Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
load_startup.txt.ps1
|
ASCII text, with very long lines (364)
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0xf763dd59, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lg3rrutv.vbr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lrrwytdw.ebr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\37SNZZ6I1LO35O0VJ7LF.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 52
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 53
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 54
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 55
|
gzip compressed data, max speed, from Unix, original size modulo 2^32 17713
|
downloaded
|
||
|
Chrome Cache Entry: 56
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
|
Chrome Cache Entry: 57
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 58
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 59
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 60
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
|
Chrome Cache Entry: 61
|
SVG Scalable Vector Graphics image
|
dropped
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\load_startup.txt.ps1"
|
|
|
|
C:\Windows\System32\netsh.exe
|
"C:\Windows\system32\netsh.exe" wlan show profiles
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://catalanaoccidente.azureedge.net/
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1872,i,11985368284001391776,17736937243193136222,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://logincdn.msftauth.net/shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg
|
192.229.211.199
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
http://194.163.130.194:8088
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://logincdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
|
192.229.211.199
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://logincdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
|
192.229.211.199
|
||
|
http://194.163.130.194:8088/gco_startup.bat
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://194.163.130.194:8088/gco_startup.batName
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://raw.githubusercontent.com/Octagon-simon/microsoft-login-clone/main/assets/favicon.ico
|
185.199.109.133
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
part-0041.t-0009.t-msedge.net
|
13.107.246.69
|
||
|
raw.githubusercontent.com
|
185.199.109.133
|
||
|
cs1227.wpc.alphacdn.net
|
192.229.211.199
|
||
|
www.google.com
|
142.250.141.99
|
||
|
logincdn.msftauth.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.141.99
|
www.google.com
|
United States
|
||
|
192.229.211.199
|
cs1227.wpc.alphacdn.net
|
United States
|
||
|
192.168.2.6
|
unknown
|
unknown
|
||
|
194.163.130.194
|
unknown
|
Germany
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
185.199.109.133
|
raw.githubusercontent.com
|
Netherlands
|
||
|
185.199.110.133
|
unknown
|
Netherlands
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
520DF0F000
|
stack
|
page read and write
|
||
|
204D60C0000
|
trusted library allocation
|
page read and write
|
||
|
15FD25C0000
|
heap
|
page read and write
|
||
|
204D0AFF000
|
heap
|
page read and write
|
||
|
15E4C970000
|
heap
|
page read and write
|
||
|
204D6290000
|
heap
|
page read and write
|
||
|
520CFFE000
|
stack
|
page read and write
|
||
|
7FFD34B00000
|
trusted library allocation
|
page read and write
|
||
|
204D5F71000
|
trusted library allocation
|
page read and write
|
||
|
D16DBFE000
|
unkown
|
page readonly
|
||
|
15FD29AF000
|
heap
|
page read and write
|
||
|
520E0C7000
|
stack
|
page read and write
|
||
|
204D131B000
|
heap
|
page read and write
|
||
|
15FD2982000
|
heap
|
page read and write
|
||
|
204D6311000
|
heap
|
page read and write
|
||
|
15FB85C7000
|
heap
|
page read and write
|
||
|
204D0A00000
|
heap
|
page read and write
|
||
|
15FD2614000
|
heap
|
page read and write
|
||
|
204D60D0000
|
trusted library allocation
|
page read and write
|
||
|
204D6261000
|
heap
|
page read and write
|
||
|
204D5EF0000
|
trusted library allocation
|
page read and write
|
||
|
204D1591000
|
trusted library allocation
|
page read and write
|
||
|
520CF7F000
|
stack
|
page read and write
|
||
|
15FD2979000
|
heap
|
page read and write
|
||
|
15E4E7A4000
|
heap
|
page read and write
|
||
|
7FFD34AD0000
|
trusted library allocation
|
page read and write
|
||
|
15E4C980000
|
heap
|
page read and write
|
||
|
15FB9FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3479D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
15FB8552000
|
heap
|
page read and write
|
||
|
15FBA53A000
|
trusted library allocation
|
page read and write
|
||
|
520D07C000
|
stack
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page execute and read and write
|
||
|
15FCA7A5000
|
trusted library allocation
|
page read and write
|
||
|
15FB87A0000
|
heap
|
page read and write
|
||
|
204D6070000
|
trusted library allocation
|
page read and write
|
||
|
15FD2648000
|
heap
|
page read and write
|
||
|
15E4CA39000
|
heap
|
page read and write
|
||
|
520D33A000
|
stack
|
page read and write
|
||
|
520CC75000
|
stack
|
page read and write
|
||
|
204D60A0000
|
trusted library allocation
|
page read and write
|
||
|
520D53C000
|
stack
|
page read and write
|
||
|
204D0A7B000
|
heap
|
page read and write
|
||
|
15FB8548000
|
heap
|
page read and write
|
||
|
204D5F70000
|
trusted library allocation
|
page read and write
|
||
|
15FD292C000
|
heap
|
page read and write
|
||
|
204D6110000
|
remote allocation
|
page read and write
|
||
|
204D1B10000
|
trusted library section
|
page readonly
|
||
|
15FB85E5000
|
heap
|
page read and write
|
||
|
204D1300000
|
heap
|
page read and write
|
||
|
15FB862C000
|
heap
|
page read and write
|
||
|
15FBBF0A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34972000
|
trusted library allocation
|
page read and write
|
||
|
204D630A000
|
heap
|
page read and write
|
||
|
15FBA3D0000
|
heap
|
page execute and read and write
|
||
|
D16D2FB000
|
stack
|
page read and write
|
||
|
204D5F90000
|
trusted library allocation
|
page read and write
|
||
|
15FB85E7000
|
heap
|
page read and write
|
||
|
520DFCE000
|
stack
|
page read and write
|
||
|
7FFD34846000
|
trusted library allocation
|
page read and write
|
||
|
15FD26A2000
|
heap
|
page read and write
|
||
|
15FBA413000
|
trusted library allocation
|
page read and write
|
||
|
204D5FA0000
|
trusted library allocation
|
page read and write
|
||
|
204D628E000
|
heap
|
page read and write
|
||
|
15FBB0E2000
|
trusted library allocation
|
page read and write
|
||
|
15FD2646000
|
heap
|
page read and write
|
||
|
520E1CF000
|
stack
|
page read and write
|
||
|
15FD24B4000
|
heap
|
page read and write
|
||
|
7FFD34B24000
|
trusted library allocation
|
page read and write
|
||
|
520E04F000
|
stack
|
page read and write
|
||
|
D16D77E000
|
stack
|
page read and write
|
||
|
15FB8605000
|
heap
|
page read and write
|
||
|
15E4CA39000
|
heap
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3494A000
|
trusted library allocation
|
page read and write
|
||
|
15FB8632000
|
heap
|
page read and write
|
||
|
D16D3FE000
|
unkown
|
page readonly
|
||
|
7FFD347B0000
|
trusted library allocation
|
page read and write
|
||
|
204D1840000
|
trusted library allocation
|
page read and write
|
||
|
15E4CA08000
|
heap
|
page read and write
|
||
|
7FFD34A80000
|
trusted library allocation
|
page read and write
|
||
|
D16E47F000
|
stack
|
page read and write
|
||
|
15FB862E000
|
heap
|
page read and write
|
||
|
204D131A000
|
heap
|
page read and write
|
||
|
D16D0F9000
|
stack
|
page read and write
|
||
|
7FFD34A90000
|
trusted library allocation
|
page read and write
|
||
|
204D6040000
|
trusted library allocation
|
page read and write
|
||
|
15FB85C4000
|
heap
|
page read and write
|
||
|
D16E77E000
|
stack
|
page read and write
|
||
|
15FBBC98000
|
trusted library allocation
|
page read and write
|
||
|
15FB85EF000
|
heap
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D16E1FE000
|
unkown
|
page readonly
|
||
|
D16DB7E000
|
stack
|
page read and write
|
||
|
520DF8D000
|
stack
|
page read and write
|
||
|
D16DCFE000
|
unkown
|
page readonly
|
||
|
204D621F000
|
heap
|
page read and write
|
||
|
204D620F000
|
heap
|
page read and write
|
||
|
15FCA796000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A50000
|
trusted library allocation
|
page read and write
|
||
|
D16D1FE000
|
unkown
|
page readonly
|
||
|
204D6200000
|
heap
|
page read and write
|
||
|
204D62C4000
|
heap
|
page read and write
|
||
|
D16D4FB000
|
stack
|
page read and write
|
||
|
204D5FA0000
|
trusted library allocation
|
page read and write
|
||
|
204D1202000
|
heap
|
page read and write
|
||
|
204D1200000
|
heap
|
page read and write
|
||
|
15E4CA08000
|
heap
|
page read and write
|
||
|
204D5F60000
|
trusted library allocation
|
page read and write
|
||
|
204D60C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
15FB87B5000
|
heap
|
page read and write
|
||
|
5331FFF000
|
stack
|
page read and write
|
||
|
204D0B29000
|
heap
|
page read and write
|
||
|
7FFD34B1D000
|
trusted library allocation
|
page read and write
|
||
|
15FBBE84000
|
trusted library allocation
|
page read and write
|
||
|
15FCA65F000
|
trusted library allocation
|
page read and write
|
||
|
D16C8FD000
|
stack
|
page read and write
|
||
|
15FBC2EA000
|
trusted library allocation
|
page read and write
|
||
|
204D631E000
|
heap
|
page read and write
|
||
|
15E4C9FA000
|
heap
|
page read and write
|
||
|
15E4C940000
|
heap
|
page read and write
|
||
|
15E4CA08000
|
heap
|
page read and write
|
||
|
204D0A5B000
|
heap
|
page read and write
|
||
|
15FBBAE1000
|
trusted library allocation
|
page read and write
|
||
|
15FBBF10000
|
trusted library allocation
|
page read and write
|
||
|
204D5FB4000
|
trusted library allocation
|
page read and write
|
||
|
204D0A95000
|
heap
|
page read and write
|
||
|
15FCA4B1000
|
trusted library allocation
|
page read and write
|
||
|
15FBA040000
|
trusted library allocation
|
page read and write
|
||
|
204D1130000
|
trusted library section
|
page read and write
|
||
|
15E4E7A6000
|
heap
|
page read and write
|
||
|
15FBA020000
|
trusted library allocation
|
page read and write
|
||
|
15FBBF18000
|
trusted library allocation
|
page read and write
|
||
|
204D1B40000
|
trusted library section
|
page readonly
|
||
|
520D2B9000
|
stack
|
page read and write
|
||
|
7FFD34AA0000
|
trusted library allocation
|
page read and write
|
||
|
204D1215000
|
heap
|
page read and write
|
||
|
15FBA410000
|
trusted library allocation
|
page read and write
|
||
|
204D0A91000
|
heap
|
page read and write
|
||
|
204D5F74000
|
trusted library allocation
|
page read and write
|
||
|
204D6110000
|
remote allocation
|
page read and write
|
||
|
5331BFD000
|
stack
|
page read and write
|
||
|
204D6040000
|
trusted library allocation
|
page read and write
|
||
|
15FD28D9000
|
heap
|
page read and write
|
||
|
204D6300000
|
heap
|
page read and write
|
||
|
D16E0FC000
|
stack
|
page read and write
|
||
|
D16CDFE000
|
unkown
|
page readonly
|
||
|
7FFD34AE0000
|
trusted library allocation
|
page read and write
|
||
|
520D1B7000
|
stack
|
page read and write
|
||
|
D16D6FE000
|
unkown
|
page readonly
|
||
|
15E4C9E0000
|
heap
|
page read and write
|
||
|
15E4CA39000
|
heap
|
page read and write
|
||
|
15FBA6E2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AF0000
|
trusted library allocation
|
page read and write
|
||
|
204D1B30000
|
trusted library section
|
page readonly
|
||
|
D16D87E000
|
stack
|
page read and write
|
||
|
D16C9FE000
|
unkown
|
page readonly
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
204D6302000
|
heap
|
page read and write
|
||
|
D16DA7E000
|
stack
|
page read and write
|
||
|
520CE7C000
|
stack
|
page read and write
|
||
|
D16CCFE000
|
stack
|
page read and write
|
||
|
15FD27A0000
|
heap
|
page execute and read and write
|
||
|
204D62BD000
|
heap
|
page read and write
|
||
|
204D60B0000
|
trusted library allocation
|
page read and write
|
||
|
15E4E7A0000
|
heap
|
page read and write
|
||
|
204D62FA000
|
heap
|
page read and write
|
||
|
15FD27D2000
|
heap
|
page read and write
|
||
|
204D0A73000
|
heap
|
page read and write
|
||
|
204D630E000
|
heap
|
page read and write
|
||
|
D16DAFE000
|
unkown
|
page readonly
|
||
|
15FD28CC000
|
heap
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
520D43E000
|
stack
|
page read and write
|
||
|
520CDFD000
|
stack
|
page read and write
|
||
|
204D0AA0000
|
heap
|
page read and write
|
||
|
15FD29CD000
|
heap
|
page read and write
|
||
|
D16DFFE000
|
unkown
|
page readonly
|
||
|
7FFD3484C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34794000
|
trusted library allocation
|
page read and write
|
||
|
533176D000
|
stack
|
page read and write
|
||
|
7FFD34876000
|
trusted library allocation
|
page execute and read and write
|
||
|
15E4E7A3000
|
heap
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
204D1B20000
|
trusted library section
|
page readonly
|
||
|
204D1302000
|
heap
|
page read and write
|
||
|
15FBC376000
|
trusted library allocation
|
page read and write
|
||
|
204D0A8F000
|
heap
|
page read and write
|
||
|
15FBC312000
|
trusted library allocation
|
page read and write
|
||
|
204D09C0000
|
heap
|
page read and write
|
||
|
15FBBAE8000
|
trusted library allocation
|
page read and write
|
||
|
15FBA050000
|
heap
|
page read and write
|
||
|
D16D5FE000
|
unkown
|
page readonly
|
||
|
7FFD347EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
15FB85F5000
|
heap
|
page read and write
|
||
|
D16DD7E000
|
stack
|
page read and write
|
||
|
204D0B13000
|
heap
|
page read and write
|
||
|
204D09B0000
|
heap
|
page read and write
|
||
|
15E4C974000
|
heap
|
page read and write
|
||
|
D16DDFE000
|
unkown
|
page readonly
|
||
|
7FFD34941000
|
trusted library allocation
|
page read and write
|
||
|
15FBA4A0000
|
heap
|
page read and write
|
||
|
204D6050000
|
trusted library allocation
|
page read and write
|
||
|
15FB85EB000
|
heap
|
page read and write
|
||
|
15FD2750000
|
heap
|
page execute and read and write
|
||
|
15FD29E1000
|
heap
|
page read and write
|
||
|
D16C51B000
|
stack
|
page read and write
|
||
|
15FBBE80000
|
trusted library allocation
|
page read and write
|
||
|
204D1B60000
|
trusted library section
|
page readonly
|
||
|
D16DC7E000
|
stack
|
page read and write
|
||
|
7FFD347AB000
|
trusted library allocation
|
page read and write
|
||
|
15E4C9F7000
|
heap
|
page read and write
|
||
|
204D1313000
|
heap
|
page read and write
|
||
|
15FD2943000
|
heap
|
page read and write
|
||
|
15FD28B0000
|
heap
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
15FD260B000
|
heap
|
page read and write
|
||
|
204D5FB0000
|
trusted library allocation
|
page read and write
|
||
|
204D622C000
|
heap
|
page read and write
|
||
|
204D0A2B000
|
heap
|
page read and write
|
||
|
15E4C860000
|
heap
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
204D1B50000
|
trusted library section
|
page readonly
|
||
|
15FBC316000
|
trusted library allocation
|
page read and write
|
||
|
15E4CA3B000
|
heap
|
page read and write
|
||
|
15E4E7A9000
|
heap
|
page read and write
|
||
|
204D5F72000
|
trusted library allocation
|
page read and write
|
||
|
15E4CA3B000
|
heap
|
page read and write
|
||
|
7FFD34A30000
|
trusted library allocation
|
page read and write
|
||
|
D16CAF7000
|
stack
|
page read and write
|
||
|
520D0F8000
|
stack
|
page read and write
|
||
|
15FBBAE6000
|
trusted library allocation
|
page read and write
|
||
|
204D630A000
|
heap
|
page read and write
|
||
|
D16D7FE000
|
unkown
|
page readonly
|
||
|
520D3BE000
|
stack
|
page read and write
|
||
|
204D62AE000
|
heap
|
page read and write
|
||
|
15FBA4B1000
|
trusted library allocation
|
page read and write
|
||
|
204D0A7D000
|
heap
|
page read and write
|
||
|
15FCA4C0000
|
trusted library allocation
|
page read and write
|
||
|
204D135A000
|
heap
|
page read and write
|
||
|
15FB8730000
|
heap
|
page read and write
|
||
|
7FFD34A70000
|
trusted library allocation
|
page read and write
|
||
|
204D5F70000
|
trusted library allocation
|
page read and write
|
||
|
204D62E6000
|
heap
|
page read and write
|
||
|
15FCA51C000
|
trusted library allocation
|
page read and write
|
||
|
204D09F0000
|
trusted library allocation
|
page read and write
|
||
|
15E4E7AA000
|
heap
|
page read and write
|
||
|
15FB8750000
|
heap
|
page read and write
|
||
|
204D62F6000
|
heap
|
page read and write
|
||
|
204D6242000
|
heap
|
page read and write
|
||
|
15FD29DF000
|
heap
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page execute and read and write
|
||
|
15FB85F1000
|
heap
|
page read and write
|
||
|
15FBA030000
|
heap
|
page readonly
|
||
|
204D5F50000
|
trusted library allocation
|
page read and write
|
||
|
204D6254000
|
heap
|
page read and write
|
||
|
15FB9F60000
|
heap
|
page read and write
|
||
|
533177E000
|
stack
|
page read and write
|
||
|
15E4C9E7000
|
heap
|
page read and write
|
||
|
204D62EC000
|
heap
|
page read and write
|
||
|
204D624F000
|
heap
|
page read and write
|
||
|
7FFD34A40000
|
trusted library allocation
|
page read and write
|
||
|
D16CFFE000
|
unkown
|
page readonly
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
5331CFD000
|
stack
|
page read and write
|
||
|
204D0A79000
|
heap
|
page read and write
|
||
|
15E4E450000
|
heap
|
page read and write
|
||
|
15FB87B0000
|
heap
|
page read and write
|
||
|
5331774000
|
stack
|
page read and write
|
||
|
520CCFE000
|
stack
|
page read and write
|
||
|
204D5FCE000
|
trusted library allocation
|
page read and write
|
||
|
15FD27A7000
|
heap
|
page execute and read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page read and write
|
||
|
520D239000
|
stack
|
page read and write
|
||
|
204D0990000
|
heap
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page execute and read and write
|
||
|
204D0B02000
|
heap
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34B19000
|
trusted library allocation
|
page read and write
|
||
|
D16CEFB000
|
stack
|
page read and write
|
||
|
7DF4A0D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
15FB87A5000
|
heap
|
page read and write
|
||
|
15E4E3F0000
|
heap
|
page read and write
|
||
|
204D1EB1000
|
trusted library allocation
|
page read and write
|
||
|
D16D67E000
|
stack
|
page read and write
|
||
|
15FB8650000
|
heap
|
page read and write
|
||
|
7FFD34792000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page execute and read and write
|
||
|
15FD2936000
|
heap
|
page read and write
|
||
|
15FB8540000
|
heap
|
page read and write
|
||
|
5331AFD000
|
unkown
|
page read and write
|
||
|
204D1A30000
|
trusted library allocation
|
page read and write
|
||
|
15E4CA3B000
|
heap
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34793000
|
trusted library allocation
|
page execute and read and write
|
||
|
204D5EE0000
|
trusted library allocation
|
page read and write
|
||
|
204D130C000
|
heap
|
page read and write
|
||
|
D16E7FE000
|
unkown
|
page readonly
|
||
|
15FBBCA1000
|
trusted library allocation
|
page read and write
|
||
|
520CEFB000
|
stack
|
page read and write
|
||
|
520CD7E000
|
stack
|
page read and write
|
||
|
D16DEFE000
|
stack
|
page read and write
|
||
|
204D7000000
|
heap
|
page read and write
|
||
|
D16CBFE000
|
unkown
|
page readonly
|
||
|
204D0AA6000
|
heap
|
page read and write
|
||
|
204D6110000
|
remote allocation
|
page read and write
|
||
|
7FFD34AB0000
|
trusted library allocation
|
page read and write
|
||
|
204D0A13000
|
heap
|
page read and write
|
||
|
520D13E000
|
stack
|
page read and write
|
||
|
D16D8FE000
|
unkown
|
page readonly
|
||
|
204D131A000
|
heap
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
204D0AB0000
|
heap
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AC0000
|
trusted library allocation
|
page read and write
|
||
|
204D0A43000
|
heap
|
page read and write
|
||
|
15FD27D0000
|
heap
|
page read and write
|
||
|
204D1EE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A60000
|
trusted library allocation
|
page read and write
|
||
|
15FD29D3000
|
heap
|
page read and write
|
There are 312 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
http://catalanaoccidente.azureedge.net/
|