IOC Report
CZxDiTktSY.exe

loading gif

Files

File Path
Type
Category
Malicious
CZxDiTktSY.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\CZxDiTktSY.exe.log
CSV text
dropped
 malicious
C:\Users\user\AppData\Roaming\Bloxstrap-v2.8.1.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\FileExplorer.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\XClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Downloads\Unconfirmed 798106.crdownload
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Downloads\d109d188-88be-4347-b0fe-3dec135859cb.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\FileExplorer.exe.log
CSV text
dropped
Chrome Cache Entry: 100
ASCII text, with very long lines (1222), with no line terminators
downloaded
Chrome Cache Entry: 101
ASCII text, with very long lines (1676)
dropped
Chrome Cache Entry: 102
ASCII text, with very long lines (5219)
downloaded
Chrome Cache Entry: 103
ASCII text, with very long lines (37818)
downloaded
Chrome Cache Entry: 104
ASCII text, with very long lines (65467)
dropped
Chrome Cache Entry: 105
ASCII text, with very long lines (52717), with no line terminators
dropped
Chrome Cache Entry: 106
PNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 107
ASCII text, with very long lines (5219)
dropped
Chrome Cache Entry: 108
ASCII text, with very long lines (1676)
downloaded
Chrome Cache Entry: 109
PNG image data, 64 x 216, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 110
ASCII text, with very long lines (52717), with no line terminators
downloaded
Chrome Cache Entry: 111
ASCII text, with very long lines (42133)
dropped
Chrome Cache Entry: 112
ASCII text, with very long lines (65467)
downloaded
Chrome Cache Entry: 113
Web Open Font Format, TrueType, length 14468, version 1.1
downloaded
Chrome Cache Entry: 114
ASCII text, with very long lines (1222), with no line terminators
dropped
Chrome Cache Entry: 115
PNG image data, 1340 x 350, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 116
PNG image data, 64 x 216, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 117
HTML document, Unicode text, UTF-8 text, with very long lines (51067)
downloaded
Chrome Cache Entry: 118
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 119
ASCII text, with very long lines (28902)
downloaded
Chrome Cache Entry: 120
Web Open Font Format (Version 2), TrueType, length 16756, version 1.0
downloaded
Chrome Cache Entry: 121
ASCII text, with very long lines (42133)
downloaded
Chrome Cache Entry: 122
ASCII text, with very long lines (28902)
dropped
Chrome Cache Entry: 123
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 124
HTML document, Unicode text, UTF-8 text, with very long lines (51067)
dropped
Chrome Cache Entry: 125
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 126
ASCII text, with very long lines (1626)
downloaded
Chrome Cache Entry: 127
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 128
ASCII text, with very long lines (65398)
downloaded
Chrome Cache Entry: 129
Unicode text, UTF-8 (with BOM) text, with very long lines (65320)
downloaded
Chrome Cache Entry: 130
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 131
ASCII text, with very long lines (548)
downloaded
Chrome Cache Entry: 132
ASCII text, with very long lines (3113)
downloaded
Chrome Cache Entry: 133
TrueType Font data, 15 tables, 1st "OS/2", 49 names, Macintosh, \251 2017 Microsoft Corporation. All Rights Reserved.
downloaded
Chrome Cache Entry: 134
Web Open Font Format, TrueType, length 26288, version 0.0
downloaded
Chrome Cache Entry: 135
ASCII text, with very long lines (4998)
dropped
Chrome Cache Entry: 136
HTML document, ASCII text, with very long lines (31409)
downloaded
Chrome Cache Entry: 137
ASCII text, with very long lines (65409)
downloaded
Chrome Cache Entry: 138
ASCII text, with very long lines (65409)
dropped
Chrome Cache Entry: 139
Web Open Font Format, TrueType, length 14228, version 0.0
downloaded
Chrome Cache Entry: 140
ASCII text, with very long lines (548)
dropped
Chrome Cache Entry: 141
PNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 142
ASCII text, with very long lines (820), with no line terminators
downloaded
Chrome Cache Entry: 143
ASCII text, with very long lines (376), with no line terminators
downloaded
Chrome Cache Entry: 144
ASCII text, with very long lines (65398)
dropped
Chrome Cache Entry: 145
Web Open Font Format, TrueType, length 20712, version 1.1
downloaded
Chrome Cache Entry: 90
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 91
ASCII text, with very long lines (376), with no line terminators
dropped
Chrome Cache Entry: 92
Web Open Font Format (Version 2), TrueType, length 16740, version 1.0
downloaded
Chrome Cache Entry: 93
Web Open Font Format (Version 2), TrueType, length 11448, version 1.0
downloaded
Chrome Cache Entry: 94
ASCII text, with very long lines (4998)
downloaded
Chrome Cache Entry: 95
PNG image data, 1340 x 350, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 96
ASCII text, with very long lines (820), with no line terminators
dropped
Chrome Cache Entry: 97
Unicode text, UTF-8 text, with very long lines (64241)
downloaded
Chrome Cache Entry: 98
ASCII text, with very long lines (1626)
dropped
Chrome Cache Entry: 99
ASCII text, with very long lines (3113)
dropped
There are 54 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\CZxDiTktSY.exe
"C:\Users\user\Desktop\CZxDiTktSY.exe"
 malicious
C:\Users\user\AppData\Roaming\XClient.exe
"C:\Users\user\AppData\Roaming\XClient.exe"
malicious
C:\Users\user\AppData\Roaming\FileExplorer.exe
"C:\Users\user\AppData\Roaming\FileExplorer.exe"
malicious
C:\Users\user\AppData\Roaming\FileExplorer.exe
"C:\Users\user\AppData\Roaming\FileExplorer.exe"
malicious
C:\Users\user\AppData\Roaming\Bloxstrap-v2.8.1.exe
"C:\Users\user\AppData\Roaming\Bloxstrap-v2.8.1.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.35&gui=true
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2032,i,14715254586695196426,7062919900721825726,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=2032,i,14715254586695196426,7062919900721825726,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
tell-outcome.gl.at.ply.gg
malicious
https://github.com/Luximoz)
unknown
https://github.com/sha4owz)
unknown
https://github.com/ShadowCodeX-debug)
unknown
https://crowdin.com/project/bloxstrap
unknown
https://github.com/Redusofficial)
unknown
https://scripts.sil.org/OFLRubik-LightVersion
unknown
https://create.roblox.com/docs/environment/post-processing-effects
unknown
https://github.com/axellse)
unknown
https://github.com/xoofx/markdig/blob/master/license.txt
unknown
https://aka.ms/dotnet/app-launch-failed
unknown
https://js.monitor.azure.com/scripts/c/ms.analytics-web-4.min.js
13.107.246.63
https://github.com/lepoco/wpfui/blob/main/LICENSE
unknown
https://github.com/securifybv/ShellLink/blob/master/LICENSE.txt
unknown
https://d6tizftlrpuof.cloudfront.net/themes/production/microsoft-net-net-theme-campaign-0b982e5e3bfe6b6f78ac7f3be8f28908.css
108.158.71.166
https://assetdelivery.roblox.com/v1/asset/?id=EDiscordRichPresence::SetVisibility;Setting
unknown
https://github.com/lolmanurfunny)
unknown
https://users.roblox.com/v1/users/cRoblox
unknown
https://github.com/NikSavchenk0)
unknown
http://www.roblox.com/asset/?id=133573871-
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/What-is-activity-tracking%3F#discord-rich-presence
unknown
https://d6tizftlrpuof.cloudfront.net/vendor/1.6.5/angular.min.js
108.158.71.166
https://clientsettings.roblox.comKDeserialised
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/What-is-activity-tracking%3F
unknown
https://d6tizftlrpuof.cloudfront.net/themes/production/microsoft-net-net-theme-banner-logo-url-7035f9bbfae08939ebda03d9c2cdd905.png
108.158.71.166
https://thumbnails.roblox.com/v1/users/avatar-headshot?userIds=
unknown
https://w.usabilla.com/a/t?m=b&b=
unknown
https://bloxstraplabs.com/metrics/post-exception
unknown
https://thumbnails.roblox.com/v1/games/icons?universeIds=
unknown
https://github.com/bloxstraplabs/bloxstrap)
unknown
https://github.com/hugo9655)
unknown
https://clientsettingscdn.roblox.com
unknown
https://www.roblox.com/users/2485612194/profile)
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/Bloxstrap-is-unable-to-download-Roblox
unknown
https://bloxstraplabs.com
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/Switching-between-Roblox-and-Bloxstrap
unknown
https://github.com/AskaLangly)
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://s3.amazonaws.com/setup.roblox.com7Bloxstrap.Resources.Strings)About.Licenses.Title9About.Sup
unknown
https://d6tizftlrpuof.cloudfront.net/live/i/5b05b10e10f3d3749a56ff54/c12bb78e35a84ab0c6f6932296f17644e93b092f.html?tags=right
108.158.71.166
https://github.com/bloxstraplabs/bloxstrap/wiki
unknown
https://www.roblox.com/games/GDiscordRichPresence::UpdatePresence7Presence
unknown
http://appsyndication.org/2006/appsynapplicationd:
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/
unknown
https://raw.githubusercontent.com/bloxstraplabs/config/main/supporters.jsonCAboutViewModel::LoadSupp
unknown
https://status.roblox.com)
unknown
https://w.usabilla.com/71e348d38aa1.js?lv=1
52.208.202.206
https://aka.ms/dotnet/app-launch-failed&gui=trueShowing
unknown
https://d6tizftlrpuof.cloudfront.net/themes/production/microsoft-net-net-theme-campaign-0b982e5e3bfe
unknown
http://www.roblox.com/asset/?id=114046169-
unknown
https://github.com/GoingCrazyDude)
unknown
https://github.com/EpixScripts)
unknown
https://setup.rbxcdn.com9https://setup-aws.rbxcdn.com
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/A-guide-to-FastFlags#gui-hiding
unknown
https://github.com/ms-gitblox)
unknown
https://github.com/CubesterYT)
unknown
https://github.com/0xFE0F)
unknown
https://ipinfo.io/
unknown
https://www.clarity.ms/tag/51xi6lo2qb
unknown
https://github.com/axstin)
unknown
https://github.com/Lachee/discord-rpc-csharp/blob/master/LICENSE
unknown
https://www.roblox.com/users/923416649/profile)
unknown
https://www.roblox.com/users/129425241/profile)
unknown
https://api.usabilla.com/v2/f/
unknown
https://github.com/MaximumADHD/Roblox-Studio-Mod-Manager/blob/main/LICENSE
unknown
https://github.com/fxeP1)
unknown
https://scripts.sil.org/OFLThis
unknown
https://aka.ms/dotnet-core-applaunch?You
unknown
https://bloxstraplabs.com)
unknown
https://d6tizftlrpuof.cloudfront.net/live/campaign/js/24a5b93b0f.poll.js
108.158.71.166
https://d6tizftlrpuof.cloudfront.net/live/resources/throbber.gif)
unknown
https://js.monitor.azure.com/scripts/b/ai.2.min.js
13.107.246.63
https://github.com/Mantaraix)
unknown
https://github.com/bloxstraplabs/bloxstrap/blob/main/LICENSE
unknown
https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.35&gui=true
2.23.205.167
https://github.com/DaMlgNoodle)
unknown
https://github.com/MehKako)
unknown
https://github.com/bloxstraplabs/bloxstrap/releases/latest
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/A-guide-to-FastFlags#preferred-lighting-technology
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/Release-notes-for-Bloxstrap-v
unknown
https://github.com/knivesofeylis)
unknown
http://www.roblox.com/F
unknown
https://www.roblox.com/users/158082266/profile)
unknown
https://github.com/bloxstraplabs/bloxstrap/issues/new
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/Privacy-Policy#analytical-functionality
unknown
https://aka.ms/dotnet-core-applaunch?
unknown
https://github.com/apprehensions)
unknown
https://d6tizftlrpuof.cloudfront.net/themes/production/microsoft-net-button-bd8edd6aee4a2cdd05bc7f6ed668f1d6.png
108.158.71.127
https://github.com/sitiom)
unknown
https://github.com/EasternBloxxer)
unknown
https://github.com/carter0nline)
unknown
https://github.com/cub-has-injected)
unknown
http://www.roblox.com/asset/?id=1699715537.
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/A-guide-to-FastFlags
unknown
http://angularjs.org
unknown
https://aka.ms/dotnet/app-launch-faileda.ms/dotnet/app-launch-failed
unknown
https://api.github.com/repos/bloxstraplabs/bloxstrap/releases/latest
unknown
https://github.com/he3als)
unknown
https://raw.githubusercontent.com/bloxstraplabs/config/main/assets/;ActivityWatcher::ReadLogEntry
unknown
https://github.com/bloxstraplabs/bloxstrap/wiki/Bloxstrap-is-unable-to-download-Roblox)
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
tell-outcome.gl.at.ply.gg
147.185.221.24
 malicious
fg.microsoft.map.fastly.net
199.232.210.172
adobetarget.data.adobedc.net
66.235.152.156
d6tizftlrpuof.cloudfront.net
108.158.71.127
www.google.com
142.250.181.100
s-part-0035.t-0009.t-msedge.net
13.107.246.63
aka.ms
2.23.205.167
w.usabilla.com
52.208.202.206
js.monitor.azure.com
unknown
microsoftmscompoc.tt.omtrdc.net
unknown
westus2-0.in.applicationinsights.azure.com
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.4
unknown
unknown
malicious
192.168.68.139
unknown
unknown
malicious
147.185.221.24
tell-outcome.gl.at.ply.gg
United States
malicious
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
108.158.71.127
d6tizftlrpuof.cloudfront.net
United States
54.171.242.81
unknown
United States
142.250.181.100
www.google.com
United States
108.158.71.51
unknown
United States
192.168.2.5
unknown
unknown
2.23.205.167
aka.ms
European Union
239.255.255.250
unknown
Reserved
108.158.71.166
unknown
United States
52.208.202.206
w.usabilla.com
United States
There are 3 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
FileExplorer

Memdumps

Base Address
Regiontype
Protect
Malicious
2D71000
trusted library allocation
page read and write
 malicious
42000
unkown
page readonly
 malicious
770000
trusted library allocation
page read and write
AF4000
stack
page read and write
7FFD9B774000
trusted library allocation
page read and write
1AB1C000
stack
page read and write
1078000
heap
page read and write
1CDA6613000
heap
page read and write
7FF72E6C6000
unkown
page readonly
D20000
trusted library allocation
page read and write
7FFD9B7DC000
trusted library allocation
page execute and read and write
7FFD9B866000
trusted library allocation
page execute and read and write
1CDA4C70000
heap
page read and write
EF4000
stack
page read and write
CCA957E000
stack
page read and write
7FFD9B774000
trusted library allocation
page read and write
7FFD9B793000
trusted library allocation
page execute and read and write
CCA8C7E000
stack
page read and write
1B04D000
stack
page read and write
20FE000
stack
page read and write
1085000
heap
page read and write
2CD0000
heap
page execute and read and write
2665000
trusted library allocation
page read and write
1BA50000
heap
page read and write
12AC1000
trusted library allocation
page read and write
7FF72E6C4000
unkown
page read and write
101A000
heap
page read and write
7FFD9B784000
trusted library allocation
page read and write
1BB1C000
stack
page read and write
1CDA4C02000
heap
page read and write
1CDA6650000
heap
page read and write
225D000
trusted library allocation
page read and write
7FFD9B846000
trusted library allocation
page execute and read and write
184000
stack
page read and write
1B32E000
stack
page read and write
12E93000
trusted library allocation
page read and write
7FFD9B794000
trusted library allocation
page read and write
15B5000
heap
page read and write
7FFD9B880000
trusted library allocation
page execute and read and write
1B85E000
stack
page read and write
7FFD9B830000
trusted library allocation
page read and write
7FFD9B7B0000
trusted library allocation
page read and write
7FFD9B79D000
trusted library allocation
page execute and read and write
1CDA4BD8000
heap
page read and write
1CDA4BFD000
heap
page read and write
1B6E0000
heap
page read and write
C34000
heap
page read and write
1030000
heap
page read and write
7FF72E6A1000
unkown
page execute read
7FFD9B794000
trusted library allocation
page read and write
2E9C000
trusted library allocation
page read and write
12000
unkown
page readonly
7FFD9B794000
trusted library allocation
page read and write
7FFD9B900000
trusted library allocation
page read and write
1AF2F000
stack
page read and write
1A4DE000
heap
page read and write
1CDA4BFE000
heap
page read and write
1BA4E000
stack
page read and write
1BA1C000
stack
page read and write
7FFD9B77D000
trusted library allocation
page execute and read and write
7FF72E6A1000
unkown
page execute read
C71000
heap
page read and write
1CDA6610000
heap
page read and write
1300000
heap
page read and write
7FFD9B770000
trusted library allocation
page read and write
400000
heap
page read and write
BE0000
heap
page read and write
7FFD9B7CC000
trusted library allocation
page execute and read and write
10000
unkown
page readonly
1040000
heap
page read and write
FDC000
heap
page read and write
12D73000
trusted library allocation
page read and write
1CDA4C1A000
heap
page read and write
1060000
heap
page read and write
7FFD9B782000
trusted library allocation
page read and write
FBC000
heap
page read and write
1B2FC000
stack
page read and write
1090000
heap
page read and write
1ABC3000
heap
page read and write
1C15E000
stack
page read and write
7FFD9B82C000
trusted library allocation
page execute and read and write
12AC8000
trusted library allocation
page read and write
BD0000
heap
page read and write
A12000
unkown
page readonly
7FFD9B81C000
trusted library allocation
page execute and read and write
7FFD9B772000
trusted library allocation
page read and write
7FF4C2B50000
trusted library allocation
page execute and read and write
CCA927E000
stack
page read and write
7FFD9B840000
trusted library allocation
page execute and read and write
CCF000
heap
page read and write
FF0000
heap
page read and write
1AB5E000
stack
page read and write
2C80000
trusted library allocation
page read and write
2151000
trusted library allocation
page read and write
7FFD9B7EC000
trusted library allocation
page execute and read and write
1CDA4C29000
heap
page read and write
C0C000
heap
page read and write
CCA897B000
stack
page read and write
1CDA664A000
heap
page read and write
7FFD9B910000
trusted library allocation
page read and write
1B4F0000
heap
page read and write
75E000
stack
page read and write
1CDA4BF3000
heap
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
7FFD9B8B0000
trusted library allocation
page execute and read and write
1CDA4BF3000
heap
page read and write
4B9000
heap
page read and write
1B94E000
stack
page read and write
C6B000
heap
page read and write
720000
unkown
page readonly
7FF72E6BA000
unkown
page readonly
7FFD9B876000
trusted library allocation
page execute and read and write
127E000
stack
page read and write
7FF72E6A0000
unkown
page readonly
D70000
heap
page read and write
7FFD9B783000
trusted library allocation
page execute and read and write
1CDA95A0000
trusted library allocation
page read and write
2D60000
heap
page read and write
15B0000
heap
page read and write
2261000
trusted library allocation
page read and write
CCA8DFE000
stack
page read and write
7E5000
heap
page read and write
CCA8AFF000
stack
page read and write
1CDA4BFD000
heap
page read and write
1C04B000
stack
page read and write
7FFD9B792000
trusted library allocation
page read and write
1CDA4C68000
heap
page read and write
1360000
heap
page read and write
1BC4E000
stack
page read and write
1B12E000
stack
page read and write
4FA000
heap
page read and write
132F000
stack
page read and write
C2C000
heap
page read and write
7FFD9B764000
trusted library allocation
page read and write
1BA58000
heap
page read and write
1B41D000
stack
page read and write
760000
trusted library allocation
page read and write
F20000
heap
page read and write
7FFD9B810000
trusted library allocation
page read and write
10C7000
heap
page read and write
F00000
heap
page read and write
4BE000
heap
page read and write
7FFD9B773000
trusted library allocation
page execute and read and write
F70000
trusted library allocation
page read and write
1D0000
heap
page read and write
7FF72E6C4000
unkown
page write copy
1B48E000
stack
page read and write
855000
heap
page read and write
810000
heap
page read and write
7FFD9B820000
trusted library allocation
page read and write
2E80000
heap
page read and write
147F000
stack
page read and write
1124000
heap
page read and write
2900000
heap
page read and write
7FFD9B890000
trusted library allocation
page execute and read and write
B2C000
unkown
page readonly
CCA90FC000
stack
page read and write
4B2000
heap
page read and write
1ACCA000
stack
page read and write
40000
unkown
page readonly
1CDA6645000
heap
page read and write
1AE24000
stack
page read and write
F7F000
stack
page read and write
496000
heap
page read and write
C41000
heap
page read and write
FA0000
heap
page execute and read and write
101E000
heap
page read and write
1CDA4C01000
heap
page read and write
7FF72E6BA000
unkown
page readonly
7FFD9B79D000
trusted library allocation
page execute and read and write
2C60000
trusted library allocation
page read and write
1330000
heap
page read and write
7FFD9B7BC000
trusted library allocation
page execute and read and write
14A5000
heap
page read and write
7FFD9B77D000
trusted library allocation
page execute and read and write
490000
heap
page read and write
7FF72E6C6000
unkown
page readonly
2AB0000
heap
page execute and read and write
12E98000
trusted library allocation
page read and write
1BAA0000
heap
page execute and read and write
1068000
heap
page read and write
7FFD9B920000
trusted library allocation
page execute and read and write
2A0E000
stack
page read and write
1340000
heap
page read and write
D75000
heap
page read and write
109C000
heap
page read and write
FE4000
heap
page read and write
2ACC000
trusted library allocation
page read and write
1ABC0000
heap
page read and write
FF2000
heap
page read and write
1B91A000
stack
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
BD0000
heap
page read and write
1CDA4B60000
heap
page read and write
2663000
trusted library allocation
page read and write
1060000
heap
page read and write
C6D000
heap
page read and write
7FFD9B790000
trusted library allocation
page read and write
1B9BF000
stack
page read and write
12158000
trusted library allocation
page read and write
1CDA4C01000
heap
page read and write
12E91000
trusted library allocation
page read and write
DE4000
stack
page read and write
7C0000
heap
page read and write
1AD20000
heap
page execute and read and write
7FFD9B826000
trusted library allocation
page read and write
2E9F000
trusted library allocation
page read and write
1CDA4BDF000
heap
page read and write
1305000
heap
page read and write
1335000
heap
page read and write
7B0000
heap
page read and write
E7F000
stack
page read and write
1B510000
heap
page read and write
FDA000
heap
page read and write
12151000
trusted library allocation
page read and write
2CCE000
stack
page read and write
1B6FE000
stack
page read and write
12D78000
trusted library allocation
page read and write
7FFD9B770000
trusted library allocation
page read and write
14A0000
heap
page read and write
CCA8F76000
stack
page read and write
1E0000
heap
page read and write
1B130000
heap
page read and write
140E000
stack
page read and write
12D71000
trusted library allocation
page read and write
1BCAE000
stack
page read and write
1CDA4C28000
heap
page read and write
2E91000
trusted library allocation
page read and write
49C000
heap
page read and write
780000
heap
page execute and read and write
1CDA4C70000
heap
page read and write
1B800000
heap
page execute and read and write
7FFD9B7A0000
trusted library allocation
page read and write
54A000
heap
page read and write
773000
trusted library allocation
page read and write
1BBAE000
stack
page read and write
1CDA4A50000
heap
page read and write
1B02E000
stack
page read and write
109A000
heap
page read and write
1022000
heap
page read and write
1CDA4B30000
heap
page read and write
7FFD9B763000
trusted library allocation
page execute and read and write
850000
heap
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
F90000
trusted library allocation
page read and write
1B8B0000
heap
page read and write
583000
heap
page read and write
1CDA4BFD000
heap
page read and write
7FF72E6A0000
unkown
page readonly
7FFD9B856000
trusted library allocation
page execute and read and write
1BD4E000
stack
page read and write
C2A000
heap
page read and write
4D2000
heap
page read and write
1AB9E000
stack
page read and write
54F000
heap
page read and write
1088000
heap
page read and write
1CDA4BD0000
heap
page read and write
470000
trusted library allocation
page read and write
7FFD9B79D000
trusted library allocation
page execute and read and write
2DDF000
stack
page read and write
C06000
heap
page read and write
1A6DD000
stack
page read and write
1BF4E000
stack
page read and write
7FFD9B920000
trusted library allocation
page read and write
4D0000
heap
page read and write
7FFD9B7A4000
trusted library allocation
page read and write
1BE4E000
stack
page read and write
7FFD9B930000
trusted library allocation
page read and write
7FFD9B850000
trusted library allocation
page execute and read and write
7FFD9B7AD000
trusted library allocation
page execute and read and write
C00000
heap
page read and write
1CDA4C70000
heap
page read and write
7FFD9B840000
trusted library allocation
page read and write
D40000
trusted library allocation
page read and write
2140000
heap
page read and write
1A180000
trusted library allocation
page read and write
1065000
heap
page read and write
1CDA4BFA000
heap
page read and write
7FFD9B7A2000
trusted library allocation
page read and write
1CDA4C68000
heap
page read and write
420000
heap
page read and write
1122000
heap
page read and write
CC0000
heap
page read and write
CCA93FB000
stack
page read and write
C3F000
heap
page read and write
7FFD9B8A0000
trusted library allocation
page execute and read and write
7FFD9B830000
trusted library allocation
page execute and read and write
1BA5C000
heap
page read and write
10000
unkown
page readonly
10C5000
heap
page read and write
1CDA6570000
heap
page read and write
7E0000
heap
page read and write
FB0000
heap
page read and write
FB6000
heap
page read and write
12AC3000
trusted library allocation
page read and write
1CDA4C68000
heap
page read and write
7FFD9B76D000
trusted library allocation
page execute and read and write
1B7ED000
stack
page read and write
7FFD9B820000
trusted library allocation
page execute and read and write
2AC1000
trusted library allocation
page read and write
1BA82000
heap
page read and write
7FFD9B790000
trusted library allocation
page read and write
7FFD9B780000
trusted library allocation
page read and write
7FFD9B780000
trusted library allocation
page read and write
2D50000
heap
page execute and read and write
1CDA6640000
heap
page read and write
2EA1000
trusted library allocation
page read and write
1B5FF000
stack
page read and write
7E0000
heap
page read and write
1B179000
heap
page read and write
There are 300 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.36-windows-x64-installer?cid=getdotnetcore
https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.36-windows-x64-installer?cid=getdotnetcore
https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.36-windows-x64-installer?cid=getdotnetcore
https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.36-windows-x64-installer?cid=getdotnetcore
https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.36-windows-x64-installer?cid=getdotnetcore