Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
filePY.cmd
|
DOS batch file, ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\Pictures\python-3.12.3-amd64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x3e252e0b, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_msz4hox0.jz5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zzq1xcq0.zmb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 23 18:03:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 23 18:03:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 23 18:03:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 23 18:03:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 23 18:03:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_BITS_7200_2037963929\BIT4691.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_BITS_7200_764938803\BITC50C.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_BITS_7200_764938803\gonpemdgkjcecdgbnaabipppbmgfggbe_2024.05.14.00_all_pt6odrcwmcz2ifcbvpdpv25i3u.crx3
(copy)
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7200_1479809684\LICENSE
|
ASCII text
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7200_1479809684\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7200_1479809684\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7200_1479809684\manifest.json
|
JSON data
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7200_1479809684\sets.json
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 143
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 144
|
HTML document, ASCII text
|
downloaded
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\filePY.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://www.python.org/ftp/python/3.12.3/python-3.12.3-amd64.exe',
'C:\Users\user\Pictures\python-3.12.3-amd64.exe')"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://s2r.tn/cgi/INVOICERVSHA.pdf
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2008,i,13112470750429375938,17891604958798290234,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.python.org/ftp/python/3.12.3/python-3.12.3-amd64.exe
|
146.75.116.223
|
|
|
|
https://wieistmeineip.de
|
unknown
|
||
|
https://mercadoshops.com.co
|
unknown
|
||
|
https://gliadomain.com
|
unknown
|
||
|
https://poalim.xyz
|
unknown
|
||
|
https://mercadolivre.com
|
unknown
|
||
|
https://reshim.org
|
unknown
|
||
|
https://nourishingpursuits.com
|
unknown
|
||
|
https://medonet.pl
|
unknown
|
||
|
https://unotv.com
|
unknown
|
||
|
https://mercadoshops.com.br
|
unknown
|
||
|
https://joyreactor.cc
|
unknown
|
||
|
https://zdrowietvn.pl
|
unknown
|
||
|
https://songstats.com
|
unknown
|
||
|
https://baomoi.com
|
unknown
|
||
|
https://supereva.it
|
unknown
|
||
|
https://elfinancierocr.com
|
unknown
|
||
|
https://bolasport.com
|
unknown
|
||
|
https://rws1nvtvt.com
|
unknown
|
||
|
https://desimartini.com
|
unknown
|
||
|
https://hearty.app
|
unknown
|
||
|
https://hearty.gift
|
unknown
|
||
|
https://mercadoshops.com
|
unknown
|
||
|
https://heartymail.com
|
unknown
|
||
|
https://radio2.be
|
unknown
|
||
|
https://finn.no
|
unknown
|
||
|
https://hc1.com
|
unknown
|
||
|
https://kompas.tv
|
unknown
|
||
|
https://mystudentdashboard.com
|
unknown
|
||
|
https://songshare.com
|
unknown
|
||
|
https://mercadopago.com.mx
|
unknown
|
||
|
https://talkdeskqaid.com
|
unknown
|
||
|
https://mercadopago.com.pe
|
unknown
|
||
|
https://cardsayings.net
|
unknown
|
||
|
https://mightytext.net
|
unknown
|
||
|
https://pudelek.pl
|
unknown
|
||
|
https://joyreactor.com
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://cookreactor.com
|
unknown
|
||
|
https://wildixin.com
|
unknown
|
||
|
https://eworkbookcloud.com
|
unknown
|
||
|
https://nacion.com
|
unknown
|
||
|
https://chennien.com
|
unknown
|
||
|
https://mercadopago.cl
|
unknown
|
||
|
https://talkdeskstgid.com
|
unknown
|
||
|
https://bonvivir.com
|
unknown
|
||
|
https://carcostadvisor.be
|
unknown
|
||
|
https://salemovetravel.com
|
unknown
|
||
|
https://wpext.pl
|
unknown
|
||
|
https://welt.de
|
unknown
|
||
|
https://poalim.site
|
unknown
|
||
|
https://blackrockadvisorelite.it
|
unknown
|
||
|
https://cafemedia.com
|
unknown
|
||
|
https://mercadoshops.com.ar
|
unknown
|
||
|
https://s2r.tn/cgi/INVOICERVSHA.pdf
|
|||
|
https://elpais.uy
|
unknown
|
||
|
https://landyrev.com
|
unknown
|
||
|
https://commentcamarche.com
|
unknown
|
||
|
https://tucarro.com.ve
|
unknown
|
||
|
https://rws3nvtvt.com
|
unknown
|
||
|
https://eleconomista.net
|
unknown
|
||
|
https://mercadolivre.com.br
|
unknown
|
||
|
https://clmbtech.com
|
unknown
|
||
|
https://standardsandpraiserepurpose.com
|
unknown
|
||
|
https://salemovefinancial.com
|
unknown
|
||
|
https://mercadopago.com.br
|
unknown
|
||
|
https://commentcamarche.net
|
unknown
|
||
|
https://etfacademy.it
|
unknown
|
||
|
https://mighty-app.appspot.com
|
unknown
|
||
|
https://hj.rs
|
unknown
|
||
|
https://hearty.me
|
unknown
|
||
|
https://mercadolibre.com.gt
|
unknown
|
||
|
https://timesinternet.in
|
unknown
|
||
|
https://idbs-staging.com
|
unknown
|
||
|
https://blackrock.com
|
unknown
|
||
|
https://idbs-eworkbook.com
|
unknown
|
||
|
https://mercadolibre.co.cr
|
unknown
|
||
|
https://hjck.com
|
unknown
|
||
|
https://vrt.be
|
unknown
|
||
|
https://prisjakt.no
|
unknown
|
||
|
https://kompas.com
|
unknown
|
||
|
https://idbs-dev.com
|
unknown
|
||
|
https://wingify.com
|
unknown
|
||
|
https://mercadolibre.cl
|
unknown
|
||
|
https://player.pl
|
unknown
|
||
|
https://mercadopago.com.ar
|
unknown
|
||
|
https://mercadolibre.com.hn
|
unknown
|
||
|
https://linternaute.com
|
unknown
|
||
|
https://tucarro.com.co
|
unknown
|
||
|
https://landyrev.ru
|
unknown
|
||
|
https://clarosports.com
|
unknown
|
||
|
https://een.be
|
unknown
|
||
|
https://nien.com
|
unknown
|
||
|
https://punjabijagran.com
|
unknown
|
||
|
https://cmxd.com.mx
|
unknown
|
||
|
https://grupolpg.sv
|
unknown
|
||
|
https://rws2nvtvt.com
|
unknown
|
||
|
https://abczdrowie.pl
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
https://gallito.com.uy
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.python.org
|
unknown
|
|
|
|
dualstack.python.map.fastly.net
|
146.75.116.223
|
||
|
s2r.tn
|
70.38.21.234
|
||
|
www.google.com
|
142.250.186.100
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
146.75.116.223
|
dualstack.python.map.fastly.net
|
Sweden
|
||
|
70.38.21.234
|
s2r.tn
|
Canada
|
||
|
192.168.2.8
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.186.100
|
www.google.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9CE047B000
|
stack
|
page read and write
|
||
|
22458415000
|
heap
|
page read and write
|
||
|
22457AB0000
|
heap
|
page read and write
|
||
|
2245D320000
|
heap
|
page read and write
|
||
|
22457C7D000
|
heap
|
page read and write
|
||
|
2245D430000
|
remote allocation
|
page read and write
|
||
|
9CE11FB000
|
stack
|
page read and write
|
||
|
9CE1EFE000
|
unkown
|
page readonly
|
||
|
2245D0B0000
|
trusted library allocation
|
page read and write
|
||
|
2245D101000
|
trusted library allocation
|
page read and write
|
||
|
9CE0DFB000
|
stack
|
page read and write
|
||
|
2245D1C0000
|
trusted library allocation
|
page read and write
|
||
|
22458B80000
|
trusted library allocation
|
page read and write
|
||
|
2245D1F0000
|
trusted library allocation
|
page read and write
|
||
|
9CE137E000
|
stack
|
page read and write
|
||
|
9CE0BF9000
|
stack
|
page read and write
|
||
|
2245D31E000
|
heap
|
page read and write
|
||
|
22457C3F000
|
heap
|
page read and write
|
||
|
9CE237E000
|
stack
|
page read and write
|
||
|
9CE1A7E000
|
stack
|
page read and write
|
||
|
2245D2A0000
|
heap
|
page read and write
|
||
|
9CE17FE000
|
unkown
|
page readonly
|
||
|
9CE16FE000
|
unkown
|
page readonly
|
||
|
22457BE0000
|
trusted library allocation
|
page read and write
|
||
|
22457BB0000
|
heap
|
page read and write
|
||
|
22459000000
|
trusted library allocation
|
page read and write
|
||
|
22457C73000
|
heap
|
page read and write
|
||
|
2245D0F9000
|
trusted library allocation
|
page read and write
|
||
|
2245D30A000
|
heap
|
page read and write
|
||
|
2245D092000
|
trusted library allocation
|
page read and write
|
||
|
22457CFF000
|
heap
|
page read and write
|
||
|
2245D000000
|
trusted library allocation
|
page read and write
|
||
|
2245D2C5000
|
heap
|
page read and write
|
||
|
22457AD0000
|
heap
|
page read and write
|
||
|
2245D30A000
|
heap
|
page read and write
|
||
|
22457C90000
|
heap
|
page read and write
|
||
|
2245E000000
|
heap
|
page read and write
|
||
|
2245D242000
|
heap
|
page read and write
|
||
|
2245D430000
|
remote allocation
|
page read and write
|
||
|
2245D254000
|
heap
|
page read and write
|
||
|
2245D2C1000
|
heap
|
page read and write
|
||
|
2245D160000
|
trusted library allocation
|
page read and write
|
||
|
9CE08FE000
|
unkown
|
page readonly
|
||
|
22457C29000
|
heap
|
page read and write
|
||
|
22457D02000
|
heap
|
page read and write
|
||
|
2245D091000
|
trusted library allocation
|
page read and write
|
||
|
22457C7A000
|
heap
|
page read and write
|
||
|
9CE147E000
|
stack
|
page read and write
|
||
|
2245D1E0000
|
trusted library allocation
|
page read and write
|
||
|
9CE0FFB000
|
stack
|
page read and write
|
||
|
2245D300000
|
heap
|
page read and write
|
||
|
22457D29000
|
heap
|
page read and write
|
||
|
22458C90000
|
trusted library section
|
page readonly
|
||
|
22458400000
|
heap
|
page read and write
|
||
|
9CE1CFE000
|
unkown
|
page readonly
|
||
|
9CE05FD000
|
stack
|
page read and write
|
||
|
9CE13FE000
|
unkown
|
page readonly
|
||
|
2245D1D0000
|
trusted library allocation
|
page read and write
|
||
|
22458CB0000
|
trusted library section
|
page readonly
|
||
|
2245D090000
|
trusted library allocation
|
page read and write
|
||
|
9CE0CFE000
|
unkown
|
page readonly
|
||
|
9CE06FE000
|
unkown
|
page readonly
|
||
|
2245D0D0000
|
trusted library allocation
|
page read and write
|
||
|
9CE197E000
|
stack
|
page read and write
|
||
|
22457C5B000
|
heap
|
page read and write
|
||
|
2245D24F000
|
heap
|
page read and write
|
||
|
2245D010000
|
trusted library allocation
|
page read and write
|
||
|
224583D1000
|
trusted library allocation
|
page read and write
|
||
|
22457CB0000
|
heap
|
page read and write
|
||
|
2245D170000
|
trusted library allocation
|
page read and write
|
||
|
2245D29E000
|
heap
|
page read and write
|
||
|
2245D0C0000
|
trusted library allocation
|
page read and write
|
||
|
2245D31B000
|
heap
|
page read and write
|
||
|
9CE1BFE000
|
stack
|
page read and write
|
||
|
9CE07F7000
|
stack
|
page read and write
|
||
|
2245859F000
|
heap
|
page read and write
|
||
|
2245851A000
|
heap
|
page read and write
|
||
|
9CE167D000
|
stack
|
page read and write
|
||
|
2245D070000
|
trusted library allocation
|
page read and write
|
||
|
22458CA0000
|
trusted library section
|
page readonly
|
||
|
2245D430000
|
remote allocation
|
page read and write
|
||
|
2245D20F000
|
heap
|
page read and write
|
||
|
2245D2ED000
|
heap
|
page read and write
|
||
|
2245D200000
|
heap
|
page read and write
|
||
|
22458691000
|
trusted library allocation
|
page read and write
|
||
|
2245D2BF000
|
heap
|
page read and write
|
||
|
2245D315000
|
heap
|
page read and write
|
||
|
2245D22C000
|
heap
|
page read and write
|
||
|
22457C2B000
|
heap
|
page read and write
|
||
|
9CE187E000
|
stack
|
page read and write
|
||
|
2245855B000
|
heap
|
page read and write
|
||
|
9CE15FE000
|
unkown
|
page readonly
|
||
|
22458940000
|
trusted library allocation
|
page read and write
|
||
|
22457C00000
|
heap
|
page read and write
|
||
|
9CE1FFA000
|
stack
|
page read and write
|
||
|
9CE12FE000
|
unkown
|
page readonly
|
||
|
9CE26FE000
|
unkown
|
page readonly
|
||
|
2245D090000
|
trusted library allocation
|
page read and write
|
||
|
9CE10FE000
|
unkown
|
page readonly
|
||
|
22457C9F000
|
heap
|
page read and write
|
||
|
2245D0D0000
|
trusted library allocation
|
page read and write
|
||
|
22458402000
|
heap
|
page read and write
|
||
|
9CE177E000
|
stack
|
page read and write
|
||
|
9CE0AFE000
|
unkown
|
page readonly
|
||
|
2245D2F3000
|
heap
|
page read and write
|
||
|
2245D043000
|
trusted library allocation
|
page read and write
|
||
|
9CE20FE000
|
unkown
|
page readonly
|
||
|
2245851B000
|
heap
|
page read and write
|
||
|
22457C95000
|
heap
|
page read and write
|
||
|
2245D160000
|
trusted library allocation
|
page read and write
|
||
|
2245D094000
|
trusted library allocation
|
page read and write
|
||
|
2245859D000
|
heap
|
page read and write
|
||
|
9CE19FE000
|
unkown
|
page readonly
|
||
|
9CE14FE000
|
unkown
|
page readonly
|
||
|
22457C13000
|
heap
|
page read and write
|
||
|
2245D0D4000
|
trusted library allocation
|
page read and write
|
||
|
22458C80000
|
trusted library section
|
page readonly
|
||
|
2245D095000
|
trusted library allocation
|
page read and write
|
||
|
22458500000
|
heap
|
page read and write
|
||
|
2245851A000
|
heap
|
page read and write
|
||
|
2245D21F000
|
heap
|
page read and write
|
||
|
22457C8E000
|
heap
|
page read and write
|
||
|
2245851B000
|
heap
|
page read and write
|
||
|
22458513000
|
heap
|
page read and write
|
||
|
224585DF000
|
heap
|
page read and write
|
||
|
9CE1AFE000
|
unkown
|
page readonly
|
||
|
9CE0EFE000
|
unkown
|
page readonly
|
||
|
22458C70000
|
trusted library section
|
page readonly
|
||
|
2245D1E0000
|
trusted library allocation
|
page read and write
|
||
|
22457BF0000
|
trusted library section
|
page read and write
|
||
|
2245855A000
|
heap
|
page read and write
|
||
|
22457C78000
|
heap
|
page read and write
|
||
|
9CE267E000
|
stack
|
page read and write
|
||
|
2245D302000
|
heap
|
page read and write
|
||
|
2245D30E000
|
heap
|
page read and write
|
||
|
22458C60000
|
trusted library section
|
page readonly
|
||
|
2245D2FE000
|
heap
|
page read and write
|
||
|
2245D261000
|
heap
|
page read and write
|
||
|
22457D13000
|
heap
|
page read and write
|
||
|
9CE157E000
|
stack
|
page read and write
|
||
|
9CE1DFE000
|
stack
|
page read and write
|
||
|
2245D080000
|
trusted library allocation
|
page read and write
|
||
|
9CE18FE000
|
unkown
|
page readonly
|
||
|
2245D0C0000
|
trusted library allocation
|
page read and write
|
||
|
9CE09FE000
|
stack
|
page read and write
|
||
|
2245855C000
|
heap
|
page read and write
|
There are 136 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://s2r.tn/cgi/INVOICERVSHA.pdf
|