Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\lXLWfHWHMd.exe
|
"C:\Users\user\Desktop\lXLWfHWHMd.exe"
|
 |
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://go.microsoft.
|
unknown
|
||
|
https://pastebin.com/raw/EngADTbC=MicrosoftEdgeUpdateTaskMachine
|
unknown
|
||
|
https://pastebin.com/raw/EngADTbC
|
unknown
|
||
|
http://go.microsoft.LinkId=42127
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
0.tcp.eu.ngrok.io
|
18.192.31.30
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
18.192.31.30
|
0.tcp.eu.ngrok.io
|
United States
|
|
|
|
3.78.28.71
|
unknown
|
United States
|
|
|
|
3.74.27.83
|
unknown
|
United States
|
|
|
|
52.57.120.10
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
ghost
|
|
|
|
HKEY_CURRENT_USER\Environment
|
SEE_MASK_NOZONECHECKS
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Client.exe
|
[kl]
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
432000
|
unkown
|
page readonly
|
|
|
|
2C4A000
|
trusted library allocation
|
page read and write
|
|
|
|
5970000
|
heap
|
page read and write
|
||
|
2AC7000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
5722000
|
heap
|
page read and write
|
||
|
5450000
|
heap
|
page read and write
|
||
|
273E000
|
stack
|
page read and write
|
||
|
E90000
|
heap
|
page execute and read and write
|
||
|
A15000
|
heap
|
page read and write
|
||
|
D55000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
D87000
|
trusted library allocation
|
page execute and read and write
|
||
|
5200000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
unclassified section
|
page read and write
|
||
|
2AD8000
|
trusted library allocation
|
page read and write
|
||
|
559A000
|
stack
|
page read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
5734000
|
heap
|
page read and write
|
||
|
A28000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
875000
|
heap
|
page read and write
|
||
|
572D000
|
heap
|
page read and write
|
||
|
701BF000
|
unkown
|
page readonly
|
||
|
4D79000
|
stack
|
page read and write
|
||
|
549C000
|
stack
|
page read and write
|
||
|
D62000
|
trusted library allocation
|
page execute and read and write
|
||
|
56DE000
|
stack
|
page read and write
|
||
|
2A81000
|
trusted library allocation
|
page read and write
|
||
|
5783000
|
heap
|
page read and write
|
||
|
574A000
|
heap
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
D7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
D92000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A81000
|
trusted library allocation
|
page read and write
|
||
|
D72000
|
trusted library allocation
|
page execute and read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
4CBC000
|
stack
|
page read and write
|
||
|
5940000
|
trusted library allocation
|
page execute and read and write
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
D8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5755000
|
heap
|
page read and write
|
||
|
DA2000
|
trusted library allocation
|
page read and write
|
||
|
DA7000
|
trusted library allocation
|
page execute and read and write
|
||
|
575D000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
4A88000
|
trusted library allocation
|
page read and write
|
||
|
5960000
|
heap
|
page read and write
|
||
|
701A0000
|
unkown
|
page readonly
|
||
|
7F4A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
701BD000
|
unkown
|
page read and write
|
||
|
5765000
|
heap
|
page read and write
|
||
|
DAB000
|
trusted library allocation
|
page execute and read and write
|
||
|
55DE000
|
stack
|
page read and write
|
||
|
4D3C000
|
stack
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
4CFA000
|
stack
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
5380000
|
heap
|
page read and write
|
||
|
701B6000
|
unkown
|
page readonly
|
||
|
578C000
|
heap
|
page read and write
|
||
|
D9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5711000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
701A1000
|
unkown
|
page execute read
|
||
|
850000
|
heap
|
page read and write
|
||
|
5705000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
5725000
|
heap
|
page read and write
|
||
|
4DC0000
|
heap
|
page read and write
|
||
|
2DE5000
|
trusted library allocation
|
page read and write
|
||
|
5719000
|
heap
|
page read and write
|
||
|
5747000
|
heap
|
page read and write
|
||
|
D06000
|
heap
|
page read and write
|
||
|
5D9000
|
stack
|
page read and write
|
||
|
5D6000
|
stack
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
56FA000
|
heap
|
page read and write
|
||
|
99F000
|
heap
|
page read and write
|
||
|
A1B000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
4DC3000
|
heap
|
page read and write
|
||
|
D6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DA000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
There are 90 hidden memdumps, click here to show them.