Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\GateUtilityHelper.exe
|
"C:\Users\user\Desktop\GateUtilityHelper.exe"
|
 |
|
|
C:\Users\user\Desktop\GateUtilityHelper.exe
|
"C:\Users\user\Desktop\GateUtilityHelper.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
|
AutoBackupLogFiles
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\GateUtilityHelper
|
EventMessageFile
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2007D46D000
|
heap
|
page read and write
|
||
|
16F498A5000
|
heap
|
page read and write
|
||
|
7FFEC835D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFEC8436000
|
trusted library allocation
|
page execute and read and write
|
||
|
16F496BA000
|
heap
|
page read and write
|
||
|
16F49610000
|
heap
|
page read and write
|
||
|
20010001000
|
trusted library allocation
|
page read and write
|
||
|
16F4960C000
|
heap
|
page read and write
|
||
|
2007D448000
|
heap
|
page read and write
|
||
|
2007D6C0000
|
trusted library allocation
|
page read and write
|
||
|
16F65283000
|
heap
|
page read and write
|
||
|
7FFEC914D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFEC8400000
|
trusted library allocation
|
page read and write
|
||
|
16F4942C000
|
unkown
|
page readonly
|
||
|
7FFEC8362000
|
trusted library allocation
|
page read and write
|
||
|
16F495D0000
|
heap
|
page read and write
|
||
|
16F4AF51000
|
trusted library allocation
|
page read and write
|
||
|
16F49621000
|
heap
|
page read and write
|
||
|
16F49420000
|
unkown
|
page readonly
|
||
|
16F49580000
|
heap
|
page read and write
|
||
|
7FFEC8360000
|
trusted library allocation
|
page read and write
|
||
|
16F496BF000
|
heap
|
page read and write
|
||
|
16F65280000
|
heap
|
page read and write
|
||
|
553A5FE000
|
stack
|
page read and write
|
||
|
553ADFD000
|
stack
|
page read and write
|
||
|
2007D50F000
|
heap
|
page read and write
|
||
|
16F4AEF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFEC9206000
|
trusted library allocation
|
page execute and read and write
|
||
|
2007D461000
|
heap
|
page read and write
|
||
|
7FFEC8406000
|
trusted library allocation
|
page read and write
|
||
|
20010008000
|
trusted library allocation
|
page read and write
|
||
|
16F4AF00000
|
heap
|
page read and write
|
||
|
16F498AB000
|
heap
|
page read and write
|
||
|
2007D730000
|
heap
|
page execute and read and write
|
||
|
7FFEC9124000
|
trusted library allocation
|
page read and write
|
||
|
2007D620000
|
heap
|
page read and write
|
||
|
7FFEC912D000
|
trusted library allocation
|
page execute and read and write
|
||
|
16F5AF51000
|
trusted library allocation
|
page read and write
|
||
|
7FFEC83AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
20019520000
|
trusted library allocation
|
page read and write
|
||
|
16F65390000
|
trusted library allocation
|
page read and write
|
||
|
2007D47E000
|
heap
|
page read and write
|
||
|
27D51FD000
|
stack
|
page read and write
|
||
|
16F495EC000
|
heap
|
page read and write
|
||
|
16F495A0000
|
heap
|
page read and write
|
||
|
553BDFE000
|
stack
|
page read and write
|
||
|
16F5AF53000
|
trusted library allocation
|
page read and write
|
||
|
27D49FD000
|
stack
|
page read and write
|
||
|
553B5FE000
|
stack
|
page read and write
|
||
|
7FFEC8470000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFEC91D0000
|
trusted library allocation
|
page read and write
|
||
|
16F4AED0000
|
trusted library allocation
|
page read and write
|
||
|
20019D20000
|
heap
|
page read and write
|
||
|
7FF44F2F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
553B9FF000
|
stack
|
page read and write
|
||
|
16F496B2000
|
heap
|
page read and write
|
||
|
2007F180000
|
heap
|
page read and write
|
||
|
553A1FD000
|
stack
|
page read and write
|
||
|
16F49653000
|
heap
|
page read and write
|
||
|
7FFEC9132000
|
trusted library allocation
|
page read and write
|
||
|
2007D825000
|
heap
|
page read and write
|
||
|
16F63960000
|
heap
|
page read and write
|
||
|
27D55FE000
|
stack
|
page read and write
|
||
|
5539DFD000
|
stack
|
page read and write
|
||
|
2007D660000
|
heap
|
page read and write
|
||
|
7FFEC9144000
|
trusted library allocation
|
page read and write
|
||
|
7FFEC91D6000
|
trusted library allocation
|
page read and write
|
||
|
7FFEC8353000
|
trusted library allocation
|
page execute and read and write
|
||
|
2007D46F000
|
heap
|
page read and write
|
||
|
16F4AF40000
|
heap
|
page execute and read and write
|
||
|
2007D531000
|
heap
|
page read and write
|
||
|
7FFEC9130000
|
trusted library allocation
|
page read and write
|
||
|
55399F4000
|
stack
|
page read and write
|
||
|
7FF45EBC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
16F4960A000
|
heap
|
page read and write
|
||
|
2007D82B000
|
heap
|
page read and write
|
||
|
7FFEC8374000
|
trusted library allocation
|
page read and write
|
||
|
27D61FE000
|
stack
|
page read and write
|
||
|
7FFEC9240000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFEC917C000
|
trusted library allocation
|
page execute and read and write
|
||
|
16F496AF000
|
heap
|
page read and write
|
||
|
7FFEC92C0000
|
trusted library allocation
|
page read and write
|
||
|
27D5DFE000
|
stack
|
page read and write
|
||
|
2007D4AB000
|
heap
|
page read and write
|
||
|
2007D680000
|
heap
|
page read and write
|
||
|
27D41FE000
|
stack
|
page read and write
|
||
|
2007D6E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFEC913D000
|
trusted library allocation
|
page execute and read and write
|
||
|
16F495E6000
|
heap
|
page read and write
|
||
|
16F4961F000
|
heap
|
page read and write
|
||
|
2007D440000
|
heap
|
page read and write
|
||
|
20000001000
|
trusted library allocation
|
page read and write
|
||
|
200193C0000
|
heap
|
page read and write
|
||
|
7FFEC836D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2007F9F0000
|
heap
|
page execute and read and write
|
||
|
2007D469000
|
heap
|
page read and write
|
||
|
2007D540000
|
heap
|
page read and write
|
||
|
2007D4FB000
|
heap
|
page read and write
|
||
|
553B1FF000
|
stack
|
page read and write
|
||
|
7FFEC8370000
|
trusted library allocation
|
page read and write
|
||
|
27D59FE000
|
stack
|
page read and write
|
||
|
16F63750000
|
heap
|
page read and write
|
||
|
16F496E0000
|
heap
|
page read and write
|
||
|
16F495D5000
|
heap
|
page read and write
|
||
|
27D3DF4000
|
stack
|
page read and write
|
||
|
7FFEC9123000
|
trusted library allocation
|
page execute and read and write
|
||
|
20010003000
|
trusted library allocation
|
page read and write
|
||
|
16F63810000
|
heap
|
page execute and read and write
|
||
|
16F495E0000
|
heap
|
page read and write
|
||
|
27D65FE000
|
stack
|
page read and write
|
||
|
2007D640000
|
heap
|
page read and write
|
||
|
16F498A0000
|
heap
|
page read and write
|
||
|
2007D685000
|
heap
|
page read and write
|
||
|
27D45FE000
|
stack
|
page read and write
|
||
|
16F49661000
|
heap
|
page read and write
|
||
|
553C1FE000
|
stack
|
page read and write
|
||
|
200193C3000
|
heap
|
page read and write
|
||
|
7FFEC8410000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D4DFE000
|
stack
|
page read and write
|
||
|
16F494A0000
|
heap
|
page read and write
|
||
|
16F496AD000
|
heap
|
page read and write
|
||
|
16F5AF57000
|
trusted library allocation
|
page read and write
|
||
|
7FFEC8354000
|
trusted library allocation
|
page read and write
|
||
|
7FFEC91DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
16F49422000
|
unkown
|
page readonly
|
||
|
2007D481000
|
heap
|
page read and write
|
||
|
20019360000
|
heap
|
page read and write
|
||
|
553A9FE000
|
stack
|
page read and write
|
||
|
7FFEC9140000
|
trusted library allocation
|
page read and write
|
||
|
7FFEC91E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFEC837D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2007D820000
|
heap
|
page read and write
|
||
|
7FFEC84F0000
|
trusted library allocation
|
page read and write
|
||
|
16F4964D000
|
heap
|
page read and write
|
There are 124 hidden memdumps, click here to show them.