unknown
|
||
|
https://www.handyviewer.com/donate.htmlopen
|
unknown
|
||
|
https://citrix.co1.qualtrics.com/SE/?SID=SV_3pHgu7AoUzFSGJD&sid=getBaseFeedbackURL()%s-Audio
|
unknown
|
||
|
https://cdn.gotomeet.at/images/whatsnew/
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/files/dist/assets/files-7b7c1ab31ede3c1dba4fe27ac610609d.js
|
204.141.33.48
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/files/dist/
|
unknown
|
||
|
http://support.citrixonline.com/en_US/Meeting/help_files/G2M040012?Title=Use
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/files/dist/assets/assetMap.json
|
204.141.33.48
|
||
|
http://support.citrixonline.com/s/G2M/Help/VoIPInitializationErrorhttp://s.gotomeeting.com/g2mscreen
|
unknown
|
||
|
https://static.zohocdn.com/webfonts/robotobold/font.woff2
|
204.141.33.48
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/svg-icons/icon-list-8d90da9709bd1da0c5e81d54042dd26f.js
|
204.141.33.48
|
||
|
https://p5.osdimg.com/g2m/live/services.jsonhttps://s5.osdstageimg.com/g2m/stage/services.jsonhttps:
|
unknown
|
||
|
https://www.gotowebinar.comG2MPreferences::setWebUrlWebinar()WebsiteUrlTraininghttps://www.gototrain
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/assetMap.json
|
204.141.33.48
|
||
|
https://www.gotomeeting.comAudioHelpUrlG2MPreferences::setWebUrl()%s-theWebUrl
|
unknown
|
||
|
https://files-accl.zohoexternal.com/public/workdrive-external/download/inx6y681f89af8e8540ce9baba2db
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/default_theme-d91bac1ca5e39da5e0d9d244ef35ccaa.css
|
204.141.33.48
|
||
|
https://static.zohocdn.com/murphysdk/2.2.2/murphy.min.js
|
204.141.33.48
|
||
|
https://www.handyviewer.com/open
|
unknown
|
||
|
https://files-accl.zohoexternal.com/publicupload
|
unknown
|
||
|
https://files.zohoexternal.com/publicupload
|
unknown
|
||
|
https://secure.citrixonline.com/buy?execution=e1s1https://secure.citrixonline.com/commerce/forgotPas
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/
|
unknown
|
||
|
https://logined1.citrixonline.com/rest/autoLoginUrlMatchMakingCycleFinishedG2MLauncherThread::~G2MLa
|
unknown
|
||
|
http://accounts.zoho.com
|
unknown
|
||
|
https://workdrive.zohoexternal.com/public/api/v1/downloadauth/inx6y681f89af8e8540ce9baba2db2bf7801f?linkId=487UVgNglIf-VCSHr
|
136.143.191.16
|
||
|
https://static.zohocdn.com/webfonts/robotoregular/font.woff2
|
204.141.33.48
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/worker/xhr_worker.min.js
|
204.141.33.48
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/enterprise/dist/assets/assetMap.json
|
204.141.33.48
|
||
|
https://www.zoho.com/workdrive/signup.html
|
unknown
|
||
|
https://static.zohocdn.com/zohofonts/zohopuvi/4.0/Zoho_Puvi_Medium.woff2
|
204.141.33.48
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/wd_images/favicons/defaults
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/wd_images/favicons/defaults/favicon.ico
|
204.141.33.48
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/jquery/jquery.min-dc5e7f18c8d36ac1d3d4753a87c98d0a.js
|
204.141.33.48
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/wd_images/favicons/defaults/network-connection.ico?_=1713901636177
|
204.141.33.48
|
||
|
https://logging.citrixonline.comlogginged1.citrixonline.com/loghttps://%s%sBIConsumerX-TopicmachineI
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/intl/js/team/team-e945b0e38524b2e11a70a256d4418a2f.js
|
204.141.33.48
|
||
|
https://static.zohocdn.com/quartz/feedback/v2/zquartz-tracker.js
|
204.141.33.48
|
||
|
https://static.zohocdn.com/personal/stable
|
unknown
|
||
|
http://s.gotomeeting.com/install-outlook-pluginhttp://support.citrixonline.com/s/G2M/Help/MPEGLAC:
|
unknown
|
||
|
https://www.handyviewer.com/manual/openU
|
unknown
|
||
|
https://www.handyviewer.com/openS
|
unknown
|
||
|
https://www.handyviewer.com/check-version.php?version=openS
|
unknown
|
||
|
https://files-accl.zohoexternal.com/public/workdrive-external/download/inx6y681f89af8e8540ce9baba2db2bf7801f?x-cli-msg=%7B%22linkId%22%3A%22487UVgNglIf-VCSHr%22%2C%22isFileOwner%22%3Afalse%2C%22version%22%3A%221.0%22%7D
|
169.148.154.31
|
||
|
http://support.gotomeeting.com/ics/support/default.asp?deptID=5641&task=knowledge&questionID=3725Des
|
unknown
|
||
|
https://workdrive.zohoexternal.com
|
unknown
|
||
|
https://www.handyviewer.com
|
unknown
|
||
|
https://files-accl.zohoexternal.com/WD-Chunk-Public/v2/stream/publicupload
|
unknown
|
||
|
http://support.citrixonline.com/s/G2M/Help/WhatsNewu~
|
unknown
|
||
|
http://support.citrixonline.com/s/G2TG2W/Help/findDefaultURL()%s-Failed
|
unknown
|
||
|
https://files-accl.zohoexternal.com
|
unknown
|
||
|
https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/murphy/murphyInitializer.min-80a2ee059eb0699247fe0ca7a0b7a380.js
|
204.141.33.48
|
There are 69 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
zpublic-h2.zohopublic.com
|
136.143.191.16
|
||
|
h2-stratus.zohocdn.com
|
204.141.33.48
|
||
|
www.google.com
|
172.253.124.104
|
||
|
useast.zohoaccl.com
|
169.148.154.31
|
||
|
workdrive.zohoexternal.com
|
unknown
|
||
|
static.zohocdn.com
|
unknown
|
||
|
files-accl.zohoexternal.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
204.141.33.48
|
h2-stratus.zohocdn.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
136.143.191.16
|
zpublic-h2.zohopublic.com
|
United States
|
||
|
192.168.2.17
|
unknown
|
unknown
|
||
|
172.253.124.104
|
www.google.com
|
United States
|
||
|
169.148.154.31
|
useast.zohoaccl.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@C:\Program Files (x86)\Common Files\system\wab32res.dll,-10100
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
867000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
11534000
|
unkown
|
page readonly
|
||
|
33F0000
|
direct allocation
|
page read and write
|
||
|
832447C000
|
stack
|
page read and write
|
||
|
19C8000
|
heap
|
page read and write
|
||
|
561A000
|
direct allocation
|
page read and write
|
||
|
1574000
|
direct allocation
|
page read and write
|
||
|
118B6000
|
unkown
|
page write copy
|
||
|
1545000
|
direct allocation
|
page read and write
|
||
|
195D000
|
heap
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
862000
|
heap
|
page read and write
|
||
|
14C8000
|
direct allocation
|
page read and write
|
||
|
19B0000
|
heap
|
page read and write
|
||
|
881000
|
heap
|
page read and write
|
||
|
34A4000
|
direct allocation
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
11F3000
|
unkown
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
19E0000
|
heap
|
page read and write
|
||
|
199A000
|
heap
|
page read and write
|
||
|
34C8000
|
direct allocation
|
page read and write
|
||
|
5627000
|
direct allocation
|
page read and write
|
||
|
1770000
|
direct allocation
|
page execute and read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
4EEA000
|
direct allocation
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
1944000
|
heap
|
page read and write
|
||
|
5668000
|
direct allocation
|
page read and write
|
||
|
8F7000
|
stack
|
page read and write
|
||
|
1BBB33A0000
|
heap
|
page read and write
|
||
|
1192000
|
unkown
|
page read and write
|
||
|
1BEE000
|
stack
|
page read and write
|
||
|
34BA000
|
direct allocation
|
page read and write
|
||
|
1991000
|
heap
|
page read and write
|
||
|
11991000
|
unkown
|
page readonly
|
||
|
5610000
|
direct allocation
|
page read and write
|
||
|
59F4000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
3890000
|
heap
|
page read and write
|
||
|
4CCE000
|
stack
|
page read and write
|
||
|
19DD000
|
heap
|
page read and write
|
||
|
843000
|
heap
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
7DF000
|
heap
|
page read and write
|
||
|
1527000
|
direct allocation
|
page read and write
|
||
|
34B3000
|
direct allocation
|
page read and write
|
||
|
15D3000
|
direct allocation
|
page read and write
|
||
|
34C1000
|
direct allocation
|
page read and write
|
||
|
4FBE000
|
stack
|
page read and write
|
||
|
7FD000
|
heap
|
page read and write
|
||
|
11AD000
|
unkown
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
11D6000
|
unkown
|
page read and write
|
||
|
19B2000
|
heap
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
19E0000
|
heap
|
page read and write
|
||
|
848000
|
heap
|
page read and write
|
||
|
1190000
|
unkown
|
page read and write
|
||
|
87B000
|
heap
|
page read and write
|
||
|
4EDC000
|
direct allocation
|
page read and write
|
||
|
4EE8000
|
direct allocation
|
page read and write
|
||
|
4F00000
|
direct allocation
|
page read and write
|
||
|
6070000
|
heap
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
86F000
|
heap
|
page read and write
|
||
|
19C6000
|
heap
|
page read and write
|
||
|
19C8000
|
heap
|
page read and write
|
||
|
33B9000
|
direct allocation
|
page read and write
|
||
|
3425000
|
direct allocation
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
153E000
|
direct allocation
|
page read and write
|
||
|
188E000
|
stack
|
page read and write
|
||
|
1989000
|
heap
|
page read and write
|
||
|
11CD000
|
unkown
|
page read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
1785000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
19CD000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
3AEA000
|
heap
|
page read and write
|
||
|
118AD000
|
unkown
|
page read and write
|
||
|
15E8000
|
direct allocation
|
page read and write
|
||
|
1556000
|
direct allocation
|
page read and write
|
||
|
1190000
|
unkown
|
page read and write
|
||
|
11A27000
|
unkown
|
page readonly
|
||
|
3AE0000
|
heap
|
page read and write
|
||
|
19B6000
|
heap
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
59EF000
|
stack
|
page read and write
|
||
|
194E000
|
heap
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
15E1000
|
direct allocation
|
page read and write
|
||
|
7E3000
|
heap
|
page read and write
|
||
|
15C4000
|
direct allocation
|
page read and write
|
||
|
19D1000
|
heap
|
page read and write
|
||
|
19C7000
|
heap
|
page read and write
|
||
|
14B9000
|
direct allocation
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
320D000
|
stack
|
page read and write
|
||
|
57CC000
|
stack
|
page read and write
|
||
|
823000
|
heap
|
page read and write
|
||
|
34A1000
|
heap
|
page read and write
|
||
|
710000
|
direct allocation
|
page execute and read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
19D6000
|
heap
|
page read and write
|
||
|
83245FE000
|
stack
|
page read and write
|
||
|
882000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
1190000
|
unkown
|
page write copy
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
3A6E000
|
stack
|
page read and write
|
||
|
118AD000
|
unkown
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
3436000
|
direct allocation
|
page read and write
|
||
|
342C000
|
direct allocation
|
page read and write
|
||
|
3AE4000
|
heap
|
page read and write
|
||
|
4EE3000
|
direct allocation
|
page read and write
|
||
|
19B6000
|
heap
|
page read and write
|
||
|
14AE000
|
stack
|
page read and write
|
||
|
4E90000
|
direct allocation
|
page read and write
|
||
|
5608000
|
direct allocation
|
page read and write
|
||
|
386E000
|
stack
|
page read and write
|
||
|
15F5000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
19C1000
|
heap
|
page read and write
|
||
|
192C000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
156D000
|
direct allocation
|
page read and write
|
||
|
19C1000
|
heap
|
page read and write
|
||
|
11A1F000
|
unkown
|
page execute and write copy
|
||
|
19CE000
|
heap
|
page read and write
|
||
|
1537000
|
direct allocation
|
page read and write
|
||
|
11EE000
|
unkown
|
page read and write
|
||
|
58CD000
|
stack
|
page read and write
|
||
|
3407000
|
direct allocation
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
14D9000
|
direct allocation
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
197F000
|
heap
|
page read and write
|
||
|
5625000
|
direct allocation
|
page read and write
|
||
|
11401000
|
unkown
|
page execute read
|
||
|
19CC000
|
heap
|
page read and write
|
||
|
559F000
|
stack
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
1510000
|
direct allocation
|
page read and write
|
||
|
1592000
|
direct allocation
|
page read and write
|
||
|
19A0000
|
heap
|
page read and write
|
||
|
878000
|
heap
|
page read and write
|
||
|
19B2000
|
heap
|
page read and write
|
||
|
19C5000
|
heap
|
page read and write
|
||
|
605F000
|
trusted library allocation
|
page read and write
|
||
|
170E000
|
stack
|
page read and write
|
||
|
9F9000
|
stack
|
page read and write
|
||
|
5F4C000
|
stack
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
5680000
|
direct allocation
|
page read and write
|
||
|
5679000
|
direct allocation
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
83244FF000
|
stack
|
page read and write
|
||
|
7EC000
|
heap
|
page read and write
|
||
|
154C000
|
direct allocation
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
1998000
|
heap
|
page read and write
|
||
|
1564000
|
direct allocation
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
1520000
|
direct allocation
|
page read and write
|
||
|
341E000
|
direct allocation
|
page read and write
|
||
|
15CC000
|
direct allocation
|
page read and write
|
||
|
1973000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
19C7000
|
heap
|
page read and write
|
||
|
197A000
|
heap
|
page read and write
|
||
|
14B0000
|
direct allocation
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
19C1000
|
heap
|
page read and write
|
||
|
15DA000
|
direct allocation
|
page read and write
|
||
|
11F6000
|
unkown
|
page readonly
|
||
|
60E000
|
stack
|
page read and write
|
||
|
1198000
|
unkown
|
page read and write
|
||
|
11AF000
|
unkown
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
11C6000
|
unkown
|
page read and write
|
||
|
119C000
|
unkown
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
10A01000
|
unkown
|
page execute read
|
||
|
569C000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
82E000
|
heap
|
page read and write
|
||
|
5629000
|
direct allocation
|
page read and write
|
||
|
19C5000
|
heap
|
page read and write
|
||
|
1192000
|
unkown
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
5623000
|
direct allocation
|
page read and write
|
||
|
3380000
|
trusted library allocation
|
page read and write
|
||
|
1780000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
19CB000
|
heap
|
page read and write
|
||
|
4E9A000
|
direct allocation
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
19CE000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
11D6000
|
unkown
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
5639000
|
direct allocation
|
page read and write
|
||
|
832457F000
|
stack
|
page read and write
|
||
|
19D5000
|
heap
|
page read and write
|
||
|
1890000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
856000
|
heap
|
page read and write
|
||
|
5654000
|
direct allocation
|
page read and write
|
||
|
1953000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
1BBB33A5000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
1BBB3370000
|
heap
|
page read and write
|
||
|
34AD000
|
heap
|
page read and write
|
||
|
18F8000
|
heap
|
page read and write
|
||
|
1960000
|
heap
|
page read and write
|
||
|
33E0000
|
direct allocation
|
page read and write
|
||
|
6080000
|
heap
|
page read and write
|
||
|
34A1000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
19B2000
|
heap
|
page read and write
|
||
|
1AEF000
|
stack
|
page read and write
|
||
|
5C1E000
|
stack
|
page read and write
|
||
|
4EF9000
|
direct allocation
|
page read and write
|
||
|
33F9000
|
direct allocation
|
page read and write
|
||
|
14C1000
|
direct allocation
|
page read and write
|
||
|
19CC000
|
heap
|
page read and write
|
||
|
13ED000
|
stack
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
4DCF000
|
stack
|
page read and write
|
||
|
1BBB33DE000
|
heap
|
page read and write
|
||
|
19E1000
|
heap
|
page read and write
|
||
|
3399000
|
direct allocation
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
19CC000
|
heap
|
page read and write
|
||
|
4E88000
|
direct allocation
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
34AC000
|
direct allocation
|
page read and write
|
||
|
1199000
|
unkown
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
11C6000
|
unkown
|
page read and write
|
||
|
1BBB4F70000
|
heap
|
page read and write
|
||
|
1BBB33D0000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
4EF1000
|
direct allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
19CE000
|
heap
|
page read and write
|
||
|
81F000
|
heap
|
page read and write
|
||
|
1189F000
|
unkown
|
page write copy
|
||
|
199A000
|
heap
|
page read and write
|
||
|
19CB000
|
heap
|
page read and write
|
||
|
5D1F000
|
stack
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
34AE000
|
heap
|
page read and write
|
||
|
19B1000
|
heap
|
page read and write
|
||
|
566A000
|
direct allocation
|
page read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
7F2000
|
heap
|
page read and write
|
||
|
155D000
|
direct allocation
|
page read and write
|
||
|
158B000
|
direct allocation
|
page read and write
|
||
|
19DF000
|
heap
|
page read and write
|
||
|
19CB000
|
heap
|
page read and write
|
||
|
561F000
|
direct allocation
|
page read and write
|
||
|
343D000
|
direct allocation
|
page read and write
|
||
|
19CB000
|
heap
|
page read and write
|
||
|
11A22000
|
unkown
|
page execute and read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
1987000
|
heap
|
page read and write
|
||
|
1BBB33B0000
|
heap
|
page read and write
|
||
|
177000
|
stack
|
page read and write
|
||
|
18F0000
|
heap
|
page read and write
|
||
|
19D5000
|
heap
|
page read and write
|
||
|
119D000
|
unkown
|
page read and write
|
||
|
3488000
|
direct allocation
|
page read and write
|
||
|
544E000
|
stack
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
827000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
3893000
|
heap
|
page read and write
|
||
|
86F000
|
heap
|
page read and write
|
||
|
5671000
|
direct allocation
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
50BF000
|
stack
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
33A9000
|
direct allocation
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
346B000
|
direct allocation
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
338F000
|
trusted library allocation
|
page read and write
|
||
|
19E0000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
19C8000
|
heap
|
page read and write
|
||
|
1518000
|
direct allocation
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
11AD000
|
unkown
|
page read and write
|
||
|
564C000
|
direct allocation
|
page read and write
|
||
|
19C6000
|
heap
|
page read and write
|
||
|
19CC000
|
heap
|
page read and write
|
||
|
33D9000
|
direct allocation
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
5E1D000
|
stack
|
page read and write
|
||
|
7EC000
|
heap
|
page read and write
|
||
|
19C6000
|
heap
|
page read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
4E9E000
|
direct allocation
|
page read and write
|
||
|
554F000
|
stack
|
page read and write
|
||
|
1760000
|
heap
|
page read and write
|
||
|
1BBB33D7000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
1745000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
3ABD000
|
stack
|
page read and write
|
||
|
19C5000
|
heap
|
page read and write
|
||
|
118AE000
|
unkown
|
page write copy
|
||
|
5270000
|
heap
|
page read and write
|
||
|
11CA000
|
unkown
|
page read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
5621000
|
direct allocation
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
583F000
|
stack
|
page read and write
|
||
|
565C000
|
direct allocation
|
page read and write
|
||
|
19C6000
|
heap
|
page read and write
|
||
|
3454000
|
direct allocation
|
page read and write
|
||
|
19A4000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
19C1000
|
heap
|
page read and write
|
||
|
4ECB000
|
direct allocation
|
page read and write
|
||
|
19D5000
|
heap
|
page read and write
|
||
|
813000
|
heap
|
page read and write
|
||
|
526F000
|
stack
|
page read and write
|
||
|
19E0000
|
heap
|
page read and write
|
||
|
87D000
|
heap
|
page read and write
|
||
|
11534000
|
unkown
|
page readonly
|
||
|
33C9000
|
direct allocation
|
page read and write
|
||
|
5640000
|
direct allocation
|
page read and write
|
||
|
4ED3000
|
direct allocation
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
19CB000
|
heap
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
19B2000
|
heap
|
page read and write
|
||
|
345B000
|
direct allocation
|
page read and write
|
||
|
3472000
|
direct allocation
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
1948000
|
heap
|
page read and write
|
||
|
11F4000
|
unkown
|
page readonly
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
33A1000
|
direct allocation
|
page read and write
|
||
|
3444000
|
direct allocation
|
page read and write
|
||
|
349D000
|
direct allocation
|
page read and write
|
||
|
1995000
|
heap
|
page read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
6B5000
|
heap
|
page read and write
|
||
|
11CD000
|
unkown
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
4E98000
|
direct allocation
|
page read and write
|
||
|
11EE000
|
unkown
|
page write copy
|
||
|
194E000
|
heap
|
page read and write
|
||
|
344D000
|
direct allocation
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
3390000
|
direct allocation
|
page read and write
|
||
|
1BBB3360000
|
heap
|
page read and write
|
||
|
1321000
|
unkown
|
page readonly
|
||
|
15BD000
|
direct allocation
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
19C6000
|
heap
|
page read and write
|
||
|
15A8000
|
direct allocation
|
page read and write
|
||
|
1500000
|
direct allocation
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
3400000
|
direct allocation
|
page read and write
|
||
|
5663000
|
direct allocation
|
page read and write
|
||
|
19D6000
|
heap
|
page read and write
|
||
|
83D000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
14F7000
|
direct allocation
|
page read and write
|
||
|
11AF000
|
unkown
|
page read and write
|
||
|
19C0000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
6050000
|
trusted library allocation
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
7CB000
|
heap
|
page read and write
|
||
|
11892000
|
unkown
|
page write copy
|
||
|
4E9C000
|
direct allocation
|
page read and write
|
||
|
604D000
|
stack
|
page read and write
|
||
|
11C8000
|
unkown
|
page read and write
|
||
|
7FB000
|
heap
|
page read and write
|
||
|
34A7000
|
heap
|
page read and write
|
||
|
14E9000
|
direct allocation
|
page read and write
|
||
|
157B000
|
direct allocation
|
page read and write
|
||
|
7DF000
|
heap
|
page read and write
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
3417000
|
direct allocation
|
page read and write
|
||
|
19CC000
|
heap
|
page read and write
|
There are 421 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://workdrive.zohoexternal.com/external/e6b6caa7935dc26506daa69f1bbc974bb9ff94fe4fb64dfb0de1a223c630f65a/download
|
||
|
https://workdrive.zohoexternal.com/external/e6b6caa7935dc26506daa69f1bbc974bb9ff94fe4fb64dfb0de1a223c630f65a/download
|
||
|
https://workdrive.zohoexternal.com/external/e6b6caa7935dc26506daa69f1bbc974bb9ff94fe4fb64dfb0de1a223c630f65a/download
|