IOC Report
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\Desktop\cmdline.out
ASCII text, with CRLF line terminators
modified
C:\Users\user\Desktop\download\Downloading ATX.htm
HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm" > cmdline.out 2>&1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\wget.exe
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\Downloading ATX.htm.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1588 --field-trial-handle=1724,i,8435291165856388015,4643082473579285808,131072 /prefetch:8
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized -- "C:\Users\user\Desktop\download\Downloading ATX.htm.html
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1008,1019000916465979311,6662852395727443255,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1436 /prefetch:8

URLs

Name
IP
Malicious
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm
https://support.atxinc.com/
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
216.58.215.238
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Do
unknown
file:///C:/Users/user/Desktop/download/Downloading%20ATX.htm.html
https://www.google.com/jsapi
142.250.203.100
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/DoP:
unknown
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htmf
unknown
http://www.madcapsoftware.com/Schemas/MadCap.xsd
unknown
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htmj
unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.203.109
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm
152.199.21.175
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htmS
unknown
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm(
unknown
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htmJ
unknown
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htmW
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc
216.58.215.238
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm:
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
216.58.215.238
There are 8 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
accounts.google.com
142.250.203.109
www.google.com
142.250.203.100
clients.l.google.com
216.58.215.238
sni1gl.wpc.edgecastcdn.net
152.199.21.175
files.cchsfs.com
unknown
clients2.google.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
239.255.255.250
unknown
Reserved
216.58.215.238
clients.l.google.com
United States
142.250.203.100
www.google.com
United States
152.199.21.175
sni1gl.wpc.edgecastcdn.net
United States
127.0.0.1
unknown
unknown
142.250.203.109
accounts.google.com
United States
192.168.2.255
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-966771315-3019405637-367336477-1006
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-966771315-3019405637-367336477-1006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
There are 51 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1864C5C0000
trusted library allocation
page read and write
127F000
stack
page read and write
1CFA7E23000
heap
page read and write
18647800000
heap
page read and write
1864C604000
trusted library allocation
page read and write
1D753920000
heap
page read and write
144E000
stack
page read and write
1CFA7413000
heap
page read and write
2E1D000
trusted library allocation
page read and write
1CFA7D00000
heap
page read and write
1D753A37000
heap
page read and write
1D753990000
heap
page read and write
292BD042000
heap
page read and write
1CFA7477000
heap
page read and write
2C721002000
heap
page read and write
10007C000
stack
page read and write
292BD04D000
heap
page read and write
2935CE71000
heap
page read and write
29937C02000
trusted library allocation
page read and write
1864C5E0000
trusted library allocation
page read and write
2C720EC0000
heap
page read and write
292BD802000
trusted library allocation
page read and write
1864702A000
heap
page read and write
190000
heap
page read and write
18647102000
heap
page read and write
1864C90A000
heap
page read and write
1F0000
trusted library allocation
page read and write
2935CE4E000
heap
page read and write
18E000
stack
page read and write
2C721024000
heap
page read and write
2C721000000
heap
page read and write
1864C6D0000
trusted library allocation
page read and write
29937400000
heap
page read and write
1CFA746A000
heap
page read and write
100CFF000
stack
page read and write
20A314CB000
heap
page read and write
1CFA7513000
heap
page read and write
2E1A000
trusted library allocation
page read and write
29937402000
heap
page read and write
1D753A00000
heap
page read and write
147C000
heap
page read and write
2935CF08000
heap
page read and write
2E27000
trusted library allocation
page read and write
C8EEE7E000
stack
page read and write
292BD031000
heap
page read and write
18647802000
heap
page read and write
18647041000
heap
page read and write
292BD083000
heap
page read and write
2E19000
trusted library allocation
page read and write
1864C840000
heap
page read and write
1864C8F9000
heap
page read and write
239FA83A000
heap
page read and write
1864C690000
trusted library allocation
page read and write
239FA690000
heap
page read and write
1864C8F1000
heap
page read and write
2935CD80000
trusted library allocation
page read and write
C8EEAFE000
stack
page read and write
1864C84D000
heap
page read and write
77A807C000
stack
page read and write
2C72108B000
heap
page read and write
1CFA7E00000
heap
page read and write
20A31400000
heap
page read and write
B80000
heap
page read and write
2C721113000
heap
page read and write
2935CC20000
heap
page read and write
1864C720000
remote allocation
page read and write
1CFA7AA0000
trusted library allocation
page read and write
20A3146E000
heap
page read and write
1CFA7DB3000
heap
page read and write
8ACCCFB000
stack
page read and write
1D753A58000
heap
page read and write
292BD002000
heap
page read and write
AE7E2FF000
stack
page read and write
2935CE13000
heap
page read and write
1CFA7A80000
trusted library allocation
page read and write
1CFA758E000
heap
page read and write
20A31513000
heap
page read and write
292BCEB0000
heap
page read and write
33927A000
stack
page read and write
292BD069000
heap
page read and write
AE7DB2B000
stack
page read and write
18647959000
heap
page read and write
292BD05A000
heap
page read and write
29937475000
heap
page read and write
186470FD000
heap
page read and write
2993745C000
heap
page read and write
1CFA7320000
heap
page read and write
292BD066000
heap
page read and write
18646F60000
heap
page read and write
77A88FE000
stack
page read and write
2935CC80000
heap
page read and write
FC1427E000
stack
page read and write
292BD024000
heap
page read and write
33947F000
stack
page read and write
2935CE4B000
heap
page read and write
2E25000
trusted library allocation
page read and write
20A314E3000
heap
page read and write
1864C817000
heap
page read and write
100C7E000
stack
page read and write
2935D602000
trusted library allocation
page read and write
292BD03A000
heap
page read and write
1864C907000
heap
page read and write
1CFA7425000
heap
page read and write
AFE000
stack
page read and write
1864C720000
remote allocation
page read and write
1864C5F0000
trusted library allocation
page read and write
196000
heap
page read and write
36CF000
stack
page read and write
292BD057000
heap
page read and write
292BD058000
heap
page read and write
1864C5C8000
trusted library allocation
page read and write
186477D0000
trusted library section
page readonly
1CFA7490000
heap
page read and write
77A89FD000
stack
page read and write
2C720F60000
trusted library allocation
page read and write
30000
heap
page read and write
2935CE53000
heap
page read and write
1CFA7489000
heap
page read and write
94779FC000
stack
page read and write
1864C900000
heap
page read and write
1007FE000
stack
page read and write
1CFA72C0000
heap
page read and write
239FA856000
heap
page read and write
1D753A5A000
heap
page read and write
292BD013000
heap
page read and write
FC14077000
stack
page read and write
239FA7E0000
trusted library allocation
page read and write
29937350000
trusted library allocation
page read and write
1864C908000
heap
page read and write
8ACD1FD000
stack
page read and write
147B000
heap
page read and write
8ACD0FB000
stack
page read and write
1864C463000
trusted library allocation
page read and write
20A314BA000
heap
page read and write
8ACD9FF000
stack
page read and write
29937380000
remote allocation
page read and write
18647959000
heap
page read and write
1CFA7C02000
heap
page read and write
1864706F000
heap
page read and write
1864C902000
heap
page read and write
1864C720000
trusted library allocation
page read and write
AE7E17E000
stack
page read and write
A6BAAF9000
stack
page read and write
20A313F0000
trusted library allocation
page read and write
292BD680000
trusted library allocation
page read and write
1CFA7443000
heap
page read and write
1D753B13000
heap
page read and write
FC13F7B000
stack
page read and write
1864D000000
heap
page read and write
C8EEA7B000
stack
page read and write
2DD0000
trusted library allocation
page read and write
AE7E3FD000
stack
page read and write
1864C5C5000
trusted library allocation
page read and write
C8EED7E000
stack
page read and write
20A3143E000
heap
page read and write
292BD061000
heap
page read and write
AE7E27D000
stack
page read and write
292BD05E000
heap
page read and write
18647902000
heap
page read and write
1864C5E1000
trusted library allocation
page read and write
8ACD7FF000
stack
page read and write
AE7E4FD000
stack
page read and write
339079000
stack
page read and write
8ACD3FE000
stack
page read and write
20A314C4000
heap
page read and write
239FA82E000
heap
page read and write
2993743C000
heap
page read and write
1864C5CE000
trusted library allocation
page read and write
18647913000
heap
page read and write
1864CAA0000
trusted library allocation
page read and write
8ACD6FF000
stack
page read and write
2E1B000
trusted library allocation
page read and write
1864C420000
trusted library allocation
page read and write
1864C905000
heap
page read and write
186477A0000
trusted library section
page readonly
10017E000
unkown
page read and write
B7E000
stack
page read and write
1864C5E4000
trusted library allocation
page read and write
1CFA7D95000
heap
page read and write
FC1417F000
stack
page read and write
29937413000
heap
page read and write
18646F90000
trusted library allocation
page read and write
292BD076000
heap
page read and write
1CFA7D22000
heap
page read and write
239FA802000
heap
page read and write
2E19000
trusted library allocation
page read and write
1864C8EB000
heap
page read and write
20A31488000
heap
page read and write
186477F3000
trusted library allocation
page read and write
9477AFB000
stack
page read and write
29937250000
heap
page read and write
1864C460000
trusted library allocation
page read and write
1CFA7474000
heap
page read and write
1CFA7400000
heap
page read and write
18647058000
heap
page read and write
1CFA72B0000
heap
page read and write
947787E000
stack
page read and write
E7F000
stack
page read and write
239FB002000
trusted library allocation
page read and write
1CFA7D22000
heap
page read and write
13E000
stack
page read and write
1864C5F0000
trusted library allocation
page read and write
9CC000
stack
page read and write
2C721054000
heap
page read and write
18647FE0000
trusted library allocation
page read and write
2C721100000
heap
page read and write
AE7E07E000
stack
page read and write
292BD041000
heap
page read and write
2C72104F000
heap
page read and write
A6BACFE000
stack
page read and write
18647815000
heap
page read and write
1D754202000
trusted library allocation
page read and write
292BCF20000
heap
page read and write
100AFF000
stack
page read and write
1009FB000
stack
page read and write
77A83FE000
stack
page read and write
1864C600000
trusted library allocation
page read and write
20A312F0000
heap
page read and write
3393FE000
stack
page read and write
1CFA7E02000
heap
page read and write
1CFA7DBF000
heap
page read and write
292BD07A000
heap
page read and write
292BD000000
heap
page read and write
239FA83D000
heap
page read and write
18647959000
heap
page read and write
2E15000
trusted library allocation
page read and write
29937380000
remote allocation
page read and write
29937424000
heap
page read and write
1CFA7DC7000
heap
page read and write
2935CE51000
heap
page read and write
2935CE7A000
heap
page read and write
AE7E57E000
stack
page read and write
1D7539C0000
trusted library allocation
page read and write
8ACD4FD000
stack
page read and write
20A31429000
heap
page read and write
2E11000
trusted library allocation
page read and write
338FFB000
stack
page read and write
20A31413000
heap
page read and write
18647079000
heap
page read and write
2C721058000
heap
page read and write
1CFA7E27000
heap
page read and write
18648401000
trusted library allocation
page read and write
1D753930000
heap
page read and write
18647918000
heap
page read and write
1CFA75B9000
heap
page read and write
30CF000
stack
page read and write
20A31502000
heap
page read and write
1CFA7458000
heap
page read and write
1864C864000
heap
page read and write
338EFF000
stack
page read and write
299371E0000
heap
page read and write
1CFA7456000
heap
page read and write
20A31C02000
heap
page read and write
18647093000
heap
page read and write
18647B01000
trusted library allocation
page read and write
33937E000
stack
page read and write
18647959000
heap
page read and write
1864709E000
heap
page read and write
1864C800000
heap
page read and write
1864C430000
trusted library allocation
page read and write
2C721071000
heap
page read and write
1864C905000
heap
page read and write
18647013000
heap
page read and write
1DE000
stack
page read and write
18647900000
heap
page read and write
1864C8A2000
heap
page read and write
140000
trusted library allocation
page read and write
18647918000
heap
page read and write
292BD06C000
heap
page read and write
18646FA0000
trusted library section
page read and write
C8EEB7E000
stack
page read and write
1004F7000
stack
page read and write
2DD8000
trusted library allocation
page read and write
100B7F000
stack
page read and write
9477CFF000
stack
page read and write
18646EF0000
heap
page read and write
FC13C7C000
stack
page read and write
B88000
heap
page read and write
9477DFF000
stack
page read and write
AA0000
heap
page read and write
9C000
stack
page read and write
186477B0000
trusted library section
page readonly
1CFA7E30000
heap
page read and write
1CFA7D54000
heap
page read and write
2C720F30000
heap
page read and write
18647918000
heap
page read and write
1CFA7484000
heap
page read and write
1CFA75E5000
heap
page read and write
1008FA000
stack
page read and write
1CFA7E13000
heap
page read and write
77A867D000
stack
page read and write
2935CF02000
heap
page read and write
107F000
stack
page read and write
239FA84A000
heap
page read and write
1D753A41000
heap
page read and write
8ACD8FF000
stack
page read and write
8ACD2FE000
stack
page read and write
2C721084000
heap
page read and write
1864C8FB000
heap
page read and write
2E15000
trusted library allocation
page read and write
292BD05C000
heap
page read and write
2993742A000
heap
page read and write
18648420000
trusted library allocation
page read and write
1D753A02000
heap
page read and write
239FA800000
heap
page read and write
1864C720000
remote allocation
page read and write
2C721053000
heap
page read and write
1864C5C7000
trusted library allocation
page read and write
292BD029000
heap
page read and write
2935CE56000
heap
page read and write
1864C6E0000
trusted library allocation
page read and write
9477EFF000
stack
page read and write
1CFA7465000
heap
page read and write
33892C000
stack
page read and write
FC13D7F000
stack
page read and write
338D7B000
stack
page read and write
2935CC10000
heap
page read and write
2935CE00000
heap
page read and write
292BD056000
heap
page read and write
1CFA7D02000
heap
page read and write
8ACD5FF000
stack
page read and write
FC13E7B000
stack
page read and write
2C721108000
heap
page read and write
77A87FC000
stack
page read and write
20A31290000
heap
page read and write
18647918000
heap
page read and write
77A84FE000
stack
page read and write
1864C82F000
heap
page read and write
2935CE86000
heap
page read and write
33917E000
stack
page read and write
1CFA743C000
heap
page read and write
20A31D00000
heap
page read and write
292BD079000
heap
page read and write
1864C700000
trusted library allocation
page read and write
299371F0000
heap
page read and write
29937502000
heap
page read and write
292BD059000
heap
page read and write
1864C710000
trusted library allocation
page read and write
100A7E000
stack
page read and write
2C72103C000
heap
page read and write
18646F00000
heap
page read and write
1864C4A0000
trusted library allocation
page read and write
1CFA7429000
heap
page read and write
FC13CFE000
stack
page read and write
1CFA7D43000
heap
page read and write
2C721102000
heap
page read and write
A6BA5CB000
stack
page read and write
1864C710000
trusted library allocation
page read and write
18647000000
heap
page read and write
1864C902000
heap
page read and write
2C721802000
trusted library allocation
page read and write
239FA813000
heap
page read and write
2C720ED0000
heap
page read and write
34CF000
stack
page read and write
1864C857000
heap
page read and write
18647074000
heap
page read and write
1864C8F9000
heap
page read and write
2DD4000
trusted library allocation
page read and write
1864C5C0000
trusted library allocation
page read and write
94775DB000
stack
page read and write
1CFA7D6F000
heap
page read and write
292BD06A000
heap
page read and write
1D753A29000
heap
page read and write
C8EEF7F000
stack
page read and write
1D753A13000
heap
page read and write
292BD060000
heap
page read and write
AE7DFFF000
stack
page read and write
1864C8A4000
heap
page read and write
18647E00000
trusted library allocation
page read and write
1864C905000
heap
page read and write
77A8AFF000
stack
page read and write
2935CF00000
heap
page read and write
18647077000
heap
page read and write
1864C8FC000
heap
page read and write
239FA829000
heap
page read and write
A6BABFE000
stack
page read and write
2935CE2A000
heap
page read and write
18647056000
heap
page read and write
1006FA000
stack
page read and write
1864708D000
heap
page read and write
292BD07D000
heap
page read and write
100D7F000
stack
page read and write
186477E0000
trusted library section
page readonly
1864C5CB000
trusted library allocation
page read and write
100BFE000
stack
page read and write
1CFA7492000
heap
page read and write
29937380000
remote allocation
page read and write
1D753B02000
heap
page read and write
2935CF13000
heap
page read and write
186477C0000
trusted library section
page readonly
9477BF7000
stack
page read and write
1864C8F9000
heap
page read and write
1005FA000
stack
page read and write
18647918000
heap
page read and write
1470000
heap
page read and write
77A86FB000
stack
page read and write
2C721013000
heap
page read and write
2935CE3C000
heap
page read and write
2C721090000
heap
page read and write
77A827B000
stack
page read and write
18647790000
trusted library section
page readonly
1864C6F0000
trusted library allocation
page read and write
20A31280000
heap
page read and write
1864C5C1000
trusted library allocation
page read and write
1864C4B0000
trusted library allocation
page read and write
239FA902000
heap
page read and write
292BD05F000
heap
page read and write
292BD03C000
heap
page read and write
239FA847000
heap
page read and write
186477F0000
trusted library allocation
page read and write
18647113000
heap
page read and write
1D753A75000
heap
page read and write
2935CE22000
heap
page read and write
1864C600000
trusted library allocation
page read and write
292BD045000
heap
page read and write
94778FE000
stack
page read and write
292BD055000
heap
page read and write
292BCEC0000
heap
page read and write
3290000
heap
page read and write
100EFE000
stack
page read and write
292BD102000
heap
page read and write
18647B81000
trusted library allocation
page read and write
292BD027000
heap
page read and write
239FA680000
heap
page read and write
1864C82D000
heap
page read and write
1864C8FA000
heap
page read and write
239FA6E0000
heap
page read and write
77A857C000
stack
page read and write
292BD040000
heap
page read and write
18647918000
heap
page read and write
1864CA30000
trusted library allocation
page read and write
There are 421 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
file:///C:/Users/user/Desktop/download/Downloading%20ATX.htm.html