Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
FW URGENT RFQ-400098211.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_FW URGENT RFQ-40_7b4ba10a7e256748f6f118029da9b3f3baca43_b2e69f44_3f478f6a-47e9-4ca9-9e2c-ed1dc2481a54\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD0B.tmp.dmp
|
Mini DuMP crash report, 16 streams, Sat May 4 18:22:55 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC113.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC153.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
Chrome Cache Entry: 106
|
ASCII text, with very long lines (1657)
|
downloaded
|
||
|
Chrome Cache Entry: 107
|
ASCII text, with very long lines (2294)
|
downloaded
|
||
|
Chrome Cache Entry: 108
|
ASCII text, with very long lines (4252)
|
downloaded
|
||
|
Chrome Cache Entry: 109
|
ASCII text, with very long lines (2956)
|
downloaded
|
||
|
Chrome Cache Entry: 110
|
PNG image data, 106 x 5210, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 111
|
ASCII text, with very long lines (2200)
|
downloaded
|
||
|
Chrome Cache Entry: 112
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 113
|
ASCII text, with very long lines (736)
|
downloaded
|
||
|
Chrome Cache Entry: 114
|
ASCII text, with very long lines (3572), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 115
|
ASCII text, with very long lines (769)
|
downloaded
|
||
|
Chrome Cache Entry: 116
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
|
Chrome Cache Entry: 117
|
PNG image data, 106 x 5210, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 118
|
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 119
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 120
|
ASCII text, with very long lines (2124)
|
downloaded
|
||
|
Chrome Cache Entry: 121
|
HTML document, ASCII text, with very long lines (21071)
|
downloaded
|
||
|
Chrome Cache Entry: 122
|
ASCII text
|
downloaded
|
There are 13 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\FW URGENT RFQ-400098211.exe
|
"C:\Users\user\Desktop\FW URGENT RFQ-400098211.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(%08)192207080962112986271363245700090061668218406782359533476819003707/
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2392,i,10964861050037891216,14656894280507300521,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5728 -s 1104
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ogs.google.com/
|
unknown
|
||
|
http://terminal4.veeblehosting.com
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://www.broofa.com
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://apis.google.com/js/api.js
|
unknown
|
||
|
https://www.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://www.google.com/async/newtab_promos
|
142.250.68.4
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
|
unknown
|
||
|
https://plus.google.com
|
unknown
|
||
|
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
|
unknown
|
||
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.68.4
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.68.4
|
||
|
https://csp.withgoogle.com/csp/lcreport/
|
unknown
|
||
|
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|
|||
|
http://ip-api.com
|
unknown
|
||
|
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
|
172.217.12.142
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.68.4
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://ogs.google.com/widget/app/so
|
unknown
|
||
|
https://domains.google.com/suggest/flow
|
unknown
|
||
|
https://clients6.google.com
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
plus.l.google.com
|
172.217.12.142
|
||
|
www3.l.google.com
|
142.250.72.142
|
||
|
www.google.com
|
142.250.68.4
|
||
|
ip-api.com
|
208.95.112.1
|
||
|
terminal4.veeblehosting.com
|
108.170.55.203
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
||
|
ogs.google.com
|
unknown
|
||
|
apis.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.4
|
unknown
|
unknown
|
|
|
|
142.250.68.4
|
www.google.com
|
United States
|
||
|
108.170.55.203
|
terminal4.veeblehosting.com
|
United States
|
||
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
172.217.12.142
|
plus.l.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.72.142
|
www3.l.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
ProgramId
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
FileId
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
LongPathHash
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
Name
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
OriginalFileName
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
Publisher
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
Version
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
BinFileVersion
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
BinaryType
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
ProductName
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
ProductVersion
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
LinkDate
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
BinProductVersion
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
Size
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
Language
|
||
|
\REGISTRY\A\{66a7134b-db22-d3e6-82e2-0f433ff32c1c}\Root\InventoryApplicationFile\fw urgent rfq-40|d285b965e3a1f918
|
Usn
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
343E000
|
trusted library allocation
|
page read and write
|
|
|
|
3462000
|
trusted library allocation
|
page read and write
|
|
|
|
23639E38000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
23649E02000
|
trusted library allocation
|
page read and write
|
|
|
|
3412000
|
trusted library allocation
|
page read and write
|
|
|
|
3E150FE000
|
stack
|
page read and write
|
||
|
708E000
|
stack
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
3E14EF3000
|
stack
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F4000
|
trusted library allocation
|
page read and write
|
||
|
718F000
|
stack
|
page read and write
|
||
|
1812000
|
trusted library allocation
|
page read and write
|
||
|
3E158FD000
|
stack
|
page read and write
|
||
|
152A000
|
heap
|
page read and write
|
||
|
2363A074000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A6000
|
trusted library allocation
|
page read and write
|
||
|
1816000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
23649DF8000
|
trusted library allocation
|
page read and write
|
||
|
23638370000
|
heap
|
page read and write
|
||
|
23639ED0000
|
trusted library allocation
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
3450000
|
trusted library allocation
|
page read and write
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
7FFD9BA96000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B91D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3200000
|
heap
|
page execute and read and write
|
||
|
59D0000
|
heap
|
page execute and read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
583E000
|
trusted library allocation
|
page read and write
|
||
|
345E000
|
trusted library allocation
|
page read and write
|
||
|
23638032000
|
unkown
|
page readonly
|
||
|
1495000
|
heap
|
page read and write
|
||
|
5832000
|
trusted library allocation
|
page read and write
|
||
|
6D30000
|
trusted library allocation
|
page read and write
|
||
|
6BD3000
|
trusted library allocation
|
page read and write
|
||
|
236383A9000
|
heap
|
page read and write
|
||
|
23638151000
|
heap
|
page read and write
|
||
|
5B1E000
|
stack
|
page read and write
|
||
|
3E151FE000
|
stack
|
page read and write
|
||
|
23638340000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B91B000
|
trusted library allocation
|
page execute and read and write
|
||
|
17ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page execute and read and write
|
||
|
10BA000
|
stack
|
page read and write
|
||
|
1890000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E156FE000
|
stack
|
page read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
67C4000
|
heap
|
page read and write
|
||
|
18A0000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
236382B0000
|
heap
|
page read and write
|
||
|
182B000
|
trusted library allocation
|
page execute and read and write
|
||
|
236380E0000
|
heap
|
page read and write
|
||
|
7FFD9BAE2000
|
trusted library allocation
|
page read and write
|
||
|
6D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1827000
|
trusted library allocation
|
page execute and read and write
|
||
|
23639DE0000
|
heap
|
page execute and read and write
|
||
|
1468000
|
heap
|
page read and write
|
||
|
33E1000
|
trusted library allocation
|
page read and write
|
||
|
6C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BF0000
|
trusted library allocation
|
page read and write
|
||
|
23638125000
|
heap
|
page read and write
|
||
|
583A000
|
trusted library allocation
|
page read and write
|
||
|
5846000
|
trusted library allocation
|
page read and write
|
||
|
2363810D000
|
heap
|
page read and write
|
||
|
3168000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
17E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BED000
|
trusted library allocation
|
page read and write
|
||
|
3E152FC000
|
stack
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
17F0000
|
heap
|
page read and write
|
||
|
23638350000
|
trusted library allocation
|
page read and write
|
||
|
6BC0000
|
trusted library allocation
|
page read and write
|
||
|
236380EC000
|
heap
|
page read and write
|
||
|
343A000
|
trusted library allocation
|
page read and write
|
||
|
23638123000
|
heap
|
page read and write
|
||
|
180D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA7000
|
trusted library allocation
|
page read and write
|
||
|
5C1E000
|
stack
|
page read and write
|
||
|
7FFD9BAAD000
|
trusted library allocation
|
page read and write
|
||
|
2363A395000
|
trusted library allocation
|
page read and write
|
||
|
72C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
236383B8000
|
heap
|
page read and write
|
||
|
7FFD9B9AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BC7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B94C000
|
trusted library allocation
|
page execute and read and write
|
||
|
236382D0000
|
heap
|
page read and write
|
||
|
1810000
|
trusted library allocation
|
page read and write
|
||
|
67BA000
|
heap
|
page read and write
|
||
|
5F7D000
|
stack
|
page read and write
|
||
|
236380C0000
|
heap
|
page read and write
|
||
|
1822000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
23651E20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
5D9D000
|
stack
|
page read and write
|
||
|
582B000
|
trusted library allocation
|
page read and write
|
||
|
5826000
|
trusted library allocation
|
page read and write
|
||
|
3E154FE000
|
stack
|
page read and write
|
||
|
7FFD9B8F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
444C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
5C5D000
|
stack
|
page read and write
|
||
|
599C000
|
stack
|
page read and write
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
236384F0000
|
heap
|
page read and write
|
||
|
23638320000
|
trusted library allocation
|
page read and write
|
||
|
346A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5860000
|
heap
|
page read and write
|
||
|
33DE000
|
stack
|
page read and write
|
||
|
17D0000
|
trusted library allocation
|
page read and write
|
||
|
5852000
|
trusted library allocation
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
5ADC000
|
stack
|
page read and write
|
||
|
188E000
|
stack
|
page read and write
|
||
|
6A7F000
|
stack
|
page read and write
|
||
|
1542000
|
heap
|
page read and write
|
||
|
236381DE000
|
heap
|
page read and write
|
||
|
23639D40000
|
trusted library section
|
page read and write
|
||
|
23638375000
|
heap
|
page read and write
|
||
|
3E14FFE000
|
stack
|
page read and write
|
||
|
1840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B902000
|
trusted library allocation
|
page read and write
|
||
|
17E0000
|
trusted library allocation
|
page read and write
|
||
|
582E000
|
trusted library allocation
|
page read and write
|
||
|
236384D0000
|
heap
|
page read and write
|
||
|
14FB000
|
heap
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
3280000
|
trusted library allocation
|
page read and write
|
||
|
3E153FE000
|
stack
|
page read and write
|
||
|
3E155FF000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
23652670000
|
heap
|
page execute and read and write
|
||
|
1825000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
2364A07D000
|
trusted library allocation
|
page read and write
|
||
|
181A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
584D000
|
trusted library allocation
|
page read and write
|
||
|
6BE3000
|
trusted library allocation
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
6BBD000
|
stack
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
23638156000
|
heap
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
14D6000
|
heap
|
page read and write
|
||
|
5841000
|
trusted library allocation
|
page read and write
|
||
|
7FF448BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E157FA000
|
stack
|
page read and write
|
||
|
5E9E000
|
stack
|
page read and write
|
||
|
6ABD000
|
stack
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
18B6000
|
heap
|
page read and write
|
||
|
324C000
|
stack
|
page read and write
|
||
|
153E000
|
heap
|
page read and write
|
||
|
6C50000
|
trusted library allocation
|
page read and write
|
||
|
6E20000
|
heap
|
page read and write
|
||
|
7FFD9B8F2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90D000
|
trusted library allocation
|
page execute and read and write
|
||
|
43E1000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
23638353000
|
trusted library allocation
|
page read and write
|
||
|
148A000
|
heap
|
page read and write
|
||
|
11B9000
|
stack
|
page read and write
|
||
|
FF9E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
6740000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
5D5E000
|
stack
|
page read and write
|
||
|
7FFD9B909000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
4409000
|
trusted library allocation
|
page read and write
|
||
|
17E4000
|
trusted library allocation
|
page read and write
|
||
|
1800000
|
trusted library allocation
|
page read and write
|
||
|
1557000
|
heap
|
page read and write
|
||
|
23649DF1000
|
trusted library allocation
|
page read and write
|
||
|
343C000
|
trusted library allocation
|
page read and write
|
||
|
236380B0000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
236384F5000
|
heap
|
page read and write
|
||
|
14EB000
|
heap
|
page read and write
|
||
|
7FFD9B914000
|
trusted library allocation
|
page read and write
|
||
|
1820000
|
trusted library allocation
|
page read and write
|
||
|
6D00000
|
heap
|
page read and write
|
||
|
3444000
|
trusted library allocation
|
page read and write
|
||
|
1498000
|
heap
|
page read and write
|
||
|
23639E1D000
|
trusted library allocation
|
page read and write
|
||
|
23638030000
|
unkown
|
page readonly
|
||
|
23649DFE000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
3293000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
23639CA0000
|
trusted library section
|
page read and write
|
||
|
23639DF1000
|
trusted library allocation
|
page read and write
|
||
|
236383A0000
|
heap
|
page read and write
|
||
|
6BD0000
|
trusted library allocation
|
page read and write
|
||
|
15F5000
|
heap
|
page read and write
|
||
|
2363A398000
|
trusted library allocation
|
page read and write
|
||
|
23652520000
|
heap
|
page read and write
|
There are 197 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|
||
|
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|