Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
01_COVER_LETTER_-_FOR_E_PAYMENT.vbe
|
data
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\mBUojysElnsNYdM.vbs
|
ISO-8859 text
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_06aa6660-5866-4c52-bf3f-216c35e81dae\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_1875bc6f-2351-4caa-af07-ddd8ff64dfac\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_1ad3a57e-4e53-4856-86c7-07816daa8d4b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_41c328ab-7460-4040-a823-a0f0b8c30a45\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_5ac8cd7c-e124-47c2-a4d4-699b7dc06196\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_8ad5e66d-79a3-4c96-9658-b402b8edb290\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_aa8d3bbe-ab8b-4e66-b348-b5e4a99848d3\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_b738a297-2c33-445b-a6af-ab3f12057130\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_f30f9f23-2252-413a-815f-f103f029fbb2\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_fa71f64c-a402-424a-83dc-6695f6c834b8\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER15D6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1615.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER189E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER19F7.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B33.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B63.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F6F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER504B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B46.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B67.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D15.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D35.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB046.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB066.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBCE2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD12.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE0D6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE0F7.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE2A5.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE2C5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_04nr4zew.jgq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0hh2ccgh.mns.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1foa3zv3.jhi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2hn0xigp.k0l.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bv2l0bch.gkp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ccpzu3ex.z2l.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dtsg4psr.ua4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dvdq1ak5.y4z.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fbvaebua.azz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g0gv2kx5.dc1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gavupmrq.4qb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h5y21vrf.k25.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j4oixfh5.vem.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lhrf5m4s.2pw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lygwdskb.ogi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tcacbzdw.mwn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uld1bwk3.uyg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w3cytwwg.es3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wrcrcuoy.0ru.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zss2thmk.bd2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF5109c9.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF516e31.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF51d603.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF523ba2.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF52a2d8.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF5309fe.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF536e27.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF53d2bd.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF54382e.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CXDDYDFRMABXQC2YVI04.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DXUCUQ8F892RWC0EPONW.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I86UPN4P7QD73MBINPH2.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K07PGO2TA6OUWY4XJ1PD.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KNVHWLQJWSZLZJ2A42BZ.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QS3QK1M1TC8F04MXKC0O.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SOPCD0JK296ZW80O30M3.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TU3HXJJAMTQD7V3T16G2.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UCSBMANS2KK7YCR1LEJV.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\W8D1M7IG5DUTD8USBM35.temp
|
data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with very long lines (875), with CRLF line terminators, with escape sequences
|
dropped
|
There are 65 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\01_COVER_LETTER_-_FOR_E_PAYMENT.vbe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Roaming\mBUojysElnsNYdM.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5960" "2556" "2808" "2640" "0" "0" "2560" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5264" "2560" "2180" "2464" "0" "0" "2640" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2056" "2800" "2732" "2804" "0" "0" "2808" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "3780" "2612" "2844" "2596" "0" "0" "2508" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5256" "2508" "2512" "2556" "0" "0" "2560" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5368" "2468" "2228" "2508" "0" "0" "2496" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "6068" "2816" "2752" "2820" "0" "0" "2824" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1596" "2640" "2808" "2340" "0" "0" "2572" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4392" "2800" "2312" "2804" "0" "0" "2808" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "6780" "2824" "2552" "2828" "0" "0" "2832" "0" "0" "0" "0" "0"
|
There are 32 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://144.91.79.54/2508/file140B807A6BN
|
unknown
|
||
|
http://144.91.79.54/2508/file53C7849C57
|
unknown
|
||
|
http://144.91.79.54/ll
|
unknown
|
||
|
http://schemas.m
|
unknown
|
||
|
http://144.91.79.54/2508/file
|
unknown
|
||
|
http://144.91.79.54/c
|
unknown
|
||
|
http://144.91.79.54/2508/v75
|
unknown
|
||
|
http://144.91.79.54/
|
unknown
|
||
|
http://144.91.79.54/2508/u9icZZB5Fm5owWojnw5Q.txt
|
unknown
|
||
|
http://144.91.79.54:80/2508/s
|
unknown
|
||
|
http://144.91.79.54/2508/v
|
unknown
|
||
|
http://144.91.79.54/2508/stem
|
unknown
|
||
|
http://144.91.79.54:80/2508/fileJb
|
unknown
|
||
|
http://144.91.79.54/2508/r
|
unknown
|
||
|
http://144.91.79.54/2508/s
|
unknown
|
There are 5 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
144.91.79.54
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment11
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment13
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment14
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment20
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment23
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment25
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment26
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment27
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment28
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment29
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM\donn
|
segment30
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM
|
cn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM
|
i
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM
|
s
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM
|
r
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM
|
Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\mBUojysElnsNYdM
|
v
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 30 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
DB0000
|
remote allocation
|
page execute and read and write
|
|
|
|
1710000
|
direct allocation
|
page read and write
|
|
|
|
1760000
|
direct allocation
|
page execute and read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
21317A86000
|
heap
|
page read and write
|
||
|
249A3804000
|
heap
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
176A000
|
direct allocation
|
page read and write
|
||
|
1BB8000
|
direct allocation
|
page execute and read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
249A37D4000
|
heap
|
page read and write
|
||
|
FDD000
|
stack
|
page read and write
|
||
|
21315AA3000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
213159D2000
|
heap
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
249A3812000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
1AE6000
|
direct allocation
|
page execute and read and write
|
||
|
7E5A1FE000
|
stack
|
page read and write
|
||
|
21318137000
|
heap
|
page read and write
|
||
|
7E5A2FE000
|
stack
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21315A0F000
|
heap
|
page read and write
|
||
|
1B26000
|
direct allocation
|
page execute and read and write
|
||
|
249A37CF000
|
heap
|
page read and write
|
||
|
1767000
|
direct allocation
|
page execute and read and write
|
||
|
213159F1000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
7E5A7FD000
|
stack
|
page read and write
|
||
|
1670000
|
direct allocation
|
page read and write
|
||
|
213159FE000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
C2CADFF000
|
stack
|
page read and write
|
||
|
C2CB2FE000
|
stack
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
1A72000
|
direct allocation
|
page execute and read and write
|
||
|
249A3806000
|
heap
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
21315955000
|
heap
|
page read and write
|
||
|
1D11000
|
direct allocation
|
page execute and read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
177F000
|
stack
|
page read and write
|
||
|
249A3808000
|
heap
|
page read and write
|
||
|
2131811A000
|
heap
|
page read and write
|
||
|
249A37DA000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
249A37E0000
|
heap
|
page read and write
|
||
|
249A37EB000
|
heap
|
page read and write
|
||
|
17FF000
|
stack
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
2131788A000
|
heap
|
page read and write
|
||
|
1BAF000
|
stack
|
page read and write
|
||
|
249A3710000
|
heap
|
page read and write
|
||
|
21315A94000
|
heap
|
page read and write
|
||
|
213159E0000
|
heap
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
1940000
|
direct allocation
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
21315958000
|
heap
|
page read and write
|
||
|
15C8000
|
heap
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
1AB6000
|
direct allocation
|
page execute and read and write
|
||
|
1B36000
|
direct allocation
|
page execute and read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
21315A51000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
249A37E6000
|
heap
|
page read and write
|
||
|
ED3000
|
direct allocation
|
page execute and read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
193F000
|
stack
|
page read and write
|
||
|
1A27000
|
direct allocation
|
page execute and read and write
|
||
|
21315A8D000
|
heap
|
page read and write
|
||
|
21317CA5000
|
heap
|
page read and write
|
||
|
1740000
|
direct allocation
|
page read and write
|
||
|
213179D6000
|
heap
|
page read and write
|
||
|
21315A0C000
|
heap
|
page read and write
|
||
|
17E0000
|
direct allocation
|
page execute and read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
21315A11000
|
heap
|
page read and write
|
||
|
21315A72000
|
heap
|
page read and write
|
||
|
1876000
|
direct allocation
|
page execute and read and write
|
||
|
21315A84000
|
heap
|
page read and write
|
||
|
213159DC000
|
heap
|
page read and write
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
21315A25000
|
heap
|
page read and write
|
||
|
1388000
|
heap
|
page read and write
|
||
|
21315A7E000
|
heap
|
page read and write
|
||
|
249A3804000
|
heap
|
page read and write
|
||
|
1408000
|
heap
|
page read and write
|
||
|
2131774C000
|
heap
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
1C7D000
|
direct allocation
|
page execute and read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
249A3808000
|
heap
|
page read and write
|
||
|
1A46000
|
direct allocation
|
page execute and read and write
|
||
|
21315AAB000
|
heap
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
21315A35000
|
heap
|
page read and write
|
||
|
249A37DB000
|
heap
|
page read and write
|
||
|
21315A74000
|
heap
|
page read and write
|
||
|
192A000
|
direct allocation
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
21315959000
|
heap
|
page read and write
|
||
|
213159B0000
|
heap
|
page read and write
|
||
|
196A000
|
direct allocation
|
page read and write
|
||
|
7E5A4FF000
|
stack
|
page read and write
|
||
|
113D000
|
stack
|
page read and write
|
||
|
249A3680000
|
heap
|
page read and write
|
||
|
21317D00000
|
heap
|
page read and write
|
||
|
2131775B000
|
heap
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
249A37DA000
|
heap
|
page read and write
|
||
|
21315A25000
|
heap
|
page read and write
|
||
|
2131775B000
|
heap
|
page read and write
|
||
|
21315960000
|
heap
|
page read and write
|
||
|
2131595E000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
21317750000
|
heap
|
page read and write
|
||
|
1AA0000
|
direct allocation
|
page execute and read and write
|
||
|
21315A8C000
|
heap
|
page read and write
|
||
|
21315A0C000
|
heap
|
page read and write
|
||
|
7E5A0F2000
|
stack
|
page read and write
|
||
|
249A3804000
|
heap
|
page read and write
|
||
|
887000
|
heap
|
page read and write
|
||
|
19B7000
|
direct allocation
|
page execute and read and write
|
||
|
249A3808000
|
heap
|
page read and write
|
||
|
213159C1000
|
heap
|
page read and write
|
||
|
21315A16000
|
heap
|
page read and write
|
||
|
1822000
|
direct allocation
|
page execute and read and write
|
||
|
2131788B000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
166E000
|
stack
|
page read and write
|
||
|
1B22000
|
direct allocation
|
page execute and read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
6FD000
|
stack
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
213180DF000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
213173D0000
|
heap
|
page read and write
|
||
|
124D000
|
stack
|
page read and write
|
||
|
1B49000
|
direct allocation
|
page execute and read and write
|
||
|
249A3804000
|
heap
|
page read and write
|
||
|
21317C13000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
249A380F000
|
heap
|
page read and write
|
||
|
1478000
|
heap
|
page read and write
|
||
|
13EE000
|
stack
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
249A37E9000
|
heap
|
page read and write
|
||
|
1960000
|
heap
|
page read and write
|
||
|
21315A2B000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
1D20000
|
heap
|
page read and write
|
||
|
249A37E3000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
249A37ED000
|
heap
|
page read and write
|
||
|
1AD3000
|
direct allocation
|
page execute and read and write
|
||
|
21317D30000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
213179D0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
1889000
|
direct allocation
|
page execute and read and write
|
||
|
2131807E000
|
heap
|
page read and write
|
||
|
18B2000
|
direct allocation
|
page execute and read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
1CED000
|
direct allocation
|
page execute and read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
199D000
|
direct allocation
|
page execute and read and write
|
||
|
1860000
|
direct allocation
|
page execute and read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
2131774C000
|
heap
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
213179D5000
|
heap
|
page read and write
|
||
|
21315959000
|
heap
|
page read and write
|
||
|
21315A15000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
249A3814000
|
heap
|
page read and write
|
||
|
12FD000
|
stack
|
page read and write
|
||
|
249A37D4000
|
heap
|
page read and write
|
||
|
249A37E4000
|
heap
|
page read and write
|
||
|
21317748000
|
heap
|
page read and write
|
||
|
249A3808000
|
heap
|
page read and write
|
||
|
43D000
|
stack
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
21315A93000
|
heap
|
page read and write
|
||
|
249A379C000
|
heap
|
page read and write
|
||
|
1A0E000
|
direct allocation
|
page execute and read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
21315A43000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
1AC9000
|
direct allocation
|
page execute and read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
213159B7000
|
heap
|
page read and write
|
||
|
21315A2C000
|
heap
|
page read and write
|
||
|
173F000
|
stack
|
page read and write
|
||
|
21315950000
|
heap
|
page read and write
|
||
|
21315A4C000
|
heap
|
page read and write
|
||
|
2131815E000
|
heap
|
page read and write
|
||
|
FFD000
|
stack
|
page read and write
|
||
|
1B2D000
|
direct allocation
|
page execute and read and write
|
||
|
107D000
|
direct allocation
|
page execute and read and write
|
||
|
249A37E7000
|
heap
|
page read and write
|
||
|
1A60000
|
direct allocation
|
page execute and read and write
|
||
|
249A37D6000
|
heap
|
page read and write
|
||
|
249A37EC000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
249A3720000
|
heap
|
page read and write
|
||
|
21315A10000
|
heap
|
page read and write
|
||
|
249A379A000
|
heap
|
page read and write
|
||
|
21317A65000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1CE6000
|
direct allocation
|
page execute and read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
2131774C000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
103D000
|
stack
|
page read and write
|
||
|
249A37CF000
|
heap
|
page read and write
|
||
|
17E6000
|
direct allocation
|
page execute and read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
249A37E4000
|
heap
|
page read and write
|
||
|
1A67000
|
direct allocation
|
page execute and read and write
|
||
|
21315A8C000
|
heap
|
page read and write
|
||
|
249A3670000
|
heap
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
21315A84000
|
heap
|
page read and write
|
||
|
249A37EB000
|
heap
|
page read and write
|
||
|
249A3808000
|
heap
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
15FF000
|
stack
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
21315A2F000
|
heap
|
page read and write
|
||
|
21315A25000
|
heap
|
page read and write
|
||
|
DB0000
|
direct allocation
|
page execute and read and write
|
||
|
21315A11000
|
heap
|
page read and write
|
||
|
1919000
|
direct allocation
|
page execute and read and write
|
||
|
184F000
|
stack
|
page read and write
|
||
|
21315A16000
|
heap
|
page read and write
|
||
|
249A37EC000
|
heap
|
page read and write
|
||
|
21317AD0000
|
remote allocation
|
page read and write
|
||
|
249A380C000
|
heap
|
page read and write
|
||
|
249A3808000
|
heap
|
page read and write
|
||
|
249A37B4000
|
heap
|
page read and write
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
2131595E000
|
heap
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
2131803F000
|
heap
|
page read and write
|
||
|
2131803E000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
C4F000
|
stack
|
page read and write
|
||
|
1A62000
|
direct allocation
|
page execute and read and write
|
||
|
213180C2000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
213159F1000
|
heap
|
page read and write
|
||
|
21317C01000
|
heap
|
page read and write
|
||
|
2131595E000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
21315A25000
|
heap
|
page read and write
|
||
|
1AE2000
|
direct allocation
|
page execute and read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
1C76000
|
direct allocation
|
page execute and read and write
|
||
|
249A37DA000
|
heap
|
page read and write
|
||
|
213179D6000
|
heap
|
page read and write
|
||
|
249A3819000
|
heap
|
page read and write
|
||
|
249A37D4000
|
heap
|
page read and write
|
||
|
1A26000
|
direct allocation
|
page execute and read and write
|
||
|
21317741000
|
heap
|
page read and write
|
||
|
21317C43000
|
heap
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
21315AAE000
|
heap
|
page read and write
|
||
|
249A380B000
|
heap
|
page read and write
|
||
|
21317747000
|
heap
|
page read and write
|
||
|
167F000
|
stack
|
page read and write
|
||
|
249A37CF000
|
heap
|
page read and write
|
||
|
7E5A9FD000
|
stack
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
249A37EC000
|
heap
|
page read and write
|
||
|
2131774C000
|
heap
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
C2CAEFE000
|
stack
|
page read and write
|
||
|
21315AA4000
|
heap
|
page read and write
|
||
|
21317C00000
|
heap
|
page read and write
|
||
|
21315A1D000
|
heap
|
page read and write
|
||
|
21315A8C000
|
heap
|
page read and write
|
||
|
1950000
|
direct allocation
|
page read and write
|
||
|
21315A84000
|
heap
|
page read and write
|
||
|
2131774A000
|
heap
|
page read and write
|
||
|
7E5A8FC000
|
stack
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
249A37E0000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
1867000
|
direct allocation
|
page execute and read and write
|
||
|
21315A50000
|
heap
|
page read and write
|
||
|
7E5A5FE000
|
stack
|
page read and write
|
||
|
D7D000
|
stack
|
page read and write
|
||
|
21315A4F000
|
heap
|
page read and write
|
||
|
249A37DB000
|
heap
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
21315AAB000
|
heap
|
page read and write
|
||
|
249A37E6000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21317C12000
|
heap
|
page read and write
|
||
|
249A37D4000
|
heap
|
page read and write
|
||
|
213159CD000
|
heap
|
page read and write
|
||
|
249A3700000
|
heap
|
page read and write
|
||
|
21315A00000
|
heap
|
page read and write
|
||
|
21315A4F000
|
heap
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
249A36A0000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
21317A25000
|
heap
|
page read and write
|
||
|
1886000
|
direct allocation
|
page execute and read and write
|
||
|
13FE000
|
stack
|
page read and write
|
||
|
249A3806000
|
heap
|
page read and write
|
||
|
21315A96000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
132A000
|
direct allocation
|
page read and write
|
||
|
249A3806000
|
heap
|
page read and write
|
||
|
1C61000
|
direct allocation
|
page execute and read and write
|
||
|
1A11000
|
direct allocation
|
page execute and read and write
|
||
|
249A37E1000
|
heap
|
page read and write
|
||
|
21315A2C000
|
heap
|
page read and write
|
||
|
12F8000
|
heap
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
21315AAE000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
152E000
|
stack
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
21317AD0000
|
remote allocation
|
page read and write
|
||
|
21317750000
|
heap
|
page read and write
|
||
|
249A37D4000
|
heap
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
1A2D000
|
direct allocation
|
page execute and read and write
|
||
|
21315850000
|
heap
|
page read and write
|
||
|
21317748000
|
heap
|
page read and write
|
||
|
160F000
|
stack
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21317AA5000
|
heap
|
page read and write
|
||
|
213180FD000
|
heap
|
page read and write
|
||
|
7D0000
|
direct allocation
|
page read and write
|
||
|
21317C74000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21315A72000
|
heap
|
page read and write
|
||
|
1C66000
|
direct allocation
|
page execute and read and write
|
||
|
162F000
|
stack
|
page read and write
|
||
|
C2CACF9000
|
stack
|
page read and write
|
||
|
21318031000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
17F7000
|
direct allocation
|
page execute and read and write
|
||
|
1CD1000
|
direct allocation
|
page execute and read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
19D6000
|
direct allocation
|
page execute and read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
197A000
|
direct allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
1A20000
|
direct allocation
|
page execute and read and write
|
||
|
21315AA3000
|
heap
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
194F000
|
stack
|
page read and write
|
||
|
1076000
|
direct allocation
|
page execute and read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
2131595C000
|
heap
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
21318141000
|
heap
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
21317A06000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
21315A11000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
1A36000
|
direct allocation
|
page execute and read and write
|
||
|
1AA1000
|
direct allocation
|
page execute and read and write
|
||
|
21317AD0000
|
remote allocation
|
page read and write
|
||
|
E72000
|
direct allocation
|
page execute and read and write
|
||
|
21317AA5000
|
heap
|
page read and write
|
||
|
21317884000
|
heap
|
page read and write
|
||
|
249A37D8000
|
heap
|
page read and write
|
||
|
17F0000
|
direct allocation
|
page execute and read and write
|
||
|
249A3804000
|
heap
|
page read and write
|
||
|
7E5AAFD000
|
stack
|
page read and write
|
||
|
1900000
|
direct allocation
|
page read and write
|
||
|
21315A43000
|
heap
|
page read and write
|
||
|
18E6000
|
direct allocation
|
page execute and read and write
|
||
|
1B43000
|
direct allocation
|
page execute and read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21317D42000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
1300000
|
direct allocation
|
page read and write
|
||
|
21315A3D000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
19A7000
|
direct allocation
|
page execute and read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
213180A5000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
249A3812000
|
heap
|
page read and write
|
||
|
249A3806000
|
heap
|
page read and write
|
||
|
249A37CF000
|
heap
|
page read and write
|
||
|
21315A3C000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
2131595A000
|
heap
|
page read and write
|
||
|
21318142000
|
heap
|
page read and write
|
||
|
18BF000
|
stack
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
19C6000
|
direct allocation
|
page execute and read and write
|
||
|
ED9000
|
direct allocation
|
page execute and read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
249A3809000
|
heap
|
page read and write
|
||
|
249A37B4000
|
heap
|
page read and write
|
||
|
128E000
|
stack
|
page read and write
|
||
|
21318039000
|
heap
|
page read and write
|
||
|
1999000
|
direct allocation
|
page execute and read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
1061000
|
direct allocation
|
page execute and read and write
|
||
|
157A000
|
direct allocation
|
page read and write
|
||
|
249A3819000
|
heap
|
page read and write
|
||
|
21317887000
|
heap
|
page read and write
|
||
|
1B11000
|
direct allocation
|
page execute and read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
21315A0C000
|
heap
|
page read and write
|
||
|
249A37E7000
|
heap
|
page read and write
|
||
|
21315A0C000
|
heap
|
page read and write
|
||
|
21315A25000
|
heap
|
page read and write
|
||
|
21315A25000
|
heap
|
page read and write
|
||
|
F8D000
|
stack
|
page read and write
|
||
|
183F000
|
stack
|
page read and write
|
||
|
1C50000
|
heap
|
page read and write
|
||
|
1C51000
|
direct allocation
|
page execute and read and write
|
||
|
21315A00000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
21315A6F000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
10FD000
|
stack
|
page read and write
|
||
|
541000
|
remote allocation
|
page execute and read and write
|
||
|
21315A35000
|
heap
|
page read and write
|
||
|
21315A3E000
|
heap
|
page read and write
|
||
|
249A37E9000
|
heap
|
page read and write
|
||
|
249A37EC000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
21315A1B000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
1C6D000
|
direct allocation
|
page execute and read and write
|
||
|
1417000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
18E0000
|
direct allocation
|
page execute and read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21318038000
|
heap
|
page read and write
|
||
|
249A5510000
|
heap
|
page read and write
|
||
|
21317CD6000
|
heap
|
page read and write
|
||
|
249A380E000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
DD6000
|
direct allocation
|
page execute and read and write
|
||
|
1A20000
|
direct allocation
|
page execute and read and write
|
||
|
19A0000
|
direct allocation
|
page execute and read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
21315A51000
|
heap
|
page read and write
|
||
|
1608000
|
heap
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
249A380C000
|
heap
|
page read and write
|
||
|
1983000
|
direct allocation
|
page execute and read and write
|
||
|
21315A0E000
|
heap
|
page read and write
|
||
|
249A37E3000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21318030000
|
heap
|
page read and write
|
||
|
169A000
|
direct allocation
|
page read and write
|
||
|
21317A65000
|
heap
|
page read and write
|
||
|
1558000
|
heap
|
page read and write
|
||
|
2131774C000
|
heap
|
page read and write
|
||
|
DB7000
|
direct allocation
|
page execute and read and write
|
||
|
21317F0E000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
21317C11000
|
heap
|
page read and write
|
||
|
1AC3000
|
direct allocation
|
page execute and read and write
|
||
|
1A86000
|
direct allocation
|
page execute and read and write
|
||
|
1786000
|
direct allocation
|
page execute and read and write
|
||
|
21315AAD000
|
heap
|
page read and write
|
||
|
151E000
|
stack
|
page read and write
|
||
|
1550000
|
direct allocation
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
E30000
|
direct allocation
|
page execute and read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21315A51000
|
heap
|
page read and write
|
||
|
1ABD000
|
direct allocation
|
page execute and read and write
|
||
|
249A3728000
|
heap
|
page read and write
|
||
|
213159DB000
|
heap
|
page read and write
|
||
|
1870000
|
direct allocation
|
page execute and read and write
|
||
|
249A3816000
|
heap
|
page read and write
|
||
|
213159EB000
|
heap
|
page read and write
|
||
|
C2CAFFD000
|
stack
|
page read and write
|
||
|
1816000
|
direct allocation
|
page execute and read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
1B3D000
|
direct allocation
|
page execute and read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
2131774C000
|
heap
|
page read and write
|
||
|
21315A25000
|
heap
|
page read and write
|
||
|
14AE000
|
stack
|
page read and write
|
||
|
21315A4C000
|
heap
|
page read and write
|
||
|
21315930000
|
heap
|
page read and write
|
||
|
21317746000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
249A37D4000
|
heap
|
page read and write
|
||
|
1D2D000
|
direct allocation
|
page execute and read and write
|
||
|
DCD000
|
stack
|
page read and write
|
||
|
213159D2000
|
heap
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
249A380B000
|
heap
|
page read and write
|
||
|
30D000
|
stack
|
page read and write
|
||
|
2131788A000
|
heap
|
page read and write
|
||
|
1D26000
|
direct allocation
|
page execute and read and write
|
||
|
21318057000
|
heap
|
page read and write
|
||
|
249A37CF000
|
heap
|
page read and write
|
||
|
249A37DA000
|
heap
|
page read and write
|
||
|
21318027000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
21315A7E000
|
heap
|
page read and write
|
||
|
21315A0F000
|
heap
|
page read and write
|
||
|
249A37CF000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
21315A7E000
|
heap
|
page read and write
|
||
|
21315958000
|
heap
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21315A04000
|
heap
|
page read and write
|
||
|
21315A94000
|
heap
|
page read and write
|
||
|
1913000
|
direct allocation
|
page execute and read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
21318031000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
C2CB6FB000
|
stack
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
21315A2F000
|
heap
|
page read and write
|
||
|
249A3808000
|
heap
|
page read and write
|
||
|
21315AA4000
|
heap
|
page read and write
|
||
|
249A3804000
|
heap
|
page read and write
|
||
|
213179E6000
|
heap
|
page read and write
|
||
|
213173F0000
|
heap
|
page read and write
|
||
|
249A37E3000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
249A3812000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
21315AAB000
|
heap
|
page read and write
|
||
|
21317A25000
|
heap
|
page read and write
|
||
|
21317746000
|
heap
|
page read and write
|
||
|
249A380A000
|
heap
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
249A3795000
|
heap
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
1AD9000
|
direct allocation
|
page execute and read and write
|
||
|
1B89000
|
direct allocation
|
page execute and read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
7E5A6FE000
|
stack
|
page read and write
|
||
|
213179E4000
|
heap
|
page read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
249A3715000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
21315A56000
|
heap
|
page read and write
|
||
|
19BF000
|
stack
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
249A37EC000
|
heap
|
page read and write
|
||
|
21315A4F000
|
heap
|
page read and write
|
||
|
1922000
|
direct allocation
|
page execute and read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
2131788D000
|
heap
|
page read and write
|
||
|
21315A16000
|
heap
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
18FF000
|
stack
|
page read and write
|
||
|
21318170000
|
heap
|
page read and write
|
||
|
21317740000
|
heap
|
page read and write
|
||
|
21317887000
|
heap
|
page read and write
|
||
|
21317882000
|
heap
|
page read and write
|
||
|
E36000
|
direct allocation
|
page execute and read and write
|
||
|
1A26000
|
direct allocation
|
page execute and read and write
|
||
|
213159EE000
|
heap
|
page read and write
|
||
|
DBD000
|
stack
|
page read and write
|
||
|
1E90000
|
heap
|
page read and write
|
||
|
170F000
|
stack
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
1B21000
|
direct allocation
|
page execute and read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
249A37CF000
|
heap
|
page read and write
|
||
|
21315A16000
|
heap
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
249A37EB000
|
heap
|
page read and write
|
||
|
249A3805000
|
heap
|
page read and write
|
||
|
21315A6C000
|
heap
|
page read and write
|
||
|
1870000
|
direct allocation
|
page execute and read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
249A3807000
|
heap
|
page read and write
|
||
|
1989000
|
direct allocation
|
page execute and read and write
|
||
|
FDD000
|
stack
|
page read and write
|
||
|
2131814B000
|
heap
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
249A3803000
|
heap
|
page read and write
|
||
|
7FA000
|
direct allocation
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
21315A3C000
|
heap
|
page read and write
|
||
|
21317A46000
|
heap
|
page read and write
|
||
|
21317880000
|
heap
|
page read and write
|
||
|
213159EC000
|
heap
|
page read and write
|
||
|
249A37F3000
|
heap
|
page read and write
|
||
|
249A37DE000
|
heap
|
page read and write
|
||
|
53D000
|
stack
|
page read and write
|
||
|
249A380B000
|
heap
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
21317753000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
C2CB0FE000
|
stack
|
page read and write
|
||
|
1AA6000
|
direct allocation
|
page execute and read and write
|
||
|
249A37E4000
|
heap
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
1B83000
|
direct allocation
|
page execute and read and write
|
||
|
249A37CF000
|
heap
|
page read and write
|
||
|
1A30000
|
direct allocation
|
page execute and read and write
|
||
|
249A37E4000
|
heap
|
page read and write
|
||
|
21315A4F000
|
heap
|
page read and write
|
||
|
19B0000
|
direct allocation
|
page execute and read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
213179D3000
|
heap
|
page read and write
|
||
|
249A37EC000
|
heap
|
page read and write
|
||
|
2131774C000
|
heap
|
page read and write
|
||
|
213159E1000
|
heap
|
page read and write
|
||
|
1AE0000
|
direct allocation
|
page execute and read and write
|
||
|
2131774C000
|
heap
|
page read and write
|
||
|
1883000
|
direct allocation
|
page execute and read and write
|
||
|
2131803E000
|
heap
|
page read and write
|
||
|
D4F000
|
stack
|
page read and write
|
||
|
249A37E4000
|
heap
|
page read and write
|
There are 687 hidden memdumps, click here to show them.