Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Invoice_7892_18Oct.html
|
HTML document, ASCII text, with very long lines (63576), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\xxl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pzjcafpy.yij.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xqznpzps.wxr.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\krjmempf.vdz\5353.iso
|
ISO 9660 CD-ROM filesystem data 'CD_ROM'
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\4b10409d-3549-47cf-a702-af843c5f693a.tmp
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Downloads\8fa2db5f-d558-4ee3-8a83-68f3e15e482f.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Downloads\8fa2db5f-d558-4ee3-8a83-68f3e15e482f.zip.crdownload (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\8fa2db5f-d558-4ee3-8a83-68f3e15e482f.zip
|
|
|
|
C:\Windows\SysWOW64\7za.exe
|
C:\Windows\System32\7za.exe" x -p758493 -y -o"C:\Users\user\AppData\Local\Temp\krjmempf.vdz" "C:\Users\user\Downloads\8fa2db5f-d558-4ee3-8a83-68f3e15e482f.zip
|
|
|
|
C:\Users\user\AppData\Local\Temp\xxl.exe
|
C:\Users\user\AppData\Local\Temp\xxl.exe internee\reservations.3ds,DllRegisterServer
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1828,i,17767483613737774087,6421309370746719837,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Invoice_7892_18Oct.html
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe" /c powershell.exe -ex bypass -command Mount-DiskImage -ImagePath "C:\Users\user\AppData\Local\Temp\krjmempf.vdz\5353.iso
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -ex bypass -command Mount-DiskImage -ImagePath "C:\Users\user\AppData\Local\Temp\krjmempf.vdz\5353.iso"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c internee\highlighted.cmd dll32.exe tem dows
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://onlinetwork.top/drew/9HjvFMPL_/2BodLadHv2Ij_2BnGRof/O5HwRn2RgD6rqZ1SvG5/VMrxgkKm7ed8PnDV4333Df/zIgAPypmoxSLi/8BFA8aIq/BD3jcPWLpFftdB57Hvs_2Bt/pdv8XCmdY6/t4jYCo1nX0gAaeZmr/b90Tdg7fzlxH/cqhZiWRACEm/b39xMwhhk6CBY5/vAnGlr5gQfe7832Po6dgp/kFDd8JW_2BQt2yuf/g3y_2BsnEgcapzm/FqXLCXTc0ul_2Fu7dh/W1oq_2BeZ/dlpTOTrr2A44rzvoNR9t/Ed7vICgSqP/MZk6s.jlk
|
31.41.44.194
|
|
|
|
file:///C:/Users/user/Desktop/Invoice_7892_18Oct.html
|
|
||
|
http://onlinetwork.top/drew/UogjlH55j3MBdVW7Zgv8/7VAIAiwJ_2FicnQxfIo/vdYsidWojPlxWiOLycfrCH/0jMFVE77apOpr/yiV9EWj6/4LmIXy_2FzHYZsf_2BzbbER/6LftEOfnlg/Uzke2V7qIbQmNXXHb/tnLubrQ7fIkI/GL44ItzX_2B/5weW8TeiFRMx3R/0FalNtY_2FOlb5Arb_2Fa/ayhw4EzvdF98V_2F/QvfDYcXOi_2FxiR/FUnDGyMWNFOFvK99Tq/AboGOqHpH/FFIxlK22ZxSjYALa3Nyd/r2bY6gbX_2BKLnqSzWK/N5bQl56P/1.jlk
|
31.41.44.194
|
|
|
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.203.110
|
||
|
http://linetwork.top/drew/0J0YP9e_2BE7jjAw7XL/AjrHr6NCwO_2Fgj3xqU8HO/e5KwJWvAPxhz7/Er8_2FGw/w6mbMJPoDfQgM_2F5q_2BTA/2EWmrv1LcM/HkHdywibkWgZEZttV/CVVHNFdmhCzK/32gECX5_2BF/KHHudCe_2FBTtm/7PKDpa0dUHWbR_2B1kpX9/AWYTWzr3Mrqxmvg2/b3_2B3bUAXRAtbT/lS0IcV4DbS6jYYG_2F/Ohgp0G9Gj/CtOwH_2BiEVt378VRySb/pgZSH7eC_2Bee3HXiCJ/BjrtGyiuFj_2Fduvn85Qkm/9VcCSZNN/bQ6ATZ6.jlk
|
62.173.145.183
|
||
|
http://linetwork.top/drew/TVgVtfJMME1TQDqbWdYo/ezMinaihuLtBtHa0yLo/29N_2BdcUX8GiKCW_2FFcH/G2EEXMAEzocHs/1j0yJOR1/eGMTPdpRhncWUghvDrmpfdi/eKYCLFtVRB/CVYtk9exYzeSrEd9o/r1M5RtNeelrL/BOq3WhytwH0/LSHm7cB7uN0f_2/BOF5OriNbSGHY_2Bu3zcM/HQrJ_2FDizJQq2kU/CdUDwQJw3ybpG6w/prA2XAjnZImMTnv_2B/y35swvqbW/8ll_2FkkiqSxdgXsTIPh/ZgYm_2BBwbPVDYoRfa8/RjAv97g.jlk
|
62.173.145.183
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.203.109
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
onlinetwork.top
|
31.41.44.194
|
|
|
|
accounts.google.com
|
142.250.203.109
|
||
|
www.google.com
|
142.250.203.100
|
||
|
clients.l.google.com
|
142.250.203.110
|
||
|
linetwork.top
|
62.173.145.183
|
||
|
clients2.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
31.41.44.194
|
onlinetwork.top
|
Russian Federation
|
|
|
|
62.173.145.183
|
linetwork.top
|
Russian Federation
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
142.250.203.100
|
www.google.com
|
United States
|
||
|
142.250.203.110
|
clients.l.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
127.0.0.1
|
unknown
|
unknown
|
||
|
142.250.203.109
|
accounts.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\unarchiver.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\unarchiver.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blocklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
|
TraceTimeLast
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
There are 47 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
53F8000
|
heap
|
page read and write
|
|
|
|
53F8000
|
heap
|
page read and write
|
|
|
|
2DE8000
|
heap
|
page read and write
|
|
|
|
53F8000
|
heap
|
page read and write
|
|
|
|
4EF9000
|
heap
|
page read and write
|
|
|
|
53F8000
|
heap
|
page read and write
|
|
|
|
53F8000
|
heap
|
page read and write
|
|
|
|
53F8000
|
heap
|
page read and write
|
|
|
|
53F8000
|
heap
|
page read and write
|
|
|
|
53F8000
|
heap
|
page read and write
|
|
|
|
53F8000
|
heap
|
page read and write
|
|
|
|
53F8000
|
heap
|
page read and write
|
|
|
|
710000
|
heap
|
page read and write
|
||
|
AFB000
|
stack
|
page read and write
|
||
|
7F2F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB0000
|
remote allocation
|
page read and write
|
||
|
3015000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
318D000
|
stack
|
page read and write
|
||
|
2DD3000
|
trusted library allocation
|
page read and write
|
||
|
5669000
|
stack
|
page read and write
|
||
|
33B6000
|
heap
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
2E6B000
|
heap
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
4FCD000
|
stack
|
page read and write
|
||
|
5D0E000
|
stack
|
page read and write
|
||
|
E5A000
|
heap
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
B85000
|
heap
|
page read and write
|
||
|
2E4B000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
31BC000
|
unclassified section
|
page readonly
|
||
|
72EC8000
|
unkown
|
page write copy
|
||
|
C25000
|
heap
|
page read and write
|
||
|
179F000
|
stack
|
page read and write
|
||
|
CBC000
|
unkown
|
page readonly
|
||
|
2E68000
|
heap
|
page read and write
|
||
|
2DB9000
|
trusted library allocation
|
page read and write
|
||
|
4F78000
|
heap
|
page read and write
|
||
|
2D7E000
|
trusted library allocation
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
EBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
72EDF000
|
unkown
|
page readonly
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
110F000
|
unkown
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
2E41000
|
heap
|
page read and write
|
||
|
F7E000
|
stack
|
page read and write
|
||
|
2D71000
|
trusted library allocation
|
page read and write
|
||
|
2DAB000
|
trusted library allocation
|
page read and write
|
||
|
31B9000
|
unclassified section
|
page readonly
|
||
|
2A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F0000
|
unkown
|
page read and write
|
||
|
4983000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
9F0000
|
unkown
|
page read and write
|
||
|
B2B000
|
heap
|
page read and write
|
||
|
2E53000
|
heap
|
page read and write
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
2DBF000
|
trusted library allocation
|
page read and write
|
||
|
2D85000
|
trusted library allocation
|
page read and write
|
||
|
53FB000
|
heap
|
page read and write
|
||
|
B49000
|
heap
|
page read and write
|
||
|
2DC3000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
33B6000
|
heap
|
page read and write
|
||
|
33B6000
|
heap
|
page read and write
|
||
|
590F000
|
stack
|
page read and write
|
||
|
E8D000
|
stack
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
1358000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
2A10000
|
trusted library allocation
|
page read and write
|
||
|
5BCF000
|
stack
|
page read and write
|
||
|
5ACE000
|
stack
|
page read and write
|
||
|
578A000
|
stack
|
page read and write
|
||
|
EE2000
|
trusted library allocation
|
page execute and read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
EB0000
|
remote allocation
|
page read and write
|
||
|
31B0000
|
unclassified section
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
9F0000
|
unkown
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
4ACF000
|
stack
|
page read and write
|
||
|
31BA000
|
unclassified section
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
EB2000
|
trusted library allocation
|
page execute and read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
31B1000
|
unclassified section
|
page execute read
|
||
|
518E000
|
stack
|
page read and write
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
E59000
|
heap
|
page read and write
|
||
|
2E52000
|
heap
|
page read and write
|
||
|
57CD000
|
stack
|
page read and write
|
||
|
2DB6000
|
trusted library allocation
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
2E64000
|
heap
|
page read and write
|
||
|
10006000
|
direct allocation
|
page readonly
|
||
|
2E53000
|
heap
|
page read and write
|
||
|
2E6C000
|
heap
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
E59000
|
heap
|
page read and write
|
||
|
CB9000
|
unkown
|
page readonly
|
||
|
C3D000
|
stack
|
page read and write
|
||
|
2E41000
|
heap
|
page read and write
|
||
|
546C000
|
stack
|
page read and write
|
||
|
E59000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page execute and read and write
|
||
|
4B0C000
|
stack
|
page read and write
|
||
|
2E5B000
|
heap
|
page read and write
|
||
|
4EAF000
|
stack
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
53FB000
|
heap
|
page read and write
|
||
|
9D0000
|
unkown
|
page readonly
|
||
|
FEE000
|
stack
|
page read and write
|
||
|
5C0E000
|
stack
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
2E69000
|
heap
|
page read and write
|
||
|
51FC000
|
heap
|
page read and write
|
||
|
10005000
|
direct allocation
|
page read and write
|
||
|
B5B000
|
heap
|
page read and write
|
||
|
584E000
|
stack
|
page read and write
|
||
|
9E0000
|
unkown
|
page readonly
|
||
|
588F000
|
stack
|
page read and write
|
||
|
3140000
|
direct allocation
|
page execute and read and write
|
||
|
77C000
|
stack
|
page read and write
|
||
|
504E000
|
stack
|
page read and write
|
||
|
2DD1000
|
trusted library allocation
|
page read and write
|
||
|
CB9000
|
unkown
|
page readonly
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
53FB000
|
heap
|
page read and write
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
54AD000
|
stack
|
page read and write
|
||
|
2E64000
|
heap
|
page read and write
|
||
|
E59000
|
heap
|
page read and write
|
||
|
7E0000
|
trusted library allocation
|
page read and write
|
||
|
2DD8000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
E5B000
|
heap
|
page read and write
|
||
|
580A000
|
stack
|
page read and write
|
||
|
72EC7000
|
unkown
|
page readonly
|
||
|
E48000
|
heap
|
page read and write
|
||
|
9E0000
|
unkown
|
page readonly
|
||
|
2E3F000
|
heap
|
page read and write
|
||
|
EBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
584E000
|
stack
|
page read and write
|
||
|
EA2000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D0000
|
unkown
|
page readonly
|
||
|
5990000
|
heap
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
33B2000
|
heap
|
page read and write
|
||
|
514E000
|
stack
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
10003000
|
direct allocation
|
page readonly
|
||
|
2E3F000
|
heap
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
72EC0000
|
unkown
|
page readonly
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
EAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
53FD000
|
heap
|
page read and write
|
||
|
DBE000
|
unkown
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
2A10000
|
trusted library allocation
|
page read and write
|
||
|
53FB000
|
heap
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
72EC1000
|
unkown
|
page execute read
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
5560000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
3D71000
|
trusted library allocation
|
page read and write
|
||
|
2DB3000
|
trusted library allocation
|
page read and write
|
||
|
2E64000
|
heap
|
page read and write
|
||
|
5D4E000
|
stack
|
page read and write
|
||
|
169F000
|
stack
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
2E64000
|
heap
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page read and write
|
||
|
FA7000
|
heap
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
remote allocation
|
page read and write
|
||
|
528E000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
5E4E000
|
stack
|
page read and write
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
EFB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5950000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
unkown
|
page readonly
|
||
|
53FB000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
9FC000
|
stack
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
unkown
|
page readonly
|
||
|
2D92000
|
trusted library allocation
|
page read and write
|
||
|
EF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B4C000
|
stack
|
page read and write
|
||
|
2E4B000
|
heap
|
page read and write
|
||
|
52FA000
|
heap
|
page read and write
|
||
|
598F000
|
stack
|
page read and write
|
||
|
58CE000
|
stack
|
page read and write
|
There are 207 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
file:///C:/Users/user/Desktop/Invoice_7892_18Oct.html
|