Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://securemailcenter.citigroup.com/branding/citi/emx/images/emailBanner.gif
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{72BD4AA8-CA70-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72BD4AAA-CA70-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72BD4AAB-CA70-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\emailBanner[1].gif
|
GIF image data, version 89a, 150 x 68
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF280D04EE554E50CF.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF2B830054C2999F0C.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF4E2977DE7B6AC2F0.TMP
|
data
|
dropped
|
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6492 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://securemailcenter.citigroup.com/branding/citi/emx/images/emailBanner.gif
|
|
||
|
http://www.wikipedia.com/
|
unknown
|
|
|
|
http://www.amazon.com/
|
unknown
|
|
|
|
http://www.nytimes.com/
|
unknown
|
|
|
|
http://www.live.com/
|
unknown
|
|
|
|
https://securemailcenter.citigroup.com/branding/citi/emx/images/emailBanner.gif
|
unknown
|
|
|
|
http://www.reddit.com/
|
unknown
|
|
|
|
http://www.twitter.com/
|
unknown
|
|
|
|
http://www.youtube.com/
|
unknown
|
|
|
|
https://securemailcenter.citigroup.com/branding/citi/emx/images/emailBanner.gifRoot
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
securemailcenter.citigroup.com
|
192.193.154.4
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.193.154.4
|
securemailcenter.citigroup.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{72BD4AA8-CA70-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
CVListPingLastYMD
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-912
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-904
|
|
There are 16 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF54DB31000
|
unkown
|
page readonly
|
|
|
|
7FF5CC248000
|
unkown
|
page readonly
|
|
|
|
1BF01950000
|
unkown
|
page readonly
|
|
|
|
7FF55C3FA000
|
unkown
|
page readonly
|
|
|
|
7FF5CCB0F000
|
unkown
|
page readonly
|
|
|
|
29402813000
|
unkown
|
page read and write
|
|
|
|
2940283C000
|
unkown
|
page read and write
|
|
|
|
7FF5CCA11000
|
unkown
|
page readonly
|
|
|
|
7FF54DA2A000
|
unkown
|
page readonly
|
|
|
|
1C47F980000
|
unkown
|
page readonly
|
|
|
|
2D76E049000
|
unkown
|
page read and write
|
|
|
|
7FF556A47000
|
unkown
|
page readonly
|
|
|
|
1B436F40000
|
unkown
|
page readonly
|
|
|
|
2D76E04E000
|
unkown
|
page read and write
|
|
|
|
2D76E055000
|
unkown
|
page read and write
|
|
|
|
7FF5569FC000
|
unkown
|
page readonly
|
|
|
|
7FF5CC6A2000
|
unkown
|
page readonly
|
|
|
|
1B43623C000
|
unkown
|
page read and write
|
|
|
|
7FF55C291000
|
unkown
|
page readonly
|
|
|
|
2940288E000
|
unkown
|
page read and write
|
|
|
|
D3A277E000
|
unkown
|
page read and write
|
|
|
|
7FF5CCB3B000
|
unkown
|
page readonly
|
|
|
|
1C47FB90000
|
unkown
|
page readonly
|
|
|
|
7FF55695D000
|
unkown
|
page readonly
|
|
|
|
7FF5AE588000
|
unkown
|
page readonly
|
|
|
|
24D49602000
|
unkown
|
page read and write
|
|
|
|
7FF55C3AE000
|
unkown
|
page readonly
|
|
|
|
29403560000
|
unkown
|
page read and write
|
|
|
|
2D76ED40000
|
unkown
|
page readonly
|
|
|
|
1BF01945000
|
heap private
|
page read and write
|
|
|
|
2D76E000000
|
unkown
|
page read and write
|
|
|
|
1C47FDA5000
|
heap private
|
page read and write
|
|
|
|
24D49C02000
|
unkown
|
page read and write
|
|
|
|
7FF55C130000
|
unkown
|
page readonly
|
|
|
|
2D76EA00000
|
unkown
|
page readonly
|
|
|
|
7FF54D993000
|
unkown
|
page readonly
|
|
|
|
1B436120000
|
heap private
|
page read and write
|
|
|
|
7FF556A7E000
|
unkown
|
page readonly
|
|
|
|
2D76E03C000
|
unkown
|
page read and write
|
|
|
|
2D76E054000
|
unkown
|
page read and write
|
|
|
|
7FF5568B3000
|
unkown
|
page readonly
|
|
|
|
19E7E2BA000
|
heap default
|
page read and write
|
|
|
|
8C3B73E000
|
unkown
|
page read and write
|
|
|
|
7FF54D921000
|
unkown
|
page readonly
|
|
|
|
29403550000
|
unkown
|
page readonly
|
|
|
|
7FF5AE5C9000
|
unkown
|
page readonly
|
|
|
|
2D76DFA0000
|
unkown
|
page readonly
|
|
|
|
7FF5680E2000
|
unkown
|
page readonly
|
|
|
|
7FF55C418000
|
unkown
|
page readonly
|
|
|
|
1B436213000
|
unkown
|
page read and write
|
|
|
|
1BF01580000
|
unkown
|
page readonly
|
|
|
|
7FF54DAA8000
|
unkown
|
page readonly
|
|
|
|
24D4964D000
|
unkown
|
page read and write
|
|
|
|
1B436308000
|
unkown
|
page read and write
|
|
|
|
7FF5CCB84000
|
unkown
|
page readonly
|
|
|
|
7FF55C41E000
|
unkown
|
page readonly
|
|
|
|
29402CD0000
|
unkown
|
page readonly
|
|
|
|
1B436300000
|
unkown
|
page read and write
|
|
|
|
5332775000
|
unkown
|
page read and write
|
|
|
|
24D49685000
|
unkown
|
page read and write
|
|
|
|
1BF016F0000
|
heap default
|
page read and write
|
|
|
|
7FF54D606000
|
unkown
|
page readonly
|
|
|
|
4DFEFE000
|
unkown
|
page read and write
|
|
|
|
2D76DF20000
|
heap private
|
page read and write
|
|
|
|
7FF58CCA4000
|
unkown
|
page readonly
|
|
|
|
24D49700000
|
unkown
|
page read and write
|
|
|
|
24D49B90000
|
unkown
|
page read and write
|
|
|
|
29402902000
|
unkown
|
page read and write
|
|
|
|
7FF55C3B5000
|
unkown
|
page readonly
|
|
|
|
1B436180000
|
heap default
|
page read and write
|
|
|
|
7FF5CC692000
|
unkown
|
page readonly
|
|
|
|
7FF5CCBA6000
|
unkown
|
page readonly
|
|
|
|
7FF5681D2000
|
unkown
|
page readonly
|
|
|
|
7FF556A3C000
|
unkown
|
page readonly
|
|
|
|
24D49600000
|
unkown
|
page read and write
|
|
|
|
19E7E3B0000
|
unkown
|
page readonly
|
|
|
|
4E007F000
|
unkown
|
page read and write
|
|
|
|
7FF55C3AA000
|
unkown
|
page readonly
|
|
|
|
7FF54DA6F000
|
unkown
|
page readonly
|
|
|
|
7FF55C303000
|
unkown
|
page readonly
|
|
|
|
7FF5CC8B0000
|
unkown
|
page readonly
|
|
|
|
7FF55C2AB000
|
unkown
|
page readonly
|
|
|
|
5332AFE000
|
unkown
|
page read and write
|
|
|
|
CDD23FA000
|
unkown
|
page read and write
|
|
|
|
7FF568159000
|
unkown
|
page readonly
|
|
|
|
2D76E802000
|
unkown
|
page read and write
|
|
|
|
7FF5CCA83000
|
unkown
|
page readonly
|
|
|
|
7FF568118000
|
unkown
|
page readonly
|
|
|
|
1C47FA9B000
|
heap default
|
page read and write
|
|
|
|
1C47FDB0000
|
unkown
|
page readonly
|
|
|
|
7FF556AF4000
|
unkown
|
page readonly
|
|
|
|
7FF55C39A000
|
unkown
|
page readonly
|
|
|
|
4E00FE000
|
unkown
|
page read and write
|
|
|
|
7FF55690E000
|
unkown
|
page readonly
|
|
|
|
7FF5CC705000
|
unkown
|
page readonly
|
|
|
|
533267E000
|
unkown
|
page read and write
|
|
|
|
7FF5AE63A000
|
unkown
|
page readonly
|
|
|
|
CDD22FD000
|
unkown
|
page read and write
|
|
|
|
FC3DEFF000
|
unkown
|
page read and write
|
|
|
|
29403540000
|
unkown
|
page readonly
|
|
|
|
29402A00000
|
unkown
|
page readonly
|
|
|
|
2D76DF80000
|
heap default
|
page read and write
|
|
|
|
7FF54D9AC000
|
unkown
|
page readonly
|
|
|
|
7FF5CCB5F000
|
unkown
|
page readonly
|
|
|
|
24D49E00000
|
unkown
|
page readonly
|
|
|
|
19E7E280000
|
unkown
|
page readonly
|
|
|
|
24D49510000
|
unkown
|
page readonly
|
|
|
|
2D76DFB0000
|
unkown
|
page read and write
|
|
|
|
7FF5CC8A7000
|
unkown
|
page readonly
|
|
|
|
1BF01670000
|
unkown
|
page read and write
|
|
|
|
A820A7F000
|
unkown
|
page read and write
|
|
|
|
7FF556861000
|
unkown
|
page readonly
|
|
|
|
FC3D73F000
|
unkown
|
page read and write
|
|
|
|
7FF54DA84000
|
unkown
|
page readonly
|
|
|
|
7FF54D600000
|
unkown
|
page readonly
|
|
|
|
FC3DCF7000
|
unkown
|
page read and write
|
|
|
|
7FF5565D0000
|
unkown
|
page readonly
|
|
|
|
7FF5CCAFF000
|
unkown
|
page readonly
|
|
|
|
7FF54DA57000
|
unkown
|
page readonly
|
|
|
|
7FF5CCA94000
|
unkown
|
page readonly
|
|
|
|
8C3BB7F000
|
unkown
|
page read and write
|
|
|
|
4DFE7A000
|
unkown
|
page read and write
|
|
|
|
29402F50000
|
unkown
|
page read and write
|
|
|
|
29402F40000
|
unkown
|
page readonly
|
|
|
|
1B436253000
|
unkown
|
page read and write
|
|
|
|
2D76E070000
|
unkown
|
page read and write
|
|
|
|
1B4361A0000
|
unkown
|
page readonly
|
|
|
|
7FF54DA94000
|
unkown
|
page readonly
|
|
|
|
7FF5CC9DA000
|
unkown
|
page readonly
|
|
|
|
1BF01940000
|
heap private
|
page read and write
|
|
|
|
7FF54DB24000
|
unkown
|
page readonly
|
|
|
|
7FF55C253000
|
unkown
|
page readonly
|
|
|
|
7FF5CCB9E000
|
unkown
|
page readonly
|
|
|
|
7FF55C42D000
|
unkown
|
page readonly
|
|
|
|
7FF5CC747000
|
unkown
|
page readonly
|
|
|
|
7FF54DB2A000
|
unkown
|
page readonly
|
|
|
|
2940288A000
|
unkown
|
page read and write
|
|
|
|
7FF556A64000
|
unkown
|
page readonly
|
|
|
|
1C47FDA0000
|
heap private
|
page read and write
|
|
|
|
7FF5CCB1C000
|
unkown
|
page readonly
|
|
|
|
2D76E053000
|
unkown
|
page read and write
|
|
|
|
7FF568148000
|
unkown
|
page readonly
|
|
|
|
7FF58CCAA000
|
unkown
|
page readonly
|
|
|
|
7FF56813E000
|
unkown
|
page readonly
|
|
|
|
7FF568124000
|
unkown
|
page readonly
|
|
|
|
2D76E056000
|
unkown
|
page read and write
|
|
|
|
1B436400000
|
unkown
|
page readonly
|
|
|
|
7FF55C3C7000
|
unkown
|
page readonly
|
|
|
|
5332BFC000
|
unkown
|
page read and write
|
|
|
|
7FF5CCC22000
|
unkown
|
page readonly
|
|
|
|
CDD25F7000
|
unkown
|
page read and write
|
|
|
|
7FF5CC964000
|
unkown
|
page readonly
|
|
|
|
7FF556A78000
|
unkown
|
page readonly
|
|
|
|
1B43624D000
|
unkown
|
page read and write
|
|
|
|
7FF5CCB2A000
|
unkown
|
page readonly
|
|
|
|
7FF58CC6B000
|
unkown
|
page readonly
|
|
|
|
7FF5CC930000
|
unkown
|
page readonly
|
|
|
|
7FF5AE594000
|
unkown
|
page readonly
|
|
|
|
7FF55C39C000
|
unkown
|
page readonly
|
|
|
|
1B436202000
|
unkown
|
page read and write
|
|
|
|
7FF5CCB8F000
|
unkown
|
page readonly
|
|
|
|
7FF5CCB30000
|
unkown
|
page readonly
|
|
|
|
7FF5CCA9C000
|
unkown
|
page readonly
|
|
|
|
2D76E051000
|
unkown
|
page read and write
|
|
|
|
533239E000
|
unkown
|
page read and write
|
|
|
|
7FF568134000
|
unkown
|
page readonly
|
|
|
|
7FF5CC487000
|
unkown
|
page readonly
|
|
|
|
7FF5CC8F6000
|
unkown
|
page readonly
|
|
|
|
24D4A140000
|
unkown
|
page readonly
|
|
|
|
7FF5CC8EB000
|
unkown
|
page readonly
|
|
|
|
7FF58CCC8000
|
unkown
|
page readonly
|
|
|
|
7FF54D98D000
|
unkown
|
page readonly
|
|
|
|
A820B7E000
|
unkown
|
page read and write
|
|
|
|
7FF58CC60000
|
unkown
|
page readonly
|
|
|
|
7FF55BF85000
|
unkown
|
page readonly
|
|
|
|
29402AD0000
|
unkown
|
page readonly
|
|
|
|
1B43628A000
|
unkown
|
page read and write
|
|
|
|
29403002000
|
unkown
|
page read and write
|
|
|
|
7FF5AE550000
|
unkown
|
page readonly
|
|
|
|
53329F7000
|
unkown
|
page read and write
|
|
|
|
7FF5CC6F0000
|
unkown
|
page readonly
|
|
|
|
7FF556963000
|
unkown
|
page readonly
|
|
|
|
FC3D6BB000
|
unkown
|
page read and write
|
|
|
|
7FF58CC98000
|
unkown
|
page readonly
|
|
|
|
7FF58CCCE000
|
unkown
|
page readonly
|
|
|
|
19E7E480000
|
heap private
|
page read and write
|
|
|
|
7FF55C2AE000
|
unkown
|
page readonly
|
|
|
|
19E7E230000
|
unkown
|
page read and write
|
|
|
|
7FF54DA77000
|
unkown
|
page readonly
|
|
|
|
8C3B6BC000
|
unkown
|
page read and write
|
|
|
|
1B43625D000
|
unkown
|
page read and write
|
|
|
|
7FF5CCB04000
|
unkown
|
page readonly
|
|
|
|
7FF5CCAD0000
|
unkown
|
page readonly
|
|
|
|
29403570000
|
unkown
|
page readonly
|
|
|
|
29402800000
|
unkown
|
page read and write
|
|
|
|
7FF54D615000
|
unkown
|
page readonly
|
|
|
|
19E7E2B8000
|
heap default
|
page read and write
|
|
|
|
7FF54DA9F000
|
unkown
|
page readonly
|
|
|
|
7FF5565D6000
|
unkown
|
page readonly
|
|
|
|
2D76E029000
|
unkown
|
page read and write
|
|
|
|
7FF5680E0000
|
unkown
|
page readonly
|
|
|
|
29402870000
|
unkown
|
page read and write
|
|
|
|
D3A267C000
|
unkown
|
page read and write
|
|
|
|
7FF556A27000
|
unkown
|
page readonly
|
|
|
|
29403200000
|
unkown
|
page readonly
|
|
|
|
7FF55BF70000
|
unkown
|
page readonly
|
|
|
|
A8207DE000
|
unkown
|
page read and write
|
|
|
|
7FF55C314000
|
unkown
|
page readonly
|
|
|
|
7FF58C925000
|
unkown
|
page readonly
|
|
|
|
7FF5CCB35000
|
unkown
|
page readonly
|
|
|
|
29402F80000
|
unkown
|
page readonly
|
|
|
|
24D49702000
|
unkown
|
page read and write
|
|
|
|
7FF56814E000
|
unkown
|
page readonly
|
|
|
|
8C3B7BF000
|
unkown
|
page read and write
|
|
|
|
1BF01690000
|
unkown
|
page readonly
|
|
|
|
7FF54DA4B000
|
unkown
|
page readonly
|
|
|
|
7FF55BF76000
|
unkown
|
page readonly
|
|
|
|
7FF5CC981000
|
unkown
|
page readonly
|
|
|
|
24D49613000
|
unkown
|
page read and write
|
|
|
|
A82075C000
|
unkown
|
page read and write
|
|
|
|
29402FF0000
|
unkown
|
page readonly
|
|
|
|
7FF5AE5CD000
|
unkown
|
page readonly
|
|
|
|
2D76E04B000
|
unkown
|
page read and write
|
|
|
|
1BF01520000
|
unkown
|
page readonly
|
|
|
|
7FF556A86000
|
unkown
|
page readonly
|
|
|
|
294027F0000
|
heap default
|
page read and write
|
|
|
|
7FF5CC6F6000
|
unkown
|
page readonly
|
|
|
|
7FF56812A000
|
unkown
|
page readonly
|
|
|
|
7FF55BAC8000
|
unkown
|
page readonly
|
|
|
|
7FF5CCBA9000
|
unkown
|
page readonly
|
|
|
|
7FF5CCB98000
|
unkown
|
page readonly
|
|
|
|
53328FE000
|
unkown
|
page read and write
|
|
|
|
7FF5CCB2E000
|
unkown
|
page readonly
|
|
|
|
7FF5CCA7D000
|
unkown
|
page readonly
|
|
|
|
1B436C00000
|
unkown
|
page readonly
|
|
|
|
7FF58CD52000
|
unkown
|
page readonly
|
|
|
|
2D76E2D0000
|
unkown
|
page readonly
|
|
|
|
7FF556A3F000
|
unkown
|
page readonly
|
|
|
|
1B43626F000
|
unkown
|
page read and write
|
|
|
|
1B436313000
|
unkown
|
page read and write
|
|
|
|
7FF5681C4000
|
unkown
|
page readonly
|
|
|
|
7FF5CC60E000
|
unkown
|
page readonly
|
|
|
|
7FF5CCC21000
|
unkown
|
page readonly
|
|
|
|
1C47FA00000
|
unkown
|
page read and write
|
|
|
|
7FF5CC431000
|
unkown
|
page readonly
|
|
|
|
7FF556128000
|
unkown
|
page readonly
|
|
|
|
7FF55C4A2000
|
unkown
|
page readonly
|
|
|
|
7FF556B01000
|
unkown
|
page readonly
|
|
|
|
7FF54DABD000
|
unkown
|
page readonly
|
|
|
|
7FF5CC745000
|
unkown
|
page readonly
|
|
|
|
7FF54DA3E000
|
unkown
|
page readonly
|
|
|
|
7FF55BAC2000
|
unkown
|
page readonly
|
|
|
|
1B43622A000
|
unkown
|
page read and write
|
|
|
|
7FF5680E5000
|
unkown
|
page readonly
|
|
|
|
7FF5CCB7A000
|
unkown
|
page readonly
|
|
|
|
1B4364D0000
|
unkown
|
page readonly
|
|
|
|
CDD1FEE000
|
unkown
|
page read and write
|
|
|
|
7FF5AE5AE000
|
unkown
|
page readonly
|
|
|
|
7FF556B02000
|
unkown
|
page readonly
|
|
|
|
1B436190000
|
unkown
|
page readonly
|
|
|
|
7FF556A0A000
|
unkown
|
page readonly
|
|
|
|
7FF5AE5B8000
|
unkown
|
page readonly
|
|
|
|
2D76E108000
|
unkown
|
page read and write
|
|
|
|
FC3D7BF000
|
unkown
|
page read and write
|
|
|
|
19E7E2B0000
|
heap default
|
page read and write
|
|
|
|
7FF5AE5BE000
|
unkown
|
page readonly
|
|
|
|
2D76E08E000
|
unkown
|
page read and write
|
|
|
|
24D49440000
|
unkown
|
page readonly
|
|
|
|
7FF5CC242000
|
unkown
|
page readonly
|
|
|
|
7FF5CC69E000
|
unkown
|
page readonly
|
|
|
|
8C3BAFF000
|
unkown
|
page read and write
|
|
|
|
7FF58CD44000
|
unkown
|
page readonly
|
|
|
|
7FF5B8342000
|
unkown
|
page readonly
|
|
|
|
7FF5CC966000
|
unkown
|
page readonly
|
|
|
|
7FF58CBE1000
|
unkown
|
page readonly
|
|
|
|
7FF54DAB9000
|
unkown
|
page readonly
|
|
|
|
7FF58CCB4000
|
unkown
|
page readonly
|
|
|
|
1B436302000
|
unkown
|
page read and write
|
|
|
|
7FF5CCAD2000
|
unkown
|
page readonly
|
|
|
|
7FF54D158000
|
unkown
|
page readonly
|
|
|
|
7FF55C3DF000
|
unkown
|
page readonly
|
|
|
|
8C3BBFF000
|
unkown
|
page read and write
|
|
|
|
2D76E088000
|
unkown
|
page read and write
|
|
|
|
CDD1EEB000
|
unkown
|
page read and write
|
|
|
|
7FF5CCA33000
|
unkown
|
page readonly
|
|
|
|
2D76E013000
|
unkown
|
page read and write
|
|
|
|
7FF55C426000
|
unkown
|
page readonly
|
|
|
|
7FF55C3B0000
|
unkown
|
page readonly
|
|
|
|
7FF5CC483000
|
unkown
|
page readonly
|
|
|
|
A820BFF000
|
unkown
|
page read and write
|
|
|
|
7FF556A8D000
|
unkown
|
page readonly
|
|
|
|
7FF54DA2C000
|
unkown
|
page readonly
|
|
|
|
CDD1F6E000
|
unkown
|
page read and write
|
|
|
|
D3A2BFF000
|
unkown
|
page read and write
|
|
|
|
19E7E160000
|
unkown
|
page readonly
|
|
|
|
7FF5681D1000
|
unkown
|
page readonly
|
|
|
|
7FF54DA40000
|
unkown
|
page readonly
|
|
|
|
D3A26FE000
|
unkown
|
page read and write
|
|
|
|
7FF5680EB000
|
unkown
|
page readonly
|
|
|
|
29402802000
|
unkown
|
page read and write
|
|
|
|
29402829000
|
unkown
|
page read and write
|
|
|
|
7FF55C429000
|
unkown
|
page readonly
|
|
|
|
7FF54DA45000
|
unkown
|
page readonly
|
|
|
|
2940285E000
|
unkown
|
page read and write
|
|
|
|
24D4963C000
|
unkown
|
page read and write
|
|
|
|
D3A29FB000
|
unkown
|
page read and write
|
|
|
|
CDD26FE000
|
unkown
|
page read and write
|
|
|
|
7FF54DA3A000
|
unkown
|
page readonly
|
|
|
|
24D49713000
|
unkown
|
page read and write
|
|
|
|
D3A28FE000
|
unkown
|
page read and write
|
|
|
|
1C47F9E0000
|
unkown
|
page read and write
|
|
|
|
24D4962A000
|
unkown
|
page read and write
|
|
|
|
7FF5B8342000
|
unkown
|
page readonly
|
|
|
|
2D76E102000
|
unkown
|
page read and write
|
|
|
|
7FF556790000
|
unkown
|
page readonly
|
|
|
|
2D76E113000
|
unkown
|
page read and write
|
|
|
|
533231C000
|
unkown
|
page read and write
|
|
|
|
24D49708000
|
unkown
|
page read and write
|
|
|
|
7FF56815D000
|
unkown
|
page readonly
|
|
|
|
7FF54DA8A000
|
unkown
|
page readonly
|
|
|
|
4DFF7F000
|
unkown
|
page read and write
|
|
|
|
7FF54D891000
|
unkown
|
page readonly
|
|
|
|
7FF54DA6C000
|
unkown
|
page readonly
|
|
|
|
29402E70000
|
unkown
|
page readonly
|
|
|
|
7FF5AE552000
|
unkown
|
page readonly
|
|
|
|
1B43625D000
|
unkown
|
page read and write
|
|
|
|
7FF55C3DC000
|
unkown
|
page readonly
|
|
|
|
7FF5CCAFB000
|
unkown
|
page readonly
|
|
|
|
CDD24FA000
|
unkown
|
page read and write
|
|
|
|
7FF55C3E7000
|
unkown
|
page readonly
|
|
|
|
7FF55C2FD000
|
unkown
|
page readonly
|
|
|
|
7FF5AE634000
|
unkown
|
page readonly
|
|
|
|
2D76E066000
|
unkown
|
page read and write
|
|
|
|
7FF556AFA000
|
unkown
|
page readonly
|
|
|
|
7FF5AE642000
|
unkown
|
page readonly
|
|
|
|
7FF55C494000
|
unkown
|
page readonly
|
|
|
|
7FF54D93E000
|
unkown
|
page readonly
|
|
|
|
7FF5CC971000
|
unkown
|
page readonly
|
|
|
|
FC3DBFB000
|
unkown
|
page read and write
|
|
|
|
7FF5CCA2B000
|
unkown
|
page readonly
|
|
|
|
7FF5681CA000
|
unkown
|
page readonly
|
|
|
|
7FF5CCB1A000
|
unkown
|
page readonly
|
|
|
|
D3A2CFE000
|
unkown
|
page read and write
|
|
|
|
24D49653000
|
unkown
|
page read and write
|
|
|
|
7FF556A0E000
|
unkown
|
page readonly
|
|
|
|
7FF5CCC14000
|
unkown
|
page readonly
|
|
|
|
19E7E485000
|
heap private
|
page read and write
|
|
|
|
7FF54D8E3000
|
unkown
|
page readonly
|
|
|
|
7FF58CC62000
|
unkown
|
page readonly
|
|
|
|
2D76E200000
|
unkown
|
page readonly
|
|
|
|
24D49800000
|
unkown
|
page readonly
|
|
|
|
7FF556974000
|
unkown
|
page readonly
|
|
|
|
7FF58CCDD000
|
unkown
|
page readonly
|
|
|
|
7FF55C4A1000
|
unkown
|
page readonly
|
|
|
|
1B4361B0000
|
unkown
|
page read and write
|
|
|
|
7FF5CC9D3000
|
unkown
|
page readonly
|
|
|
|
7FF5CCB5C000
|
unkown
|
page readonly
|
|
|
|
7FF54D9A4000
|
unkown
|
page readonly
|
|
|
|
29402FA0000
|
unkown
|
page write copy
|
|
|
|
7FF55C40F000
|
unkown
|
page readonly
|
|
|
|
533287B000
|
unkown
|
page read and write
|
|
|
|
7FF54D93B000
|
unkown
|
page readonly
|
|
|
|
7FF556A5A000
|
unkown
|
page readonly
|
|
|
|
7FF54DB32000
|
unkown
|
page readonly
|
|
|
|
7FF5CCC1A000
|
unkown
|
page readonly
|
|
|
|
7FF58CC8C000
|
unkown
|
page readonly
|
|
|
|
7FF556A54000
|
unkown
|
page readonly
|
|
|
|
7FF58CCD9000
|
unkown
|
page readonly
|
|
|
|
D3A2875000
|
unkown
|
page read and write
|
|
|
|
1B436279000
|
unkown
|
page read and write
|
|
|
|
7FF556787000
|
unkown
|
page readonly
|
|
|
|
7FF58CD4A000
|
unkown
|
page readonly
|
|
|
|
2D76E079000
|
unkown
|
page read and write
|
|
|
|
7FF556A15000
|
unkown
|
page readonly
|
|
|
|
A820C7F000
|
unkown
|
page read and write
|
|
|
|
7FF54DAB6000
|
unkown
|
page readonly
|
|
|
|
7FF56810C000
|
unkown
|
page readonly
|
|
|
|
7FF54D342000
|
unkown
|
page readonly
|
|
|
|
7FF55C127000
|
unkown
|
page readonly
|
|
|
|
7FF55697C000
|
unkown
|
page readonly
|
|
|
|
2D76DF90000
|
unkown
|
page readonly
|
|
|
|
7FF5AE55B000
|
unkown
|
page readonly
|
|
|
|
7FF5568F1000
|
unkown
|
page readonly
|
|
|
|
24D495F0000
|
unkown
|
page readonly
|
|
|
|
24D493D0000
|
heap private
|
page read and write
|
|
|
|
7FF55C3F4000
|
unkown
|
page readonly
|
|
|
|
24D4966E000
|
unkown
|
page read and write
|
|
|
|
1BF016FB000
|
heap default
|
page read and write
|
|
|
|
7FF556A6F000
|
unkown
|
page readonly
|
|
|
|
7FF556A89000
|
unkown
|
page readonly
|
|
|
|
7FF55C404000
|
unkown
|
page readonly
|
|
|
|
7FF5CCA38000
|
unkown
|
page readonly
|
|
|
|
7FF5CC80A000
|
unkown
|
page readonly
|
|
|
|
2D76E100000
|
unkown
|
page read and write
|
|
|
|
7FF5CCB67000
|
unkown
|
page readonly
|
|
|
|
7FF55690B000
|
unkown
|
page readonly
|
|
|
|
7FF556A1B000
|
unkown
|
page readonly
|
|
|
|
7FF58CCBF000
|
unkown
|
page readonly
|
|
|
|
7FF556A10000
|
unkown
|
page readonly
|
|
|
|
1B436200000
|
unkown
|
page read and write
|
|
|
|
19E7E490000
|
unkown
|
page readonly
|
|
|
|
2D76E066000
|
unkown
|
page read and write
|
|
|
|
7FF55C31C000
|
unkown
|
page readonly
|
|
|
|
1C47FA90000
|
heap default
|
page read and write
|
|
|
|
7FF54DAAE000
|
unkown
|
page readonly
|
|
|
|
7FF5AE555000
|
unkown
|
page readonly
|
|
|
|
7FF55C3BB000
|
unkown
|
page readonly
|
|
|
|
7FF5569FA000
|
unkown
|
page readonly
|
|
|
|
7FF55C201000
|
unkown
|
page readonly
|
|
|
|
1C47FA20000
|
unkown
|
page readonly
|
|
|
|
29402913000
|
unkown
|
page read and write
|
|
|
|
1B436A02000
|
unkown
|
page read and write
|
|
|
|
29402790000
|
heap private
|
page read and write
|
|
|
|
7FF5565E5000
|
unkown
|
page readonly
|
|
|
|
19E7E250000
|
unkown
|
page read and write
|
|
|
|
1BF01650000
|
unkown
|
page read and write
|
|
|
|
7FF5AE57C000
|
unkown
|
page readonly
|
|
|
|
7FF556122000
|
unkown
|
page readonly
|
|
|
|
7FF5CCB47000
|
unkown
|
page readonly
|
|
|
|
D3A2AF7000
|
unkown
|
page read and write
|
|
|
|
7FF54D7B7000
|
unkown
|
page readonly
|
|
|
|
7FF5AE5A4000
|
unkown
|
page readonly
|
|
|
|
7FF58CC65000
|
unkown
|
page readonly
|
|
|
|
7FF55C49A000
|
unkown
|
page readonly
|
|
|
|
24D49430000
|
heap default
|
page read and write
|
|
|
|
7FF58CD51000
|
unkown
|
page readonly
|
|
|
|
7FF5AE59A000
|
unkown
|
page readonly
|
|
|
|
4DFFFF000
|
unkown
|
page read and write
|
|
|
|
7FF5CCB74000
|
unkown
|
page readonly
|
|
|
|
FC3DDFE000
|
unkown
|
page read and write
|
|
|
|
7FF5AE641000
|
unkown
|
page readonly
|
|
There are 421 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://securemailcenter.citigroup.com/branding/citi/emx/images/emailBanner.gif
|
|