Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PandoraFMS_One_Agent_Windows-lts.x86_64.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
||
|
C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat
|
ASCII text
|
dropped
|
 |
|
|
C:\Program Files\pandora_agent\util\ShortElev.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\pandora_agent\util\pandora_hardening.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\pandora_agent\util\pandora_revent.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\pandora_agent\util\pandora_security_win.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\pandora_agent\util\pandora_update.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\pandora_agent\util\route_parser.exe
|
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Program Files\pandora_agent\util\snmpget.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\pandora_agent\util\tentacle_client.exe
|
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Program Files\pandora_agent\util\tentacle_server.exe
|
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\LangDLL.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Program Files\pandora_agent\LICENSE_EN.txt
|
Non-ISO extended-ASCII text, with very long lines (1785), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\LICENSE_ES.txt
|
ISO-8859 text, with very long lines (1875), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\PandoraAgent.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\PandoraFMS_Agent.url
|
MS Windows 95 Internet shortcut text (URL=<http://www.pandorafms.com>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\README.txt
|
ASCII text, with very long lines (556), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\config.tmp.conf
|
C source, Unicode text, UTF-8 text
|
dropped
|
||
|
C:\Program Files\pandora_agent\key\id_dsa
|
PEM DSA private key
|
dropped
|
||
|
C:\Program Files\pandora_agent\key\id_dsa.pub
|
OpenSSH DSA public key
|
dropped
|
||
|
C:\Program Files\pandora_agent\pandora.ico
|
MS Windows icon resource - 1 icon, -62x-63, 32 bits/pixel
|
dropped
|
||
|
C:\Program Files\pandora_agent\pandora_agent.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Program Files\pandora_agent\scripts\delete_at_job.bat
|
ASCII text
|
dropped
|
||
|
C:\Program Files\pandora_agent\scripts\edit_config_file.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\scripts\install_service_restart.bat
|
ASCII text
|
dropped
|
||
|
C:\Program Files\pandora_agent\scripts\start_pandora_agent.bat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\scripts\stop_pandora_agent.bat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\temp\pandora_agent_nsis.conf
|
C source, Unicode text, UTF-8 text
|
dropped
|
||
|
C:\Program Files\pandora_agent\uninst.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\agentname.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\architecture.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\autodiscover.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\cdromdrives.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\cmp.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\cpuinfo.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\curl-ca-bundle.crt
|
ASCII text
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\curl.exe
|
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\cut.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\date.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\df.vbs
|
ASCII text, with CRLF, LF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\df_percent.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\df_percent_used.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\diskdrives.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\domain.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\du_percent.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\expr.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\gawk.exe
|
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\getreg.exe
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\getsnmp.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\grep.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\grep_log.exe
|
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\head.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\ifaces.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\logevent_log4x.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\ls.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\md5.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mem_percent_used.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\AGENTX-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\DISMAN-EVENT-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\DISMAN-EXPRESSION-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\DISMAN-NSLOOKUP-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\DISMAN-PING-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\DISMAN-SCHEDULE-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\DISMAN-SCRIPT-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\DISMAN-TRACEROUTE-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\EtherLike-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\HCNUM-TC.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-TYPES.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IANA-LANGUAGE-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IANA-RTPROTO-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IANAifType-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IF-INVERTED-STACK-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IF-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\INET-ADDRESS-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IP-FORWARD-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IP-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IPV6-ICMP-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IPV6-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IPV6-TC.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IPV6-TCP-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\IPV6-UDP-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\LM-SENSORS-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\MTA-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\Makefile.in
|
makefile script, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\Makefile.mib
|
makefile script, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-AGENT-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXAMPLES-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXTEND-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MONITOR-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-SYSTEM-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-TC.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\NETWORK-SERVICES-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\NOTIFICATION-LOG-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\README.mibs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\RFC-1215.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\RFC1155-SMI.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\RFC1213-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\RMON-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SMUX-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMP-COMMUNITY-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMP-FRAMEWORK-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMP-MPD-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMP-NOTIFICATION-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMP-PROXY-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMP-TARGET-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMP-USER-BASED-SM-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMP-USM-AES-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMP-USM-DH-OBJECTS-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMP-VIEW-BASED-ACM-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMPv2-CONF.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMPv2-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMPv2-SMI.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMPv2-TC.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\SNMPv2-TM.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\TCP-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\TRANSPORT-ADDRESS-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\TUNNEL-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.inc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.inc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.inc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.inc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.inc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB-OLD.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.inc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\UDP-MIB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\ianalist
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\makehtml.pl
|
Perl script text executable
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\mibfetch
|
POSIX shell script, ASCII text executable, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\nodemap
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\rfclist
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\rfcmibs.diff
|
unified diff output, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\mibs\smistrip
|
POSIX shell script, ASCII text executable, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\moboinfo.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\monitors.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\network.vbs
|
ASCII text
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\omnishell_client.exe
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\osversion.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\pandora_agent_exec.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\pandora_security_win.conf
|
Unicode text, UTF-8 text
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\printers.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\productID.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\productkey.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\ps.vbs
|
ASCII text, with CRLF, LF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\puttygen.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\raminfo.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\software_installed.vbs
|
Ruby script, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\sort.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\tail.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\tr.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\unzip.exe
|
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\userslogged.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\videocardinfo.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\pandora_agent\util\wc.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Edit Config File.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0,
Archive, ctime=Mon Oct 28 09:39:08 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Mon Oct 28 09:39:08 2024, length=63, window=hide
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_start.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0,
Archive, ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=26, window=hide
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_stop.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0,
Archive, ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=25, window=hide
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\README.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=15956, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Uninstall.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun
Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Website.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Mon Oct 28 09:39:13 2024, mtime=Mon Oct 28 09:39:13 2024, atime=Mon Oct 28 09:39:13 2024, length=51, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\modern-wizard.bmp
|
PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154488, resolution 4724 x 4724 px/m, cbSize 154542, bits offset
54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\nsDialogs.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=15956, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Pandora Agent.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=26, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stop Pandora Agent.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=25, window=hide
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 165 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe
|
"C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c net stop pandoraFMSagent
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c PandoraAgent.exe --install
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /Create /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\"" /SC
DAILY /ST 00:00:00 /F /RU SYSTEM
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /Change /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\""
|
|
|
|
C:\Program Files\pandora_agent\util\ShortElev.exe
|
"C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Edit
Config File.lnk"
|
|
|
|
C:\Program Files\pandora_agent\util\ShortElev.exe
|
"C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_start.lnk"
|
|
|
|
C:\Program Files\pandora_agent\util\ShortElev.exe
|
"C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_stop.lnk"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\SYSTEM32\cmd.exe /c ""C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat""
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\net.exe
|
net stop pandoraFMSagent
|
||
|
C:\Windows\SysWOW64\net1.exe
|
C:\Windows\system32\net1 stop pandoraFMSagent
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\pandora_agent\PandoraAgent.exe
|
PandoraAgent.exe --install
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
net stop PandoraFMSAgent
|
||
|
C:\Windows\System32\net1.exe
|
C:\Windows\system32\net1 stop PandoraFMSAgent
|
||
|
C:\Windows\System32\net.exe
|
net start PandoraFMSAgent
|
||
|
C:\Windows\System32\net1.exe
|
C:\Windows\system32\net1 start PandoraFMSAgent
|
||
|
C:\Program Files\pandora_agent\PandoraAgent.exe
|
"C:\Program Files\pandora_agent\PandoraAgent.exe"
|
There are 15 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.openssl.org/support/faq.htmlRAND
|
unknown
|
||
|
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
|
unknown
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://www.pandorafms.com
|
unknown
|
||
|
http://www.pandorafms.com.
|
unknown
|
||
|
http://www.ietf.org/html.charters/agentx-charter.html
|
unknown
|
||
|
http://https://-.://%s%s%s/%sall
|
unknown
|
||
|
http://www.ietf.org/html.charters/ipv6-charter.html
|
unknown
|
||
|
http://pandorafms.org
|
unknown
|
||
|
http://www.google.com
|
unknown
|
||
|
http://curl.haxx.se/P
|
unknown
|
||
|
http://www.fourmilab.ch/
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://curl.haxx.se/docs/copyright.htmlD
|
unknown
|
||
|
http://curl.haxx.se/docs/sslcerts.html
|
unknown
|
||
|
http://www.iana.org/
|
unknown
|
||
|
http://www.info-zip.org/UnZip.htmlDVarFileInfo$
|
unknown
|
||
|
http://www.info-zip.org/zip-bug.html;
|
unknown
|
||
|
https://support.pandorafms.com/
|
unknown
|
||
|
http://www.iana.org/assignments/icmp-parameters
|
unknown
|
||
|
http://www.iana.org/assignments/icmpv6-parameters
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
http://curl.haxx.se/docs/http-cookies.html
|
unknown
|
There are 13 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PandoraAgent.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PandoraFMS_Agent
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PandoraFMS_Agent
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PandoraFMS_Agent
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PandoraFMS_Agent
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PandoraFMS_Agent
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PandoraFMS_Agent
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PandoraFMS_Agent
|
NSIS:Language
|
||
|
HKEY_CURRENT_USER\Environment
|
PATH
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6E5C0000
|
unkown
|
page readonly
|
||
|
402000
|
unkown
|
page execute and write copy
|
||
|
61D000
|
stack
|
page read and write
|
||
|
DB6000
|
unkown
|
page readonly
|
||
|
DE9000
|
heap
|
page read and write
|
||
|
6CE000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page readonly
|
||
|
2E40000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
83D000
|
unkown
|
page write copy
|
||
|
722000
|
unkown
|
page write copy
|
||
|
D42000
|
heap
|
page read and write
|
||
|
98D000
|
stack
|
page read and write
|
||
|
549B000
|
stack
|
page read and write
|
||
|
837000
|
unkown
|
page read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
C85D58C000
|
stack
|
page read and write
|
||
|
198E4160000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
14E000
|
stack
|
page read and write
|
||
|
404000
|
unkown
|
page readonly
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
451000
|
unkown
|
page read and write
|
||
|
83D000
|
unkown
|
page write copy
|
||
|
148D3F20000
|
heap
|
page read and write
|
||
|
2C4F000
|
stack
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
736000
|
unkown
|
page readonly
|
||
|
83E000
|
unkown
|
page readonly
|
||
|
407000
|
unkown
|
page read and write
|
||
|
CBD000
|
stack
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
483000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page readonly
|
||
|
198E4228000
|
heap
|
page read and write
|
||
|
D54000
|
heap
|
page read and write
|
||
|
83E000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page readonly
|
||
|
D0E000
|
stack
|
page read and write
|
||
|
201FE820000
|
heap
|
page read and write
|
||
|
219C6500000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page readonly
|
||
|
83D000
|
unkown
|
page write copy
|
||
|
D50000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
D44000
|
heap
|
page read and write
|
||
|
219C64A0000
|
heap
|
page read and write
|
||
|
80000
|
heap
|
page read and write
|
||
|
5CD000
|
stack
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page readonly
|
||
|
841000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
D27000
|
heap
|
page read and write
|
||
|
AAF000
|
stack
|
page read and write
|
||
|
82B000
|
unkown
|
page read and write
|
||
|
7BA000
|
heap
|
page read and write
|
||
|
219C6508000
|
heap
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
28073ED000
|
stack
|
page read and write
|
||
|
3941000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
28076FF000
|
stack
|
page read and write
|
||
|
28C2000
|
heap
|
page read and write
|
||
|
412000
|
unkown
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
219C64D0000
|
heap
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
201FE8B0000
|
heap
|
page read and write
|
||
|
148D42F5000
|
heap
|
page read and write
|
||
|
44617E000
|
stack
|
page read and write
|
||
|
837000
|
unkown
|
page write copy
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
DB1000
|
unkown
|
page execute read
|
||
|
396A000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
B9D000
|
stack
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
83E000
|
unkown
|
page readonly
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
F08000
|
heap
|
page read and write
|
||
|
722000
|
unkown
|
page write copy
|
||
|
45B000
|
unkown
|
page write copy
|
||
|
395B000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
79D000
|
unkown
|
page readonly
|
||
|
B9C000
|
stack
|
page read and write
|
||
|
736000
|
unkown
|
page readonly
|
||
|
404000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
F0000
|
heap
|
page read and write
|
||
|
65E000
|
stack
|
page read and write
|
||
|
407000
|
unkown
|
page write copy
|
||
|
79D000
|
unkown
|
page readonly
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
198E4205000
|
heap
|
page read and write
|
||
|
18AE000
|
stack
|
page read and write
|
||
|
D6000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
9D000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
3944000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
839000
|
unkown
|
page write copy
|
||
|
D0000
|
heap
|
page read and write
|
||
|
2708000
|
heap
|
page read and write
|
||
|
280767E000
|
stack
|
page read and write
|
||
|
402000
|
unkown
|
page execute and write copy
|
||
|
C85D8FE000
|
stack
|
page read and write
|
||
|
44607D000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page readonly
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
C7D000
|
stack
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
54D000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D0000
|
heap
|
page read and write
|
||
|
DC000
|
heap
|
page read and write
|
||
|
6E5C9000
|
unkown
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
736000
|
unkown
|
page readonly
|
||
|
837000
|
unkown
|
page write copy
|
||
|
404000
|
unkown
|
page readonly
|
||
|
AC6ACED000
|
stack
|
page read and write
|
||
|
198E4200000
|
heap
|
page read and write
|
||
|
83D000
|
unkown
|
page write copy
|
||
|
2EC7000
|
heap
|
page read and write
|
||
|
3940000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
15C2000
|
heap
|
page read and write
|
||
|
438000
|
unkown
|
page write copy
|
||
|
280777F000
|
stack
|
page read and write
|
||
|
68A000
|
stack
|
page read and write
|
||
|
26BE000
|
stack
|
page read and write
|
||
|
F05000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
201FE885000
|
heap
|
page read and write
|
||
|
A8F000
|
stack
|
page read and write
|
||
|
722000
|
unkown
|
page write copy
|
||
|
DB9000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
219C64B0000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
483000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
180000
|
heap
|
page read and write
|
||
|
45B000
|
unkown
|
page write copy
|
||
|
407000
|
unkown
|
page read and write
|
||
|
E6F000
|
stack
|
page read and write
|
||
|
2CF5000
|
heap
|
page read and write
|
||
|
3940000
|
trusted library allocation
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
853000
|
heap
|
page read and write
|
||
|
734000
|
unkown
|
page write copy
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
3941000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
C85D87E000
|
stack
|
page read and write
|
||
|
83E000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
407000
|
unkown
|
page read and write
|
||
|
82B000
|
unkown
|
page read and write
|
||
|
404000
|
unkown
|
page readonly
|
||
|
404000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
B40000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page readonly
|
||
|
3941000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
848000
|
heap
|
page read and write
|
||
|
26FE000
|
stack
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
148D3FF0000
|
heap
|
page read and write
|
||
|
435000
|
unkown
|
page read and write
|
||
|
F0000
|
heap
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
219C6795000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
839000
|
unkown
|
page write copy
|
||
|
847000
|
heap
|
page read and write
|
||
|
148D3FF7000
|
heap
|
page read and write
|
||
|
28AF000
|
stack
|
page read and write
|
||
|
AC6AD6E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
198E4220000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page write copy
|
||
|
6E5C1000
|
unkown
|
page execute read
|
||
|
148D42F0000
|
heap
|
page read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
4460FE000
|
stack
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page read and write
|
||
|
722000
|
unkown
|
page write copy
|
||
|
732000
|
unkown
|
page read and write
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
404000
|
unkown
|
page readonly
|
||
|
402000
|
unkown
|
page execute and write copy
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
6CA000
|
heap
|
page read and write
|
||
|
79D000
|
unkown
|
page readonly
|
||
|
201FE8B7000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
A1F000
|
stack
|
page read and write
|
||
|
734000
|
unkown
|
page write copy
|
||
|
736000
|
unkown
|
page readonly
|
||
|
859000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
148D3F50000
|
heap
|
page read and write
|
||
|
219C6790000
|
heap
|
page read and write
|
||
|
DB7000
|
unkown
|
page read and write
|
||
|
90000
|
heap
|
page read and write
|
||
|
6E5CC000
|
unkown
|
page readonly
|
||
|
198E4140000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page readonly
|
||
|
6E5C6000
|
unkown
|
page readonly
|
||
|
30A5000
|
heap
|
page read and write
|
||
|
DB3000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
407000
|
unkown
|
page write copy
|
||
|
3963000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
79D000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
837000
|
unkown
|
page read and write
|
||
|
101F000
|
stack
|
page read and write
|
||
|
AC6ADEE000
|
stack
|
page read and write
|
||
|
3A7C000
|
stack
|
page read and write
|
||
|
201FE720000
|
heap
|
page read and write
|
||
|
198E4060000
|
heap
|
page read and write
|
||
|
148D3F30000
|
heap
|
page read and write
|
||
|
201FE880000
|
heap
|
page read and write
|
||
|
732000
|
unkown
|
page read and write
|
||
|
6E5C8000
|
unkown
|
page readonly
|
||
|
80000
|
heap
|
page read and write
|
||
|
B0000
|
heap
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
201FE800000
|
heap
|
page read and write
|
There are 258 hidden memdumps, click here to show them.