Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
KxgGGaiW3E.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\KxgGGaiW3E.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x71889f15, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_10ut22kp.yp0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_32wmobrq.cad.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3jqtvsky.2y0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3uafpicy.34r.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ltn4iyg.bn4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dijkljdv.qp4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gllon1lm.n0l.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ouuib54l.1vv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwzbrdv4.dx3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhcyaxhi.or1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zc0e5yym.ctx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ztcwthxn.1ca.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 20:02:20 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 20:02:20 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 20:02:19 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 20:02:20 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 20:02:19 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\KxgGGaiW3E.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 112
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 113
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 114
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 115
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 116
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 117
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 118
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 119
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 120
|
ASCII text, with very long lines (54649), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 121
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 122
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 123
|
ASCII text, with very long lines (52717), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 124
|
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 125
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 126
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
|
Chrome Cache Entry: 127
|
PNG image data, 1300 x 300, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 128
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 129
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
|
Chrome Cache Entry: 130
|
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 131
|
ASCII text, with very long lines (31341), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 132
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 133
|
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 134
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 135
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 136
|
ASCII text, with very long lines (46320), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 137
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 138
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 139
|
Web Open Font Format (Version 2), TrueType, length 18320, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 140
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 141
|
ASCII text, with very long lines (31341), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 142
|
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 143
|
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 144
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 145
|
PNG image data, 1300 x 300, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 146
|
HTML document, ASCII text, with very long lines (516), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 147
|
ASCII text, with very long lines (65409)
|
downloaded
|
||
|
Chrome Cache Entry: 148
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 149
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 54 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\KxgGGaiW3E.exe
|
"C:\Users\user\Desktop\KxgGGaiW3E.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Users\user\KxgGGaiW3E.exe
|
"C:\Users\user\KxgGGaiW3E.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile
|
|
|
|
C:\Windows\System32\svchost.exe
|
"C:\Windows\System32\svchost.exe"
|
|
|
|
C:\Users\user\KxgGGaiW3E.exe
|
"C:\Users\user\KxgGGaiW3E.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe"
|
|
|
|
C:\Windows\regedit.exe
|
"C:\Windows\regedit.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile
|
|
|
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
|
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ngen.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1980,i,18279504130272871239,1243418513114917448,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ngen.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=608 --field-trial-handle=1972,i,16479660562393968934,10937071673119511898,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=wmplayer.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1876,i,14537101740333488740,3287298464352964342,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=wmplayer.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1996,i,6191957489455060914,12654374120200284850,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
There are 19 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
185.196.10.233
|
|
||
|
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
|
unknown
|
||
|
http://ipwho.isd
|
unknown
|
||
|
http://www.gimp.org/xmp/
|
unknown
|
||
|
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
|
unknown
|
||
|
https://www.linkedin.com/cws/share?url=$
|
unknown
|
||
|
https://aka.ms/ContentUserFeedback
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://github.com/Youssef1313
|
unknown
|
||
|
https://aka.ms/banner_mslearn_tier1?wt.mc_id=build24_t1_learnpromotion_events
|
unknown
|
||
|
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
|
unknown
|
||
|
https://management.azure.com/subscriptions?api-version=2016-06-01
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
|
unknown
|
||
|
https://aka.ms/dotnet-warnings/
|
unknown
|
||
|
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
|
unknown
|
||
|
https://aka.ms/pshelpmechoose
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
https://aka.ms/feedback/report?space=61
|
unknown
|
||
|
https://ipwho.is
|
unknown
|
||
|
https://twitter.com/intent/tweet?original_referer=$
|
unknown
|
||
|
https://github.com/gewarren
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354sCannot
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.linkedin.com/profile/add?startTask=CERTIFICATION_NAME&name=$
|
unknown
|
||
|
https://learn-video.azurefd.net/
|
unknown
|
||
|
https://www.cafbaseline.com/
|
unknown
|
||
|
https://api.ipify.org/
|
unknown
|
||
|
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
|
unknown
|
||
|
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
|
unknown
|
||
|
https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
|
13.107.213.41
|
||
|
https://github.com/Thraka
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
https://github.com/dotnet/docs/issues
|
unknown
|
||
|
https://aka.ms/certhelp
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://github.com/mairaw
|
unknown
|
||
|
https://aka.ms/yourcaliforniaprivacychoices
|
unknown
|
||
|
http://schemas.microst.
|
unknown
|
||
|
https://github.com/nschonni
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/d
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
https://github.com/adegeo
|
unknown
|
||
|
https://octokit.github.io/rest.js/#throttling
|
unknown
|
||
|
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0
|
unknown
|
||
|
https://github.com/$
|
unknown
|
||
|
http://schema.org/Organization
|
unknown
|
||
|
https://ipwho.is/
|
15.204.213.5
|
||
|
https://channel9.msdn.com/
|
unknown
|
||
|
http://ipwho.is
|
unknown
|
||
|
https://github.com/dotnet/try
|
unknown
|
There are 42 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com
|
34.195.193.219
|
||
|
adobetarget.data.adobedc.net
|
63.140.39.82
|
||
|
part-0013.t-0009.t-msedge.net
|
13.107.213.41
|
||
|
ipwho.is
|
15.204.213.5
|
||
|
www.google.com
|
64.233.185.147
|
||
|
js.monitor.azure.com
|
unknown
|
||
|
microsoftmscompoc.tt.omtrdc.net
|
unknown
|
||
|
mdec.nelreports.net
|
unknown
|
||
|
mscom.demdex.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.5
|
unknown
|
unknown
|
|
|
|
185.196.10.233
|
unknown
|
Switzerland
|
|
|
|
13.107.213.41
|
part-0013.t-0009.t-msedge.net
|
United States
|
||
|
63.140.39.35
|
unknown
|
United States
|
||
|
15.204.213.5
|
ipwho.is
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
63.140.39.82
|
adobetarget.data.adobedc.net
|
United States
|
||
|
34.195.193.219
|
dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
||
|
64.233.185.147
|
www.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
KxgGGaiW3E
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ilasm_RASMANCS
|
FileDirectory
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
20599B21000
|
direct allocation
|
page read and write
|
|
|
|
17BEF8E1000
|
direct allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
7E66000
|
trusted library allocation
|
page read and write
|
|
|
|
2B695FC1000
|
direct allocation
|
page read and write
|
|
|
|
720000
|
remote allocation
|
page execute and read and write
|
|
|
|
2B6955C1000
|
direct allocation
|
page read and write
|
|
|
|
720000
|
remote allocation
|
page execute and read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2059A521000
|
direct allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
17BEEEE1000
|
direct allocation
|
page read and write
|
|
|
|
720000
|
remote allocation
|
page execute and read and write
|
|
|
|
77B5000
|
trusted library allocation
|
page read and write
|
||
|
B250000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF703303000
|
unkown
|
page write copy
|
||
|
A620000
|
heap
|
page read and write
|
||
|
5B72000
|
trusted library allocation
|
page read and write
|
||
|
7FF703322000
|
unkown
|
page read and write
|
||
|
BF8A7FF000
|
stack
|
page read and write
|
||
|
1E4315A0000
|
trusted library allocation
|
page read and write
|
||
|
7E19000
|
trusted library allocation
|
page read and write
|
||
|
7FF70331B000
|
unkown
|
page read and write
|
||
|
A696000
|
heap
|
page read and write
|
||
|
1E431230000
|
trusted library section
|
page readonly
|
||
|
A865000
|
trusted library allocation
|
page read and write
|
||
|
C39000
|
stack
|
page read and write
|
||
|
205877C0000
|
heap
|
page read and write
|
||
|
7FF7F33DD000
|
unkown
|
page read and write
|
||
|
7E23000
|
trusted library allocation
|
page read and write
|
||
|
B1E8000
|
trusted library allocation
|
page read and write
|
||
|
1E43025B000
|
heap
|
page read and write
|
||
|
1E4302A2000
|
heap
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
2B6835A0000
|
heap
|
page read and write
|
||
|
A8B0000
|
trusted library allocation
|
page read and write
|
||
|
1E430278000
|
heap
|
page read and write
|
||
|
1E431250000
|
trusted library section
|
page readonly
|
||
|
5C48000
|
heap
|
page read and write
|
||
|
500C000
|
stack
|
page read and write
|
||
|
A4FB000
|
trusted library allocation
|
page read and write
|
||
|
1E4357A0000
|
remote allocation
|
page read and write
|
||
|
B3DC000
|
stack
|
page read and write
|
||
|
17BEE4E1000
|
direct allocation
|
page read and write
|
||
|
1E435750000
|
trusted library allocation
|
page read and write
|
||
|
73A3F7E000
|
stack
|
page read and write
|
||
|
73A269C000
|
stack
|
page read and write
|
||
|
7FC5000
|
trusted library allocation
|
page read and write
|
||
|
2F38000
|
heap
|
page read and write
|
||
|
A880000
|
trusted library allocation
|
page read and write
|
||
|
73A357E000
|
unkown
|
page readonly
|
||
|
554E000
|
stack
|
page read and write
|
||
|
2058796E000
|
heap
|
page read and write
|
||
|
B4DE000
|
stack
|
page read and write
|
||
|
E7D000
|
stack
|
page read and write
|
||
|
20587820000
|
direct allocation
|
page read and write
|
||
|
17BE02E1000
|
direct allocation
|
page read and write
|
||
|
2B6835A5000
|
heap
|
page read and write
|
||
|
1E435843000
|
heap
|
page read and write
|
||
|
73A457E000
|
stack
|
page read and write
|
||
|
A810000
|
trusted library allocation
|
page read and write
|
||
|
B130000
|
trusted library allocation
|
page read and write
|
||
|
A890000
|
trusted library allocation
|
page read and write
|
||
|
1E430B13000
|
heap
|
page read and write
|
||
|
1E4355F0000
|
trusted library allocation
|
page read and write
|
||
|
2B683210000
|
heap
|
page read and write
|
||
|
5C77000
|
heap
|
page read and write
|
||
|
1E4358F9000
|
heap
|
page read and write
|
||
|
A4A0000
|
trusted library allocation
|
page read and write
|
||
|
AF10000
|
heap
|
page read and write
|
||
|
73A39FE000
|
stack
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
17BDCD00000
|
heap
|
page read and write
|
||
|
205A1121000
|
direct allocation
|
page read and write
|
||
|
8A0C000
|
stack
|
page read and write
|
||
|
A8A0000
|
trusted library allocation
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
1E430040000
|
heap
|
page read and write
|
||
|
7FF7031D3000
|
unkown
|
page readonly
|
||
|
1E4355E0000
|
trusted library allocation
|
page read and write
|
||
|
1E435630000
|
trusted library allocation
|
page read and write
|
||
|
2B6A5050000
|
heap
|
page read and write
|
||
|
B120000
|
trusted library allocation
|
page read and write
|
||
|
5E46000
|
heap
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
C4A8000
|
stack
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
73A397E000
|
unkown
|
page readonly
|
||
|
508D000
|
stack
|
page read and write
|
||
|
7FF70331C000
|
unkown
|
page write copy
|
||
|
5438000
|
stack
|
page read and write
|
||
|
E99000
|
heap
|
page read and write
|
||
|
20599121000
|
direct allocation
|
page read and write
|
||
|
1E430B0C000
|
heap
|
page read and write
|
||
|
73A437B000
|
stack
|
page read and write
|
||
|
73A4BFE000
|
stack
|
page read and write
|
||
|
5BA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7F33B3000
|
unkown
|
page write copy
|
||
|
B680000
|
heap
|
page read and write
|
||
|
17BDCC1C000
|
heap
|
page read and write
|
||
|
2B683270000
|
direct allocation
|
page read and write
|
||
|
54DB000
|
stack
|
page read and write
|
||
|
73A3BFE000
|
stack
|
page read and write
|
||
|
A702000
|
heap
|
page read and write
|
||
|
2B683130000
|
heap
|
page read and write
|
||
|
1E4358E9000
|
heap
|
page read and write
|
||
|
B100000
|
trusted library allocation
|
page execute and read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
17BDCB90000
|
direct allocation
|
page read and write
|
||
|
77A0000
|
heap
|
page read and write
|
||
|
1E43590A000
|
heap
|
page read and write
|
||
|
5C75000
|
heap
|
page read and write
|
||
|
B140000
|
trusted library allocation
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
205877F5000
|
heap
|
page read and write
|
||
|
52C3000
|
heap
|
page read and write
|
||
|
E1BD000
|
stack
|
page read and write
|
||
|
2F4B000
|
heap
|
page read and write
|
||
|
74E75D9000
|
stack
|
page read and write
|
||
|
1E430F40000
|
trusted library allocation
|
page read and write
|
||
|
7FF7031D3000
|
unkown
|
page readonly
|
||
|
7FF70331D000
|
unkown
|
page read and write
|
||
|
205876E0000
|
heap
|
page read and write
|
||
|
A83D000
|
trusted library allocation
|
page read and write
|
||
|
C4ED000
|
stack
|
page read and write
|
||
|
20587969000
|
heap
|
page read and write
|
||
|
5E40000
|
heap
|
page read and write
|
||
|
5970000
|
heap
|
page readonly
|
||
|
AE70000
|
heap
|
page read and write
|
||
|
1F2EAF9000
|
stack
|
page read and write
|
||
|
6754000
|
heap
|
page read and write
|
||
|
1E430120000
|
heap
|
page read and write
|
||
|
1E4357A0000
|
remote allocation
|
page read and write
|
||
|
1E431240000
|
trusted library section
|
page readonly
|
||
|
5B70000
|
trusted library allocation
|
page read and write
|
||
|
4DB0000
|
heap
|
page readonly
|
||
|
2B683310000
|
heap
|
page read and write
|
||
|
CBAE000
|
stack
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
CA6E000
|
stack
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
7FF703010000
|
unkown
|
page readonly
|
||
|
E80000
|
heap
|
page read and write
|
||
|
A7F0000
|
trusted library allocation
|
page read and write
|
||
|
1E435673000
|
trusted library allocation
|
page read and write
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
5A44000
|
trusted library allocation
|
page read and write
|
||
|
5C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7780000
|
trusted library allocation
|
page read and write
|
||
|
5E30000
|
trusted library allocation
|
page read and write
|
||
|
1F2EBFF000
|
stack
|
page read and write
|
||
|
1F2EEFE000
|
stack
|
page read and write
|
||
|
77C0000
|
heap
|
page execute and read and write
|
||
|
DDBE000
|
stack
|
page read and write
|
||
|
17BDCB30000
|
heap
|
page read and write
|
||
|
1E4358F9000
|
heap
|
page read and write
|
||
|
17BDE4E1000
|
direct allocation
|
page read and write
|
||
|
1E43588D000
|
heap
|
page read and write
|
||
|
56AE000
|
stack
|
page read and write
|
||
|
CA2E000
|
stack
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
730B000
|
stack
|
page read and write
|
||
|
706E000
|
stack
|
page read and write
|
||
|
52BB000
|
heap
|
page read and write
|
||
|
5E35000
|
trusted library allocation
|
page read and write
|
||
|
1E435918000
|
heap
|
page read and write
|
||
|
17BFE970000
|
heap
|
page read and write
|
||
|
1E430B02000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
205877F0000
|
heap
|
page read and write
|
||
|
7FF703303000
|
unkown
|
page write copy
|
||
|
A750000
|
trusted library allocation
|
page read and write
|
||
|
73A2D7E000
|
unkown
|
page readonly
|
||
|
7FF7F33CC000
|
unkown
|
page write copy
|
||
|
1E4356E0000
|
trusted library allocation
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
17BDCEC0000
|
heap
|
page read and write
|
||
|
7DFF000
|
trusted library allocation
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
1E430295000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page readonly
|
||
|
7FF7F30C0000
|
unkown
|
page readonly
|
||
|
2B683316000
|
heap
|
page read and write
|
||
|
7FF703010000
|
unkown
|
page readonly
|
||
|
1E430C91000
|
trusted library allocation
|
page read and write
|
||
|
7DE8000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
17BDEEE1000
|
direct allocation
|
page read and write
|
||
|
B270000
|
trusted library allocation
|
page read and write
|
||
|
7E07000
|
trusted library allocation
|
page read and write
|
||
|
5B7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB5000
|
heap
|
page read and write
|
||
|
52A8000
|
heap
|
page read and write
|
||
|
1E435740000
|
trusted library allocation
|
page read and write
|
||
|
8B0E000
|
stack
|
page read and write
|
||
|
1E430329000
|
heap
|
page read and write
|
||
|
1E430A00000
|
heap
|
page read and write
|
||
|
7EA1000
|
trusted library allocation
|
page read and write
|
||
|
73A3D7E000
|
unkown
|
page readonly
|
||
|
A850000
|
trusted library allocation
|
page read and write
|
||
|
7FF7F33E5000
|
unkown
|
page readonly
|
||
|
1E430B00000
|
heap
|
page read and write
|
||
|
A790000
|
trusted library allocation
|
page read and write
|
||
|
A820000
|
trusted library allocation
|
page read and write
|
||
|
A370000
|
heap
|
page read and write
|
||
|
7FF70331B000
|
unkown
|
page read and write
|
||
|
5A4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
73A317E000
|
unkown
|
page readonly
|
||
|
7C57000
|
trusted library allocation
|
page read and write
|
||
|
A83A000
|
trusted library allocation
|
page read and write
|
||
|
73A37FE000
|
stack
|
page read and write
|
||
|
A7D0000
|
trusted library allocation
|
page read and write
|
||
|
73A3E7E000
|
unkown
|
page readonly
|
||
|
7766000
|
trusted library allocation
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
73A3DFE000
|
stack
|
page read and write
|
||
|
73A347D000
|
stack
|
page read and write
|
||
|
1E435600000
|
trusted library allocation
|
page read and write
|
||
|
A600000
|
trusted library allocation
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2B6A5075000
|
heap
|
page read and write
|
||
|
74E79FF000
|
stack
|
page read and write
|
||
|
56C5000
|
heap
|
page read and write
|
||
|
5D48000
|
trusted library allocation
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
A760000
|
trusted library allocation
|
page read and write
|
||
|
A310000
|
trusted library allocation
|
page read and write
|
||
|
B150000
|
trusted library allocation
|
page execute and read and write
|
||
|
B260000
|
trusted library allocation
|
page read and write
|
||
|
17BDCCFB000
|
heap
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
2F48000
|
heap
|
page read and write
|
||
|
73A417B000
|
stack
|
page read and write
|
||
|
A80C000
|
trusted library allocation
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
1E435800000
|
heap
|
page read and write
|
||
|
1E431210000
|
trusted library section
|
page readonly
|
||
|
7FF7F33CB000
|
unkown
|
page read and write
|
||
|
2B683400000
|
heap
|
page read and write
|
||
|
7FC7000
|
trusted library allocation
|
page read and write
|
||
|
B0F1000
|
trusted library allocation
|
page read and write
|
||
|
8BF7000
|
trusted library allocation
|
page read and write
|
||
|
1E430020000
|
heap
|
page read and write
|
||
|
5A43000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B684BC1000
|
direct allocation
|
page read and write
|
||
|
A7B0000
|
trusted library allocation
|
page read and write
|
||
|
B0F3000
|
trusted library allocation
|
page read and write
|
||
|
7FF703335000
|
unkown
|
page readonly
|
||
|
7FF703011000
|
unkown
|
page execute read
|
||
|
C8EE000
|
stack
|
page read and write
|
||
|
C92E000
|
stack
|
page read and write
|
||
|
7FF7F33E5000
|
unkown
|
page readonly
|
||
|
7FC9000
|
trusted library allocation
|
page read and write
|
||
|
7FF7F3283000
|
unkown
|
page readonly
|
||
|
9FCE000
|
stack
|
page read and write
|
||
|
A7C0000
|
trusted library allocation
|
page read and write
|
||
|
504B000
|
stack
|
page read and write
|
||
|
5C40000
|
heap
|
page read and write
|
||
|
CFAE000
|
stack
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
4DFE000
|
stack
|
page read and write
|
||
|
7FF703335000
|
unkown
|
page readonly
|
||
|
1E4309E0000
|
trusted library allocation
|
page read and write
|
||
|
B1F0000
|
trusted library allocation
|
page read and write
|
||
|
A4BE000
|
trusted library allocation
|
page read and write
|
||
|
73A2F7E000
|
unkown
|
page readonly
|
||
|
73A4DFE000
|
stack
|
page read and write
|
||
|
2B683260000
|
direct allocation
|
page read and write
|
||
|
6750000
|
heap
|
page read and write
|
||
|
1E430A15000
|
heap
|
page read and write
|
||
|
1E43582F000
|
heap
|
page read and write
|
||
|
1E4356D0000
|
trusted library allocation
|
page read and write
|
||
|
5B80000
|
trusted library allocation
|
page read and write
|
||
|
1E435822000
|
heap
|
page read and write
|
||
|
7E62000
|
trusted library allocation
|
page read and write
|
||
|
5B82000
|
trusted library allocation
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF703335000
|
unkown
|
page readonly
|
||
|
2B683230000
|
heap
|
page read and write
|
||
|
7BD1000
|
trusted library allocation
|
page read and write
|
||
|
2058A521000
|
direct allocation
|
page read and write
|
||
|
2B6855C1000
|
direct allocation
|
page read and write
|
||
|
7FCD000
|
trusted library allocation
|
page read and write
|
||
|
7FF703303000
|
unkown
|
page write copy
|
||
|
7FF70331C000
|
unkown
|
page write copy
|
||
|
2058AF21000
|
direct allocation
|
page read and write
|
||
|
5A50000
|
heap
|
page read and write
|
||
|
AF16000
|
heap
|
page read and write
|
||
|
A731000
|
trusted library allocation
|
page read and write
|
||
|
73A2C77000
|
stack
|
page read and write
|
||
|
734E000
|
stack
|
page read and write
|
||
|
7DE6000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
E95000
|
heap
|
page read and write
|
||
|
1F2ECFF000
|
stack
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
5B87000
|
trusted library allocation
|
page execute and read and write
|
||
|
CB6E000
|
stack
|
page read and write
|
||
|
2F78000
|
heap
|
page read and write
|
||
|
7FF7031D3000
|
unkown
|
page readonly
|
||
|
3250000
|
heap
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
7FF703010000
|
unkown
|
page readonly
|
||
|
52FC000
|
stack
|
page read and write
|
||
|
A450000
|
trusted library allocation
|
page read and write
|
||
|
1E435602000
|
trusted library allocation
|
page read and write
|
||
|
77A3000
|
heap
|
page read and write
|
||
|
1E430200000
|
heap
|
page read and write
|
||
|
52E7000
|
heap
|
page read and write
|
||
|
B0E0000
|
trusted library allocation
|
page read and write
|
||
|
A34F000
|
trusted library allocation
|
page read and write
|
||
|
17BDF8E1000
|
direct allocation
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
73A3A7E000
|
unkown
|
page readonly
|
||
|
7FF7F33D2000
|
unkown
|
page read and write
|
||
|
1E435902000
|
heap
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
7FCB000
|
trusted library allocation
|
page read and write
|
||
|
A840000
|
trusted library allocation
|
page read and write
|
||
|
A500000
|
heap
|
page execute and read and write
|
||
|
5C2E000
|
stack
|
page read and write
|
||
|
20587800000
|
heap
|
page read and write
|
||
|
518D000
|
stack
|
page read and write
|
||
|
1E4301E1000
|
trusted library allocation
|
page read and write
|
||
|
51A5000
|
heap
|
page read and write
|
||
|
1E430302000
|
heap
|
page read and write
|
||
|
20589B21000
|
direct allocation
|
page read and write
|
||
|
CFEE000
|
stack
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
1E435855000
|
heap
|
page read and write
|
||
|
1E430313000
|
heap
|
page read and write
|
||
|
8BD1000
|
trusted library allocation
|
page read and write
|
||
|
7FF7F33B3000
|
unkown
|
page write copy
|
||
|
8BD7000
|
trusted library allocation
|
page read and write
|
||
|
A740000
|
trusted library allocation
|
page read and write
|
||
|
1E430213000
|
heap
|
page read and write
|
||
|
1E430243000
|
heap
|
page read and write
|
||
|
1E435862000
|
heap
|
page read and write
|
||
|
A480000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF8A6F9000
|
stack
|
page read and write
|
||
|
1E4358FE000
|
heap
|
page read and write
|
||
|
A800000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
DD70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7F33CD000
|
unkown
|
page read and write
|
||
|
B1A0000
|
trusted library allocation
|
page read and write
|
||
|
B39000
|
stack
|
page read and write
|
||
|
5A55000
|
heap
|
page read and write
|
||
|
A780000
|
trusted library allocation
|
page execute and read and write
|
||
|
A830000
|
trusted library allocation
|
page read and write
|
||
|
73A3079000
|
stack
|
page read and write
|
||
|
A390000
|
trusted library allocation
|
page execute and read and write
|
||
|
B180000
|
trusted library allocation
|
page read and write
|
||
|
5B76000
|
trusted library allocation
|
page execute and read and write
|
||
|
20587880000
|
heap
|
page read and write
|
||
|
A610000
|
heap
|
page read and write
|
||
|
A720000
|
trusted library allocation
|
page read and write
|
||
|
2F54000
|
heap
|
page read and write
|
||
|
1E431120000
|
trusted library allocation
|
page read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
1E4358FE000
|
heap
|
page read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
17BF64E1000
|
direct allocation
|
page read and write
|
||
|
7FF703011000
|
unkown
|
page execute read
|
||
|
2F5B000
|
heap
|
page read and write
|
||
|
1E4302A0000
|
heap
|
page read and write
|
||
|
1E435910000
|
heap
|
page read and write
|
||
|
5CB5000
|
heap
|
page read and write
|
||
|
7FF703321000
|
unkown
|
page write copy
|
||
|
1E430B1A000
|
heap
|
page read and write
|
||
|
7FF70332D000
|
unkown
|
page read and write
|
||
|
73A3B7E000
|
unkown
|
page readonly
|
||
|
73A327C000
|
stack
|
page read and write
|
||
|
1E435850000
|
heap
|
page read and write
|
||
|
17BDCA50000
|
heap
|
page read and write
|
||
|
7BCE000
|
stack
|
page read and write
|
||
|
B39E000
|
stack
|
page read and write
|
||
|
7FF7F3283000
|
unkown
|
page readonly
|
||
|
B1B0000
|
trusted library allocation
|
page read and write
|
||
|
1E43591B000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
5A30000
|
trusted library allocation
|
page read and write
|
||
|
B0F5000
|
trusted library allocation
|
page read and write
|
||
|
7FF7F33D1000
|
unkown
|
page write copy
|
||
|
52BB000
|
stack
|
page read and write
|
||
|
73A477A000
|
stack
|
page read and write
|
||
|
5C6A000
|
heap
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
1E4358E5000
|
heap
|
page read and write
|
||
|
73A3AFE000
|
stack
|
page read and write
|
||
|
B160000
|
trusted library allocation
|
page read and write
|
||
|
7FF7031D3000
|
unkown
|
page readonly
|
||
|
FF920000
|
trusted library allocation
|
page execute and read and write
|
||
|
B190000
|
trusted library allocation
|
page read and write
|
||
|
1E430B1B000
|
heap
|
page read and write
|
||
|
73A337E000
|
unkown
|
page readonly
|
||
|
1E431220000
|
trusted library section
|
page readonly
|
||
|
A7A0000
|
trusted library allocation
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
1E43027B000
|
heap
|
page read and write
|
||
|
4FCF000
|
stack
|
page read and write
|
||
|
1E435600000
|
trusted library allocation
|
page read and write
|
||
|
A8AA000
|
trusted library allocation
|
page read and write
|
||
|
5838000
|
stack
|
page read and write
|
||
|
73A427E000
|
unkown
|
page readonly
|
||
|
1E436000000
|
heap
|
page read and write
|
||
|
A870000
|
trusted library allocation
|
page execute and read and write
|
||
|
73A2E7E000
|
stack
|
page read and write
|
||
|
7FF7F30C0000
|
unkown
|
page readonly
|
||
|
1E4302FF000
|
heap
|
page read and write
|
||
|
1E435604000
|
trusted library allocation
|
page read and write
|
||
|
5CDB000
|
heap
|
page read and write
|
||
|
73A4E7E000
|
unkown
|
page readonly
|
||
|
73A38FE000
|
stack
|
page read and write
|
||
|
17BFE994000
|
heap
|
page read and write
|
||
|
73A3CFE000
|
stack
|
page read and write
|
||
|
A470000
|
trusted library allocation
|
page read and write
|
||
|
7790000
|
trusted library allocation
|
page read and write
|
||
|
73A407E000
|
unkown
|
page readonly
|
||
|
B0D7000
|
trusted library allocation
|
page read and write
|
||
|
73A387E000
|
unkown
|
page readonly
|
||
|
E90000
|
heap
|
page read and write
|
||
|
8BDD000
|
trusted library allocation
|
page read and write
|
||
|
20589121000
|
direct allocation
|
page read and write
|
||
|
1E435730000
|
trusted library allocation
|
page read and write
|
||
|
1E4358C4000
|
heap
|
page read and write
|
||
|
7FF703011000
|
unkown
|
page execute read
|
||
|
1E43028E000
|
heap
|
page read and write
|
||
|
74E7BFF000
|
stack
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
2B6869C1000
|
direct allocation
|
page read and write
|
||
|
1E43022B000
|
heap
|
page read and write
|
||
|
73A3C7E000
|
unkown
|
page readonly
|
||
|
1E43027D000
|
heap
|
page read and write
|
||
|
17BDCB80000
|
direct allocation
|
page read and write
|
||
|
1E430B1A000
|
heap
|
page read and write
|
||
|
7FF70331D000
|
unkown
|
page read and write
|
||
|
5DE0000
|
heap
|
page read and write
|
||
|
74E78FE000
|
stack
|
page read and write
|
||
|
1E4358E4000
|
heap
|
page read and write
|
||
|
20587830000
|
direct allocation
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
B0D0000
|
trusted library allocation
|
page read and write
|
||
|
B79000
|
stack
|
page read and write
|
||
|
73A467E000
|
unkown
|
page readonly
|
||
|
A770000
|
trusted library allocation
|
page read and write
|
||
|
7FF703011000
|
unkown
|
page execute read
|
||
|
1E435750000
|
trusted library allocation
|
page read and write
|
||
|
20587888000
|
heap
|
page read and write
|
||
|
1E430273000
|
heap
|
page read and write
|
||
|
1E430150000
|
trusted library allocation
|
page read and write
|
||
|
5CA5000
|
heap
|
page read and write
|
||
|
A7E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7F30C1000
|
unkown
|
page execute read
|
||
|
A340000
|
trusted library allocation
|
page read and write
|
||
|
7FF703335000
|
unkown
|
page readonly
|
||
|
20587894000
|
heap
|
page read and write
|
||
|
74E7AFF000
|
stack
|
page read and write
|
||
|
73A367B000
|
stack
|
page read and write
|
||
|
B1C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A40000
|
trusted library allocation
|
page read and write
|
||
|
1F2EDFE000
|
stack
|
page read and write
|
||
|
17BDCB50000
|
heap
|
page read and write
|
||
|
B0C0000
|
trusted library allocation
|
page read and write
|
||
|
1E430160000
|
trusted library section
|
page read and write
|
||
|
5B63000
|
trusted library allocation
|
page read and write
|
||
|
B170000
|
trusted library allocation
|
page read and write
|
||
|
AF1F000
|
heap
|
page read and write
|
||
|
D42E000
|
stack
|
page read and write
|
||
|
1E4357A0000
|
remote allocation
|
page read and write
|
||
|
2B69CBC1000
|
direct allocation
|
page read and write
|
||
|
8BE7000
|
trusted library allocation
|
page read and write
|
||
|
B200000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E4309D0000
|
trusted library allocation
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
2B68331C000
|
heap
|
page read and write
|
||
|
B240000
|
heap
|
page execute and read and write
|
||
|
33AE000
|
stack
|
page read and write
|
||
|
1E4358BC000
|
heap
|
page read and write
|
||
|
BF8A9FF000
|
stack
|
page read and write
|
||
|
776C000
|
trusted library allocation
|
page read and write
|
||
|
5B8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
B16D000
|
trusted library allocation
|
page read and write
|
||
|
1E435640000
|
trusted library allocation
|
page read and write
|
||
|
7E26000
|
trusted library allocation
|
page read and write
|
||
|
20587967000
|
heap
|
page read and write
|
||
|
1E435620000
|
trusted library allocation
|
page read and write
|
||
|
5CA1000
|
heap
|
page read and write
|
||
|
1E435630000
|
trusted library allocation
|
page read and write
|
||
|
7FF703321000
|
unkown
|
page write copy
|
||
|
1E430A02000
|
heap
|
page read and write
|
||
|
7FF703322000
|
unkown
|
page read and write
|
||
|
BB9000
|
stack
|
page read and write
|
||
|
1E435601000
|
trusted library allocation
|
page read and write
|
||
|
5B6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
51D4000
|
heap
|
page read and write
|
||
|
17BDCC16000
|
heap
|
page read and write
|
||
|
52BF000
|
heap
|
page read and write
|
||
|
7FF7F30C1000
|
unkown
|
page execute read
|
||
|
1E435912000
|
heap
|
page read and write
|
||
|
1E435670000
|
trusted library allocation
|
page read and write
|
||
|
7FF70332D000
|
unkown
|
page read and write
|
||
|
7FF703303000
|
unkown
|
page write copy
|
||
|
1E435904000
|
heap
|
page read and write
|
||
|
BF8AAFE000
|
stack
|
page read and write
|
||
|
205A95D4000
|
heap
|
page read and write
|
||
|
2B694BC1000
|
direct allocation
|
page read and write
|
||
|
1E435644000
|
trusted library allocation
|
page read and write
|
||
|
17BDCEC5000
|
heap
|
page read and write
|
||
|
205A95B0000
|
heap
|
page read and write
|
||
|
1E4302B3000
|
heap
|
page read and write
|
||
|
1E4302B7000
|
heap
|
page read and write
|
||
|
1E4356D0000
|
trusted library allocation
|
page read and write
|
||
|
1E435760000
|
trusted library allocation
|
page read and write
|
||
|
73A487E000
|
unkown
|
page readonly
|
||
|
1E435859000
|
heap
|
page read and write
|
||
|
6F6B000
|
stack
|
page read and write
|
||
|
1E435900000
|
heap
|
page read and write
|
||
|
5BEE000
|
stack
|
page read and write
|
||
|
2B685FC1000
|
direct allocation
|
page read and write
|
||
|
716C000
|
stack
|
page read and write
|
||
|
2B6833FA000
|
heap
|
page read and write
|
||
|
B110000
|
trusted library allocation
|
page read and write
|
||
|
2F4B000
|
heap
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
BF8A8FF000
|
stack
|
page read and write
|
||
|
B1D0000
|
trusted library allocation
|
page read and write
|
||
|
73A447E000
|
unkown
|
page readonly
|
||
|
17BDCC10000
|
heap
|
page read and write
|
||
|
7FF703010000
|
unkown
|
page readonly
|
||
|
B230000
|
trusted library allocation
|
page read and write
|
||
|
17BDCCF9000
|
heap
|
page read and write
|
||
|
A860000
|
trusted library allocation
|
page read and write
|
||
|
73A377E000
|
unkown
|
page readonly
|
||
|
1E431200000
|
trusted library section
|
page readonly
|
There are 534 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=ngen.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
|
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=ngen.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
|
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=ngen.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
|
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=ngen.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
|
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=ngen.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|