Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
batteryacid.dat.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1771c62af96114fb83baec5ef424ae1819cb3650_82810a17_00d61356\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1771c62af96114fb83baec5ef424ae1819cb3650_82810a17_1c6e13d3\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_26a6cc57e4ced2c19f09ae278ade2876040a245_82810a17_1c1a1441\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_7ec94696d4f5167a22d8d01ba83c94e0c28d4894_82810a17_1c121402\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 06:40:11 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER212.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER270.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER34A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 06:40:11 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF3D8.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 06:40:07 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF56F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF59F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFFEE.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 06:40:11 2023, 0x1205a4 type
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\5NRH02A3.htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (26606)
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\batteryacid.dat.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\batteryacid.dat.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\batteryacid.dat.dll,l_cmsComputeInterpParams@24
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\batteryacid.dat.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\batteryacid.dat.dll,l_cmsFloat2Half@4
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\batteryacid.dat.dll,l_cmsFreeInterpParams@4
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 652
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\batteryacid.dat.dll",l_cmsComputeInterpParams@24
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\batteryacid.dat.dll",l_cmsFloat2Half@4
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\batteryacid.dat.dll",l_cmsFreeInterpParams@4
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\batteryacid.dat.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\batteryacid.dat.dll",lmsstrcasecmp
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\batteryacid.dat.dll",lmsfilelength
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 652
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://home.treasury.gov/footer/no-fear-act
|
unknown
|
||
|
https://www.linkedin.com/company/irs
|
unknown
|
||
|
https://s2.go-mpulse.net/boomerang/
|
unknown
|
||
|
https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp
|
unknown
|
||
|
https://www.twitter.com/IRSnews
|
unknown
|
||
|
https://www.irs.gov/ht
|
unknown
|
||
|
https://www.usaspending.gov
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://twitter.com/IRSnews
|
unknown
|
||
|
https://www.irs.gov/ru
|
unknown
|
||
|
https://www.irs.gov/pub/image/logo_small.jpg
|
unknown
|
||
|
https://www.youtube.com/embed/p3mmROYjyYM?autoplay=0&start=0&rel=0
|
unknown
|
||
|
https://www.youtube.com/user/irsvideos
|
unknown
|
||
|
https://s.go-mpulse.net/boomerang/
|
unknown
|
||
|
https://www.irs.gov/zh-hans
|
unknown
|
||
|
https://www.treasury.gov/tigta/
|
unknown
|
||
|
https://jobs.irs.gov/
|
unknown
|
||
|
https://www.irs.gov/zh-hant
|
unknown
|
||
|
https://www.irs.gov/es
|
unknown
|
||
|
https://www.treasury.gov/
|
unknown
|
||
|
https://static.addtoany.com/menu/page.js
|
unknown
|
||
|
https://www.irs.gov/
|
unknown
|
||
|
https://www.irs.gov/vi
|
unknown
|
||
|
https://www.instagram.com/irsnews
|
unknown
|
||
|
https://www.irs.gov
|
unknown
|
||
|
https://irs.gov/
|
152.216.7.110
|
||
|
https://www.irs.gov/ko
|
unknown
|
||
|
https://www.drupal.org)
|
unknown
|
||
|
https://www.usa.gov/
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
irs.gov
|
152.216.7.110
|
||
|
www.irs.gov
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
92.98.55.221
|
unknown
|
United Arab Emirates
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
86.208.35.220
|
unknown
|
France
|
|
|
|
86.195.14.72
|
unknown
|
France
|
|
|
|
82.36.36.76
|
unknown
|
United Kingdom
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
125.99.69.178
|
unknown
|
India
|
|
|
|
74.14.39.7
|
unknown
|
Canada
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
121.121.108.120
|
unknown
|
Malaysia
|
|
|
|
116.74.164.17
|
unknown
|
India
|
|
|
|
213.64.33.92
|
unknown
|
Sweden
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
24.234.220.88
|
unknown
|
United States
|
|
|
|
123.3.240.16
|
unknown
|
Australia
|
|
|
|
78.130.215.67
|
unknown
|
Bulgaria
|
|
|
|
176.133.4.230
|
unknown
|
France
|
|
|
|
72.205.104.134
|
unknown
|
United States
|
|
|
|
217.165.233.122
|
unknown
|
United Arab Emirates
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
190.75.72.44
|
unknown
|
Venezuela
|
|
|
|
70.49.205.198
|
unknown
|
Canada
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
37.14.229.220
|
unknown
|
Spain
|
|
|
|
41.227.190.59
|
unknown
|
Tunisia
|
|
|
|
100.4.163.158
|
unknown
|
United States
|
|
|
|
103.141.50.43
|
unknown
|
India
|
|
|
|
165.120.169.171
|
unknown
|
United States
|
|
|
|
82.131.141.209
|
unknown
|
Hungary
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
89.115.200.234
|
unknown
|
Portugal
|
|
|
|
31.53.29.216
|
unknown
|
United Kingdom
|
|
|
|
178.175.187.254
|
unknown
|
Moldova Republic of
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
103.87.128.228
|
unknown
|
India
|
|
|
|
94.59.123.30
|
unknown
|
United Arab Emirates
|
|
|
|
37.189.89.196
|
unknown
|
Portugal
|
|
|
|
124.246.122.199
|
unknown
|
Singapore
|
|
|
|
59.28.84.65
|
unknown
|
Korea Republic of
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
85.57.212.13
|
unknown
|
Spain
|
|
|
|
1.221.179.74
|
unknown
|
Korea Republic of
|
|
|
|
66.241.183.99
|
unknown
|
United States
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
81.111.108.123
|
unknown
|
United Kingdom
|
|
|
|
103.144.201.48
|
unknown
|
unknown
|
|
|
|
151.62.238.176
|
unknown
|
Italy
|
|
|
|
92.20.204.198
|
unknown
|
United Kingdom
|
|
|
|
201.143.215.69
|
unknown
|
Mexico
|
|
|
|
193.80.73.200
|
unknown
|
Austria
|
|
|
|
192.143.255.159
|
unknown
|
South Africa
|
|
|
|
92.239.81.124
|
unknown
|
United Kingdom
|
|
|
|
41.186.88.38
|
unknown
|
Rwanda
|
|
|
|
193.253.100.236
|
unknown
|
France
|
|
|
|
105.184.209.117
|
unknown
|
South Africa
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
125.63.121.38
|
unknown
|
India
|
|
|
|
68.227.249.138
|
unknown
|
United States
|
|
|
|
182.75.189.42
|
unknown
|
India
|
|
|
|
105.102.10.220
|
unknown
|
Algeria
|
|
|
|
116.120.145.170
|
unknown
|
Korea Republic of
|
|
|
|
103.139.242.6
|
unknown
|
India
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
122.186.210.254
|
unknown
|
India
|
|
|
|
78.159.146.65
|
unknown
|
Italy
|
|
|
|
92.184.102.115
|
unknown
|
France
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
93.187.148.45
|
unknown
|
United Kingdom
|
|
|
|
122.184.143.86
|
unknown
|
India
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
45.62.70.33
|
unknown
|
Canada
|
|
|
|
83.249.198.100
|
unknown
|
Sweden
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
199.27.66.213
|
unknown
|
United States
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
86.173.2.12
|
unknown
|
United Kingdom
|
|
|
|
74.12.146.221
|
unknown
|
Canada
|
|
|
|
90.29.86.138
|
unknown
|
France
|
|
|
|
197.2.173.77
|
unknown
|
Tunisia
|
|
|
|
174.58.146.57
|
unknown
|
United States
|
|
|
|
59.88.174.146
|
unknown
|
India
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
49.175.72.188
|
unknown
|
Korea Republic of
|
|
|
|
75.98.154.19
|
unknown
|
United States
|
|
|
|
213.91.235.146
|
unknown
|
Bulgaria
|
|
|
|
77.126.99.230
|
unknown
|
Israel
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
84.216.198.201
|
unknown
|
Sweden
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
94.207.125.252
|
unknown
|
United Arab Emirates
|
|
|
|
73.207.160.219
|
unknown
|
United States
|
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{f09b9ab7-f5d4-6fd5-310d-b8561f8cd72e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0095C03A1A5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0095C03A1A5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0095C03A1A5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0095C03A1A5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
73499096
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
46d640d8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
449760a4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
fc2b07c1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
8123484b
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
399f2f2e
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
fe6a27bd
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
c00ff60
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
73499096
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
73499096
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
73499096
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xgeyzuofgy
|
73499096
|
There are 37 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4740000
|
heap
|
page read and write
|
|
|
|
96A000
|
heap
|
page read and write
|
|
|
|
3320000
|
heap
|
page read and write
|
||
|
29375FA0000
|
heap
|
page readonly
|
||
|
312A000
|
heap
|
page read and write
|
||
|
293751A6000
|
heap
|
page read and write
|
||
|
6D43000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
1005D000
|
unkown
|
page readonly
|
||
|
65ED000
|
heap
|
page read and write
|
||
|
7027000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
8EA000
|
heap
|
page read and write
|
||
|
65FC000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
DB88CFE000
|
stack
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
5C60000
|
heap
|
page read and write
|
||
|
5BC0000
|
trusted library allocation
|
page read and write
|
||
|
1DC3D03A000
|
unkown
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
6306000
|
heap
|
page read and write
|
||
|
6D43000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
7A3F000
|
heap
|
page read and write
|
||
|
320A000
|
heap
|
page read and write
|
||
|
6D31000
|
heap
|
page read and write
|
||
|
73C6779000
|
stack
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
5C52000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
1005A000
|
unkown
|
page read and write
|
||
|
60EE000
|
heap
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
45BF000
|
stack
|
page read and write
|
||
|
1005D000
|
unkown
|
page readonly
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
4500000
|
trusted library allocation
|
page read and write
|
||
|
1005A000
|
unkown
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
1DC3D07A000
|
unkown
|
page read and write
|
||
|
47BF000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
6D31000
|
heap
|
page read and write
|
||
|
823F000
|
heap
|
page read and write
|
||
|
BFF000
|
stack
|
page read and write
|
||
|
B0F000
|
stack
|
page read and write
|
||
|
6D31000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
1DC3D200000
|
heap
|
page read and write
|
||
|
1005D000
|
unkown
|
page readonly
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
6D31000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
7D25000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
47BF000
|
heap
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
4A6E000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
29375460000
|
trusted library allocation
|
page read and write
|
||
|
BCF000
|
direct allocation
|
page read and write
|
||
|
1DC3D029000
|
heap
|
page read and write
|
||
|
57B000
|
stack
|
page read and write
|
||
|
6D21000
|
heap
|
page read and write
|
||
|
43F1000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
5C61000
|
heap
|
page read and write
|
||
|
6D43000
|
heap
|
page read and write
|
||
|
29375459000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
29375FB0000
|
trusted library allocation
|
page read and write
|
||
|
BD2000
|
direct allocation
|
page readonly
|
||
|
753F000
|
heap
|
page read and write
|
||
|
61A0000
|
heap
|
page read and write
|
||
|
1DC3CF20000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
702A000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
4AAF000
|
stack
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
63B2000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
1DC3D031000
|
heap
|
page read and write
|
||
|
7521000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
45F1000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
10055000
|
unkown
|
page write copy
|
||
|
8236000
|
heap
|
page read and write
|
||
|
7BC000
|
stack
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
457E000
|
stack
|
page read and write
|
||
|
10055000
|
unkown
|
page write copy
|
||
|
6BC000
|
stack
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
6D21000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
BCA000
|
direct allocation
|
page readonly
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
5C41000
|
heap
|
page read and write
|
||
|
293751EC000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
10055000
|
unkown
|
page write copy
|
||
|
DB88A7B000
|
stack
|
page read and write
|
||
|
1DC3D08B000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
4790000
|
heap
|
page read and write
|
||
|
1DC3D300000
|
heap
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
293751E4000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
73C627D000
|
stack
|
page read and write
|
||
|
1DC3D000000
|
unkown
|
page read and write
|
||
|
D9B000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
1DC3D07A000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
6FB000
|
stack
|
page read and write
|
||
|
5BC0000
|
trusted library allocation
|
page read and write
|
||
|
DB88BFB000
|
stack
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
29375FC0000
|
trusted library allocation
|
page read and write
|
||
|
1005A000
|
unkown
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
4830000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
1005A000
|
unkown
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page read and write
|
||
|
5C61000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
4A6F000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2DEF000
|
stack
|
page read and write
|
||
|
5C57000
|
heap
|
page read and write
|
||
|
B3C000
|
stack
|
page read and write
|
||
|
33BA000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
6D43000
|
heap
|
page read and write
|
||
|
5BC0000
|
trusted library allocation
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
1DC3D123000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
73C677E000
|
stack
|
page read and write
|
||
|
45F1000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
5C41000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
1DC3D02E000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
10043000
|
unkown
|
page readonly
|
||
|
6D31000
|
heap
|
page read and write
|
||
|
1005D000
|
unkown
|
page readonly
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
30CA000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
7D22000
|
heap
|
page read and write
|
||
|
4DF0000
|
heap
|
page read and write
|
||
|
7BB000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
293753E0000
|
trusted library allocation
|
page read and write
|
||
|
DAE000
|
heap
|
page read and write
|
||
|
29375D40000
|
trusted library allocation
|
page read and write
|
||
|
293753F0000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
1005D000
|
unkown
|
page readonly
|
||
|
29375180000
|
heap
|
page read and write
|
||
|
6D21000
|
heap
|
page read and write
|
||
|
1DC3D013000
|
unkown
|
page read and write
|
||
|
4B50000
|
heap
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
73C6479000
|
stack
|
page read and write
|
||
|
1DC3D31B000
|
heap
|
page read and write
|
||
|
10043000
|
unkown
|
page readonly
|
||
|
7FB000
|
stack
|
page read and write
|
||
|
6D43000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
5BC0000
|
trusted library allocation
|
page read and write
|
||
|
7026000
|
heap
|
page read and write
|
||
|
AAA000
|
heap
|
page read and write
|
||
|
1DC3D03A000
|
heap
|
page read and write
|
||
|
2F3B000
|
stack
|
page read and write
|
||
|
10054000
|
unkown
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
C1F000
|
stack
|
page read and write
|
||
|
1DC3D102000
|
trusted library allocation
|
page read and write
|
||
|
5C41000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
29375455000
|
heap
|
page read and write
|
||
|
6D21000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
6D31000
|
heap
|
page read and write
|
||
|
1DC3D100000
|
trusted library allocation
|
page read and write
|
||
|
7022000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
1DC3D115000
|
trusted library allocation
|
page read and write
|
||
|
53C000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
B60000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
45E0000
|
heap
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
6D21000
|
heap
|
page read and write
|
||
|
6D21000
|
heap
|
page read and write
|
||
|
1DC3D037000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
1DC3D213000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
85E000
|
stack
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
293752A0000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
B1C000
|
stack
|
page read and write
|
||
|
6D43000
|
heap
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
2D3C000
|
stack
|
page read and write
|
||
|
6D21000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
1DC3D302000
|
heap
|
page read and write
|
||
|
1DC3D313000
|
heap
|
page read and write
|
||
|
6D31000
|
heap
|
page read and write
|
||
|
1DC3D302000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
10055000
|
unkown
|
page write copy
|
||
|
B90000
|
heap
|
page read and write
|
||
|
BA0000
|
direct allocation
|
page execute read
|
||
|
5BC0000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
4730000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
2C8A000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
1DC3D038000
|
heap
|
page read and write
|
||
|
10055000
|
unkown
|
page write copy
|
||
|
3410000
|
heap
|
page read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
29375050000
|
trusted library allocation
|
page read and write
|
||
|
50C000
|
stack
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
6D21000
|
heap
|
page read and write
|
||
|
5C52000
|
heap
|
page read and write
|
||
|
752A000
|
heap
|
page read and write
|
||
|
2D1B000
|
stack
|
page read and write
|
||
|
BB1000
|
direct allocation
|
page execute read
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
BCB000
|
stack
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
B8B000
|
stack
|
page read and write
|
||
|
293751B1000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
6D31000
|
heap
|
page read and write
|
||
|
A9F000
|
stack
|
page read and write
|
||
|
4763000
|
heap
|
page read and write
|
||
|
6D43000
|
heap
|
page read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
9A8000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
4850000
|
heap
|
page read and write
|
||
|
6D31000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
10043000
|
unkown
|
page readonly
|
||
|
B5B000
|
stack
|
page read and write
|
||
|
5C41000
|
heap
|
page read and write
|
||
|
54B000
|
stack
|
page read and write
|
||
|
1005A000
|
unkown
|
page read and write
|
||
|
29375450000
|
heap
|
page read and write
|
||
|
6D21000
|
heap
|
page read and write
|
||
|
1DC3D313000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
DB88C79000
|
stack
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
5C60000
|
heap
|
page read and write
|
||
|
1DC3CEC0000
|
trusted library allocation
|
page read and write
|
||
|
1DC3D202000
|
heap
|
page read and write
|
||
|
681C000
|
heap
|
page read and write
|
||
|
5E00000
|
trusted library allocation
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2CDC000
|
stack
|
page read and write
|
||
|
2EFC000
|
stack
|
page read and write
|
||
|
10043000
|
unkown
|
page readonly
|
||
|
6D43000
|
heap
|
page read and write
|
||
|
29375F90000
|
trusted library allocation
|
page read and write
|
||
|
2CAA000
|
heap
|
page read and write
|
||
|
293751EC000
|
heap
|
page read and write
|
||
|
29375D50000
|
trusted library allocation
|
page read and write
|
||
|
29376010000
|
trusted library allocation
|
page read and write
|
||
|
73C6879000
|
stack
|
page read and write
|
||
|
45F0000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
4CA0000
|
heap
|
page read and write
|
||
|
293751A0000
|
heap
|
page read and write
|
||
|
BB0000
|
direct allocation
|
page read and write
|
||
|
33FE000
|
stack
|
page read and write
|
||
|
DA9000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page read and write
|
||
|
5BC0000
|
trusted library allocation
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
DB88D79000
|
stack
|
page read and write
|
||
|
29375040000
|
heap
|
page read and write
|
||
|
1DC3CEB0000
|
heap
|
page read and write
|
||
|
4940000
|
heap
|
page read and write
|
||
|
6D31000
|
heap
|
page read and write
|
||
|
2D7B000
|
stack
|
page read and write
|
||
|
10043000
|
unkown
|
page readonly
|
||
|
B2F000
|
stack
|
page read and write
|
||
|
6D43000
|
heap
|
page read and write
|
||
|
5BC0000
|
trusted library allocation
|
page read and write
|
||
|
6D43000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
4A60000
|
heap
|
page read and write
|
||
|
1DC3D302000
|
heap
|
page read and write
|
||
|
293751EC000
|
heap
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
77C000
|
stack
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
1DC3D037000
|
heap
|
page read and write
|
||
|
6D21000
|
heap
|
page read and write
|
||
|
1DC3D07A000
|
heap
|
page read and write
|
There are 397 hidden memdumps, click here to show them.