Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\GCGHJEBGHJ.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\JKFIDGDHJE.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_d92f9ce144c1913ea91516593a19cb772a1c4ed_0f4a0a05_c2357629-7ef6-4bff-b9a0-e153775f8777\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\66f75fd9dc673_vasd[1].exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\66f75feece638_ldmg[1].exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\IJKFHDBKFCAA\AECAKE
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\CBFIJE
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\CGIDAA
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\GCBFBG
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\GHIJJE
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 6
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\GIJJKF
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\HIDGCF
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie
0x37, schema 4, UTF-8, version-valid-for 8
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\KECBGC
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\KKFBAA
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\IJKFHDBKFCAA\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\JJECFIECBGDG\AKFIDH
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 6
|
dropped
|
||
|
C:\ProgramData\JJECFIECBGDG\EBGCBA
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\JJECFIECBGDG\IDBAKK
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER94AA.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat Sep 28 03:23:47 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9603.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9623.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GCGHJEBGHJ.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JKFIDGDHJE.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\delays.tmp
|
ISO-8859 text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\ProgramData\GCGHJEBGHJ.exe
|
"C:\ProgramData\GCGHJEBGHJ.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\ProgramData\JKFIDGDHJE.exe
|
"C:\ProgramData\JKFIDGDHJE.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 1692
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 676
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IJKFHDBKFCAA" & exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout /t 10
|
There are 15 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://t.me/
|
unknown
|
|
|
|
stogeneratmns.shop
|
|
||
|
reinforcenh.shop
|
|
||
|
https://steamcommunity.com/profiles/76561199780418869
|
|
||
|
ghostreedmnu.shop
|
|
||
|
http://cowod.hopto.org/
|
45.132.206.251
|
|
|
|
fragnantbui.shop
|
|
||
|
gutterydhowi.shop
|
|
||
|
https://offensivedzvju.shop/api
|
188.114.97.3
|
|
|
|
https://t.me/jamsemlg
|
149.154.167.99
|
|
|
|
offensivedzvju.shop
|
|
||
|
drawzhotdog.shop
|
|
||
|
https://files.bloodqwe.shop/ldms/66f75feece638_ldmg.exe
|
172.67.167.90
|
|
|
|
https://files.bloodqwe.shop/ldms/66f75fd9dc673_vasd.exe
|
172.67.167.90
|
|
|
|
vozmeatillu.shop
|
|
||
|
https://bloodqwe.shop/
|
172.67.167.90
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://bloodqwe.shop:443csrss.exe
|
unknown
|
||
|
https://files.bloodqwe.shop/$~
|
unknown
|
||
|
https://web.telegram.org
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://bloodqwe.shop:4438.134
|
unknown
|
||
|
http://ocsp.entrust.net02
|
unknown
|
||
|
http://cowod.hopto.org
|
unknown
|
||
|
https://t.me/jamsemlgdsgwegsdhttps://steamcommunity.com/profiles/76561199780418869u55uMozilla/5.0
|
unknown
|
||
|
https://bloodqwe.shop:443Local
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
|
unknown
|
||
|
http://cowod.hopto.org/e
|
unknown
|
||
|
https://offensivedzvju.shop/
|
unknown
|
||
|
http://cowod.hoptoEBFHIEG
|
unknown
|
||
|
http://cowod.hopto.org_DEBUG.zip/c
|
unknown
|
||
|
https://bloodqwe.shop/#
|
unknown
|
||
|
https://t.me/dZ
|
unknown
|
||
|
https://files.bloodqwe.shop/ldms/66f75fd9dc673_vasd.exeta;
|
unknown
|
||
|
https://files.bloodqwe.shop/ldms/66f75feece638_ldmg.exeta;
|
unknown
|
||
|
http://cowod.hopto.
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://offensivedzvju.shop/pi
|
unknown
|
||
|
http://cowod.hopto
|
unknown
|
||
|
http://cowod.JECFIEBFHIEG
|
unknown
|
||
|
http://crl.entrust.net/ts1ca.crl0
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://t.me/ae5ed
|
unknown
|
||
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
https://bloodqwe.shop/D
|
unknown
|
||
|
https://mozilla.org0/
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://bloodqwe.shop/H
|
unknown
|
||
|
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
|
unknown
|
||
|
http://cowod.hopto.BFHIEG
|
unknown
|
||
|
http://www.entrust.net/rpa03
|
unknown
|
||
|
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
|
unknown
|
||
|
https://files.bloodqwe.shop/ldms/66f75feece638_ldmg.exe1kkkk1237658https://files.bloodqwe.shop/ldms/
|
unknown
|
||
|
http://aia.entrust.net/ts1-chain256.cer01
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://bloodqwe.shop/FIECBGDG
|
unknown
|
||
|
https://files.bloodqwe.shop/2~
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://bloodqwe.shop/er
|
unknown
|
||
|
https://bloodqwe.shop:443
|
unknown
|
||
|
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
|
unknown
|
||
|
https://bloodqwe.shop/i
|
unknown
|
||
|
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
|
unknown
|
||
|
http://cowod.hopto.orgIEG
|
unknown
|
||
|
https://bloodqwe.shop/p
|
unknown
|
||
|
http://go.microsoft.c
|
unknown
|
||
|
https://bloodqwe.shop/:4
|
unknown
|
||
|
https://t.me/ae5edu55uhttps://steamcommunity.com/profiles/76561199780418869sql.dllsqlp.dllMozilla/5.
|
unknown
|
||
|
https://bloodqwe.shop/w
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
|
unknown
|
||
|
https://www.entrust.net/rpa0
|
unknown
|
||
|
https://bloodqwe.shop/ERg
|
unknown
|
There are 70 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cowod.hopto.org
|
45.132.206.251
|
|
|
|
bloodqwe.shop
|
172.67.167.90
|
|
|
|
offensivedzvju.shop
|
188.114.97.3
|
|
|
|
t.me
|
149.154.167.99
|
|
|
|
files.bloodqwe.shop
|
172.67.167.90
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.167.90
|
bloodqwe.shop
|
United States
|
|
|
|
188.114.97.3
|
offensivedzvju.shop
|
European Union
|
|
|
|
149.154.167.99
|
t.me
|
United Kingdom
|
|
|
|
45.132.206.251
|
cowod.hopto.org
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214EF-0000-0000-C000-000000000046} 0xFFFF
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProgramId
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
FileId
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LongPathHash
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Name
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
OriginalFileName
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Publisher
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Version
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinFileVersion
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinaryType
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProductName
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProductVersion
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LinkDate
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinProductVersion
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Size
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Language
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
IsOsComponent
|
||
|
\REGISTRY\A\{14ba6a29-2b83-455f-fbfe-9e4286d70ee3}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 15 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4745000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
459E000
|
trusted library allocation
|
page read and write
|
|
|
|
43A000
|
remote allocation
|
page execute and read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
12A3E000
|
stack
|
page read and write
|
||
|
19CAC000
|
heap
|
page read and write
|
||
|
1757000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
1AB6C000
|
stack
|
page read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
19DA0000
|
heap
|
page read and write
|
||
|
4BFF000
|
stack
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
1BFB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A1C0000
|
heap
|
page read and write
|
||
|
1A08E000
|
stack
|
page read and write
|
||
|
165A000
|
heap
|
page read and write
|
||
|
19D26000
|
heap
|
page read and write
|
||
|
1A160000
|
heap
|
page read and write
|
||
|
12E5C000
|
stack
|
page read and write
|
||
|
1980000
|
heap
|
page read and write
|
||
|
1766000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page execute and read and write
|
||
|
980000
|
remote allocation
|
page execute and read and write
|
||
|
1A410000
|
heap
|
page read and write
|
||
|
1A098000
|
heap
|
page read and write
|
||
|
286D000
|
stack
|
page read and write
|
||
|
198E000
|
heap
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
1A14E000
|
heap
|
page read and write
|
||
|
193D000
|
heap
|
page read and write
|
||
|
17A4000
|
heap
|
page read and write
|
||
|
C99000
|
heap
|
page read and write
|
||
|
B5C000
|
remote allocation
|
page execute and read and write
|
||
|
9E3000
|
remote allocation
|
page execute and read and write
|
||
|
9C4000
|
remote allocation
|
page execute and read and write
|
||
|
108DF000
|
stack
|
page read and write
|
||
|
61ED3000
|
direct allocation
|
page read and write
|
||
|
1A2CD000
|
stack
|
page read and write
|
||
|
1544E000
|
stack
|
page read and write
|
||
|
11F1000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
14FBD000
|
stack
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
1A52C000
|
heap
|
page read and write
|
||
|
178E000
|
stack
|
page read and write
|
||
|
1A169000
|
heap
|
page read and write
|
||
|
1C40000
|
trusted library allocation
|
page read and write
|
||
|
E8B000
|
heap
|
page read and write
|
||
|
29A3000
|
trusted library allocation
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
1BD4000
|
trusted library allocation
|
page read and write
|
||
|
16E4000
|
heap
|
page read and write
|
||
|
5BFE000
|
stack
|
page read and write
|
||
|
F72000
|
stack
|
page read and write
|
||
|
331B000
|
trusted library allocation
|
page execute and read and write
|
||
|
39A1000
|
trusted library allocation
|
page read and write
|
||
|
C53000
|
trusted library allocation
|
page execute and read and write
|
||
|
18EE000
|
stack
|
page read and write
|
||
|
61ECC000
|
direct allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
A02000
|
remote allocation
|
page execute and read and write
|
||
|
9E62000
|
heap
|
page read and write
|
||
|
13F8000
|
stack
|
page read and write
|
||
|
1C30000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
61ECD000
|
direct allocation
|
page readonly
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
118D000
|
stack
|
page read and write
|
||
|
437000
|
remote allocation
|
page execute and read and write
|
||
|
1BC4000
|
trusted library allocation
|
page read and write
|
||
|
119C000
|
stack
|
page read and write
|
||
|
19EFC000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
118A000
|
heap
|
page read and write
|
||
|
1B80000
|
heap
|
page read and write
|
||
|
45E000
|
remote allocation
|
page execute and read and write
|
||
|
1B7F000
|
stack
|
page read and write
|
||
|
2B6D000
|
stack
|
page read and write
|
||
|
190E000
|
stack
|
page read and write
|
||
|
1900000
|
heap
|
page read and write
|
||
|
32F4000
|
trusted library allocation
|
page read and write
|
||
|
169A000
|
heap
|
page read and write
|
||
|
16DC000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
1A0CC000
|
heap
|
page read and write
|
||
|
A290000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
1A153000
|
heap
|
page read and write
|
||
|
1A21C000
|
stack
|
page read and write
|
||
|
36FF000
|
stack
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
61E00000
|
direct allocation
|
page execute and read and write
|
||
|
2E9C000
|
stack
|
page read and write
|
||
|
50E000
|
remote allocation
|
page execute and read and write
|
||
|
3AEE000
|
stack
|
page read and write
|
||
|
E82000
|
unkown
|
page readonly
|
||
|
1199000
|
stack
|
page read and write
|
||
|
1D6F000
|
stack
|
page read and write
|
||
|
299E000
|
stack
|
page read and write
|
||
|
16BA000
|
heap
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
1945000
|
heap
|
page read and write
|
||
|
16E1000
|
heap
|
page read and write
|
||
|
61EB7000
|
direct allocation
|
page readonly
|
||
|
1512F000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
109C000
|
stack
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
5A3E000
|
stack
|
page read and write
|
||
|
114D000
|
heap
|
page read and write
|
||
|
19CA2000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
3550000
|
heap
|
page execute and read and write
|
||
|
1435000
|
heap
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
39A5000
|
trusted library allocation
|
page read and write
|
||
|
9BF000
|
remote allocation
|
page execute and read and write
|
||
|
1203000
|
heap
|
page read and write
|
||
|
1952000
|
heap
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page read and write
|
||
|
3B27000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
780F000
|
stack
|
page read and write
|
||
|
1091B000
|
stack
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
5B3E000
|
stack
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
4565000
|
trusted library allocation
|
page read and write
|
||
|
9F50000
|
unclassified section
|
page read and write
|
||
|
3A9E000
|
stack
|
page read and write
|
||
|
4672000
|
trusted library allocation
|
page read and write
|
||
|
1910000
|
heap
|
page read and write
|
||
|
61ED4000
|
direct allocation
|
page readonly
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
2EDC000
|
stack
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
1A0C0000
|
heap
|
page read and write
|
||
|
19CA0000
|
heap
|
page read and write
|
||
|
459B000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
19A6000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
E7F000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1980000
|
heap
|
page read and write
|
||
|
1774E000
|
stack
|
page read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
195E000
|
stack
|
page read and write
|
||
|
105D000
|
stack
|
page read and write
|
||
|
191E000
|
heap
|
page read and write
|
||
|
1A0AF000
|
stack
|
page read and write
|
||
|
E67000
|
heap
|
page read and write
|
||
|
D3B000
|
stack
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
17C0000
|
heap
|
page read and write
|
||
|
7DD000
|
stack
|
page read and write
|
||
|
104BF000
|
stack
|
page read and write
|
||
|
1C10000
|
trusted library allocation
|
page read and write
|
||
|
E56000
|
heap
|
page read and write
|
||
|
C64000
|
trusted library allocation
|
page read and write
|
||
|
153DD000
|
stack
|
page read and write
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
1A14A000
|
heap
|
page read and write
|
||
|
3340000
|
trusted library allocation
|
page execute and read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
3B20000
|
heap
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
unkown
|
page readonly
|
||
|
1AD0C000
|
stack
|
page read and write
|
||
|
104FD000
|
stack
|
page read and write
|
||
|
35F0000
|
heap
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
19CD2000
|
heap
|
page read and write
|
||
|
1147000
|
heap
|
page read and write
|
||
|
61EB4000
|
direct allocation
|
page read and write
|
||
|
126F000
|
heap
|
page read and write
|
||
|
C9E000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
1A12D000
|
heap
|
page read and write
|
||
|
9E3000
|
remote allocation
|
page execute and read and write
|
||
|
622000
|
unkown
|
page readonly
|
||
|
61EB6000
|
direct allocation
|
page read and write
|
||
|
C7E000
|
heap
|
page read and write
|
||
|
12E9D000
|
stack
|
page read and write
|
||
|
19AB000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
1AE0C000
|
stack
|
page read and write
|
||
|
1910000
|
heap
|
page read and write
|
||
|
3730000
|
heap
|
page execute and read and write
|
||
|
17B6E000
|
stack
|
page read and write
|
||
|
1278000
|
heap
|
page read and write
|
||
|
1A15C000
|
heap
|
page read and write
|
||
|
18C0000
|
heap
|
page read and write
|
||
|
C3B000
|
stack
|
page read and write
|
||
|
3741000
|
trusted library allocation
|
page execute and read and write
|
||
|
3743000
|
trusted library allocation
|
page read and write
|
||
|
CA6000
|
heap
|
page read and write
|
||
|
151A000
|
heap
|
page read and write
|
||
|
1A31A000
|
stack
|
page read and write
|
||
|
9E50000
|
heap
|
page read and write
|
||
|
1A3CE000
|
stack
|
page read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
E5E000
|
heap
|
page read and write
|
||
|
19D0D000
|
heap
|
page read and write
|
||
|
12AA000
|
heap
|
page read and write
|
||
|
C60000
|
trusted library allocation
|
page read and write
|
||
|
70C000
|
stack
|
page read and write
|
||
|
3310000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
19D0F000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
D00000
|
unkown
|
page readonly
|
||
|
29A1000
|
trusted library allocation
|
page execute and read and write
|
||
|
124C000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C4000
|
remote allocation
|
page execute and read and write
|
||
|
4561000
|
trusted library allocation
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
33AE000
|
stack
|
page read and write
|
||
|
9E5000
|
remote allocation
|
page execute and read and write
|
||
|
3563000
|
trusted library allocation
|
page read and write
|
||
|
1BF0000
|
trusted library allocation
|
page read and write
|
||
|
1778000
|
stack
|
page read and write
|
||
|
A9B000
|
remote allocation
|
page execute and read and write
|
||
|
CB8000
|
heap
|
page read and write
|
||
|
1B04D000
|
stack
|
page read and write
|
||
|
AF8000
|
stack
|
page read and write
|
||
|
19CCE000
|
heap
|
page read and write
|
||
|
19F40000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
11D3000
|
heap
|
page read and write
|
||
|
3350000
|
trusted library allocation
|
page read and write
|
||
|
F7C000
|
stack
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
577D000
|
stack
|
page read and write
|
||
|
A4D000
|
remote allocation
|
page execute and read and write
|
||
|
17ADC000
|
stack
|
page read and write
|
||
|
1554F000
|
stack
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
101F000
|
stack
|
page read and write
|
||
|
19B4000
|
heap
|
page read and write
|
||
|
3561000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A1CE000
|
stack
|
page read and write
|
||
|
19CBD000
|
heap
|
page read and write
|
||
|
167A000
|
heap
|
page read and write
|
||
|
34AE000
|
stack
|
page read and write
|
||
|
9F3E000
|
stack
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
A02000
|
remote allocation
|
page execute and read and write
|
||
|
98E000
|
remote allocation
|
page execute and read and write
|
||
|
E3A000
|
heap
|
page read and write
|
||
|
73DE000
|
stack
|
page read and write
|
||
|
1C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD0000
|
trusted library allocation
|
page read and write
|
||
|
1A0EE000
|
heap
|
page read and write
|
||
|
167C000
|
stack
|
page read and write
|
||
|
1BC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
61ECC000
|
direct allocation
|
page read and write
|
||
|
1915000
|
heap
|
page read and write
|
||
|
1955000
|
heap
|
page read and write
|
||
|
19DFC000
|
stack
|
page read and write
|
||
|
19D18000
|
heap
|
page read and write
|
||
|
4741000
|
trusted library allocation
|
page read and write
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
1517E000
|
stack
|
page read and write
|
||
|
16FA000
|
heap
|
page read and write
|
||
|
12A5000
|
heap
|
page read and write
|
||
|
C78000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
991F000
|
stack
|
page read and write
|
||
|
1502E000
|
stack
|
page read and write
|
||
|
1A172000
|
heap
|
page read and write
|
||
|
16DA000
|
heap
|
page read and write
|
||
|
C66000
|
trusted library allocation
|
page read and write
|
||
|
A9B000
|
remote allocation
|
page execute and read and write
|
||
|
19D32000
|
heap
|
page read and write
|
||
|
1988000
|
heap
|
page read and write
|
||
|
CB5000
|
heap
|
page read and write
|
||
|
5CFF000
|
stack
|
page read and write
|
||
|
61E01000
|
direct allocation
|
page execute read
|
||
|
1918000
|
heap
|
page read and write
|
||
|
1559D000
|
stack
|
page read and write
|
||
|
32E4000
|
trusted library allocation
|
page read and write
|
||
|
32F6000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
1C60000
|
heap
|
page read and write
|
||
|
1A0DD000
|
heap
|
page read and write
|
||
|
A280000
|
heap
|
page read and write
|
||
|
745000
|
heap
|
page read and write
|
||
|
17E5000
|
heap
|
page read and write
|
||
|
19C0000
|
heap
|
page read and write
|
||
|
A380000
|
unclassified section
|
page read and write
|
||
|
E7C000
|
stack
|
page read and write
|
||
|
E8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
1B0F000
|
stack
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
D02000
|
unkown
|
page readonly
|
||
|
C54000
|
trusted library allocation
|
page read and write
|
||
|
103BE000
|
stack
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
1BD6000
|
trusted library allocation
|
page read and write
|
||
|
1BB0000
|
trusted library allocation
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
61ED0000
|
direct allocation
|
page read and write
|
||
|
9BF000
|
remote allocation
|
page execute and read and write
|
||
|
176A000
|
heap
|
page read and write
|
||
|
D65000
|
heap
|
page read and write
|
||
|
176BC000
|
stack
|
page read and write
|
||
|
2A2D000
|
stack
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
B6E000
|
remote allocation
|
page execute and read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
19C8F000
|
stack
|
page read and write
|
||
|
3558000
|
trusted library allocation
|
page read and write
|
||
|
4B3E000
|
stack
|
page read and write
|
||
|
61ED6000
|
direct allocation
|
page readonly
|
||
|
112E000
|
stack
|
page read and write
|
||
|
B5C000
|
remote allocation
|
page execute and read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
620000
|
unkown
|
page readonly
|
||
|
16DE000
|
heap
|
page read and write
|
||
|
559D000
|
stack
|
page read and write
|
||
|
569D000
|
stack
|
page read and write
|
||
|
12A7E000
|
stack
|
page read and write
|
||
|
32F0000
|
trusted library allocation
|
page read and write
|
||
|
107DE000
|
stack
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
2FDF000
|
stack
|
page read and write
|
||
|
1634000
|
heap
|
page read and write
|
||
|
32E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3257000
|
heap
|
page read and write
|
There are 339 hidden memdumps, click here to show them.