Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\NikkiCookies
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\D3DSCache\db988e3888af6e51\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\D3DSCache\db988e3888af6e51\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\D3DSCache\db988e3888af6e51\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
|
Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\NikkiCookies
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\passwords.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\webdata.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie
0x36, schema 4, UTF-8, version-valid-for 8
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\075aadb5-2846-420f-98d8-32c9141ac90f.tmp.node
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Autofills.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Cards.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\LICENSES.chromium.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Passwords.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\nikki3\cookies.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\resources.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\899eff3c-e123-418b-b66d-58d51de99fbd.tmp.node
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_405d0jzt.c4t.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qq4fd3rd.zwv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ugikb3f4.qbm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xkydwzyv.wk5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\importantfiles.zip
|
Zip archive data (empty)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\LICENSES.chromium.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\Setup.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\af.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\am.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\ar.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\bg.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\bn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\ca.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\cs.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\da.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\de.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\el.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\en-GB.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\en-US.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\es-419.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\es.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\et.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\fa.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\fi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\fil.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\fr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\gu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\he.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\hi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\hr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\hu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\id.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\it.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\ja.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\kn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\ko.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\lt.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\lv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\ml.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\mr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\ms.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\nb.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\nl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\pl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\pt-BR.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\pt-PT.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\ro.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\ru.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\sk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\sl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\sr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\sv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\sw.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\ta.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\te.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\th.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\tr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\uk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\ur.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\vi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\zh-CN.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\locales\zh-TW.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\resources.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\resources\app.asar
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\resources\elevate.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\snapshot_blob.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\v8_context_snapshot.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\vk_swiftshader.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\vk_swiftshader_icd.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\7z-out\vulkan-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\app-64.7z
|
7-zip archive data, version 0.4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nskDB69.tmp\nsis7z.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Setup\Local State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Setup\be055b1c-ea7d-4abc-a9df-531e96c639f5.tmp
|
JSON data
|
dropped
|
There are 102 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe
|
"C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Setup"
--gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA=
--mojo-platform-channel-handle=1636 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:2
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe
|
"C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Setup" --mojo-platform-channel-handle=2076
--field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:8
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe
|
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe
|
"C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled
--gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\Setup"
--gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA=
--mojo-platform-channel-handle=2480 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:2
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\tasklist.exe
|
tasklist
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72),
$null, 'CurrentUser')"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\tasklist.exe
|
tasklist
|
||
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72),
$null, 'CurrentUser')
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251),
$null, 'CurrentUser')"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251),
$null, 'CurrentUser')
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error
occurred while downloading files. Please try again later.', 0, 'Error', 16);close()""
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try
again later.', 0, 'Error', 16);close()"
|
||
|
C:\Windows\System32\mshta.exe
|
mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.',
0, 'Error', 16);close()"
|
There are 12 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://anglebug.com/4674
|
unknown
|
||
|
https://support.google.com/chrome/answer/6098869
|
unknown
|
||
|
https://doh.familyshield.opendns.com/dns-query
|
unknown
|
||
|
http://anglebug.com/4633
|
unknown
|
||
|
https://anglebug.com/7382
|
unknown
|
||
|
https://public.dns.iij.jp/
|
unknown
|
||
|
http://crbug.com/550292
|
unknown
|
||
|
http://crbug.com/883276
|
unknown
|
||
|
https://photos.google.com/settings?referrer=CHROME_NTP
|
unknown
|
||
|
https://anglebug.com/7714
|
unknown
|
||
|
https://doh.cox.net/dns-query
|
unknown
|
||
|
https://anglebug.com/5536
|
unknown
|
||
|
https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106
|
unknown
|
||
|
https://dns11.quad9.net/dns-query
|
unknown
|
||
|
http://crbug.com/1165751
|
unknown
|
||
|
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
|
unknown
|
||
|
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
|
unknown
|
||
|
https://crbug.com/705865
|
unknown
|
||
|
http://crbug.com/110263
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://www.nic.cz/odvr/CZ.NIC
|
unknown
|
||
|
http://anglebug.com/6248
|
unknown
|
||
|
http://anglebug.com/6929
|
unknown
|
||
|
https://www.google.com/chrome/privacy/eula_text.htmlG
|
unknown
|
||
|
http://anglebug.com/5281
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://public.dns.iij.jp/IIJ
|
unknown
|
||
|
https://nextdns.io/privacy
|
unknown
|
||
|
https://anglebug.com/7246
|
unknown
|
||
|
https://anglebug.com/7369
|
unknown
|
||
|
https://anglebug.com/7489
|
unknown
|
||
|
https://crbug.com/593024
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://crbug.com/1137851
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://developers.google.com/speed/public-dns/privacyGoogle
|
unknown
|
||
|
https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11Pd4
|
unknown
|
||
|
https://dns64.dns.google/dns-query
|
unknown
|
||
|
https://doh.opendns.com/dns-query
|
unknown
|
||
|
https://issuetracker.google.com/161903006
|
unknown
|
||
|
http://anglebug.com/2152skipVSConstantRegisterZeroIn
|
unknown
|
||
|
https://crbug.com/1300575
|
unknown
|
||
|
https://crbug.com/710443
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://crbug.com/1042393
|
unknown
|
||
|
https://crbug.com/1060012
|
unknown
|
||
|
http://anglebug.com/3078
|
unknown
|
||
|
http://anglebug.com/7553
|
unknown
|
||
|
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
|
unknown
|
||
|
http://anglebug.com/5375
|
unknown
|
||
|
http://anglebug.com/3246allowClearForRobustResourceInitSome
|
unknown
|
||
|
http://anglebug.com/5371
|
unknown
|
||
|
http://anglebug.com/3997
|
unknown
|
||
|
http://anglebug.com/4722
|
unknown
|
||
|
http://crbug.com/642605
|
unknown
|
||
|
https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC
|
unknown
|
||
|
https://public.dns.iij.jp/dns-query
|
unknown
|
||
|
http://anglebug.com/1452
|
unknown
|
||
|
http://anglebug.com/7556
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=frRaccourci
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=swUmeondoa
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=zh-CN
|
unknown
|
||
|
https://alekberg.net/privacy
|
unknown
|
||
|
https://crbug.com/650547callClearTwiceUsing
|
unknown
|
||
|
http://anglebug.com/6692
|
unknown
|
||
|
https://www.google.com/chrome/privacy/eula_text.htmlInasimamiwa
|
unknown
|
||
|
http://anglebug.com/3502
|
unknown
|
||
|
http://anglebug.com/3623
|
unknown
|
||
|
http://anglebug.com/3625
|
unknown
|
||
|
http://anglebug.com/3624
|
unknown
|
||
|
https://chromium.dns.nextdns.io
|
unknown
|
||
|
http://anglebug.com/5007
|
unknown
|
||
|
http://crbug.com/1181068
|
unknown
|
||
|
http://anglebug.com/2894
|
unknown
|
||
|
http://anglebug.com/3862
|
unknown
|
||
|
https://dns.google/dns-query
|
unknown
|
||
|
http://anglebug.com/4836
|
unknown
|
||
|
https://issuetracker.google.com/issues/166475273
|
unknown
|
||
|
https://passwords.google.comCompte
|
unknown
|
||
|
http://int3.de/
|
unknown
|
||
|
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
|
unknown
|
||
|
http://anglebug.com/4384
|
unknown
|
||
|
http://anglebug.com/7036Frontend
|
unknown
|
||
|
https://chrome-devtools-frontend.appspot.com/
|
unknown
|
||
|
https://anglebug.com/7246enableCaptureLimitsSet
|
unknown
|
||
|
http://anglebug.com/3970
|
unknown
|
||
|
http://anglebug.com/4267
|
unknown
|
||
|
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
|
unknown
|
||
|
https://policies.google.com/
|
unknown
|
||
|
http://crbug.com/1181193
|
unknown
|
||
|
http://anglebug.com/482
|
unknown
|
||
|
http://anglebug.com/3045
|
unknown
|
||
|
https://anglebug.com/7604
|
unknown
|
||
|
https://odvr.nic.cz/doh
|
unknown
|
||
|
https://chrome.google.com/webstore/category/extensions
|
unknown
|
||
|
http://crbug.com/308366
|
unknown
|
||
|
http://anglebug.com/5901
|
unknown
|
||
|
http://anglebug.com/3965
|
unknown
|
||
|
http://anglebug.com/6439
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
chrome.cloudflare-dns.com
|
162.159.61.3
|
||
|
discord.com
|
162.159.137.232
|
||
|
api.gofile.io
|
151.80.29.83
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
162.159.61.3
|
chrome.cloudflare-dns.com
|
United States
|
||
|
162.159.137.232
|
discord.com
|
United States
|
||
|
151.80.29.83
|
api.gofile.io
|
Italy
|
||
|
198.50.129.180
|
unknown
|
Canada
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF846C22000
|
trusted library allocation
|
page read and write
|
||
|
21E71C35000
|
heap
|
page read and write
|
||
|
14281C29000
|
trusted library allocation
|
page read and write
|
||
|
205FB135000
|
heap
|
page read and write
|
||
|
7FF705049000
|
unkown
|
page readonly
|
||
|
7FF846DA0000
|
trusted library allocation
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
7FF6FFEDB000
|
unkown
|
page execute read
|
||
|
1962E354000
|
heap
|
page read and write
|
||
|
7FF846AFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
14283838000
|
trusted library allocation
|
page read and write
|
||
|
14281B94000
|
heap
|
page read and write
|
||
|
248DB4E000
|
stack
|
page read and write
|
||
|
1E0B99F1000
|
trusted library allocation
|
page read and write
|
||
|
1E0D02E3000
|
heap
|
page read and write
|
||
|
7FF7008DB000
|
unkown
|
page execute read
|
||
|
2B68EEE0000
|
heap
|
page read and write
|
||
|
248CC7E000
|
stack
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
1E0B7BE4000
|
heap
|
page read and write
|
||
|
7FF846C60000
|
trusted library allocation
|
page read and write
|
||
|
248CD79000
|
stack
|
page read and write
|
||
|
7FF846C70000
|
trusted library allocation
|
page read and write
|
||
|
1E0D02B6000
|
heap
|
page read and write
|
||
|
7FF7012DB000
|
unkown
|
page execute read
|
||
|
7FF846C11000
|
trusted library allocation
|
page read and write
|
||
|
1E0D03D0000
|
heap
|
page read and write
|
||
|
14291E9B000
|
trusted library allocation
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
7FF846D80000
|
trusted library allocation
|
page read and write
|
||
|
14282F45000
|
trusted library allocation
|
page read and write
|
||
|
7FF846D00000
|
trusted library allocation
|
page read and write
|
||
|
2861000
|
heap
|
page read and write
|
||
|
2B61000
|
heap
|
page read and write
|
||
|
7FF846DB9000
|
trusted library allocation
|
page read and write
|
||
|
7FF703ADB000
|
unkown
|
page execute read
|
||
|
1E0B964B000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
3761000
|
heap
|
page read and write
|
||
|
2B68F1A0000
|
heap
|
page read and write
|
||
|
7FF705052000
|
unkown
|
page readonly
|
||
|
38AA17E000
|
stack
|
page read and write
|
||
|
7FF846CB0000
|
trusted library allocation
|
page read and write
|
||
|
1962E5F0000
|
heap
|
page read and write
|
||
|
1E0B7DDE000
|
trusted library allocation
|
page read and write
|
||
|
205FAE10000
|
heap
|
page read and write
|
||
|
33A516B000
|
stack
|
page read and write
|
||
|
38A9CFE000
|
stack
|
page read and write
|
||
|
1429A14E000
|
heap
|
page read and write
|
||
|
7FF6FEADB000
|
unkown
|
page execute read
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
248CFFE000
|
stack
|
page read and write
|
||
|
1429A030000
|
heap
|
page execute and read and write
|
||
|
1E0B966C000
|
trusted library allocation
|
page read and write
|
||
|
14280264000
|
heap
|
page read and write
|
||
|
1E0B7BE0000
|
heap
|
page read and write
|
||
|
21E71F84000
|
heap
|
page read and write
|
||
|
205FAF5B000
|
heap
|
page read and write
|
||
|
2E61000
|
heap
|
page read and write
|
||
|
7FF846C90000
|
trusted library allocation
|
page read and write
|
||
|
38A9703000
|
stack
|
page read and write
|
||
|
20D0B864000
|
heap
|
page read and write
|
||
|
7FF846CD0000
|
trusted library allocation
|
page read and write
|
||
|
14299BA4000
|
heap
|
page read and write
|
||
|
7FF846C40000
|
trusted library allocation
|
page read and write
|
||
|
1E0B7AD0000
|
trusted library allocation
|
page read and write
|
||
|
248C7AD000
|
stack
|
page read and write
|
||
|
145DE1B6000
|
heap
|
page read and write
|
||
|
1E0B6265000
|
heap
|
page read and write
|
||
|
7FF846A5B000
|
trusted library allocation
|
page read and write
|
||
|
7FF846D20000
|
trusted library allocation
|
page read and write
|
||
|
1E0B621E000
|
heap
|
page read and write
|
||
|
1429A090000
|
heap
|
page read and write
|
||
|
7FF7030DB000
|
unkown
|
page execute read
|
||
|
1429A13D000
|
heap
|
page read and write
|
||
|
142834EA000
|
trusted library allocation
|
page read and write
|
||
|
1E0B61C4000
|
heap
|
page read and write
|
||
|
1962E34C000
|
heap
|
page read and write
|
||
|
38A9EFA000
|
stack
|
page read and write
|
||
|
31E1000
|
heap
|
page read and write
|
||
|
3361000
|
heap
|
page read and write
|
||
|
145DE1DB000
|
heap
|
page read and write
|
||
|
809000
|
heap
|
page read and write
|
||
|
7FF6FD240000
|
unkown
|
page readonly
|
||
|
3060000
|
heap
|
page read and write
|
||
|
7FF704EDB000
|
unkown
|
page execute read
|
||
|
2C61000
|
heap
|
page read and write
|
||
|
7FF6FD6DB000
|
unkown
|
page execute read
|
||
|
248CAFE000
|
stack
|
page read and write
|
||
|
7FF846DB5000
|
trusted library allocation
|
page read and write
|
||
|
248C7EE000
|
stack
|
page read and write
|
||
|
14291D55000
|
trusted library allocation
|
page read and write
|
||
|
7FF6FD241000
|
unkown
|
page execute read
|
||
|
7FF846D90000
|
trusted library allocation
|
page read and write
|
||
|
38AABCE000
|
stack
|
page read and write
|
||
|
1E0B7CE0000
|
heap
|
page execute and read and write
|
||
|
1429A18B000
|
heap
|
page read and write
|
||
|
14281A80000
|
trusted library allocation
|
page read and write
|
||
|
2B68EFC9000
|
heap
|
page read and write
|
||
|
35E798B000
|
stack
|
page read and write
|
||
|
7FF846B10000
|
trusted library allocation
|
page read and write
|
||
|
7FF846BE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF846B60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1429A376000
|
heap
|
page read and write
|
||
|
7FF7026DB000
|
unkown
|
page execute read
|
||
|
14280150000
|
heap
|
page read and write
|
||
|
1E0D0236000
|
heap
|
page read and write
|
||
|
7FF846D30000
|
trusted library allocation
|
page read and write
|
||
|
7FF6FF4DB000
|
unkown
|
page execute read
|
||
|
20D0B734000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
1962E34D000
|
heap
|
page read and write
|
||
|
1E0D03F5000
|
heap
|
page read and write
|
||
|
1E0B7D16000
|
heap
|
page execute and read and write
|
||
|
145DE1D1000
|
heap
|
page read and write
|
||
|
14280110000
|
heap
|
page read and write
|
||
|
1429A370000
|
heap
|
page read and write
|
||
|
2EE1000
|
heap
|
page read and write
|
||
|
1429A093000
|
heap
|
page read and write
|
||
|
21E71DE0000
|
heap
|
page read and write
|
||
|
7DF4F1610000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF846D40000
|
trusted library allocation
|
page read and write
|
||
|
1E0B7C23000
|
trusted library allocation
|
page read and write
|
||
|
1429A38E000
|
heap
|
page read and write
|
||
|
7FF7008DB000
|
unkown
|
page execute read
|
||
|
205FB136000
|
heap
|
page read and write
|
||
|
145DE1AB000
|
heap
|
page read and write
|
||
|
1962E35C000
|
heap
|
page read and write
|
||
|
A2060FB000
|
stack
|
page read and write
|
||
|
33E1000
|
heap
|
page read and write
|
||
|
14281A60000
|
trusted library allocation
|
page read and write
|
||
|
38A9DF9000
|
stack
|
page read and write
|
||
|
7FF846C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
F3BEFBC000
|
stack
|
page read and write
|
||
|
14281AA0000
|
heap
|
page read and write
|
||
|
7FF704EDB000
|
unkown
|
page execute read
|
||
|
145DE394000
|
heap
|
page read and write
|
||
|
35E7DFF000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
1429A373000
|
heap
|
page read and write
|
||
|
7FF846A62000
|
trusted library allocation
|
page read and write
|
||
|
7FF846DD0000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
14283834000
|
trusted library allocation
|
page read and write
|
||
|
20D0B71B000
|
heap
|
page read and write
|
||
|
7FF846CC0000
|
trusted library allocation
|
page read and write
|
||
|
1962E338000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
33A51EF000
|
stack
|
page read and write
|
||
|
21E71C37000
|
heap
|
page read and write
|
||
|
1E0B7F92000
|
trusted library allocation
|
page read and write
|
||
|
7FF846C50000
|
trusted library allocation
|
page execute and read and write
|
||
|
1962E34C000
|
heap
|
page read and write
|
||
|
1E0D040C000
|
heap
|
page read and write
|
||
|
7FF846D60000
|
trusted library allocation
|
page read and write
|
||
|
21E71E00000
|
heap
|
page read and write
|
||
|
248CA7E000
|
stack
|
page read and write
|
||
|
6EAC27E000
|
stack
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
7FF846C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF846C00000
|
trusted library allocation
|
page read and write
|
||
|
14281B20000
|
trusted library allocation
|
page read and write
|
||
|
A2062FF000
|
stack
|
page read and write
|
||
|
7FF846AF6000
|
trusted library allocation
|
page read and write
|
||
|
14281B96000
|
heap
|
page read and write
|
||
|
7FF6FEADB000
|
unkown
|
page execute read
|
||
|
2B68F195000
|
heap
|
page read and write
|
||
|
7FF846AF0000
|
trusted library allocation
|
page read and write
|
||
|
1E0B6269000
|
heap
|
page read and write
|
||
|
1962E300000
|
heap
|
page read and write
|
||
|
145DE1B7000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
7FF7012DB000
|
unkown
|
page execute read
|
||
|
7FF846D90000
|
trusted library allocation
|
page read and write
|
||
|
1962E325000
|
heap
|
page read and write
|
||
|
802000
|
heap
|
page read and write
|
||
|
145DE1D3000
|
heap
|
page read and write
|
||
|
7FF846CE0000
|
trusted library allocation
|
page read and write
|
||
|
1E0B623C000
|
heap
|
page read and write
|
||
|
1428017C000
|
heap
|
page read and write
|
||
|
35A1000
|
heap
|
page read and write
|
||
|
1429A253000
|
heap
|
page read and write
|
||
|
6EAC37F000
|
stack
|
page read and write
|
||
|
2B68F190000
|
heap
|
page read and write
|
||
|
1E0B622A000
|
heap
|
page read and write
|
||
|
7FF6FD241000
|
unkown
|
page execute read
|
||
|
35E1000
|
heap
|
page read and write
|
||
|
145DE0C0000
|
heap
|
page read and write
|
||
|
1429A037000
|
heap
|
page execute and read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
145DE1CC000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
7FF846D70000
|
trusted library allocation
|
page read and write
|
||
|
7FF846CE0000
|
trusted library allocation
|
page read and write
|
||
|
1E0B61A0000
|
heap
|
page read and write
|
||
|
7FF846C50000
|
trusted library allocation
|
page read and write
|
||
|
7FF846C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1962E353000
|
heap
|
page read and write
|
||
|
7FF846D80000
|
trusted library allocation
|
page read and write
|
||
|
33A557E000
|
stack
|
page read and write
|
||
|
142827D2000
|
trusted library allocation
|
page read and write
|
||
|
38A9A7F000
|
stack
|
page read and write
|
||
|
1E0B96A6000
|
trusted library allocation
|
page read and write
|
||
|
7FF846CB0000
|
trusted library allocation
|
page read and write
|
||
|
38A978E000
|
stack
|
page read and write
|
||
|
2B68EFA0000
|
heap
|
page read and write
|
||
|
7FF6FE0DB000
|
unkown
|
page execute read
|
||
|
1962E34F000
|
heap
|
page read and write
|
||
|
1E0D0720000
|
heap
|
page read and write
|
||
|
7FF846D30000
|
trusted library allocation
|
page read and write
|
||
|
1429A330000
|
heap
|
page read and write
|
||
|
3621000
|
heap
|
page read and write
|
||
|
142835D8000
|
trusted library allocation
|
page read and write
|
||
|
1E0B7D10000
|
heap
|
page execute and read and write
|
||
|
38A9AFE000
|
stack
|
page read and write
|
||
|
205FB134000
|
heap
|
page read and write
|
||
|
1E0B7D50000
|
heap
|
page execute and read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
1429A15E000
|
heap
|
page read and write
|
||
|
14283463000
|
trusted library allocation
|
page read and write
|
||
|
1962E33F000
|
heap
|
page read and write
|
||
|
1428013A000
|
heap
|
page read and write
|
||
|
1E0B992B000
|
trusted library allocation
|
page read and write
|
||
|
1E0D03C0000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
7FF705062000
|
unkown
|
page readonly
|
||
|
1962E327000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
27E1000
|
heap
|
page read and write
|
||
|
1E0D01C0000
|
heap
|
page read and write
|
||
|
1962E32B000
|
heap
|
page read and write
|
||
|
2B68F194000
|
heap
|
page read and write
|
||
|
36E1000
|
heap
|
page read and write
|
||
|
7FF846D20000
|
trusted library allocation
|
page read and write
|
||
|
3461000
|
heap
|
page read and write
|
||
|
7FF846DA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF846DC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF846CF0000
|
trusted library allocation
|
page read and write
|
||
|
20D0B860000
|
heap
|
page read and write
|
||
|
14281B23000
|
trusted library allocation
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
14281BA1000
|
trusted library allocation
|
page read and write
|
||
|
205FB130000
|
heap
|
page read and write
|
||
|
2AE1000
|
heap
|
page read and write
|
||
|
1962E35C000
|
heap
|
page read and write
|
||
|
1429A378000
|
heap
|
page read and write
|
||
|
1E0C805B000
|
trusted library allocation
|
page read and write
|
||
|
7FF846A64000
|
trusted library allocation
|
page read and write
|
||
|
14281AE0000
|
heap
|
page execute and read and write
|
||
|
1962E35C000
|
heap
|
page read and write
|
||
|
205FAF7B000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
7FF846D40000
|
trusted library allocation
|
page read and write
|
||
|
1E0B7B70000
|
heap
|
page read and write
|
||
|
2B68EE00000
|
heap
|
page read and write
|
||
|
6EAC2FF000
|
stack
|
page read and write
|
||
|
1E0B9620000
|
trusted library allocation
|
page read and write
|
||
|
1962E34C000
|
heap
|
page read and write
|
||
|
7FF705062000
|
unkown
|
page readonly
|
||
|
2A61000
|
heap
|
page read and write
|
||
|
7FF6FE0DB000
|
unkown
|
page execute read
|
||
|
1E0D0400000
|
heap
|
page read and write
|
||
|
35E7CFF000
|
unkown
|
page read and write
|
||
|
248D17B000
|
stack
|
page read and write
|
||
|
50B000
|
unkown
|
page readonly
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
1E0B61E0000
|
heap
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
1962E260000
|
heap
|
page read and write
|
||
|
145DE1D5000
|
heap
|
page read and write
|
||
|
7FF846B1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
145DE1A5000
|
heap
|
page read and write
|
||
|
205FB140000
|
heap
|
page read and write
|
||
|
142832B0000
|
trusted library allocation
|
page read and write
|
||
|
1429A3B5000
|
heap
|
page read and write
|
||
|
1962E34F000
|
heap
|
page read and write
|
||
|
38A97CE000
|
stack
|
page read and write
|
||
|
7FF846C90000
|
trusted library allocation
|
page read and write
|
||
|
21E71C1B000
|
heap
|
page read and write
|
||
|
145DE1DB000
|
heap
|
page read and write
|
||
|
6EABE9B000
|
stack
|
page read and write
|
||
|
33A55FF000
|
stack
|
page read and write
|
||
|
38AA1FC000
|
stack
|
page read and write
|
||
|
14280230000
|
heap
|
page read and write
|
||
|
7FF846CC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF846B46000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF846C42000
|
trusted library allocation
|
page read and write
|
||
|
27EF000
|
heap
|
page read and write
|
||
|
7FF846C60000
|
trusted library allocation
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
7FF703ADB000
|
unkown
|
page execute read
|
||
|
14281A90000
|
heap
|
page readonly
|
||
|
248D0FE000
|
stack
|
page read and write
|
||
|
1429A383000
|
heap
|
page read and write
|
||
|
7FF846A70000
|
trusted library allocation
|
page read and write
|
||
|
3662000
|
heap
|
page read and write
|
||
|
248CB7D000
|
stack
|
page read and write
|
||
|
145DE390000
|
heap
|
page read and write
|
||
|
2B68EFAE000
|
heap
|
page read and write
|
||
|
7FF846D70000
|
trusted library allocation
|
page read and write
|
||
|
7FF846BFA000
|
trusted library allocation
|
page read and write
|
||
|
7FF846B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
14280260000
|
heap
|
page read and write
|
||
|
21E71BE0000
|
heap
|
page read and write
|
||
|
248CDF7000
|
stack
|
page read and write
|
||
|
7FF846D60000
|
trusted library allocation
|
page read and write
|
||
|
248CEFD000
|
stack
|
page read and write
|
||
|
7FF846D00000
|
trusted library allocation
|
page read and write
|
||
|
7FF6FD6DB000
|
unkown
|
page execute read
|
||
|
1429A381000
|
heap
|
page read and write
|
||
|
145DE1CC000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
20D0B600000
|
heap
|
page read and write
|
||
|
1E0B9103000
|
trusted library allocation
|
page read and write
|
||
|
7FF701CDB000
|
unkown
|
page execute read
|
||
|
2B68EFAC000
|
heap
|
page read and write
|
||
|
142801B8000
|
heap
|
page read and write
|
||
|
3561000
|
heap
|
page read and write
|
||
|
145DE1CC000
|
heap
|
page read and write
|
||
|
7FF846D99000
|
trusted library allocation
|
page read and write
|
||
|
145DE1A6000
|
heap
|
page read and write
|
||
|
7FF846C80000
|
trusted library allocation
|
page read and write
|
||
|
1E0B946C000
|
trusted library allocation
|
page read and write
|
||
|
35E2000
|
heap
|
page read and write
|
||
|
38A9F77000
|
stack
|
page read and write
|
||
|
7FF846BF1000
|
trusted library allocation
|
page read and write
|
||
|
22FE79B000
|
stack
|
page read and write
|
||
|
7FF846CA0000
|
trusted library allocation
|
page read and write
|
||
|
33A547F000
|
stack
|
page read and write
|
||
|
1E0B7B00000
|
heap
|
page readonly
|
||
|
1E0B7BE6000
|
heap
|
page read and write
|
||
|
1962E34C000
|
heap
|
page read and write
|
||
|
1429A010000
|
heap
|
page execute and read and write
|
||
|
248CCFE000
|
stack
|
page read and write
|
||
|
1962E240000
|
heap
|
page read and write
|
||
|
14291BAF000
|
trusted library allocation
|
page read and write
|
||
|
7FF7030DB000
|
unkown
|
page execute read
|
||
|
7FF846CD0000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1E0B7B10000
|
trusted library allocation
|
page read and write
|
||
|
2B68EFC5000
|
heap
|
page read and write
|
||
|
7FF846D50000
|
trusted library allocation
|
page read and write
|
||
|
7FF846B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
7FF6FFEDB000
|
unkown
|
page execute read
|
||
|
38AA0FE000
|
stack
|
page read and write
|
||
|
14291BA1000
|
trusted library allocation
|
page read and write
|
||
|
2B68F196000
|
heap
|
page read and write
|
||
|
14280170000
|
heap
|
page read and write
|
||
|
1962E35A000
|
heap
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
248C723000
|
stack
|
page read and write
|
||
|
1E0D0233000
|
heap
|
page read and write
|
||
|
20D0B736000
|
heap
|
page read and write
|
||
|
1E0D01E5000
|
heap
|
page read and write
|
||
|
1E0D0402000
|
heap
|
page read and write
|
||
|
7FF846C80000
|
trusted library allocation
|
page read and write
|
||
|
1E0B62CD000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
1E0C7DD2000
|
trusted library allocation
|
page read and write
|
||
|
205FAEF0000
|
heap
|
page read and write
|
||
|
205FAF10000
|
heap
|
page read and write
|
||
|
1E0B7AF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF6FF4DB000
|
unkown
|
page execute read
|
||
|
1962E34F000
|
heap
|
page read and write
|
||
|
20D0B890000
|
heap
|
page read and write
|
||
|
38A9B7E000
|
stack
|
page read and write
|
||
|
14281A20000
|
heap
|
page read and write
|
||
|
1429A34B000
|
heap
|
page read and write
|
||
|
7FF846A44000
|
trusted library allocation
|
page read and write
|
||
|
28E1000
|
heap
|
page read and write
|
||
|
205FAF50000
|
heap
|
page read and write
|
||
|
1962E337000
|
heap
|
page read and write
|
||
|
7FF846B26000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF846C10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1962E34F000
|
heap
|
page read and write
|
||
|
1962E5F4000
|
heap
|
page read and write
|
||
|
1429A393000
|
heap
|
page read and write
|
||
|
22FEAFF000
|
unkown
|
page read and write
|
||
|
7FF846D50000
|
trusted library allocation
|
page read and write
|
||
|
1962E34C000
|
heap
|
page read and write
|
||
|
1429A250000
|
heap
|
page read and write
|
||
|
145DE1CC000
|
heap
|
page read and write
|
||
|
20D0B870000
|
heap
|
page read and write
|
||
|
1429A0CF000
|
heap
|
page read and write
|
||
|
1428021C000
|
heap
|
page read and write
|
||
|
14291C12000
|
trusted library allocation
|
page read and write
|
||
|
38A9BFD000
|
stack
|
page read and write
|
||
|
1E0B6222000
|
heap
|
page read and write
|
||
|
7FF6FD241000
|
unkown
|
page execute read
|
||
|
7FF846A42000
|
trusted library allocation
|
page read and write
|
||
|
21E71E20000
|
heap
|
page read and write
|
||
|
7FF6FD6DB000
|
unkown
|
page execute read
|
||
|
1E0C7F14000
|
trusted library allocation
|
page read and write
|
||
|
1962E325000
|
heap
|
page read and write
|
||
|
7FF6FD240000
|
unkown
|
page readonly
|
||
|
A2061FF000
|
unkown
|
page read and write
|
||
|
6EABF9E000
|
stack
|
page read and write
|
||
|
7FF846DB0000
|
trusted library allocation
|
page read and write
|
||
|
14280176000
|
heap
|
page read and write
|
||
|
7FF846CF0000
|
trusted library allocation
|
page read and write
|
||
|
142832A6000
|
trusted library allocation
|
page read and write
|
||
|
14280030000
|
heap
|
page read and write
|
||
|
7FF846A7B000
|
trusted library allocation
|
page read and write
|
||
|
142801BE000
|
heap
|
page read and write
|
||
|
1E0B7D61000
|
trusted library allocation
|
page read and write
|
||
|
38A9E76000
|
stack
|
page read and write
|
||
|
1E0B946A000
|
trusted library allocation
|
page read and write
|
||
|
145DE1CD000
|
heap
|
page read and write
|
||
|
1962E351000
|
heap
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
205FB160000
|
heap
|
page read and write
|
||
|
14280190000
|
heap
|
page read and write
|
||
|
1E0C7D71000
|
trusted library allocation
|
page read and write
|
||
|
1429A5C0000
|
heap
|
page read and write
|
||
|
6EABF1E000
|
stack
|
page read and write
|
||
|
7FF846A50000
|
trusted library allocation
|
page read and write
|
||
|
7FF701CDB000
|
unkown
|
page execute read
|
||
|
1962E35A000
|
heap
|
page read and write
|
||
|
248CBFE000
|
stack
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
38A9C7E000
|
stack
|
page read and write
|
||
|
1E0C7D61000
|
trusted library allocation
|
page read and write
|
||
|
7FF846D95000
|
trusted library allocation
|
page read and write
|
||
|
2D61000
|
heap
|
page read and write
|
||
|
29E1000
|
heap
|
page read and write
|
||
|
14280130000
|
heap
|
page read and write
|
||
|
7FF6FEADB000
|
unkown
|
page execute read
|
||
|
7FF846DB0000
|
trusted library allocation
|
page read and write
|
||
|
32E1000
|
heap
|
page read and write
|
||
|
7FF705052000
|
unkown
|
page readonly
|
||
|
1E0B61C0000
|
heap
|
page read and write
|
||
|
14280172000
|
heap
|
page read and write
|
||
|
145DE1A5000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
38AA07F000
|
stack
|
page read and write
|
||
|
7FF846C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
F3BF2FF000
|
unkown
|
page read and write
|
||
|
1E0D02E0000
|
heap
|
page read and write
|
||
|
1E0B6180000
|
heap
|
page read and write
|
||
|
7FF846D10000
|
trusted library allocation
|
page read and write
|
||
|
7FF846CA0000
|
trusted library allocation
|
page read and write
|
||
|
38A9D7E000
|
stack
|
page read and write
|
||
|
1428348E000
|
trusted library allocation
|
page read and write
|
||
|
22FEBFF000
|
stack
|
page read and write
|
||
|
145DE180000
|
heap
|
page read and write
|
||
|
205FAF76000
|
heap
|
page read and write
|
||
|
21E71BD0000
|
heap
|
page read and write
|
||
|
14281B90000
|
heap
|
page read and write
|
||
|
1962E160000
|
heap
|
page read and write
|
||
|
14282D5E000
|
trusted library allocation
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
20D0B710000
|
heap
|
page read and write
|
||
|
7FF6FD240000
|
unkown
|
page readonly
|
||
|
7FF7044DB000
|
unkown
|
page execute read
|
||
|
1E0B8992000
|
trusted library allocation
|
page read and write
|
||
|
7FF846C1A000
|
trusted library allocation
|
page read and write
|
||
|
7FF846A6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E0D0260000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
33A54FE000
|
stack
|
page read and write
|
||
|
1E0B99F5000
|
trusted library allocation
|
page read and write
|
||
|
21E71C10000
|
heap
|
page read and write
|
||
|
248CE78000
|
stack
|
page read and write
|
||
|
7FF846A63000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF705049000
|
unkown
|
page readonly
|
||
|
1428376F000
|
trusted library allocation
|
page read and write
|
||
|
248CF7E000
|
stack
|
page read and write
|
||
|
7FF846A4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B68F1C0000
|
heap
|
page read and write
|
||
|
21E71F80000
|
heap
|
page read and write
|
||
|
1E0B7A90000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
7FF6FE0DB000
|
unkown
|
page execute read
|
||
|
14281AB0000
|
trusted library allocation
|
page read and write
|
||
|
20D0B810000
|
heap
|
page read and write
|
||
|
30E1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
F3BF3FF000
|
stack
|
page read and write
|
||
|
1E0B60A0000
|
heap
|
page read and write
|
||
|
1429A37E000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7FF7026DB000
|
unkown
|
page execute read
|
||
|
7FF846C70000
|
trusted library allocation
|
page read and write
|
||
|
1962E340000
|
heap
|
page read and write
|
||
|
1E0B61E8000
|
heap
|
page read and write
|
||
|
145DDFE0000
|
heap
|
page read and write
|
||
|
2B68EF00000
|
heap
|
page read and write
|
||
|
20D0B6E0000
|
heap
|
page read and write
|
||
|
7FF846D10000
|
trusted library allocation
|
page read and write
|
||
|
7FF846B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF846A43000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E0CFD6F000
|
heap
|
page read and write
|
||
|
1E0B7C20000
|
trusted library allocation
|
page read and write
|
||
|
7FF7044DB000
|
unkown
|
page execute read
|
||
|
14281DD2000
|
trusted library allocation
|
page read and write
|
||
|
145DE0E0000
|
heap
|
page read and write
|
||
|
1E0B61FF000
|
heap
|
page read and write
|
||
|
1E0B621C000
|
heap
|
page read and write
|
||
|
7FF846B16000
|
trusted library allocation
|
page read and write
|
||
|
38A9FFE000
|
stack
|
page read and write
|
There are 497 hidden memdumps, click here to show them.