Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\dg7zkyyiEZ.exe
|
"C:\Users\user\Desktop\dg7zkyyiEZ.exe"
|
 |
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
5.tcp.eu.ngrok.io:17742
|
|
||
|
https://pastebin.com/raw/EngADTbC=MicrosoftEdgeUpdateTaskMachine
|
unknown
|
||
|
https://pastebin.com/raw/EngADTbC
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
5.tcp.eu.ngrok.io
|
3.64.4.198
|
|
|
|
198.187.3.20.in-addr.arpa
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
3.64.4.198
|
5.tcp.eu.ngrok.io
|
United States
|
|
|
|
3.67.62.142
|
unknown
|
United States
|
|
|
|
3.127.181.115
|
unknown
|
United States
|
|
|
|
3.67.112.102
|
unknown
|
United States
|
|
|
|
3.67.161.133
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
ghost
|
|
|
|
HKEY_CURRENT_USER\Environment
|
SEE_MASK_NOZONECHECKS
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Client.exe
|
[kl]
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C7A000
|
trusted library allocation
|
page read and write
|
|
|
|
4F2000
|
unkown
|
page readonly
|
|
|
|
1080000
|
trusted library allocation
|
page execute and read and write
|
||
|
BAD000
|
heap
|
page read and write
|
||
|
D17000
|
trusted library allocation
|
page execute and read and write
|
||
|
5060000
|
trusted library section
|
page readonly
|
||
|
2C52000
|
trusted library allocation
|
page read and write
|
||
|
6A9E000
|
stack
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
8210000
|
heap
|
page read and write
|
||
|
7F700000
|
trusted library allocation
|
page execute and read and write
|
||
|
F38000
|
heap
|
page read and write
|
||
|
B8F000
|
heap
|
page read and write
|
||
|
AD2000
|
trusted library allocation
|
page execute and read and write
|
||
|
81DE000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
10A3000
|
heap
|
page execute and read and write
|
||
|
8360000
|
trusted library allocation
|
page execute and read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
8273000
|
heap
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
2C45000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
AFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
B1A000
|
heap
|
page read and write
|
||
|
4B98000
|
trusted library allocation
|
page read and write
|
||
|
1064000
|
heap
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
D12000
|
trusted library allocation
|
page read and write
|
||
|
103F000
|
stack
|
page read and write
|
||
|
8281000
|
heap
|
page read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
B0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC9000
|
heap
|
page read and write
|
||
|
B4F000
|
heap
|
page read and write
|
||
|
81B0000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
6D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
4DFA000
|
stack
|
page read and write
|
||
|
59A000
|
stack
|
page read and write
|
||
|
92DE000
|
stack
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
4F1B000
|
stack
|
page read and write
|
||
|
8269000
|
heap
|
page read and write
|
||
|
B1E000
|
heap
|
page read and write
|
||
|
B02000
|
trusted library allocation
|
page execute and read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
AC0000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
heap
|
page execute and read and write
|
||
|
6940000
|
unclassified section
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
6F20000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
5135000
|
heap
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
8228000
|
heap
|
page read and write
|
||
|
8390000
|
heap
|
page read and write
|
||
|
AEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
93DE000
|
stack
|
page read and write
|
||
|
3B91000
|
trusted library allocation
|
page read and write
|
||
|
505B000
|
stack
|
page read and write
|
||
|
8760000
|
heap
|
page read and write
|
||
|
D1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF8000
|
heap
|
page read and write
|
||
|
523D000
|
stack
|
page read and write
|
||
|
6340000
|
heap
|
page read and write
|
||
|
859E000
|
stack
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
4F0000
|
unkown
|
page readonly
|
||
|
8202000
|
heap
|
page read and write
|
||
|
8750000
|
heap
|
page read and write
|
||
|
ADA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
B94000
|
heap
|
page read and write
|
||
|
4E79000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
699E000
|
stack
|
page read and write
|
||
|
CA1000
|
heap
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B91000
|
trusted library allocation
|
page read and write
|
||
|
81E9000
|
heap
|
page read and write
|
||
|
828E000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
81C9000
|
heap
|
page read and write
|
||
|
6920000
|
trusted library allocation
|
page read and write
|
||
|
82EB000
|
stack
|
page read and write
|
||
|
8245000
|
heap
|
page read and write
|
||
|
AE2000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DBA000
|
stack
|
page read and write
|
||
|
6930000
|
heap
|
page execute and read and write
|
||
|
2C3C000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
BBA000
|
heap
|
page read and write
|
||
|
832E000
|
stack
|
page read and write
|
||
|
AF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C6A000
|
trusted library allocation
|
page read and write
|
||
|
B89000
|
heap
|
page read and write
|
||
|
DFC000
|
stack
|
page read and write
|
||
|
820B000
|
heap
|
page read and write
|
||
|
825F000
|
heap
|
page read and write
|
||
|
6542000
|
trusted library allocation
|
page read and write
|
||
|
8499000
|
stack
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
4E3C000
|
stack
|
page read and write
|
||
|
BC1000
|
heap
|
page read and write
|
||
|
501D000
|
stack
|
page read and write
|
||
|
5274000
|
heap
|
page read and write
|
||
|
2C4E000
|
trusted library allocation
|
page read and write
|
There are 103 hidden memdumps, click here to show them.