Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
qNdO4D18CF.exe
|
MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Steam\steamclient.exe
|
MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
|
dropped
|
|
|
|
C:\Program Files (x86)\Steam\steamclient.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\qNdO4D18CF.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\XyagYCCOZX.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\rmvercvh\rmvercvh.cmdline
|
Unicode text, UTF-8 (with BOM) text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\AFZZLiTQ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\BCBhhiiL.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\BdpSDMGd.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\BuRPCyHG.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\BwVbAMfc.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\BzfkqkWQ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\CYASrcKR.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\CpOixJXm.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\CqvSLBwK.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\CufHpEgE.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\DfbAZvLY.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\DmprTJmg.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\EFxianyZ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\EhArHZqU.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\FsrYoeiE.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\GbyyMOOB.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\GeNRoyLy.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\GpTgJexz.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\Gumzpbgc.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\HLSRUZZF.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\HSbycbvE.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\HWSrgsLR.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\HiqIapca.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\IRjpMTiY.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\ITtzBsaM.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\IYriOWqO.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\IaBrEuiC.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\IsFPfNCu.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\JxaHDTDN.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\KJWyVjBG.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\KMIinpLK.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\KRGQASbM.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\KgJXRbxs.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\KkdqwYhV.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\LYhyhmcT.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\LforkokJ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\MHUibFPy.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\MeZIvNrs.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\MlipEPMs.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\NWAOYYym.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\NnHgmtso.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\NoRyKQDH.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\NtxFrmGq.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\OQPyFqpt.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\PEYPdPrA.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\PGiZSoip.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\PPFZCaBl.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\PWNGLdXl.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\PXvpYVwJ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\QLzxKisH.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\QvOHgixC.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\RKwhQDGz.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\RjAOsfOs.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\SzxHEkUn.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\THYplDVu.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\TbmXCvgb.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\TxYPZkji.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\UAZgkvhu.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\UUoNBnsb.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\VHHMJZBT.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\VrbgQkMX.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\VsDGsRfn.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\VwwfTkqf.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\VxBoFvwp.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\VxjNZniX.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\WucwbvLj.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\XXkOusIo.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\XsgfYcsu.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\YGOFIxBr.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\YKeEIjtU.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\YwOfwePf.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\ZHGMdjIP.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\aEhUzjWJ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\aSHMiLLR.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\aUovvDkq.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\asCFMbmi.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\bhuvEsaX.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\bzdouunp.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\cRJFZrfS.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\cpPftzHM.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\dCQWQdrl.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\dpMkGxhC.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\epactCHB.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\eqUeBrnj.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\fIcWIVzb.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\fQXwQazI.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\ffUEpXBW.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\fhkMXHMd.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\gFDeeVNW.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\ggiwcdaV.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\hcheWwWA.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\htowkSQD.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\iPDDuStZ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\ifdmuvPD.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\iiUfyMfQ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\ipiVsaGZ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\jEEdizHN.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\jUVbmMDs.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\kWYnjZbO.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\kWtSUqip.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\kixEeWsX.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\kqnUARmv.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\lHqLDiMI.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\lQNLnUfF.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\lsLKjvRr.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\mHEDqnlH.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\mXotVngM.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\mYLVFIfJ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\nDreGkIL.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\nYgAqZmk.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\oOnUZAGE.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\paSjLIrf.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\ppsaukgn.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\qEBmAmuq.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\qOBMMFgD.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\qcHMUuVk.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\rLAuGYci.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\rRaDvjLz.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\rThRxFce.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\rreJQTki.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\rzTkgNRx.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\sFNjAptf.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\sIbCbYqd.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\sOBLQjau.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\sYBlcCMG.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\sphCHAEj.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\tEVbjhhz.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\tyOaygFf.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\uENiETnW.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\vhVAXQlb.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\vpESBzMh.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\vvDaHluY.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\yvDYLPoQ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\yxHkJcLm.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\yzXsqMXs.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\zJmzvlwN.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\zdbaQHhe.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\zplKRyKf.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\SecurityHealthSystray.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Steam\fcafd258929766
|
ASCII text, with very long lines (989), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\steamclient.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Hs46Jw7tmA
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RESA90.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6e4, 10 symbols, created Sat Nov 30 04:28:38 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0xaq1mla.wr2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1utmv0mk.our.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_23h3weqb.iup.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2bb1a3zh.m5m.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2ezy1e2m.yxf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2u3lcngq.2im.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_35qxwjfi.tuf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3td4kktq.u0b.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a0tixeyp.5jk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_arxb4pwb.eqy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b1esbh2i.yzh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bcunrahu.d0i.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bgd4zguh.3ce.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bt4npn0r.gxw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_btwhhbdr.dvy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bwjfm1bf.liw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_codm3pr5.x0e.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ejo2sobw.ixt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_enlojwpn.bvc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_evv3hrkq.l3j.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f1to0rtc.ogw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g4czampg.ftd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gbbnlm4s.ic2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_go55jtae.3he.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ha254hqb.iij.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iqjcet4n.tcg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iwdnnk32.gy0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j2pblsrt.3zy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jzrw0dnp.sth.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k3rowymv.cht.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kt0l3oxy.3lt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4afasvj.yra.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l5itgopo.pji.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m0x0gnr2.mk0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_muraqn2f.mzw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mxptamyo.2ls.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrb3rwp3.0tt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oapagubr.4nn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p3jqyyy2.kf4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pe0defhf.1hc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxaykmbt.1g4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rmhrbdbe.2bi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ruvaqlcq.5vt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t1x1byoi.1lb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u02g41wo.uks.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_upocqxa2.0gb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vperpacl.yez.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vspn2cjg.4hu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vwb0tk2v.xxq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wxdsl3u0.52d.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x5mlhfkz.4nn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y24g0xft.3dt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yl54dnja.hf5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zech0324.s1c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zmf03omb.x02.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zu3y5qmq.523.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rmvercvh\rmvercvh.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rmvercvh\rmvercvh.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (329), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\Desktop\84f3811bb1c48b
|
ASCII text, with very long lines (347), with no line terminators
|
dropped
|
||
|
C:\Windows\System32\CSCA9DA535D810450AA35B2C9F27DA16D.TMP
|
MSVC .res
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 202 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\qNdO4D18CF.exe
|
"C:\Users\user\Desktop\qNdO4D18CF.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\rmvercvh\rmvercvh.cmdline"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Steam\steamclient.exe'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\qNdO4D18CF.exe'
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XyagYCCOZX.bat"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping -n 10 localhost
|
|
|
|
C:\Program Files (x86)\Steam\steamclient.exe
|
"C:\Program Files (x86)\Steam\steamclient.exe"
|
|
|
|
C:\Users\user\Desktop\qNdO4D18CF.exe
|
"C:\Users\user\Desktop\qNdO4D18CF.exe"
|
|
|
|
C:\Program Files (x86)\Steam\steamclient.exe
|
"C:\Program Files (x86)\Steam\steamclient.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Steam\steamclient.exe"
|
|
|
|
C:\Program Files (x86)\Steam\steamclient.exe
|
"C:\Program Files (x86)\Steam\steamclient.exe"
|
|
|
|
C:\Program Files (x86)\Steam\steamclient.exe
|
"C:\Program Files (x86)\Steam\steamclient.exe"
|
|
|
|
C:\Users\user\Desktop\qNdO4D18CF.exe
|
"C:\Users\user\Desktop\qNdO4D18CF.exe"
|
|
|
|
C:\Program Files (x86)\Steam\steamclient.exe
|
"C:\Program Files (x86)\Steam\steamclient.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Steam\steamclient.exe"
|
|
|
|
C:\Program Files (x86)\Steam\steamclient.exe
|
"C:\Program Files (x86)\Steam\steamclient.exe"
|
|
|
|
C:\Users\user\Desktop\qNdO4D18CF.exe
|
"C:\Users\user\Desktop\qNdO4D18CF.exe"
|
|
|
|
C:\Program Files (x86)\Steam\steamclient.exe
|
"C:\Program Files (x86)\Steam\steamclient.exe"
|
|
|
|
C:\Users\user\Desktop\qNdO4D18CF.exe
|
"C:\Users\user\Desktop\qNdO4D18CF.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c "C:\Users\user\Desktop\qNdO4D18CF.exe"
|
|
|
|
C:\Users\user\Desktop\qNdO4D18CF.exe
|
C:\Users\user\Desktop\qNdO4D18CF.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA90.tmp"
"c:\Windows\System32\CSCA9DA535D810450AA35B2C9F27DA16D.TMP"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\chcp.com
|
chcp 65001
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 45 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://390412cm.n9shteam.in/ProviderImagepipeTopacketbaseuniversaldle.php
|
172.66.0.102
|
|
|
|
https://ipinfo.io/country
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://ipinfo.io/ip
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
390412cm.n9shteam.in
|
172.66.0.102
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.66.0.102
|
390412cm.n9shteam.in
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
steamclient
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
qNdO4D18CF
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\e099c071fcfe07d52cac9bc9c9838e42068e6df8
|
0102d8a38281c65a273b2d31fbd65d2be8f06831
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\steamclient_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qNdO4D18CF_RASMANCS
|
FileDirectory
|
There are 26 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1AE80000
|
trusted library section
|
page read and write
|
|
|
|
12703000
|
trusted library allocation
|
page read and write
|
|
|
|
29B266C0000
|
heap
|
page read and write
|
||
|
31B3000
|
trusted library allocation
|
page read and write
|
||
|
1B770000
|
unkown
|
page readonly
|
||
|
7FFD9BD80000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
597F479000
|
stack
|
page read and write
|
||
|
232DF047000
|
heap
|
page execute and read and write
|
||
|
2230000
|
unkown
|
page readonly
|
||
|
13116000
|
trusted library allocation
|
page read and write
|
||
|
1B8A0000
|
heap
|
page execute and read and write
|
||
|
E15000
|
heap
|
page read and write
|
||
|
18790C7000
|
stack
|
page read and write
|
||
|
1481E0BC000
|
heap
|
page read and write
|
||
|
1481E06D000
|
heap
|
page read and write
|
||
|
26A89A50000
|
heap
|
page read and write
|
||
|
19AA670E000
|
heap
|
page read and write
|
||
|
21F0000
|
unkown
|
page readonly
|
||
|
1B79C000
|
heap
|
page read and write
|
||
|
2DB25763000
|
heap
|
page read and write
|
||
|
2E5E3070000
|
heap
|
page read and write
|
||
|
13A37000
|
trusted library allocation
|
page read and write
|
||
|
1D5472F0000
|
heap
|
page read and write
|
||
|
1D549C53000
|
trusted library allocation
|
page read and write
|
||
|
3287000
|
trusted library allocation
|
page read and write
|
||
|
25F0000
|
heap
|
page execute and read and write
|
||
|
29B267A0000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
20B00086000
|
trusted library allocation
|
page read and write
|
||
|
22B2000
|
unkown
|
page readonly
|
||
|
1D547373000
|
heap
|
page read and write
|
||
|
1481E1F3000
|
direct allocation
|
page read and write
|
||
|
13141000
|
trusted library allocation
|
page read and write
|
||
|
1325000
|
heap
|
page read and write
|
||
|
29B28451000
|
heap
|
page read and write
|
||
|
2DB25720000
|
heap
|
page read and write
|
||
|
2964000
|
trusted library allocation
|
page read and write
|
||
|
13372000
|
trusted library allocation
|
page read and write
|
||
|
2B9F000
|
trusted library allocation
|
page read and write
|
||
|
1D29EF60000
|
heap
|
page execute and read and write
|
||
|
2DB27395000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
C753BC7000
|
stack
|
page read and write
|
||
|
150421ED000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
305A000
|
heap
|
page read and write
|
||
|
1877FF9000
|
stack
|
page read and write
|
||
|
13129000
|
trusted library allocation
|
page read and write
|
||
|
1BEAE000
|
stack
|
page read and write
|
||
|
2FAB000
|
trusted library allocation
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
93649F7000
|
stack
|
page read and write
|
||
|
12448000
|
trusted library allocation
|
page read and write
|
||
|
1244D000
|
trusted library allocation
|
page read and write
|
||
|
187817D000
|
stack
|
page read and write
|
||
|
1877B93000
|
stack
|
page read and write
|
||
|
F1725F9000
|
stack
|
page read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2441000
|
trusted library allocation
|
page read and write
|
||
|
29EA000
|
trusted library allocation
|
page read and write
|
||
|
1AF8C000
|
stack
|
page read and write
|
||
|
1BA8A000
|
stack
|
page read and write
|
||
|
131B7000
|
trusted library allocation
|
page read and write
|
||
|
15044365000
|
trusted library allocation
|
page read and write
|
||
|
2B81000
|
trusted library allocation
|
page read and write
|
||
|
132FD000
|
trusted library allocation
|
page read and write
|
||
|
F17283E000
|
stack
|
page read and write
|
||
|
26A89940000
|
trusted library allocation
|
page read and write
|
||
|
16F0000
|
heap
|
page read and write
|
||
|
29B26840000
|
trusted library allocation
|
page read and write
|
||
|
22FA87000
|
stack
|
page read and write
|
||
|
7FFD9B918000
|
trusted library allocation
|
page read and write
|
||
|
232DF102000
|
heap
|
page read and write
|
||
|
314F000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
133D6000
|
trusted library allocation
|
page read and write
|
||
|
232DF1B1000
|
trusted library allocation
|
page read and write
|
||
|
13210000
|
trusted library allocation
|
page read and write
|
||
|
22D0000
|
unkown
|
page readonly
|
||
|
2DB25815000
|
heap
|
page read and write
|
||
|
F5FF0F9000
|
stack
|
page read and write
|
||
|
AC3787C000
|
stack
|
page read and write
|
||
|
CC7EFF9000
|
stack
|
page read and write
|
||
|
1005000
|
heap
|
page read and write
|
||
|
2E5E2FC0000
|
trusted library allocation
|
page read and write
|
||
|
131EF000
|
trusted library allocation
|
page read and write
|
||
|
1D29D49B000
|
heap
|
page read and write
|
||
|
1865000
|
heap
|
page read and write
|
||
|
2E5E3037000
|
heap
|
page execute and read and write
|
||
|
1D29F591000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CA9000
|
trusted library allocation
|
page read and write
|
||
|
1B916000
|
heap
|
page read and write
|
||
|
26A899AB000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
12A01000
|
trusted library allocation
|
page read and write
|
||
|
266D000
|
trusted library allocation
|
page read and write
|
||
|
1D29D710000
|
heap
|
page readonly
|
||
|
10D5000
|
heap
|
page read and write
|
||
|
17034E000
|
stack
|
page read and write
|
||
|
1C008000
|
heap
|
page read and write
|
||
|
840000
|
trusted library allocation
|
page read and write
|
||
|
1C000000
|
heap
|
page read and write
|
||
|
2E5DD8E1000
|
heap
|
page read and write
|
||
|
226A000
|
heap
|
page read and write
|
||
|
66E1D79000
|
stack
|
page read and write
|
||
|
150442D0000
|
heap
|
page read and write
|
||
|
D95000
|
heap
|
page read and write
|
||
|
132D0000
|
trusted library allocation
|
page read and write
|
||
|
1481E210000
|
direct allocation
|
page read and write
|
||
|
2B70000
|
heap
|
page execute and read and write
|
||
|
19AA666B000
|
heap
|
page read and write
|
||
|
2379569D000
|
trusted library allocation
|
page read and write
|
||
|
1BFCF000
|
stack
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
3188000
|
trusted library allocation
|
page read and write
|
||
|
19AA82C0000
|
trusted library allocation
|
page read and write
|
||
|
2B6000E0000
|
heap
|
page execute and read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
3396000
|
trusted library allocation
|
page read and write
|
||
|
2242000
|
unkown
|
page readonly
|
||
|
22E5DE000
|
stack
|
page read and write
|
||
|
2B2D000
|
trusted library allocation
|
page read and write
|
||
|
1555000
|
heap
|
page read and write
|
||
|
1288000
|
heap
|
page read and write
|
||
|
3177000
|
trusted library allocation
|
page read and write
|
||
|
1BB523C0000
|
heap
|
page read and write
|
||
|
2B68000
|
trusted library allocation
|
page read and write
|
||
|
2DB27908000
|
trusted library allocation
|
page read and write
|
||
|
F5FF3B8000
|
stack
|
page read and write
|
||
|
232DF1A0000
|
heap
|
page execute and read and write
|
||
|
22EF7C000
|
stack
|
page read and write
|
||
|
23794C91000
|
trusted library allocation
|
page read and write
|
||
|
2E26000
|
trusted library allocation
|
page read and write
|
||
|
23794AC0000
|
heap
|
page read and write
|
||
|
269A000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
137AD000
|
trusted library allocation
|
page read and write
|
||
|
22E2000
|
unkown
|
page readonly
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
F5FF339000
|
stack
|
page read and write
|
||
|
EF100BC000
|
stack
|
page read and write
|
||
|
12F01000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
26A899F9000
|
heap
|
page read and write
|
||
|
2E5E3030000
|
heap
|
page execute and read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
118A000
|
heap
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
32E000
|
stack
|
page read and write
|
||
|
7FFD9B984000
|
trusted library allocation
|
page read and write
|
||
|
10E1000
|
stack
|
page read and write
|
||
|
13317000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
2302000
|
unkown
|
page readonly
|
||
|
309D000
|
trusted library allocation
|
page read and write
|
||
|
308A000
|
trusted library allocation
|
page read and write
|
||
|
3293000
|
trusted library allocation
|
page read and write
|
||
|
221F3F9A000
|
heap
|
page read and write
|
||
|
2B6001A5000
|
trusted library allocation
|
page read and write
|
||
|
232DF235000
|
trusted library allocation
|
page read and write
|
||
|
DD6000
|
heap
|
page read and write
|
||
|
23794685000
|
heap
|
page read and write
|
||
|
26A89960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
137EA000
|
trusted library allocation
|
page read and write
|
||
|
133CA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B985000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD90000
|
trusted library allocation
|
page read and write
|
||
|
130A0000
|
trusted library allocation
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
FA4857A000
|
stack
|
page read and write
|
||
|
66E1703000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
1481E047000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
241E000
|
stack
|
page read and write
|
||
|
EF0F7EF000
|
unkown
|
page read and write
|
||
|
7FFD9BEE0000
|
trusted library allocation
|
page read and write
|
||
|
150421B0000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
2B600040000
|
trusted library allocation
|
page read and write
|
||
|
2A01000
|
trusted library allocation
|
page read and write
|
||
|
1D29D750000
|
heap
|
page read and write
|
||
|
F85000
|
heap
|
page read and write
|
||
|
1A470000
|
trusted library allocation
|
page read and write
|
||
|
66E1A7E000
|
stack
|
page read and write
|
||
|
1481E05C000
|
heap
|
page read and write
|
||
|
1B1E0000
|
heap
|
page read and write
|
||
|
2A93000
|
trusted library allocation
|
page read and write
|
||
|
EF0F763000
|
stack
|
page read and write
|
||
|
1B3A3000
|
heap
|
page execute and read and write
|
||
|
139DF000
|
trusted library allocation
|
page read and write
|
||
|
1481E0AE000
|
heap
|
page read and write
|
||
|
11B3000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
AC36F8F000
|
unkown
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
1481E0B5000
|
heap
|
page read and write
|
||
|
FA4954E000
|
stack
|
page read and write
|
||
|
16F3FF000
|
stack
|
page read and write
|
||
|
1B712000
|
unkown
|
page readonly
|
||
|
2B28000
|
trusted library allocation
|
page read and write
|
||
|
137D4000
|
trusted library allocation
|
page read and write
|
||
|
232DF67E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
133D4000
|
trusted library allocation
|
page read and write
|
||
|
2A6F000
|
trusted library allocation
|
page read and write
|
||
|
13025000
|
trusted library allocation
|
page read and write
|
||
|
19AA84A0000
|
heap
|
page read and write
|
||
|
597F3FF000
|
stack
|
page read and write
|
||
|
2D09000
|
trusted library allocation
|
page read and write
|
||
|
1D29D755000
|
heap
|
page read and write
|
||
|
2E6F000
|
stack
|
page read and write
|
||
|
26A89900000
|
trusted library section
|
page read and write
|
||
|
23792FA0000
|
heap
|
page read and write
|
||
|
CC7E9A3000
|
stack
|
page read and write
|
||
|
13745000
|
trusted library allocation
|
page read and write
|
||
|
1D5472F8000
|
heap
|
page read and write
|
||
|
2E5E2EB4000
|
heap
|
page read and write
|
||
|
3073000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
2B6005EE000
|
trusted library allocation
|
page read and write
|
||
|
147F000
|
stack
|
page read and write
|
||
|
29B285B7000
|
heap
|
page execute and read and write
|
||
|
12B81000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE75000
|
trusted library allocation
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
1481FA8D000
|
direct allocation
|
page read and write
|
||
|
2959000
|
trusted library allocation
|
page read and write
|
||
|
150421A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
925000
|
heap
|
page read and write
|
||
|
139BA000
|
trusted library allocation
|
page read and write
|
||
|
31FC000
|
trusted library allocation
|
page read and write
|
||
|
F1727BE000
|
stack
|
page read and write
|
||
|
AC376F8000
|
stack
|
page read and write
|
||
|
93645BF000
|
stack
|
page read and write
|
||
|
12A21000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
trusted library allocation
|
page read and write
|
||
|
136B2000
|
trusted library allocation
|
page read and write
|
||
|
232DF130000
|
heap
|
page read and write
|
||
|
1BA2F000
|
stack
|
page read and write
|
||
|
19AA84B1000
|
trusted library allocation
|
page read and write
|
||
|
2E5E2D00000
|
heap
|
page read and write
|
||
|
2E5DD8E1000
|
heap
|
page read and write
|
||
|
2DB27370000
|
heap
|
page execute and read and write
|
||
|
AC375F7000
|
stack
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
23794EB6000
|
trusted library allocation
|
page read and write
|
||
|
597F4FD000
|
stack
|
page read and write
|
||
|
CC7F2FC000
|
stack
|
page read and write
|
||
|
22FB8C000
|
stack
|
page read and write
|
||
|
1D547690000
|
heap
|
page read and write
|
||
|
15043DB0000
|
heap
|
page read and write
|
||
|
7FFD9B8A1000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
2DB2577D000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
CC7FEC9000
|
stack
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
7FFD9B93C000
|
trusted library allocation
|
page read and write
|
||
|
1528000
|
heap
|
page read and write
|
||
|
2B9A000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
19AA65E0000
|
heap
|
page read and write
|
||
|
15042420000
|
trusted library allocation
|
page read and write
|
||
|
22F2000
|
unkown
|
page readonly
|
||
|
D70000
|
heap
|
page read and write
|
||
|
AC3797B000
|
stack
|
page read and write
|
||
|
2929000
|
trusted library allocation
|
page read and write
|
||
|
130F7000
|
trusted library allocation
|
page read and write
|
||
|
1481E0AC000
|
heap
|
page read and write
|
||
|
35E000
|
stack
|
page read and write
|
||
|
FA4974E000
|
stack
|
page read and write
|
||
|
30F3000
|
trusted library allocation
|
page read and write
|
||
|
7BF63FF000
|
stack
|
page read and write
|
||
|
138C4000
|
trusted library allocation
|
page read and write
|
||
|
26A898A0000
|
heap
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
F17273C000
|
stack
|
page read and write
|
||
|
AC3777E000
|
stack
|
page read and write
|
||
|
1BBAF000
|
stack
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
26A89A6E000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
2E5DD8E5000
|
heap
|
page read and write
|
||
|
7FFD9BE90000
|
trusted library allocation
|
page read and write
|
||
|
936497E000
|
stack
|
page read and write
|
||
|
1481E08A000
|
heap
|
page read and write
|
||
|
1481FAE0000
|
direct allocation
|
page read and write
|
||
|
266A000
|
trusted library allocation
|
page read and write
|
||
|
597F9BE000
|
stack
|
page read and write
|
||
|
2E5DD8D0000
|
heap
|
page read and write
|
||
|
13719000
|
trusted library allocation
|
page read and write
|
||
|
12421000
|
trusted library allocation
|
page read and write
|
||
|
2CF7000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
12E6F000
|
trusted library allocation
|
page read and write
|
||
|
1309E000
|
trusted library allocation
|
page read and write
|
||
|
1D5473E2000
|
heap
|
page read and write
|
||
|
F83000
|
heap
|
page read and write
|
||
|
12B8F000
|
trusted library allocation
|
page read and write
|
||
|
2E5E2FA0000
|
heap
|
page readonly
|
||
|
138C7000
|
trusted library allocation
|
page read and write
|
||
|
2312000
|
unkown
|
page readonly
|
||
|
12DD5000
|
trusted library allocation
|
page read and write
|
||
|
2A1F000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
19AA6653000
|
heap
|
page read and write
|
||
|
23792C89000
|
heap
|
page read and write
|
||
|
2DB2575D000
|
heap
|
page read and write
|
||
|
7FFD9BDB0000
|
trusted library allocation
|
page read and write
|
||
|
AC3737A000
|
stack
|
page read and write
|
||
|
2302000
|
unkown
|
page readonly
|
||
|
1BFF0000
|
heap
|
page execute and read and write
|
||
|
12A5000
|
heap
|
page read and write
|
||
|
C15000
|
heap
|
page read and write
|
||
|
2C43000
|
trusted library allocation
|
page read and write
|
||
|
2667000
|
trusted library allocation
|
page read and write
|
||
|
13334000
|
trusted library allocation
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
1481E053000
|
heap
|
page read and write
|
||
|
15F0000
|
heap
|
page execute and read and write
|
||
|
12F20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B788000
|
trusted library allocation
|
page read and write
|
||
|
22F0000
|
unkown
|
page readonly
|
||
|
150423A0000
|
heap
|
page readonly
|
||
|
9364CFF000
|
stack
|
page read and write
|
||
|
232DF0FE000
|
heap
|
page read and write
|
||
|
597F97B000
|
stack
|
page read and write
|
||
|
2D6F000
|
stack
|
page read and write
|
||
|
16F7FE000
|
stack
|
page read and write
|
||
|
23792C4C000
|
heap
|
page read and write
|
||
|
EF10038000
|
stack
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
1212000
|
heap
|
page read and write
|
||
|
6AA000
|
heap
|
page read and write
|
||
|
23792C12000
|
heap
|
page read and write
|
||
|
1D547680000
|
heap
|
page readonly
|
||
|
AC383CD000
|
stack
|
page read and write
|
||
|
1361F000
|
trusted library allocation
|
page read and write
|
||
|
150420F0000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
C752B7E000
|
stack
|
page read and write
|
||
|
2A5E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
13868000
|
trusted library allocation
|
page read and write
|
||
|
9C8F16F000
|
stack
|
page read and write
|
||
|
16F37A000
|
stack
|
page read and write
|
||
|
2B600090000
|
trusted library allocation
|
page read and write
|
||
|
22E513000
|
stack
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
13123000
|
trusted library allocation
|
page read and write
|
||
|
1877E7F000
|
unkown
|
page read and write
|
||
|
29B26608000
|
heap
|
page read and write
|
||
|
7FFD9B975000
|
trusted library allocation
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
150442C0000
|
trusted library allocation
|
page read and write
|
||
|
2EF4000
|
trusted library allocation
|
page read and write
|
||
|
22EC78000
|
stack
|
page read and write
|
||
|
12E2D000
|
trusted library allocation
|
page read and write
|
||
|
2AA9000
|
trusted library allocation
|
page read and write
|