Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
HSBC Payment Advice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\daaselatteren\Vrdireduktion\tidsserier.Adj
|
ASCII text, with very long lines (4295), with CRLF, LF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ubunmkm.axr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ijl1o4cy.tcf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ldno01ek.mrr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xyvewuw1.ins.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nssD9C9.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\typhaceae.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun
Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\daaselatteren\Vrdireduktion\Candys.gen
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\daaselatteren\Vrdireduktion\Kldningsstykker.glo
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\daaselatteren\Vrdireduktion\Noncontiguity.dsc
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\daaselatteren\Vrdireduktion\Ugyldige.per
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\daaselatteren\Vrdireduktion\demerara.bru
|
X11 SNF font data, MSB first
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\daaselatteren\Vrdireduktion\knustes.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\daaselatteren\Vrdireduktion\skarpsynede.usi
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\daaselatteren\Vrdireduktion\slutningseffekts.roe
|
data
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\HSBC Payment Advice.exe
|
"C:\Users\user\Desktop\HSBC Payment Advice.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Finurligheden=Get-Content -raw 'C:\Users\user\AppData\Roaming\daaselatteren\Vrdireduktion\tidsserier.Adj';$nijholt=$Finurligheden.SubString(56673,3);.$nijholt($Finurligheden)
"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\SysWOW64\dxdiag.exe
|
"C:\Windows\SysWOW64\dxdiag.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 31 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png4
|
unknown
|
||
|
https://github.com/Pester/Pester4
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://www.quovadis.bm0
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://ocsp.quovadisoffshore.com0
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html4
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 6 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\maaleflsomhed\Uninstall\karesserendes
|
automationerne
|
||
|
HKEY_CURRENT_USER\truckled\Spaanskraberne198
|
tillgsmandaterne
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8F22000
|
direct allocation
|
page execute and read and write
|
|
|
|
421000
|
unkown
|
page read and write
|
||
|
729E000
|
heap
|
page read and write
|
||
|
A8F000
|
stack
|
page read and write
|
||
|
2E4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
86E1000
|
heap
|
page read and write
|
||
|
4AFE000
|
stack
|
page read and write
|
||
|
7A6000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
4C89000
|
heap
|
page read and write
|
||
|
241E000
|
stack
|
page read and write
|
||
|
458000
|
unkown
|
page readonly
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
direct allocation
|
page read and write
|
||
|
6FB0000
|
heap
|
page read and write
|
||
|
8722000
|
heap
|
page read and write
|
||
|
7273000
|
heap
|
page read and write
|
||
|
227E000
|
stack
|
page read and write
|
||
|
4CF2000
|
trusted library allocation
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
2E50000
|
trusted library allocation
|
page read and write
|
||
|
86FB000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
7284000
|
heap
|
page read and write
|
||
|
71E000
|
stack
|
page read and write
|
||
|
7450000
|
heap
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
8616000
|
heap
|
page read and write
|
||
|
46DE000
|
stack
|
page read and write
|
||
|
72D7000
|
heap
|
page read and write
|
||
|
8BC0000
|
trusted library allocation
|
page read and write
|
||
|
4C00000
|
heap
|
page execute and read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
72C5000
|
heap
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
2E55000
|
trusted library allocation
|
page execute and read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
720E000
|
stack
|
page read and write
|
||
|
89BE000
|
stack
|
page read and write
|
||
|
87A0000
|
heap
|
page read and write
|
||
|
8A51000
|
trusted library allocation
|
page read and write
|
||
|
24D4000
|
heap
|
page read and write
|
||
|
426000
|
unkown
|
page read and write
|
||
|
86E9000
|
heap
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
2E52000
|
trusted library allocation
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
8664000
|
heap
|
page read and write
|
||
|
8647000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
8A55000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
9922000
|
direct allocation
|
page execute and read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
8BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
46E8000
|
trusted library allocation
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
78F0000
|
trusted library allocation
|
page read and write
|
||
|
458000
|
unkown
|
page readonly
|
||
|
2E39000
|
trusted library allocation
|
page read and write
|
||
|
7490000
|
heap
|
page execute and read and write
|
||
|
8631000
|
heap
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
8A10000
|
trusted library allocation
|
page read and write
|
||
|
8660000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
5CA1000
|
trusted library allocation
|
page read and write
|
||
|
7FB60000
|
trusted library allocation
|
page execute and read and write
|
||
|
72A0000
|
heap
|
page read and write
|
||
|
7A6000
|
heap
|
page read and write
|
||
|
8E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C91000
|
trusted library allocation
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
4640000
|
trusted library allocation
|
page execute and read and write
|
||
|
2928000
|
heap
|
page read and write
|
||
|
8450000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E40000
|
trusted library allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page read and write
|
||
|
8470000
|
trusted library allocation
|
page read and write
|
||
|
75E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
794000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5CB9000
|
trusted library allocation
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
8658000
|
heap
|
page read and write
|
||
|
8BB0000
|
trusted library allocation
|
page read and write
|
||
|
8E10000
|
heap
|
page read and write
|
||
|
150000
|
direct allocation
|
page read and write
|
||
|
2B0000
|
direct allocation
|
page read and write
|
||
|
2C48000
|
heap
|
page read and write
|
||
|
6DD0000
|
direct allocation
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
8DF0000
|
direct allocation
|
page execute and read and write
|
||
|
7361000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
2315000
|
heap
|
page read and write
|
||
|
2E67000
|
heap
|
page read and write
|
||
|
68C000
|
stack
|
page read and write
|
||
|
8460000
|
trusted library allocation
|
page read and write
|
||
|
2CAC000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
3A10000
|
heap
|
page read and write
|
||
|
2C77000
|
heap
|
page read and write
|
||
|
2E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
20000
|
direct allocation
|
page read and write
|
||
|
160000
|
direct allocation
|
page read and write
|
||
|
4630000
|
heap
|
page readonly
|
||
|
8D10000
|
trusted library allocation
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
2C6A000
|
heap
|
page read and write
|
||
|
4650000
|
heap
|
page execute and read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
8D20000
|
trusted library allocation
|
page read and write
|
||
|
725A000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
7210000
|
heap
|
page read and write
|
||
|
6CCD000
|
stack
|
page read and write
|
||
|
4770000
|
heap
|
page read and write
|
||
|
8A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
6DB0000
|
direct allocation
|
page read and write
|
||
|
6FA0000
|
heap
|
page read and write
|
||
|
865C000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
860E000
|
heap
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page read and write
|
||
|
85E0000
|
heap
|
page read and write
|
||
|
794000
|
heap
|
page read and write
|
||
|
8B90000
|
trusted library allocation
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
445000
|
unkown
|
page read and write
|
||
|
6DA0000
|
direct allocation
|
page read and write
|
||
|
469E000
|
stack
|
page read and write
|
||
|
791000
|
heap
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
4C4E000
|
stack
|
page read and write
|
||
|
4DE7000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7FB78000
|
trusted library allocation
|
page execute and read and write
|
||
|
79C0000
|
trusted library allocation
|
page read and write
|
||
|
856D000
|
stack
|
page read and write
|
||
|
89FE000
|
stack
|
page read and write
|
||
|
4C05000
|
heap
|
page execute and read and write
|
||
|
864C000
|
heap
|
page read and write
|
||
|
8444000
|
stack
|
page read and write
|
||
|
8790000
|
heap
|
page read and write
|
||
|
7980000
|
heap
|
page read and write
|
||
|
6DC0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
8D30000
|
trusted library allocation
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page read and write
|
||
|
8A07000
|
trusted library allocation
|
page read and write
|
||
|
23240000
|
direct allocation
|
page read and write
|
||
|
76F000
|
heap
|
page read and write
|
||
|
724F000
|
heap
|
page read and write
|
||
|
85B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
2319000
|
heap
|
page read and write
|
||
|
87F0000
|
trusted library allocation
|
page read and write
|
||
|
54EB000
|
trusted library allocation
|
page read and write
|
||
|
8A00000
|
trusted library allocation
|
page read and write
|
||
|
2E24000
|
trusted library allocation
|
page read and write
|
||
|
5C91000
|
trusted library allocation
|
page read and write
|
||
|
8635000
|
heap
|
page read and write
|
||
|
2DF0000
|
trusted library section
|
page read and write
|
||
|
8B80000
|
trusted library allocation
|
page read and write
|
||
|
5CFC000
|
trusted library allocation
|
page read and write
|
||
|
2D0D000
|
heap
|
page read and write
|
||
|
754E000
|
stack
|
page read and write
|
||
|
2E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
54E9000
|
trusted library allocation
|
page read and write
|
||
|
85AE000
|
stack
|
page read and write
|
||
|
84A0000
|
heap
|
page read and write
|
||
|
2769000
|
stack
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
8A0B000
|
trusted library allocation
|
page read and write
|
||
|
758E000
|
stack
|
page read and write
|
||
|
72B6000
|
heap
|
page read and write
|
||
|
2E30000
|
trusted library allocation
|
page read and write
|
||
|
7AC000
|
heap
|
page read and write
|
||
|
4740000
|
trusted library allocation
|
page read and write
|
||
|
6E10000
|
direct allocation
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
30000
|
direct allocation
|
page read and write
|
||
|
42E000
|
unkown
|
page read and write
|
||
|
8732000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
72AE000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
5ED2000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
42A000
|
unkown
|
page read and write
|
||
|
2E00000
|
trusted library section
|
page read and write
|
||
|
75CD000
|
stack
|
page read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
8712000
|
heap
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
50000
|
direct allocation
|
page read and write
|
||
|
7ABB000
|
stack
|
page read and write
|
||
|
8780000
|
heap
|
page read and write
|
||
|
2B96000
|
heap
|
page read and write
|
||
|
868A000
|
heap
|
page read and write
|
||
|
6DF0000
|
direct allocation
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
473C000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
8AB2000
|
trusted library allocation
|
page read and write
|
||
|
71CE000
|
stack
|
page read and write
|
||
|
4777000
|
heap
|
page read and write
|
||
|
22CE000
|
stack
|
page read and write
|
||
|
7320000
|
trusted library allocation
|
page read and write
|
||
|
4620000
|
trusted library allocation
|
page read and write
|
||
|
86BB000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
10000
|
direct allocation
|
page read and write
|
||
|
8E50000
|
direct allocation
|
page execute and read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
6DE0000
|
direct allocation
|
page read and write
|
There are 224 hidden memdumps, click here to show them.