Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
fck.bat
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1gjppz5n.sjv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dircw3ii.lq2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hyc23bz1.asq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kuvbac0k.mq5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_widcjerw.qjc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yv4gpxzr.g51.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\fck.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Set-MpPreference -DisableRealtimeMonitoring $true
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /v "AllowEncryptionOracle"
/t REG_DWORD /d 2 /f
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD
/d 0 /f
|
|
|
|
C:\Windows\System32\reg.exe
|
"C:\Windows\system32\reg.exe" add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server /v fDenyTSConnections
/t REG_DWORD /d 0 /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
|
|
|
C:\Windows\System32\netsh.exe
|
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\sc.exe
|
sc stop WinDefend
|
||
|
C:\Windows\System32\sc.exe
|
sc config WinDefend start= disabled
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\drivers\rdpvideominiport.sys
|
|||
|
C:\Windows\System32\drivers\rdpdr.sys
|
|||
|
C:\Windows\System32\drivers\tsusbhub.sys
|
There are 4 hidden processes, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server
|
fDenyTSConnections
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
|
AllowEncryptionOracle
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri\1d9f5d7d5d7623d\5efce468
|
@{Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ad0df649d8e6\5efce468
|
@{Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ad0e18f8a3da\5efce468
|
@{Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Microsoft3DViewer/Common.View.UWP/Resources/StoreAppName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri\1d9f5d7d5e34e03\5efce468
|
@{Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.MixedReality.Portal/Resources/PkgDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ad0ed2e23bd\5efce468
|
@{Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.MSPaint/resources/AppName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.People_10.1902.633.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri\1d9f5d7d5e812f0\5efce468
|
@{Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri\1d9f5d7d5ecd7c9\5efce468
|
@{Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.StorePurchaseApp/Resources/DisplayTitle}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri\1d9f5d7d5f8c337\5efce468
|
@{Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsCalculator/Resources/AppStoreName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri\1d9f5d7d5fd87eb\5efce468
|
@{Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri\1d9f5d7d6024ca8\5efce468
|
@{Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri\1d9f5d7d6109aaa\5efce468
|
@{Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.YourPhone/Resources/AppName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri\1d9f5d7d6155f79\5efce468
|
@{Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri\1d9f5d7d618ac35\5efce468
|
@{Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CParentalControls_cw5n1h2txyewy%5Cresources.pri\1d8c32fd30d0ae0\4b38d458
|
@{Microsoft.Windows.ParentalControls_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.AccountsControl_cw5n1h2txyewy%5Cresources.pri\1d8c32fd52327f0\4b38d458
|
@{Microsoft.AccountsControl_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.LockApp_cw5n1h2txyewy%5Cresources.pri\1d8c32ff076865c\4b38d458
|
@{Microsoft.LockApp_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.XboxGameCallableUI_cw5n1h2txyewy%5Cresources.pri\1d5acdddadc1b8f\4b38d458
|
@{Microsoft.XboxGameCallableUI_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy%5Cresources.pri\1d5ad0d6f88fe76\4b38d458
|
@{Microsoft.Windows.SecureAssessmentBrowser_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecureAssessmentBrowser/Resources/PackageDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.SecHealthUI_cw5n1h2txyewy%5Cresources.pri\1d8c32fe79d7ff7\4b38d458
|
@{Microsoft.Windows.SecHealthUI_10.0.19041.1865_neutral__cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecHealthUI/resources/PackageDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.PeopleExperienceHost_cw5n1h2txyewy%5Cresources.pri\1d8c32fe6e84da4\4b38d458
|
@{Microsoft.Windows.PeopleExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.PeopleExperienceHost/resources/PkgDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5Cmicrosoft.windows.narratorquickstart_8wekyb3d8bbwe%5Cresources.pri\1d5acdded540f4d\4b38d458
|
@{Microsoft.Windows.NarratorQuickStart_10.0.19041.1023_neutral_neutral_8wekyb3d8bbwe?ms-resource://Microsoft.Windows.NarratorQuickStart/Resources/AppDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AppRep.ChxApp_cw5n1h2txyewy%5Cresources.pri\1d5acddee1afafc\4b38d458
|
@{Microsoft.Windows.Apprep.ChxApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Win32WebViewHost_cw5n1h2txyewy%5Cresources.pri\1d5acdef0fedca\4b38d458
|
@{Microsoft.Win32WebViewHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.Win32WebViewHost/resources/DisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ad0e4744055\5efce468
|
@{Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsCamera/Resources/AppStoreName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cmicrosoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ad0da1259ffb\5efce468
|
@{microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDesktop_DisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ad0dfbb57c2e\5efce468
|
@{Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ad0e85410b6\5efce468
|
@{Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.DesktopAppInstaller/Resources/appDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.ContentDeliveryManager_cw5n1h2txyewy%5Cresources.pri\1d5acddd82645c0\4b38d458
|
@{Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.Search_cw5n1h2txyewy%5Cresources.pri\1d8c33020ca63e3\4b38d458
|
@{Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Search/resources/PackageDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CShellExperienceHost_cw5n1h2txyewy%5Cresources.pri\1d8c3301c13f68d\4b38d458
|
@{Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy%5Cresources.pri\1d5acddea4e2414\4b38d458
|
@{Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.StartMenuExperienceHost/StartMenuExperienceHost/PkgDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy%5Cresources.pri\1d5acddeb9898a7\4b38d458
|
@{Microsoft.Windows.OOBENetworkCaptivePortal_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://Microsoft.Windows.OOBENetworkCaptivePortal/Resources/AppDisplayName}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.CloudExperienceHost_cw5n1h2txyewy%5Cresources.pri\1d8c32fdff34402\4b38d458
|
@{Microsoft.Windows.CloudExperienceHost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@%SystemRoot%\system32\firewallapi.dll,-60501
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@peerdistsh.dll,-9003
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@peerdistsh.dll,-9002
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@peerdistsh.dll,-9001
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@peerdistsh.dll,-9000
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@wlansvc.dll,-36864
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@sstpsvc.dll,-35001
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@%systemroot%\system32\provsvc.dll,-202
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@%SystemRoot%\system32\firewallapi.dll,-53500
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@wifidisplay.dll,-100
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@%SystemRoot%\system32\firewallapi.dll,-37302
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@%SystemRoot%\system32\icsvc.dll,-700
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@%systemroot%\system32\dosvc.dll,-100
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@wlansvc.dll,-36865
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}
|
Class
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}
|
NoDisplayClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}
|
NoUseClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}
|
Class
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}
|
NoDisplayClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}
|
NoUseClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{091bc97e-2352-4362-a539-10a6d8ff7596}
|
Class
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{091bc97e-2352-4362-a539-10a6d8ff7596}
|
NoDisplayClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{091bc97e-2352-4362-a539-10a6d8ff7596}
|
NoUseClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{091bc97e-2352-4362-a539-10a6d8ff7596}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tsusbhub\Parameters\Wdf
|
WdfMajorVersion
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tsusbhub\Parameters\Wdf
|
WdfMinorVersion
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{191a5137-7c9d-43c0-a943-de4411f424f7}\##?#TS_USB_HUB_Enumerator#UMB#2&30d3618&0&TS_USB_HUB#{191a5137-7c9d-43c0-a943-de4411f424f7}
|
DeviceInstance
|
There are 55 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B6C28E0000
|
heap
|
page read and write
|
||
|
2A803D09000
|
heap
|
page read and write
|
||
|
230F2420000
|
heap
|
page read and write
|
||
|
1785A2B0000
|
heap
|
page read and write
|
||
|
2B6C28F0000
|
heap
|
page read and write
|
||
|
202204E0000
|
heap
|
page read and write
|
||
|
1785A327000
|
heap
|
page read and write
|
||
|
FB5DD1E000
|
stack
|
page read and write
|
||
|
A5089D000
|
stack
|
page read and write
|
||
|
F83717F000
|
stack
|
page read and write
|
||
|
230F2330000
|
heap
|
page read and write
|
||
|
2B6C2950000
|
heap
|
page read and write
|
||
|
2B6C2958000
|
heap
|
page read and write
|
||
|
230F2425000
|
heap
|
page read and write
|
||
|
F83707D000
|
stack
|
page read and write
|
||
|
2B6C2BF0000
|
heap
|
page read and write
|
||
|
1785A1B0000
|
heap
|
page read and write
|
||
|
1785A320000
|
heap
|
page read and write
|
||
|
230F24A0000
|
heap
|
page read and write
|
||
|
F8370FF000
|
stack
|
page read and write
|
||
|
20220319000
|
heap
|
page read and write
|
||
|
230F2430000
|
heap
|
page read and write
|
||
|
2A803CB0000
|
heap
|
page read and write
|
||
|
20220500000
|
heap
|
page read and write
|
||
|
2A803CE0000
|
heap
|
page read and write
|
||
|
E371F2D000
|
stack
|
page read and write
|
||
|
20220310000
|
heap
|
page read and write
|
||
|
1785A565000
|
heap
|
page read and write
|
||
|
2B6C2910000
|
heap
|
page read and write
|
||
|
2B6C2BF5000
|
heap
|
page read and write
|
||
|
A5099F000
|
stack
|
page read and write
|
||
|
2A804005000
|
heap
|
page read and write
|
||
|
FB5DC9D000
|
stack
|
page read and write
|
||
|
FD6F3FE000
|
stack
|
page read and write
|
||
|
20220650000
|
heap
|
page read and write
|
||
|
E37227E000
|
stack
|
page read and write
|
||
|
1785A290000
|
heap
|
page read and write
|
||
|
A5091E000
|
stack
|
page read and write
|
||
|
FD6F2FC000
|
stack
|
page read and write
|
||
|
230F24A8000
|
heap
|
page read and write
|
||
|
20220300000
|
heap
|
page read and write
|
||
|
20220654000
|
heap
|
page read and write
|
||
|
2A803D00000
|
heap
|
page read and write
|
||
|
E3722FE000
|
unkown
|
page readonly
|
||
|
E37237E000
|
stack
|
page read and write
|
||
|
2A803CC0000
|
heap
|
page read and write
|
||
|
1785A560000
|
heap
|
page read and write
|
||
|
2A804000000
|
heap
|
page read and write
|
||
|
230F2450000
|
heap
|
page read and write
|
||
|
FD6F6FF000
|
stack
|
page read and write
|
||
|
FB5DD9E000
|
stack
|
page read and write
|
There are 41 hidden memdumps, click here to show them.